last executing test programs: 2m12.067464973s ago: executing program 3 (id=1102): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0) close(r0) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000072"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) close(r1) socket$kcm(0x2, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r2}, &(0x7f0000000000), &(0x7f0000000080)=r1}, 0x20) recvmsg(r0, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000002ec0)=[{&(0x7f0000000900)=""/223, 0xdf}], 0x1}, 0x102) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r3}, 0x10) r4 = socket$kcm(0x10, 0x2, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000001c0)={r2, &(0x7f0000000180)}, 0x20) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831373f00000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1}, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) 2m11.169500156s ago: executing program 3 (id=1110): syz_emit_ethernet(0xa6, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x70, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "ffffffffff60000000000000"}]}}}}}}, 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreqn(r3, 0x0, 0x24, &(0x7f00000004c0)={@private=0xa010100, @empty}, 0xc) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0xfffffe6f, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_LIST(r5, &(0x7f0000000940)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000900)={&(0x7f0000000880)={0x4c, 0x0, 0x8, 0x70bd2d, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @private=0xa010101}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010101}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8001}, 0x801) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x18, 0x14, &(0x7f0000000100)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xfffffffa, 0x0, 0x0, 0x0, 0x6}, {}, {}, [@tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='GPL\x00', 0x7, 0x2b, &(0x7f0000000200)=""/43, 0x41000, 0x43, '\x00', r4, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x9, 0x3}, 0x8, 0x10, &(0x7f0000000280)={0x5, 0x4, 0xc, 0x9b7}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f00000002c0)=[{0x4, 0x5, 0x2, 0x6}], 0x10, 0x2, @void, @value}, 0x94) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x140e, 0x4, 0x70bd2a, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x3}, @RDMA_NLDEV_ATTR_RES_PDN={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x40040) r6 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000340)=@nat={'nat\x00', 0x670, 0x5, 0x3f0, 0x0, 0x0, 0xfeffffff, 0x0, 0x280, 0x358, 0x358, 0xffffffff, 0x358, 0x358, 0x5, 0x0, {[{{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, 0x0, 0x0, 'veth0_to_bond\x00', 'caif0\x00', {}, {}, 0x6}, 0x0, 0xd0, 0x108, 0x0, {}, [@common=@inet=@tcp={{0x30}}, @common=@inet=@tcp={{0x30}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x1, @dev, @dev, @gre_key, @icmp_id}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @broadcast, @remote, @icmp_id}}}}, {{@ip={@loopback, @rand_addr, 0x0, 0x0, 'lo\x00', 'ip6tnl0\x00'}, 0x0, 0x98, 0xd0, 0x0, {}, [@common=@ttl={{0x28}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @port=0x4e20}}}}, {{@ip={@remote, @broadcast, 0x0, 0x0, 'pim6reg0\x00', 'wlan0\x00'}, 0x0, 0x90, 0xd8, 0x0, {}, [@common=@socket0={{0x20}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv6=@mcast1, @ipv6=@mcast2, @port, @gre_key}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x450) 2m10.708826062s ago: executing program 3 (id=1115): r0 = socket$netlink(0x10, 0x3, 0x15) writev(r0, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) clock_gettime(0x0, &(0x7f0000007880)) recvmmsg(r0, &(0x7f0000007600)=[{{0x0, 0x0, 0x0}, 0x6}, {{0x0, 0x0, 0x0}, 0x7}], 0x2, 0x2000, 0x0) r1 = socket$inet_icmp(0x2, 0x2, 0x1) sendto$inet(r1, &(0x7f0000000000)="dbc1d8f6f6c31022", 0x8, 0x20008001, &(0x7f00000000c0)={0x2, 0x4e23, @loopback}, 0x10) 2m10.435497837s ago: executing program 3 (id=1117): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) write$tun(r0, &(0x7f00000006c0)=ANY=[@ANYBLOB="000000150105060003008000000062a88a5c01353a01fc010000000000000000000000000001fe800000002a6945e2907a8bd80000000000000026330a040502103000fc000000000000000000000000000001ff0100000000000000000000000000010000000000000000000000000000000120010000000000000000000000000000fe8000000000000000000000000000bb3a0000000000000004010100000000002c12000000000000c910fc010000000000000000000000000001c91000000000000000000000ffffac14143e071000000003020305000300000000000000075800000002140800101b0d0000000000000900000000000000060000000000000050ffffffffffffff4000000000000000930f00000000000000010000000000000300000000000000faf9000000000000a5000000000000002c0000d9670000008c0090780005800000000000000003a4ef17437e1126d6245b7c0f4ce855be311718335afd89e0557048d55311"], 0x16b) 2m10.289561265s ago: executing program 3 (id=1118): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702d00010008000bfa3000000000000070300000dfeffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e64030000000000360404000100edff1604000001000a00b7040000000100007b0af2fe00000000850000001a000000790000000000000095000000000000009e17890efeee5e2b7ff8a8cdc218e784909b849d5550ad855dab54d8877a6db61d69f2ffcaa17f82e11cb97c8adf1b831f422543e78461e57b2798779207c9a0c4eeff9674c7fcffffff971e43405d621ffbc9a4fd39b0b56bfe6508ebb3c4631f6dde53b9a53608c10556e5c1e2b8fee684b251e2d107ba7947212e577540497661826c36c5c1df1451ce5413a12e2d9f8004e26b7fcc059c065012828d872b36388b595f6dba87b8031106fb0289ce67a66afd9ac3d09e29a9d542ca9d85b5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee41f5b2e7b91c61ced1eb57ad000000000000e8122a79c3e40000b59b0fc4917de6b0316dec3c080a802a000001000000000031b6a076555125aaffffa7be428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137e2524847d337ac976376d5074ce1d2638da3261c8362bb7c785d9b7c45218b100ee122040e11e3bdcb9d287ec31cd985841fe91212ee4a38af074c7e2ce006000000dc7777bfae5884e4ba1e9cc44846153ba0dec51a8e4abf07df093101c2c3bc4a59f22e46295a2d89a355bb9bba44f83fed3b2f96520100000040f1a8cde1fc1a1ef36c66880c8351cb06187641ed2f02835a8545a2374c09000000000000003c4e7b6d1a323c41a5d740b95d9317ff00000000000000f9db4a9a840000000033fbf7e9fa4f27245ca051d61c32bc3189af4ead1fca58746120fa0da48604000000000000003a6d824a7649c31576b3b69bd13f5a14c19790e24baf047fe3be299318f86ebb3094756894b2d1a4ff2fb76fed59c97ac9314408399485e659765d8e0000002000000000818d125c58a22151fabaaa7dc9eb40707927d240c6d29508fea81204e41040000000583ef12318bf8b2661f0df85a488f4068d95b59ec07e5aa144dbae3df0000000000000000035d764ee74ee870807942cbd6a28384f6ba7c5fccca601000000e4e9fd18460296d89cc847973955daae01bd99ea1862fdb38410145ade0cf000000055a5efc9ff92e6eb37c3922c8aa02b2dcb4c977a61d989cf088e5c45009d27e1744d9cf4dd50bef1609c13975833c038aee18ed0dcbe865d25e23c0864e50c5a2ed4cc3748672b7cd25067340a37475e0879fe9b3886dd054b43e7c485b2a43c3707d4c686bc5dea5b743d9e4b25adfb068e75b54c09481c8393e94053d99d0f7d67f7ed49b1c744d9f5b19c257136e6b2110000b5480a31359185c89956c2237e4c59d09b5aaab87f0e82802468398ffaac2fa66bb9afae6d449342aa30e443023f0554a756218077d418cf148af56491f0fa5b48582f1b13461fdf9fb9367f44d93d6ece0abe3e84b3279ab1a3f27d4afac67cf28594dd8ef1104c498a7bc63e2f6d3779c70d81c040b88451770eb988e9477d2de85be3555fe48e99d0880acd1c636dd3abff16db16594581d94dad70cc94c689707106000801a5cfad936253d110ca2aa3f13840b34ff956ee55602cad9bb209000000f32edea7a51515c035e55b31c91aeea878a8d51b4ce7bf9023b867ba3f450799f4dbfedad72c7dae607f9075877bd0db50fae9d0e0706c41ca92e71d81e06eaff63dab33c3cb3a8c28a6c2400f04412adeb9416ae3c8cfc8a7f6373247d903d8953de2a3cf07011db94b68af6176d0840a34a9aa493cfed41efc8377e294794771c4278caf7ad1c6c80fef4ae62a62499f9e301a085d14dc7049ddc965f0dabc5b29e972bb585758ac8867bb52cda4f2a73e44ef648d1c74f6ab97e646256a67e237664fa4942a0f1479c31bbeae1d7490d617b926"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42) 2m10.109069172s ago: executing program 3 (id=1121): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000400)="81b641f1f3843704b6", 0x9}], 0x1}, 0x48005) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) connect$can_j1939(r1, &(0x7f0000000600)={0x1d, r2, 0x1, {0x2, 0xff}, 0xfe}, 0x18) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r3, {0xfffd, 0x2}, {0x7, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x840) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0xa2}, [@ldst={0x7}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x22e, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) socket$nl_route(0x10, 0x3, 0x0) (async) socket$can_j1939(0x1d, 0x2, 0x7) (async) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00'}) (async) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) (async) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) (async) sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000400)="81b641f1f3843704b6", 0x9}], 0x1}, 0x48005) (async) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) (async) connect$can_j1939(r1, &(0x7f0000000600)={0x1d, r2, 0x1, {0x2, 0xff}, 0xfe}, 0x18) (async) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r3, {0xfffd, 0x2}, {0x7, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x840) (async) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0xa2}, [@ldst={0x7}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x22e, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) (async) 1m54.472625907s ago: executing program 32 (id=1121): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000400)="81b641f1f3843704b6", 0x9}], 0x1}, 0x48005) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) connect$can_j1939(r1, &(0x7f0000000600)={0x1d, r2, 0x1, {0x2, 0xff}, 0xfe}, 0x18) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r3, {0xfffd, 0x2}, {0x7, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x840) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0xa2}, [@ldst={0x7}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x22e, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) socket$nl_route(0x10, 0x3, 0x0) (async) socket$can_j1939(0x1d, 0x2, 0x7) (async) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00'}) (async) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) (async) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) (async) sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000400)="81b641f1f3843704b6", 0x9}], 0x1}, 0x48005) (async) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) (async) connect$can_j1939(r1, &(0x7f0000000600)={0x1d, r2, 0x1, {0x2, 0xff}, 0xfe}, 0x18) (async) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r3, {0xfffd, 0x2}, {0x7, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x840) (async) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0xa2}, [@ldst={0x7}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x22e, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) (async) 1m23.45354999s ago: executing program 1 (id=1213): r0 = socket$isdn(0x22, 0x2, 0x6) close(r0) 1m20.545151753s ago: executing program 0 (id=1085): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000006c0), r0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100001f00f9ffff7f000000000000010100800c00010005"], 0x114}], 0x1}, 0x0) sendmsg$NLBL_MGMT_C_REMOVE(r0, 0x0, 0x10) 1m8.047542069s ago: executing program 1 (id=1213): r0 = socket$isdn(0x22, 0x2, 0x6) close(r0) 1m6.961290124s ago: executing program 0 (id=1085): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000006c0), r0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100001f00f9ffff7f000000000000010100800c00010005"], 0x114}], 0x1}, 0x0) sendmsg$NLBL_MGMT_C_REMOVE(r0, 0x0, 0x10) 52.622254308s ago: executing program 1 (id=1213): r0 = socket$isdn(0x22, 0x2, 0x6) close(r0) 51.484701155s ago: executing program 0 (id=1085): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000006c0), r0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100001f00f9ffff7f000000000000010100800c00010005"], 0x114}], 0x1}, 0x0) sendmsg$NLBL_MGMT_C_REMOVE(r0, 0x0, 0x10) 38.015656859s ago: executing program 1 (id=1213): r0 = socket$isdn(0x22, 0x2, 0x6) close(r0) 36.959524585s ago: executing program 0 (id=1085): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000006c0), r0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100001f00f9ffff7f000000000000010100800c00010005"], 0x114}], 0x1}, 0x0) sendmsg$NLBL_MGMT_C_REMOVE(r0, 0x0, 0x10) 24.032720357s ago: executing program 1 (id=1213): r0 = socket$isdn(0x22, 0x2, 0x6) close(r0) 23.04992341s ago: executing program 0 (id=1085): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000006c0), r0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100001f00f9ffff7f000000000000010100800c00010005"], 0x114}], 0x1}, 0x0) sendmsg$NLBL_MGMT_C_REMOVE(r0, 0x0, 0x10) 9.985450134s ago: executing program 1 (id=1213): r0 = socket$isdn(0x22, 0x2, 0x6) close(r0) 8.309122799s ago: executing program 0 (id=1085): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000006c0), r0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100001f00f9ffff7f000000000000010100800c00010005"], 0x114}], 0x1}, 0x0) sendmsg$NLBL_MGMT_C_REMOVE(r0, 0x0, 0x10) 2.250415292s ago: executing program 5 (id=1999): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, 0x2, 0x1, 0x101, 0x0, 0x0, {0x7, 0x0, 0x3}, [@CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000000) (fail_nth: 1) 2.249224356s ago: executing program 2 (id=2000): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bond0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c00000010000304000000000000000000000400", @ANYRES32=r0, @ANYBLOB="e0d8010004a701001c00128009000100626f6e64000000000c000280050001"], 0x3c}, 0x1, 0x0, 0x0, 0x408d1}, 0x4000044) 1.999187912s ago: executing program 2 (id=2001): r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910700004f78d4c1a0731cccff"], 0x1c}}, 0x0) recvmmsg$unix(r0, &(0x7f0000002380)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000023c0)=""/4101, 0x1005}], 0x1, 0x0, 0xc3}}], 0x1, 0x0, 0x0) 1.982210797s ago: executing program 5 (id=2002): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 1.899410344s ago: executing program 5 (id=2003): r0 = socket$netlink(0x10, 0x3, 0xa) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010003081000418e0ec00004fcff", 0x58}], 0x1) socket$inet6(0xa, 0xa, 0x81) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000c40)=ANY=[@ANYBLOB="580000001000010400000000000000e9fe2831b2", @ANYRES32=0x0, @ANYBLOB="00000000da44000024001a8020000a8014000700fe8000000000000000020040000000000500080002000000140003007866726d30"], 0x58}}, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000340)=0x14, 0x4) sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x4010}, 0x0) sendto$inet(r1, &(0x7f0000000280)="e8f10b50c295b468d93b6fa79040b9efd7f2cee764f014b2fa319694386e45d74b364ce8357c955f4a5e383c83122437cd104afd40245bc65425d8cbc2f9384330cf4eb02b67b57d60167259e2ce28f71ca7c60854af4a213256551fa367ed0c4f8cfaa0af7fa697b9d1a5d8882b59b0a875238d2e92b4e779995d8901ccc21b6e6602ff1df69a006d", 0x89, 0x800, &(0x7f00000001c0)={0x2, 0x4e22, @private=0xa010102}, 0x10) sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) clock_gettime(0x2, &(0x7f0000000380)) setsockopt$WPAN_SECURITY_LEVEL(r3, 0x0, 0x2, &(0x7f0000000240)=0xffffffffffffffff, 0x4) sendmsg$nl_route(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="44000000200001002bbd700000ff00000a108000000000080400010014000200fc02000000000000000000000000000014000100200100"/67], 0x44}}, 0x40000) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x5c, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @private2}]}}}]}, 0x5c}}, 0x0) r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r4, 0x106, 0x1, 0x0, &(0x7f0000000280)) sendmsg$IPSET_CMD_SWAP(r1, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, 0x6, 0x6, 0xb00, 0x0, 0x0, {0x0, 0x0, 0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x4010) 1.786247097s ago: executing program 4 (id=2005): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32, @ANYBLOB="00000000100000001c001a80080002"], 0x44}}, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) r3 = socket(0x200000000000011, 0x2, 0x1) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440) writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000800)="ca7ac5f90fed369c49ed0fb7f4ba678a17fa226757031f895d324f901c68f13a532626c33ba2382a5cfee70a05abb1c1c35b051030e2afeba4c1e58cda843ad546bff589c7b829644f0ceeec95ce397c9307889f584c51a4237d0bfb057566b803c602f2c18ba969c8876462bd1637e62091e1798f979c6f0a844730740b47f3b7f188cbae3b45b284617ca8425b4de76c40f4a2fe168033d731892dcbdc5e09de76a5849c1e96ea1b7edb9f25b2c12b16b900c995525e3a464fe9b10b8636bff61bd67d1b00b788dbe329969d50363bac4e0e124e3ff68e33f4af43e4e8b97b0a733939fa780cb21af3e1e187d159580b490bacf643dc77085355c0ed772c306be842fe309960c3fb0bbce85d5ea02e8661acedebc6f2465c2b8a424ac19593f212fe757a8a57da8bd43530df9c6a5c89e892d3336be83d1862f56d7c50752e1b338318601b083e2f8d71c0c303eb0bfee8068185f9c049ea6a900e00f842bacf6b48fc43169c9116844e0635cfbc6512d83c078d57869761b267bac9e90105b2572033e4702c6b190af198fecf442fa617d344366d88d7ab1f1677f7aa66b00746447aa13e73bd645b06044065e00451449f2895731faf25662962699a5ad9473f68f08b60de650e0899cd876556070247d9ed259d422fba806547e104c92c81ce9195dea81c8c33c0348aee47f1869b1d8e943be2a76f9ff19a02b641a7ddf12f813613d5b0cc83eabca2a579930cbe5e48ae6c0055f4806c548c3d27f4f29ac8024c42a66aa66d5b96f1cac00c431d367156c371931b1654a2ca351a79f2563e40105e3c2e990427f6f4df587c77529ca1407b6fa766d6e53d29803f57b685c3e1156fbc960936f92184c9678259b5f2d39f0062a0f9c366156b6e260a108b389c77a9c681e39649bc6d667babc460b7685116935cd02dff96cc1d38a58bee9ba09afc5fd2d8e3990bac463027f9b790e59cc7f2e2963b70570b79a71ee4ca543660b33fdce73689c9e778a1817a6b28b9f78728d0e9ea56390ed9cf580ef98a1287296a50c6913729a8a22feb356d757190ab5fdcf4bebdee00664c51d0fc40a12bb2d1ccc2ee7a91c0b4776cbd97f2f81789720ff61b6c9cc829dc38892895dc64af238830d8aa02f1dd7363a141a8da518b39359e9a1c9e7ad9843c17b7566f6bcfd024ad0ef7352a9b8f73853b62eb37543ab436ec5ae8e36b0b88e75f959ad2dadc32a37293cd9b87216ede1732b1cddc6103f334c13b6b465efb756cb3674d29573c2bcef996f507d98293f91d0ccfe392039a458bb639bddba9c7f8e4d0c96c1ed18b5e9ec05acf0844a473f41d2694bca9bd4273a80ca488ebf664ff8d29b36384f81b89778cdb350c30bd075cc4b83ad73d999e4392d179a733d28b5c9d68b493e9f4dbee37dd1dfeff25ccce48f5b241fbe6a7ae215309dff37bb1f012ce1e1d414fc4c12e654751a3159c68379ed181f22918dcfb5a0e51b3fd00e2847767d81effb539242d7fe43ad001820101f15243b13ef1e3f5a6a0e470d23db9faa7c5695ecfa78cc2ca0ad73445ebaa4e763fc39ea8f9eb6b436c64b4bc98fe0c04073721a8fd8d5cfe184746a84307d22fd1b30fc61f0ac37b1308a61a7ef4734708704ecbb2062b52a218acdd0a2bbfbc72538070c3cc1080ccd9d1392e6a0c112b08c13c7f95913a52fb6399254c381484a8719cc7409a27bec967550a8de32ac6e0b763f8717427e2a1e8379e8d8b545d475e30f4e5b2e5459868597f068a391e6d86560ca90d7c3d08eb3adc7230c584c0e98aa70b7083a9ed9ac667cba8c78a2494f254f5527b039683614eb705b0b558b1a6d03bd6832c1bf74bfc1c777ab9b87bf3ff559cdc88bcdcb7f86aac4750c27438c312f3868ddec5e289ac6b51b8e37adae69413e1db0d5ae162e918d69b83264ccf0dd9149b0718d6719d7c1b392e3d2f68ad63d8000456add421711cfb23a3be71266a958740dc220cf32a5b60a95e11b8fc7e261c55b1816c092da9e5a38dec468b8a6869596f1b49dafce369804ab59b5f5b8306073bbc7183a5c0481762a91feaa11a22b291fe6bff286bb7f63b3f374e620805d6fc1822e6eee61dfaa1f2ce3ecf6f9c4f555085c8e4c8802b41f525fbbf35783eb5752962988dd463f93d8fc985b74436ecbb0349900251e35fa9e57714b4281ce2b8ecfb885284cc983dfef97e3e726896108a021b89a8d0e12832ab70e2b4e9225410b5564eb85257bf85d0ce44105b483854601e3f31449e636fa130f285b2aa942b7f5ead4d9e8b29fc3a9ef2d557bf4bf431083517eb48e87b35552ab7b0a3800d0f6ffd0d63461a2ac3bcb58cfd0539314b894a3bfad8dde39fa54ed058425f240ee47c9f11e750f5aea31e0b8c27ee3a66b1f21244723479085695409d9e5ac698503ca6082944a107a2c8e8bbc4d4bb7e88adf86ac060377ce9ba61685bd5053e2ff91fc6bd5b4afaca7610abf07b0c962ef6576bc654f9fa907188482d5f7c4484571b009c04c1357c8b0f4a78e4e03673c396969f78d22104d8b3a7cf11073c5d15aac27f26ea7f9ed37e8f71ec45d0264e333b2f90ae732061df5ba0349e165678d10701d60ee590b67a1d43a15a9aef74bc3fa96369934d0c4dfb9524aa8525a3001acf466fdf25d9df20791260d446e8d1e291df1f4eb6a18959b80d03fae1bd8dc992182451b98146affca09c858a28b68856456fc7a0457268b4fda3dd93da0caf339befd725332c953bcc0b8f609d601aeccee5088f7e2c666e8ad7533c4d7639914242521cf19d587310f843b38a6ae43792f205dfa2cd3e6899f62d9b84d09c293186a21171fa3d8b67c82f998fa27dd87558c821e6cbc12d5c85393f1399e4580cdf8462f9caf764", 0x801}], 0x1) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000071000100000000000000000007000000", @ANYRES32=r1, @ANYBLOB="0c000180080001000300010020"], 0x44}}, 0x0) r5 = socket$inet6(0xa, 0x3, 0x9) bind$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x6}, 0x1c) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[], 0xa0}, 0x1, 0x0, 0x0, 0x20040884}, 0x40000) r6 = socket(0x10, 0x3, 0x0) sendmmsg(r6, &(0x7f0000000000), 0x4000000000001f2, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockopt(r6, 0x7, 0x2, &(0x7f0000000200)=""/104, &(0x7f0000000180)=0x68) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000140)={@ipv4={'\x00', '\xff\xff', @broadcast}, 0x5e, r1}) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000800000000000000000000850000006d00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='contention_end\x00', r7}, 0x10) r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000002740)=ANY=[@ANYBLOB="140000001300015b993dde440113e90005"], 0x14}], 0x1}, 0x0) 696.207241ms ago: executing program 2 (id=2006): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.throttle.io_serviced\x00', 0x26e1, 0x0) close(r0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r0, 0x800442d2, &(0x7f0000000080)={0x6, &(0x7f0000000340)=[{0x0, 0x0, 0x0, @multicast}, {0x0, 0x0, 0x0, @random}, {0x0, 0x0, 0x0, @multicast}, {}, {0x0, 0x0, 0x0, @remote}, {}]}) r1 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, &(0x7f0000000040)=0x1, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vxcan1\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000100)={0x1d, r2}, 0x18) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(0xffffffffffffffff, 0x80189439, &(0x7f00000000c0)) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='irq_noise\x00', r0, 0x0, 0x6}, 0x18) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r5, 0x701}, 0x14}}, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'geneve1\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000000)={0x1d, r6, 0x1, {0x1, 0xf0, 0x1}}, 0x18) 618.703633ms ago: executing program 4 (id=2007): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="1800000024000103000000000000000001008c0004"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) socket$nl_route(0x10, 0x3, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0) 543.610641ms ago: executing program 5 (id=2008): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)={0x1c, r1, 0x303, 0x0, 0x0, {0xa}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}}, 0x0) 449.949239ms ago: executing program 2 (id=2009): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x24, 0x7, 0x6, 0x101, 0x0, 0x9000000, {}, [@IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x4}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}}, 0x4000014) 417.409678ms ago: executing program 4 (id=2010): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000100)=@ethtool_ringparam={0xf, 0x0, 0x0, 0x0, 0x0, 0xf}}) accept4$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast2}, &(0x7f0000000040)=0x10, 0x80000) 390.202993ms ago: executing program 5 (id=2011): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="2c0000ef", @ANYRES16=r1, @ANYBLOB="01002abd7000fccbdf250900000005000700020000000800010001000000050008"], 0x2c}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) 283.47839ms ago: executing program 2 (id=2012): r0 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$int_in(r0, 0x5421, &(0x7f0000000100)=0x9) close(r0) 267.520749ms ago: executing program 5 (id=2013): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1f00"/20, @ANYRES32=0x1], 0x48) r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={0x0}, &(0x7f0000000000)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000100)={r2, 0x9}, 0xc) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB='V?\x00\x00-\x00Y'], 0xfe33) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01034900e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'xfrm0\x00'}) sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000300)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @notrack={{0xc}, @val={0x4, 0x2, 0x0, 0x1, ["", "", "", "", "", "", ""]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x1}, @NFTA_RULE_COMPAT={0xc, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x2f}]}]}], {0x14}}, 0x74}}, 0x4) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000002}, 0x0, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x2, 0x4, 0x3}]}]}, 0xfc}}, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001100)=@migrate={0xa0, 0x21, 0x1, 0x0, 0x0, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in=@rand_addr=0x64010102, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x50, 0x11, [{@in=@local, @in=@loopback, @in=@multicast2, @in6=@local, 0x3c, 0x4, 0x0, 0x2, 0xa, 0xa}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r7 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r7, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) syz_emit_ethernet(0xfdef, &(0x7f0000000680)=ANY=[@ANYBLOB="aaaaaaaaaaaa0000ced4c4bd87c1f2c8e5e60000000008004500fde10000000000119078000000000000000007004e22fdcd907804040000000004dafa027f6095db5977eeb8b4921721275fb7b1b7dcfc64ebd9f36b1ee734ea71a701012f821e53c7c78aee48ecfa16d41305000000000000008c5d25b9ee4ccd80d25dd3c1a10f78da45b1946f2ec2cbd6d57b7e2160a0cb95efe4f6921298bb14cb4e90fc764c6c0c5d21ffa5895c96051212b368a84cc3de8578f212fadd2bd0fff5c0c2793ce9e435de50a4e8163e54506c6ba1f944448f559b0fd113337c7d3b86a7ba6375b3c32f099881f471eff4b25edb555b37799124d5a8ee2b3c0c35bd57779f3e03517f5b8b9ba3cae488561ca581162506008b389195e3bcf5d2f8fb8bdac572e1702c8f81faf60b9bfcbfa5a7ec1b942faad24396e0ae276ad7173350ae27c6f3e53b71bb1a36a5562054a38258b8f9ed6653681ef0ac12b37375c9d47d702018718eb1a3ff3754ddc86a126e2de60042a5ff86315ffeac2cdcf3bf07182417158b9362407f0f57799662cdd10838405bf00c1530c648a4ef4e471c127bc1dd4f92a9685a9b9ae12b5742355dadbf20b116a2ea78b2d54ba48eefe80597144abc5402c133c6bc773a08541c8b58a2e21dd90ccb6392f479126c91a0d71eeeb5e21b7888c2af1826ece06b42bad52c94cdef9a0e66cce743baed9301cc4df6fbf2fd83795996a94b91095a85973f3715f1d11744d5ad27cbf8188f90410a948d"], 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r9 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r9, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r9, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r9, 0x84, 0x15, 0x0, 0x0) sendto$inet6(r9, &(0x7f0000000080)="b1", 0x1, 0x6044094, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) shutdown(r9, 0x1) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, 0x0, &(0x7f0000000080)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000640)='virtio_transport_alloc_pkt\x00', r8}, 0x18) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r7, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112) 256.550226ms ago: executing program 2 (id=2014): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, 0x2, 0x1, 0x101, 0x0, 0x0, {0x7, 0x0, 0x3}, [@CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000000) (fail_nth: 2) 136.121505ms ago: executing program 4 (id=2015): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, 0x0, 0x40080c0) 65.59704ms ago: executing program 4 (id=2016): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x49920d862a92153b, 0x800, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vcan={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) (fail_nth: 3) 0s ago: executing program 4 (id=2017): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32, @ANYBLOB="00000000100000001c001a80080002"], 0x44}}, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) r3 = socket(0x200000000000011, 0x2, 0x1) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-avx2\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x800) writev(r5, &(0x7f0000000180)=[{&(0x7f0000000800)="ca7ac5f90fed369c49ed0fb7f4ba678a17fa226757031f895d324f901c68f13a532626c33ba2382a5cfee70a05abb1c1c35b051030e2afeba4c1e58cda843ad546bff589c7b829644f0ceeec95ce397c9307889f584c51a4237d0bfb057566b803c602f2c18ba969c8876462bd1637e62091e1798f979c6f0a844730740b47f3b7f188cbae3b45b284617ca8425b4de76c40f4a2fe168033d731892dcbdc5e09de76a5849c1e96ea1b7edb9f25b2c12b16b900c995525e3a464fe9b10b8636bff61bd67d1b00b788dbe329969d50363bac4e0e124e3ff68e33f4af43e4e8b97b0a733939fa780cb21af3e1e187d159580b490bacf643dc77085355c0ed772c306be842fe309960c3fb0bbce85d5ea02e8661acedebc6f2465c2b8a424ac19593f212fe757a8a57da8bd43530df9c6a5c89e892d3336be83d1862f56d7c50752e1b338318601b083e2f8d71c0c303eb0bfee8068185f9c049ea6a900e00f842bacf6b48fc43169c9116844e0635cfbc6512d83c078d57869761b267bac9e90105b2572033e4702c6b190af198fecf442fa617d344366d88d7ab1f1677f7aa66b00746447aa13e73bd645b06044065e00451449f2895731faf25662962699a5ad9473f68f08b60de650e0899cd876556070247d9ed259d422fba806547e104c92c81ce9195dea81c8c33c0348aee47f1869b1d8e943be2a76f9ff19a02b641a7ddf12f813613d5b0cc83eabca2a579930cbe5e48ae6c0055f4806c548c3d27f4f29ac8024c42a66aa66d5b96f1cac00c431d367156c371931b1654a2ca351a79f2563e40105e3c2e990427f6f4df587c77529ca1407b6fa766d6e53d29803f57b685c3e1156fbc960936f92184c9678259b5f2d39f0062a0f9c366156b6e260a108b389c77a9c681e39649bc6d667babc460b7685116935cd02dff96cc1d38a58bee9ba09afc5fd2d8e3990bac463027f9b790e59cc7f2e2963b70570b79a71ee4ca543660b33fdce73689c9e778a1817a6b28b9f78728d0e9ea56390ed9cf580ef98a1287296a50c6913729a8a22feb356d757190ab5fdcf4bebdee00664c51d0fc40a12bb2d1ccc2ee7a91c0b4776cbd97f2f81789720ff61b6c9cc829dc38892895dc64af238830d8aa02f1dd7363a141a8da518b39359e9a1c9e7ad9843c17b7566f6bcfd024ad0ef7352a9b8f73853b62eb37543ab436ec5ae8e36b0b88e75f959ad2dadc32a37293cd9b87216ede1732b1cddc6103f334c13b6b465efb756cb3674d29573c2bcef996f507d98293f91d0ccfe392039a458bb639bddba9c7f8e4d0c96c1ed18b5e9ec05acf0844a473f41d2694bca9bd4273a80ca488ebf664ff8d29b36384f81b89778cdb350c30bd075cc4b83ad73d999e4392d179a733d28b5c9d68b493e9f4dbee37dd1dfeff25ccce48f5b241fbe6a7ae215309dff37bb1f012ce1e1d414fc4c12e654751a3159c68379ed181f22918dcfb5a0e51b3fd00e2847767d81effb539242d7fe43ad001820101f15243b13ef1e3f5a6a0e470d23db9faa7c5695ecfa78cc2ca0ad73445ebaa4e763fc39ea8f9eb6b436c64b4bc98fe0c04073721a8fd8d5cfe184746a84307d22fd1b30fc61f0ac37b1308a61a7ef4734708704ecbb2062b52a218acdd0a2bbfbc72538070c3cc1080ccd9d1392e6a0c112b08c13c7f95913a52fb6399254c381484a8719cc7409a27bec967550a8de32ac6e0b763f8717427e2a1e8379e8d8b545d475e30f4e5b2e5459868597f068a391e6d86560ca90d7c3d08eb3adc7230c584c0e98aa70b7083a9ed9ac667cba8c78a2494f254f5527b039683614eb705b0b558b1a6d03bd6832c1bf74bfc1c777ab9b87bf3ff559cdc88bcdcb7f86aac4750c27438c312f3868ddec5e289ac6b51b8e37adae69413e1db0d5ae162e918d69b83264ccf0dd9149b0718d6719d7c1b392e3d2f68ad63d8000456add421711cfb23a3be71266a958740dc220cf32a5b60a95e11b8fc7e261c55b1816c092da9e5a38dec468b8a6869596f1b49dafce369804ab59b5f5b8306073bbc7183a5c0481762a91feaa11a22b291fe6bff286bb7f63b3f374e620805d6fc1822e6eee61dfaa1f2ce3ecf6f9c4f555085c8e4c8802b41f525fbbf35783eb5752962988dd463f93d8fc985b74436ecbb0349900251e35fa9e57714b4281ce2b8ecfb885284cc983dfef97e3e726896108a021b89a8d0e12832ab70e2b4e9225410b5564eb85257bf85d0ce44105b483854601e3f31449e636fa130f285b2aa942b7f5ead4d9e8b29fc3a9ef2d557bf4bf431083517eb48e87b35552ab7b0a3800d0f6ffd0d63461a2ac3bcb58cfd0539314b894a3bfad8dde39fa54ed058425f240ee47c9f11e750f5aea31e0b8c27ee3a66b1f21244723479085695409d9e5ac698503ca6082944a107a2c8e8bbc4d4bb7e88adf86ac060377ce9ba61685bd5053e2ff91fc6bd5b4afaca7610abf07b0c962ef6576bc654f9fa907188482d5f7c4484571b009c04c1357c8b0f4a78e4e03673c396969f78d22104d8b3a7cf11073c5d15aac27f26ea7f9ed37e8f71ec45d0264e333b2f90ae732061df5ba0349e165678d10701d60ee590b67a1d43a15a9aef74bc3fa96369934d0c4dfb9524aa8525a3001acf466fdf25d9df20791260d446e8d1e291df1f4eb6a18959b80d03fae1bd8dc992182451b98146affca09c858a28b68856456fc7a0457268b4fda3dd93da0caf339befd725332c953bcc0b8f609d601aeccee5088f7e2c666e8ad7533c4d7639914242521cf19d587310f843b38a6ae43792f205dfa2cd3e6899f62d9b84d09c293186a21171fa3d8b67c82f998fa27dd87558c821e6cbc12d5c85393f1399e4580cdf8462f9caf764", 0x801}], 0x1) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000071000100000000000000000007000000", @ANYRES32=r1, @ANYBLOB="0c000180080001000300010020"], 0x44}}, 0x0) r6 = socket$inet6(0xa, 0x3, 0x9) bind$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x6}, 0x1c) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[], 0xa0}, 0x1, 0x0, 0x0, 0x20040884}, 0x40000) r7 = socket(0x10, 0x3, 0x0) sendmmsg(r7, &(0x7f0000000000), 0x4000000000001f2, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockopt(r7, 0x7, 0x2, &(0x7f0000000200)=""/104, &(0x7f0000000180)=0x68) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000140)={@ipv4={'\x00', '\xff\xff', @broadcast}, 0x5e, r1}) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000800000000000000000000850000006d00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='contention_end\x00', r8}, 0x10) r9 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000002740)=ANY=[@ANYBLOB="140000001300015b993dde440113e90005"], 0x14}], 0x1}, 0x0) kernel console output (not intermixed with test programs): 64_sys_sendmsg+0x19b/0x260 [ 214.233314][ T9978] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 214.233360][ T9978] ? do_syscall_64+0xba/0x210 [ 214.233388][ T9978] do_syscall_64+0xf6/0x210 [ 214.233412][ T9978] ? clear_bhb_loop+0x45/0xa0 [ 214.233437][ T9978] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.233457][ T9978] RIP: 0033:0x7f1199f8e969 [ 214.233475][ T9978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 214.233492][ T9978] RSP: 002b:00007f119ae16038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 214.233514][ T9978] RAX: ffffffffffffffda RBX: 00007f119a1b5fa0 RCX: 00007f1199f8e969 [ 214.233528][ T9978] RDX: 0000000000000880 RSI: 00002000000002c0 RDI: 0000000000000004 [ 214.233540][ T9978] RBP: 00007f119ae16090 R08: 0000000000000000 R09: 0000000000000000 [ 214.233552][ T9978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 214.233563][ T9978] R13: 0000000000000000 R14: 00007f119a1b5fa0 R15: 00007fff2c14b2a8 [ 214.233596][ T9978] [ 214.750577][ T1141] bridge_slave_1: left allmulticast mode [ 214.756665][ T1141] bridge_slave_1: left promiscuous mode [ 214.763755][ T1141] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.823441][ T1141] bridge_slave_0: left allmulticast mode [ 214.829154][ T9992] openvswitch: netlink: VXLAN extension message has 1 unknown bytes. [ 214.829161][ T1141] bridge_slave_0: left promiscuous mode [ 214.847706][ T1141] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.929066][ T9997] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1329'. [ 215.276771][ T5837] Bluetooth: hci3: command tx timeout [ 215.302357][ T1141] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 215.314226][ T1141] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 215.328217][ T1141] bond0 (unregistering): Released all slaves [ 215.537145][ T3474] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 215.548481][T10004] x_tables: duplicate underflow at hook 1 [ 215.550782][ T3474] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 215.590678][T10004] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1331'. [ 215.662546][T10004] Cannot find set identified by id 3 to match [ 215.701870][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 215.712726][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 215.731628][ T5950] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 215.747019][ T5950] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 215.959970][ T5950] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 215.999794][ T5950] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 216.039949][ T1141] hsr_slave_0: left promiscuous mode [ 216.052599][ T1141] hsr_slave_1: left promiscuous mode [ 216.062008][ T1141] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 216.080001][ T1141] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 216.092054][ T1141] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 216.100208][ T1141] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 216.124201][ T1141] veth1_macvtap: left promiscuous mode [ 216.129876][ T1141] veth0_macvtap: left promiscuous mode [ 216.135892][ T1141] veth1_vlan: left promiscuous mode [ 216.141224][ T1141] veth0_vlan: left promiscuous mode [ 216.606344][ T1141] team0 (unregistering): Port device team_slave_1 removed [ 216.642946][ T1141] team0 (unregistering): Port device team_slave_0 removed [ 217.039160][ T9938] chnl_net:caif_netlink_parms(): no params data found [ 217.360907][ T5837] Bluetooth: hci3: command tx timeout [ 217.522770][T10029] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1338'. [ 217.548889][ T9938] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.574607][ T9938] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.582045][ T9938] bridge_slave_0: entered allmulticast mode [ 217.604620][ T9938] bridge_slave_0: entered promiscuous mode [ 217.619272][ T9938] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.627738][ T9938] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.635830][ T9938] bridge_slave_1: entered allmulticast mode [ 217.643301][ T9938] bridge_slave_1: entered promiscuous mode [ 217.687753][ T9938] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 217.701098][ T9938] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 217.741671][ T9938] team0: Port device team_slave_0 added [ 217.752280][ T9938] team0: Port device team_slave_1 added [ 217.810834][ T1141] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.830609][ T9938] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 217.838122][ T9938] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 217.864618][ T9938] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 217.876963][ T9938] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 217.884283][ T9938] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 217.912032][ T9938] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 217.938711][ T1141] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.001847][ T1141] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.071163][ T9938] hsr_slave_0: entered promiscuous mode [ 218.089667][ T9938] hsr_slave_1: entered promiscuous mode [ 218.103524][ T9938] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 218.119890][ T9938] Cannot create hsr debugfs directory [ 218.164478][T10036] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1340'. [ 218.182844][ T1141] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.780322][ T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 218.789993][ T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 218.800036][ T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 218.808343][ T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 218.818012][ T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 218.853246][T10064] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 218.997940][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 219.010764][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 219.051614][ T1141] bridge_slave_1: left allmulticast mode [ 219.073046][ T1141] bridge_slave_1: left promiscuous mode [ 219.078993][ T1141] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.136896][ T1141] bridge_slave_0: left allmulticast mode [ 219.148151][ T1141] bridge_slave_0: left promiscuous mode [ 219.155866][ T1141] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.440032][ T5837] Bluetooth: hci3: command tx timeout [ 219.777884][ T1141] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 219.791113][ T1141] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 219.802684][ T1141] bond0 (unregistering): Released all slaves [ 219.831817][T10077] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1352'. [ 219.860430][T10078] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1352'. [ 220.611670][ T1141] hsr_slave_0: left promiscuous mode [ 220.628684][ T1141] hsr_slave_1: left promiscuous mode [ 220.649461][ T1141] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 220.667875][ T1141] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 220.679981][ T1141] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 220.699415][ T1141] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 220.708089][T10123] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1366'. [ 220.773360][ T1141] veth1_macvtap: left promiscuous mode [ 220.790991][ T1141] veth0_macvtap: left promiscuous mode [ 220.800273][ T1141] veth1_vlan: left promiscuous mode [ 220.806025][ T1141] veth0_vlan: left promiscuous mode [ 220.873122][ T5837] Bluetooth: hci0: command tx timeout [ 221.271779][ T1141] team0 (unregistering): Port device team_slave_1 removed [ 221.316030][ T1141] team0 (unregistering): Port device team_slave_0 removed [ 221.524379][ T5837] Bluetooth: hci3: command tx timeout [ 221.772438][T10128] gre1: entered promiscuous mode [ 221.777842][T10128] gre1: entered allmulticast mode [ 221.961849][T10137] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1370'. [ 222.151538][T10060] chnl_net:caif_netlink_parms(): no params data found [ 222.580431][T10165] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1380'. [ 222.717527][T10060] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.725294][T10060] bridge0: port 1(bridge_slave_0) entered disabled state [ 222.732725][T10060] bridge_slave_0: entered allmulticast mode [ 222.740822][T10060] bridge_slave_0: entered promiscuous mode [ 222.777855][T10169] veth0_to_hsr: invalid flags given to default FDB implementation [ 222.809983][T10060] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.822024][T10060] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.851625][T10060] bridge_slave_1: entered allmulticast mode [ 222.874379][T10060] bridge_slave_1: entered promiscuous mode [ 222.949990][ T9938] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 222.956931][ T5837] Bluetooth: hci0: command tx timeout [ 223.058803][T10060] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 223.086568][ T9938] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 223.131007][T10060] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 223.166039][T10181] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1384'. [ 223.176713][ T9938] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 223.371099][ T9938] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 223.431845][T10060] team0: Port device team_slave_0 added [ 223.456563][T10060] team0: Port device team_slave_1 added [ 223.519377][T10205] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1392'. [ 223.538923][T10205] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1392'. [ 223.558575][T10060] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 223.573459][T10060] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 223.601769][T10060] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 223.629918][T10060] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 223.653061][T10060] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 223.687244][T10060] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 223.875982][T10060] hsr_slave_0: entered promiscuous mode [ 223.887874][T10060] hsr_slave_1: entered promiscuous mode [ 223.894633][T10060] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 223.902420][T10060] Cannot create hsr debugfs directory [ 224.032561][T10215] FAULT_INJECTION: forcing a failure. [ 224.032561][T10215] name failslab, interval 1, probability 0, space 0, times 0 [ 224.055347][T10215] CPU: 1 UID: 0 PID: 10215 Comm: syz.5.1395 Not tainted 6.15.0-rc4-syzkaller-00163-ge8716b5b0dff #0 PREEMPT(full) [ 224.055378][T10215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 224.055390][T10215] Call Trace: [ 224.055398][T10215] [ 224.055406][T10215] dump_stack_lvl+0x189/0x250 [ 224.055445][T10215] ? __pfx_dump_stack_lvl+0x10/0x10 [ 224.055474][T10215] ? __pfx__printk+0x10/0x10 [ 224.055499][T10215] ? __pfx___might_resched+0x10/0x10 [ 224.055515][T10215] ? fs_reclaim_acquire+0x7d/0x100 [ 224.055548][T10215] should_fail_ex+0x414/0x560 [ 224.055585][T10215] should_failslab+0xa8/0x100 [ 224.055612][T10215] kmem_cache_alloc_noprof+0x73/0x3c0 [ 224.055635][T10215] ? skb_clone+0x212/0x3a0 [ 224.055664][T10215] skb_clone+0x212/0x3a0 [ 224.055688][T10215] ? nfnetlink_rcv+0x496/0x2530 [ 224.055716][T10215] nfnetlink_rcv+0x4c4/0x2530 [ 224.055744][T10215] ? __dev_queue_xmit+0x27e/0x3a70 [ 224.055771][T10215] ? __dev_queue_xmit+0x27e/0x3a70 [ 224.055812][T10215] ? __dev_queue_xmit+0x27e/0x3a70 [ 224.055839][T10215] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.055862][T10215] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 224.055911][T10215] ? ref_tracker_free+0x63a/0x7d0 [ 224.055930][T10215] ? __copy_skb_header+0xa7/0x550 [ 224.055958][T10215] ? __pfx_ref_tracker_free+0x10/0x10 [ 224.055997][T10215] ? skb_clone+0x246/0x3a0 [ 224.056035][T10215] ? __netlink_deliver_tap+0x807/0x850 [ 224.056056][T10215] ? netlink_deliver_tap+0x2e/0x1b0 [ 224.056082][T10215] ? netlink_deliver_tap+0x2e/0x1b0 [ 224.056101][T10215] ? netlink_deliver_tap+0x2e/0x1b0 [ 224.056126][T10215] netlink_unicast+0x758/0x8d0 [ 224.056167][T10215] netlink_sendmsg+0x805/0xb30 [ 224.056198][T10215] ? __pfx_netlink_sendmsg+0x10/0x10 [ 224.056223][T10215] ? aa_sock_msg_perm+0x94/0x160 [ 224.056246][T10215] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 224.056267][T10215] ? __pfx_netlink_sendmsg+0x10/0x10 [ 224.056289][T10215] __sock_sendmsg+0x219/0x270 [ 224.056323][T10215] ____sys_sendmsg+0x505/0x830 [ 224.056353][T10215] ? __pfx_____sys_sendmsg+0x10/0x10 [ 224.056389][T10215] ? import_iovec+0x74/0xa0 [ 224.056419][T10215] ___sys_sendmsg+0x21f/0x2a0 [ 224.056446][T10215] ? __pfx____sys_sendmsg+0x10/0x10 [ 224.056510][T10215] ? __fget_files+0x2a/0x420 [ 224.056534][T10215] ? __fget_files+0x3a0/0x420 [ 224.056569][T10215] __x64_sys_sendmsg+0x19b/0x260 [ 224.056597][T10215] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 224.056639][T10215] ? do_syscall_64+0xba/0x210 [ 224.056666][T10215] do_syscall_64+0xf6/0x210 [ 224.056690][T10215] ? clear_bhb_loop+0x45/0xa0 [ 224.056715][T10215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.056733][T10215] RIP: 0033:0x7f560478e969 [ 224.056753][T10215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 224.056770][T10215] RSP: 002b:00007f560550f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 224.056792][T10215] RAX: ffffffffffffffda RBX: 00007f56049b5fa0 RCX: 00007f560478e969 [ 224.056807][T10215] RDX: 0000000000008004 RSI: 0000200000008940 RDI: 0000000000000003 [ 224.056820][T10215] RBP: 00007f560550f090 R08: 0000000000000000 R09: 0000000000000000 [ 224.056841][T10215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 224.056853][T10215] R13: 0000000000000000 R14: 00007f56049b5fa0 R15: 00007fff310664c8 [ 224.056884][T10215] [ 224.520014][T10217] Bluetooth: MGMT ver 1.23 [ 224.834883][T10232] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 224.907768][ T9938] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.007157][ T9938] 8021q: adding VLAN 0 to HW filter on device team0 [ 225.038545][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 225.056313][ T5837] Bluetooth: hci0: command tx timeout [ 225.077652][T10241] netlink: 9 bytes leftover after parsing attributes in process `syz.4.1404'. [ 225.092681][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.099912][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.120615][T10241] ï‰Oܼ: renamed from hsr0 (while UP) [ 225.142773][T10241] ï‰Oܼ: entered promiscuous mode [ 225.151585][T10241] A link change request failed with some changes committed already. Interface ï‰Oܼ may have been left with an inconsistent configuration, please check. [ 225.174298][ T5950] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.181614][ T5950] bridge0: port 2(bridge_slave_1) entered forwarding state [ 225.375222][T10250] FAULT_INJECTION: forcing a failure. [ 225.375222][T10250] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 225.413228][T10250] CPU: 0 UID: 0 PID: 10250 Comm: syz.4.1408 Not tainted 6.15.0-rc4-syzkaller-00163-ge8716b5b0dff #0 PREEMPT(full) [ 225.413258][T10250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 225.413270][T10250] Call Trace: [ 225.413278][T10250] [ 225.413287][T10250] dump_stack_lvl+0x189/0x250 [ 225.413318][T10250] ? __lock_acquire+0xaac/0xd20 [ 225.413347][T10250] ? __pfx_dump_stack_lvl+0x10/0x10 [ 225.413374][T10250] ? __pfx__printk+0x10/0x10 [ 225.413392][T10250] ? __might_fault+0xb0/0x130 [ 225.413428][T10250] should_fail_ex+0x414/0x560 [ 225.413464][T10250] _copy_from_iter+0x1db/0x15a0 [ 225.413500][T10250] ? __pfx__copy_from_iter+0x10/0x10 [ 225.413528][T10250] ? is_bpf_text_address+0x26/0x2b0 [ 225.413566][T10250] tun_get_user+0x20c/0x3c20 [ 225.413612][T10250] ? aa_file_perm+0x11f/0xed0 [ 225.413635][T10250] ? __pfx_tun_get_user+0x10/0x10 [ 225.413660][T10250] ? aa_file_perm+0x11f/0xed0 [ 225.413679][T10250] ? aa_file_perm+0x3e7/0xed0 [ 225.413713][T10250] ? ref_tracker_alloc+0x318/0x460 [ 225.413736][T10250] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 225.413762][T10250] ? tun_get+0x1c/0x2f0 [ 225.413795][T10250] ? tun_get+0x1c/0x2f0 [ 225.413820][T10250] ? tun_get+0x1c/0x2f0 [ 225.413851][T10250] tun_chr_write_iter+0x113/0x200 [ 225.413890][T10250] vfs_write+0x548/0xa90 [ 225.413918][T10250] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 225.413945][T10250] ? __pfx_vfs_write+0x10/0x10 [ 225.413978][T10250] ? __fget_files+0x2a/0x420 [ 225.414014][T10250] ksys_write+0x145/0x250 [ 225.414034][T10250] ? rcu_is_watching+0x15/0xb0 [ 225.414066][T10250] ? __pfx_ksys_write+0x10/0x10 [ 225.414092][T10250] ? do_syscall_64+0xba/0x210 [ 225.414119][T10250] do_syscall_64+0xf6/0x210 [ 225.414142][T10250] ? clear_bhb_loop+0x45/0xa0 [ 225.414163][T10250] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.414180][T10250] RIP: 0033:0x7f3e22b8e969 [ 225.414196][T10250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 225.414210][T10250] RSP: 002b:00007f3e23ab6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 225.414227][T10250] RAX: ffffffffffffffda RBX: 00007f3e22db5fa0 RCX: 00007f3e22b8e969 [ 225.414238][T10250] RDX: 000000000000016b RSI: 00002000000006c0 RDI: 0000000000000003 [ 225.414248][T10250] RBP: 00007f3e23ab6090 R08: 0000000000000000 R09: 0000000000000000 [ 225.414258][T10250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 225.414267][T10250] R13: 0000000000000000 R14: 00007f3e22db5fa0 R15: 00007ffef771a748 [ 225.414292][T10250] [ 225.751279][T10060] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 225.770396][T10060] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 225.833427][T10060] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 225.867008][T10060] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 226.040061][T10266] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1414'. [ 226.069792][T10266] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1414'. [ 226.175983][ T9938] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 226.185499][T10272] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1415'. [ 226.233796][T10272] Driver unsupported XDP return value 0 on prog (id 205) dev N/A, expect packet loss! [ 226.305148][T10060] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.366334][ T9938] veth0_vlan: entered promiscuous mode [ 226.389041][T10060] 8021q: adding VLAN 0 to HW filter on device team0 [ 226.410034][ T9938] veth1_vlan: entered promiscuous mode [ 226.431224][ T180] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.438473][ T180] bridge0: port 1(bridge_slave_0) entered forwarding state [ 226.478197][ T180] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.485424][ T180] bridge0: port 2(bridge_slave_1) entered forwarding state [ 226.716510][ T9938] veth0_macvtap: entered promiscuous mode [ 226.745432][ T9938] veth1_macvtap: entered promiscuous mode [ 226.815838][ T9938] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 226.858402][ T9938] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 226.884695][ T9938] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 226.951083][ T9938] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 226.996613][ T9938] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.010447][ T9938] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 227.102012][ T9938] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.113581][ T5837] Bluetooth: hci0: command tx timeout [ 227.133103][ T9938] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.153111][ T9938] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.161961][ T9938] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.178677][T10296] netlink: 'syz.4.1423': attribute type 1 has an invalid length. [ 227.191727][T10296] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1423'. [ 227.238178][T10296] netlink: 100 bytes leftover after parsing attributes in process `syz.4.1423'. [ 227.348400][T10060] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 227.579345][ T3474] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 227.610422][ T3474] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 227.729202][ T3474] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 227.732405][T10060] veth0_vlan: entered promiscuous mode [ 227.772637][ T3474] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 227.935683][T10306] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 227.949878][T10060] veth1_vlan: entered promiscuous mode [ 228.235776][T10060] veth0_macvtap: entered promiscuous mode [ 228.297453][T10060] veth1_macvtap: entered promiscuous mode [ 228.348066][T10315] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1429'. [ 228.479185][T10060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 228.495773][T10060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.506423][T10060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 228.517522][T10060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.531632][T10060] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 228.582404][T10060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 228.620306][T10060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.652682][T10060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 228.672963][T10060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.689346][T10060] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 228.721967][T10332] bridge_slave_1: default FDB implementation only supports local addresses [ 228.781772][ T5950] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.816432][T10334] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1433'. [ 228.830695][T10060] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.850691][T10060] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.883082][T10060] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.922977][T10060] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.045609][ T5950] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.112009][T10340] bridge_slave_0: left allmulticast mode [ 229.178051][T10340] bridge_slave_0: left promiscuous mode [ 229.207578][T10340] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.237700][T10340] bridge_slave_1: left allmulticast mode [ 229.260159][T10340] bridge_slave_1: left promiscuous mode [ 229.284036][T10340] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.323814][T10340] bond0: (slave bond_slave_0): Releasing backup interface [ 229.345486][T10340] bond0: (slave bond_slave_1): Releasing backup interface [ 229.390876][T10340] team0: Port device team_slave_0 removed [ 229.415302][T10340] team0: Port device team_slave_1 removed [ 229.422362][T10340] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 229.431713][T10340] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 229.470307][T10340] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 229.484249][T10340] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 229.548123][ T5950] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.563709][ T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 229.576015][ T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 229.586607][ T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 229.614753][ T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 229.627920][ T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 229.756686][ T5950] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.940371][T10363] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1443'. [ 230.100669][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 230.119106][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 230.549935][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 230.570217][ T55] block nbd9: Receive control failed (result -32) [ 230.603071][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 230.780519][ T5950] bridge_slave_1: left allmulticast mode [ 230.788739][ T5950] bridge_slave_1: left promiscuous mode [ 230.809201][ T5950] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.826672][ T5950] bridge_slave_0: left allmulticast mode [ 230.832420][ T5950] bridge_slave_0: left promiscuous mode [ 230.839652][ T5950] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.187818][ T5950] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 231.200653][ T5950] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 231.212690][ T5950] bond0 (unregistering): Released all slaves [ 231.633259][T10425] netlink: 'syz.5.1459': attribute type 1 has an invalid length. [ 231.720407][T10354] chnl_net:caif_netlink_parms(): no params data found [ 231.753714][ T55] Bluetooth: hci3: command tx timeout [ 231.789262][T10428] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 231.815072][T10429] 8021q: adding VLAN 0 to HW filter on device bond1 [ 231.854101][ T3474] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 232.013852][ T3474] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 232.062434][ T5950] hsr_slave_0: left promiscuous mode [ 232.070580][ T5950] hsr_slave_1: left promiscuous mode [ 232.078085][ T5950] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 232.085650][ T5950] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 232.096976][ T5950] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 232.107278][ T5950] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 232.129566][ T5950] veth1_macvtap: left promiscuous mode [ 232.135439][ T5950] veth0_macvtap: left promiscuous mode [ 232.141932][ T5950] veth1_vlan: left promiscuous mode [ 232.148089][ T5950] veth0_vlan: left promiscuous mode [ 232.841187][ T5950] team0 (unregistering): Port device team_slave_1 removed [ 232.897341][ T5837] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 232.916416][ T5837] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 232.924255][ T5950] team0 (unregistering): Port device team_slave_0 removed [ 232.926472][ T5837] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 232.945365][ T5837] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 232.960342][ T5837] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 233.369993][T10354] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.381575][T10354] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.389514][T10354] bridge_slave_0: entered allmulticast mode [ 233.404217][T10354] bridge_slave_0: entered promiscuous mode [ 233.418668][T10354] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.426023][T10354] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.433823][T10354] bridge_slave_1: entered allmulticast mode [ 233.441817][T10354] bridge_slave_1: entered promiscuous mode [ 233.596361][T10354] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 233.630395][T10354] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 233.778634][T10354] team0: Port device team_slave_0 added [ 233.802418][T10354] team0: Port device team_slave_1 added [ 233.833911][ T55] Bluetooth: hci3: command tx timeout [ 233.949127][T10354] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 233.962918][T10354] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.014216][T10354] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 234.041653][T10354] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 234.059789][T10354] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.088417][T10354] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 234.756498][T10354] hsr_slave_0: entered promiscuous mode [ 234.769174][T10354] hsr_slave_1: entered promiscuous mode [ 234.790809][T10354] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 234.813818][T10354] Cannot create hsr debugfs directory [ 234.946383][ T5950] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.038725][ T55] Bluetooth: hci0: command tx timeout [ 235.132819][T10487] bond1: (slave ip6gretap1): Removing an active aggregator [ 235.147592][T10423] bond1: Warning: Found an uninitialized port [ 235.155524][T10487] bond1: (slave ip6gretap1): Releasing backup interface [ 235.177682][T10499] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1482'. [ 235.213882][ T5950] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.392682][ T5950] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.578781][T10512] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1486'. [ 235.638934][ T5950] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.792183][T10448] chnl_net:caif_netlink_parms(): no params data found [ 235.914474][ T55] Bluetooth: hci3: command tx timeout [ 235.958464][T10529] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1491'. [ 236.397043][T10448] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.411451][T10448] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.429322][T10448] bridge_slave_0: entered allmulticast mode [ 236.455174][T10448] bridge_slave_0: entered promiscuous mode [ 236.474997][T10448] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.487589][T10448] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.496035][T10448] bridge_slave_1: entered allmulticast mode [ 236.526003][T10448] bridge_slave_1: entered promiscuous mode [ 236.564642][ T5950] bridge_slave_1: left allmulticast mode [ 236.570397][ T5950] bridge_slave_1: left promiscuous mode [ 236.592289][ T5950] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.619858][ T5950] bridge_slave_0: left allmulticast mode [ 236.638844][ T5950] bridge_slave_0: left promiscuous mode [ 236.647816][ T5950] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.658512][T10554] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1497'. [ 237.091729][ T5950] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 237.108830][ T5950] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 237.120002][ T5950] bond0 (unregistering): Released all slaves [ 237.123231][ T55] Bluetooth: hci0: command tx timeout [ 237.355926][T10448] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 237.466805][T10448] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 237.676448][T10448] team0: Port device team_slave_0 added [ 237.763066][T10448] team0: Port device team_slave_1 added [ 237.826808][T10577] geneve0: entered promiscuous mode [ 237.956845][T10448] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 237.983178][T10448] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 238.017140][T10448] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 238.027708][ T55] Bluetooth: hci3: command tx timeout [ 238.100706][T10448] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 238.113713][T10448] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 238.140605][T10448] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 238.213466][T10594] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 238.269150][ T5950] hsr_slave_0: left promiscuous mode [ 238.278358][ T5950] hsr_slave_1: left promiscuous mode [ 238.285625][ T5950] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 238.301361][ T5950] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 238.317393][ T5950] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 238.332082][ T5950] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 238.404602][ T5950] veth1_macvtap: left promiscuous mode [ 238.419421][ T5950] veth0_macvtap: left promiscuous mode [ 238.434526][ T5950] veth1_vlan: left promiscuous mode [ 238.444843][ T5950] veth0_vlan: left promiscuous mode [ 238.535547][T10603] netlink: 1284 bytes leftover after parsing attributes in process `syz.5.1516'. [ 239.159358][ T5950] team0 (unregistering): Port device team_slave_1 removed [ 239.193483][ T55] Bluetooth: hci0: command tx timeout [ 239.209176][ T5950] team0 (unregistering): Port device team_slave_0 removed [ 239.809723][T10354] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 239.825145][T10354] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 239.851199][T10448] hsr_slave_0: entered promiscuous mode [ 239.867633][T10448] hsr_slave_1: entered promiscuous mode [ 239.880894][T10448] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 239.891737][T10448] Cannot create hsr debugfs directory [ 239.896116][T10629] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1519'. [ 239.942939][T10354] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 240.057096][T10354] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 240.140309][T10633] bridge0: entered allmulticast mode [ 240.536277][T10646] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1526'. [ 240.713140][T10354] 8021q: adding VLAN 0 to HW filter on device bond0 [ 240.935036][T10659] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1531'. [ 240.950326][T10354] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.006019][T10423] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.013223][T10423] bridge0: port 1(bridge_slave_0) entered forwarding state [ 241.087182][T10423] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.094417][T10423] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.147125][T10664] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 241.276811][ T55] Bluetooth: hci0: command tx timeout [ 241.485334][T10673] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1537'. [ 241.514626][T10448] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 241.542237][T10448] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 241.567275][T10673] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1537'. [ 241.591432][T10448] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 241.647644][T10448] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 241.831880][T10685] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1540'. [ 241.871424][T10685] netlink: 'syz.5.1540': attribute type 5 has an invalid length. [ 241.899037][T10685] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1540'. [ 241.928562][T10448] 8021q: adding VLAN 0 to HW filter on device bond0 [ 242.009709][T10448] 8021q: adding VLAN 0 to HW filter on device team0 [ 242.070682][T10354] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 242.117568][T10423] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.124799][T10423] bridge0: port 1(bridge_slave_0) entered forwarding state [ 242.141294][T10697] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1544'. [ 242.159942][T10423] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.163383][T10697] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1544'. [ 242.167287][T10423] bridge0: port 2(bridge_slave_1) entered forwarding state [ 242.367744][T10354] veth0_vlan: entered promiscuous mode [ 242.416098][T10354] veth1_vlan: entered promiscuous mode [ 242.482702][T10703] veth0: entered promiscuous mode [ 242.527330][T10702] veth0: left promiscuous mode [ 242.540456][T10354] veth0_macvtap: entered promiscuous mode [ 242.571622][T10354] veth1_macvtap: entered promiscuous mode [ 242.638441][T10354] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 242.668673][T10354] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 242.687730][T10354] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.705377][T10709] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1547'. [ 242.732206][T10354] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.754775][T10354] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.769423][T10354] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.852205][T10448] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 243.046613][ T5950] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.093174][ T5950] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.216096][T10448] veth0_vlan: entered promiscuous mode [ 243.236183][ T5950] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.252302][ T5950] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.272216][T10448] veth1_vlan: entered promiscuous mode [ 243.461566][T10448] veth0_macvtap: entered promiscuous mode [ 243.507972][T10448] veth1_macvtap: entered promiscuous mode [ 243.721512][T10448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 243.734770][T10448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 243.759838][T10448] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 243.795804][T10448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 243.835620][T10448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 243.872489][T10448] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 243.924730][T10448] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.944463][T10448] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.957934][T10448] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.968251][T10448] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.194779][ T5950] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.325001][ T5950] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.433187][ T5950] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.458209][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.468176][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.517537][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.526731][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.664718][ T5950] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.933483][T10760] xt_cgroup: invalid path, errno=-2 [ 244.940315][T10760] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1564'. [ 244.983123][T10764] netlink: 'syz.2.1562': attribute type 5 has an invalid length. [ 245.124435][T10764] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 245.149629][T10764] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 245.172054][T10764] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 245.199548][T10764] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 245.221917][T10764] geneve2: entered promiscuous mode [ 245.238669][T10764] geneve2: entered allmulticast mode [ 245.474646][ T5837] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 245.485063][ T5837] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 245.495193][ T5837] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 245.505310][ T5837] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 245.519943][ T5950] bridge_slave_1: left allmulticast mode [ 245.535378][ T5837] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 245.548357][ T5950] bridge_slave_1: left promiscuous mode [ 245.583545][ T5950] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.632405][ T5950] bridge_slave_0: left allmulticast mode [ 245.646029][ T5950] bridge_slave_0: left promiscuous mode [ 245.651954][ T5950] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.002037][ T5950] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 246.018138][ T5950] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 246.028316][ T5950] bond0 (unregistering): Released all slaves [ 246.561585][ T5950] hsr_slave_0: left promiscuous mode [ 246.571236][ T5950] hsr_slave_1: left promiscuous mode [ 246.584307][ T5950] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 246.591792][ T5950] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 246.624183][ T5950] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 246.631654][ T5950] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 246.677007][ T5950] veth1_macvtap: left promiscuous mode [ 246.682607][ T5950] veth0_macvtap: left promiscuous mode [ 246.703097][ T5950] veth1_vlan: left promiscuous mode [ 246.708497][ T5950] veth0_vlan: left promiscuous mode [ 246.847749][ T5837] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 246.861911][ T5837] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 246.871426][ T5837] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 246.882629][ T5837] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 246.892214][ T5837] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 247.598135][ T55] Bluetooth: hci0: command tx timeout [ 247.706474][ T5950] team0 (unregistering): Port device team_slave_1 removed [ 247.749811][ T5950] team0 (unregistering): Port device team_slave_0 removed [ 248.229887][T10794] netlink: 'syz.4.1571': attribute type 2 has an invalid length. [ 248.261429][T10769] chnl_net:caif_netlink_parms(): no params data found [ 248.287849][T10796] __nla_validate_parse: 3 callbacks suppressed [ 248.287870][T10796] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1572'. [ 248.697929][T10769] bridge0: port 1(bridge_slave_0) entered blocking state [ 248.706785][T10769] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.717245][T10769] bridge_slave_0: entered allmulticast mode [ 248.725525][T10769] bridge_slave_0: entered promiscuous mode [ 248.734801][T10769] bridge0: port 2(bridge_slave_1) entered blocking state [ 248.742103][T10769] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.750121][T10769] bridge_slave_1: entered allmulticast mode [ 248.758633][T10769] bridge_slave_1: entered promiscuous mode [ 248.965817][ T55] Bluetooth: hci3: command tx timeout [ 249.006849][T10769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 249.029530][T10769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 249.169864][ T5950] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.265823][ T5950] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.307174][T10769] team0: Port device team_slave_0 added [ 249.321480][T10769] team0: Port device team_slave_1 added [ 249.665947][ T5950] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.684887][ T55] Bluetooth: hci0: command tx timeout [ 249.760660][T10769] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 249.797865][T10769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 249.904744][T10769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 249.967738][ T5950] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.121821][T10769] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 250.140312][T10769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 250.169628][T10769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 250.266925][T10859] tipc: Can't bind to reserved service type 2 [ 250.429179][T10769] hsr_slave_0: entered promiscuous mode [ 250.439304][T10769] hsr_slave_1: entered promiscuous mode [ 250.448382][T10769] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 250.457387][T10769] Cannot create hsr debugfs directory [ 250.550923][T10790] chnl_net:caif_netlink_parms(): no params data found [ 250.575302][T10872] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1590'. [ 251.026767][ T5950] bridge_slave_1: left allmulticast mode [ 251.032478][ T5950] bridge_slave_1: left promiscuous mode [ 251.043589][ T55] Bluetooth: hci3: command tx timeout [ 251.049906][ T5950] bridge0: port 2(bridge_slave_1) entered disabled state [ 251.065633][ T5950] bridge_slave_0: left allmulticast mode [ 251.071995][ T5950] bridge_slave_0: left promiscuous mode [ 251.086494][ T5950] bridge0: port 1(bridge_slave_0) entered disabled state [ 251.512492][ T5950] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 251.526410][ T5950] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 251.541616][ T5950] bond0 (unregistering): Released all slaves [ 251.769873][ T55] Bluetooth: hci0: command tx timeout [ 251.905287][T10790] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.913981][T10790] bridge0: port 1(bridge_slave_0) entered disabled state [ 251.921403][T10790] bridge_slave_0: entered allmulticast mode [ 251.955286][T10790] bridge_slave_0: entered promiscuous mode [ 252.065083][T10790] bridge0: port 2(bridge_slave_1) entered blocking state [ 252.082585][T10790] bridge0: port 2(bridge_slave_1) entered disabled state [ 252.110621][T10790] bridge_slave_1: entered allmulticast mode [ 252.132960][T10790] bridge_slave_1: entered promiscuous mode [ 252.428588][T10790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 252.566519][ T5950] hsr_slave_0: left promiscuous mode [ 252.573887][ T5950] hsr_slave_1: left promiscuous mode [ 252.580034][ T5950] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 252.613048][ T5950] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 252.630794][ T5950] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 252.647564][ T5950] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 252.706408][ T5950] veth1_macvtap: left promiscuous mode [ 252.712523][ T5950] veth0_macvtap: left promiscuous mode [ 252.741109][ T5950] veth1_vlan: left promiscuous mode [ 252.749373][ T5950] veth0_vlan: left promiscuous mode [ 252.835405][T10927] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1605'. [ 253.123337][ T55] Bluetooth: hci3: command tx timeout [ 253.243038][ T5950] team0 (unregistering): Port device team_slave_1 removed [ 253.286808][ T5950] team0 (unregistering): Port device team_slave_0 removed [ 253.682481][T10790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 253.841700][ T55] Bluetooth: hci0: command tx timeout [ 253.882070][T10790] team0: Port device team_slave_0 added [ 253.901881][T10790] team0: Port device team_slave_1 added [ 254.080985][T10790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 254.092643][T10790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 254.133785][T10790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 254.260087][T10790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 254.262378][T10947] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1612'. [ 254.282924][T10790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 254.313072][T10790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 254.612546][T10790] hsr_slave_0: entered promiscuous mode [ 254.641167][T10790] hsr_slave_1: entered promiscuous mode [ 254.668313][T10790] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 254.723076][T10790] Cannot create hsr debugfs directory [ 255.203425][ T55] Bluetooth: hci3: command tx timeout [ 255.270562][T10982] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1622'. [ 255.322313][T10769] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 255.367540][T10769] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 255.413023][T10769] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 255.434210][T10769] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 255.759733][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.795842][T10769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 255.902704][T10769] 8021q: adding VLAN 0 to HW filter on device team0 [ 255.939845][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.947047][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 256.153958][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.161200][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 256.295294][T10790] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 256.325207][T10790] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 256.372587][T10790] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 256.415841][T10790] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 256.673376][T11020] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1635'. [ 256.908209][T11031] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1638'. [ 257.239583][T10790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 257.352704][T10790] 8021q: adding VLAN 0 to HW filter on device team0 [ 257.376227][T11050] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 257.476037][ T180] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.483390][ T180] bridge0: port 1(bridge_slave_0) entered forwarding state [ 257.515306][ T180] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.522513][ T180] bridge0: port 2(bridge_slave_1) entered forwarding state [ 257.625586][T10769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 257.738273][T10790] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 257.858984][T10769] veth0_vlan: entered promiscuous mode [ 257.928502][T11061] team0: Device vti0 is up. Set it down before adding it as a team port [ 257.989422][T11075] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1647'. [ 258.046796][T10769] veth1_vlan: entered promiscuous mode [ 258.141165][T10769] veth0_macvtap: entered promiscuous mode [ 258.186101][T10769] veth1_macvtap: entered promiscuous mode [ 258.269510][T10769] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 258.316387][T10769] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 258.327292][T11082] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 258.373325][T10790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 258.382033][T10769] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 258.402218][T10769] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 258.437119][T10769] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 258.453437][T10769] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 258.763133][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 258.771772][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 258.887998][T10790] veth0_vlan: entered promiscuous mode [ 258.939435][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 258.961653][T10790] veth1_vlan: entered promiscuous mode [ 258.972214][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 259.078985][T10790] veth0_macvtap: entered promiscuous mode [ 259.130841][T10790] veth1_macvtap: entered promiscuous mode [ 259.139947][T11110] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1659'. [ 259.263144][T11116] sctp: [Deprecated]: syz.4.1660 (pid 11116) Use of struct sctp_assoc_value in delayed_ack socket option. [ 259.263144][T11116] Use struct sctp_sack_info instead [ 259.315312][T11112] 8021q: VLANs not supported on caif0 [ 259.354762][T10790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 259.367765][T10790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.380147][T10790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 259.573893][T10790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 259.592413][T10790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.607161][T10790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 259.621108][T11127] netlink: 'syz.5.1664': attribute type 28 has an invalid length. [ 259.689854][T11127] netlink: 'syz.5.1664': attribute type 3 has an invalid length. [ 259.706538][T11127] netlink: 132 bytes leftover after parsing attributes in process `syz.5.1664'. [ 259.729813][ T53] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.809014][T10790] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.818865][T10790] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.828807][T10790] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.838320][T10790] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.872619][ T53] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.969461][ T5950] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 259.991770][ T5950] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 260.024567][ T53] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.055855][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 260.068269][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 260.328992][ T53] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.494324][T11136] 8021q: adding VLAN 0 to HW filter on device bond0 [ 260.501822][T11136] bond0: (slave vcan0): The slave device specified does not support setting the MAC address [ 260.537861][T11136] bond0: (slave vcan0): Error -95 calling set_mac_address [ 260.594969][T11134] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1668'. [ 260.843426][ T53] bridge_slave_1: left allmulticast mode [ 260.849140][ T53] bridge_slave_1: left promiscuous mode [ 260.872383][ T53] bridge0: port 2(bridge_slave_1) entered disabled state [ 260.910626][ T53] bridge_slave_0: left allmulticast mode [ 260.923251][ T53] bridge_slave_0: left promiscuous mode [ 260.929830][ T53] bridge0: port 1(bridge_slave_0) entered disabled state [ 261.133682][ T5837] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 261.146446][ T5837] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 261.155106][ T5837] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 261.166395][ T5837] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 261.195610][ T5837] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 261.430513][ T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 261.442633][ T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 261.455348][ T53] bond0 (unregistering): Released all slaves [ 261.732527][T11143] chnl_net:caif_netlink_parms(): no params data found [ 261.983053][ T53] hsr_slave_0: left promiscuous mode [ 262.008744][ T53] hsr_slave_1: left promiscuous mode [ 262.022148][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 262.058160][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 262.081578][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 262.098163][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 262.148677][ T53] veth1_macvtap: left promiscuous mode [ 262.163080][ T53] veth0_macvtap: left promiscuous mode [ 262.177231][ T53] veth1_vlan: left promiscuous mode [ 262.182724][ T53] veth0_vlan: left promiscuous mode [ 262.267320][ T5829] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 262.277016][ T5829] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 262.287374][ T5829] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 262.296709][ T5829] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 262.310616][ T5829] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 262.760307][ T55] block nbd10: Receive control failed (result -32) [ 262.777889][ T53] team0 (unregistering): Port device team_slave_1 removed [ 262.824352][ T53] team0 (unregistering): Port device team_slave_0 removed [ 263.282800][ T55] Bluetooth: hci0: command tx timeout [ 263.431508][T11143] bridge0: port 1(bridge_slave_0) entered blocking state [ 263.460173][T11143] bridge0: port 1(bridge_slave_0) entered disabled state [ 263.476455][T11143] bridge_slave_0: entered allmulticast mode [ 263.486101][T11143] bridge_slave_0: entered promiscuous mode [ 263.506317][T11143] bridge0: port 2(bridge_slave_1) entered blocking state [ 263.521420][T11143] bridge0: port 2(bridge_slave_1) entered disabled state [ 263.532111][T11143] bridge_slave_1: entered allmulticast mode [ 263.547607][T11143] bridge_slave_1: entered promiscuous mode [ 263.776600][T11143] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 263.836287][T11143] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 263.949450][T11143] team0: Port device team_slave_0 added [ 263.998472][T11143] team0: Port device team_slave_1 added [ 264.082613][T11198] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1684'. [ 264.171094][T11143] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 264.198685][T11143] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 264.291020][T11143] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 264.310337][T11143] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 264.340866][T11143] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 264.378951][T11143] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 264.391909][T11206] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1687'. [ 264.402805][ T55] Bluetooth: hci3: command tx timeout [ 264.507727][T11166] chnl_net:caif_netlink_parms(): no params data found [ 264.622017][T11143] hsr_slave_0: entered promiscuous mode [ 264.630863][T11143] hsr_slave_1: entered promiscuous mode [ 264.645334][T11143] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 264.669180][T11143] Cannot create hsr debugfs directory [ 264.731429][T11215] Cannot find set identified by id 3 to match [ 264.870225][ T53] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.095567][ T53] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.207234][T11234] pimreg3: entered allmulticast mode [ 265.228031][T11166] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.239394][T11166] bridge0: port 1(bridge_slave_0) entered disabled state [ 265.253329][T11166] bridge_slave_0: entered allmulticast mode [ 265.261245][T11166] bridge_slave_0: entered promiscuous mode [ 265.328571][ T53] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.363894][ T55] Bluetooth: hci0: command tx timeout [ 265.481807][ T53] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.542241][T11166] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.562240][T11166] bridge0: port 2(bridge_slave_1) entered disabled state [ 265.581377][T11166] bridge_slave_1: entered allmulticast mode [ 265.592045][T11166] bridge_slave_1: entered promiscuous mode [ 265.599922][T11248] Cannot find set identified by id 3 to match [ 265.623249][T11247] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1700'. [ 265.889156][T11166] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 265.919980][T11257] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 265.939877][T11257] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 265.940118][T11166] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 265.964308][T11257] sctp: [Deprecated]: syz.4.1706 (pid 11257) Use of int in max_burst socket option deprecated. [ 265.964308][T11257] Use struct sctp_assoc_value instead [ 266.010867][T11259] sctp: [Deprecated]: syz.4.1706 (pid 11259) Use of int in max_burst socket option deprecated. [ 266.010867][T11259] Use struct sctp_assoc_value instead [ 266.138722][T11166] team0: Port device team_slave_0 added [ 266.210757][T11267] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1709'. [ 266.246121][T11166] team0: Port device team_slave_1 added [ 266.337786][ T53] bridge_slave_1: left allmulticast mode [ 266.345602][ T53] bridge_slave_1: left promiscuous mode [ 266.352928][ T53] bridge0: port 2(bridge_slave_1) entered disabled state [ 266.367512][ T53] bridge_slave_0: left allmulticast mode [ 266.373824][ T53] bridge_slave_0: left promiscuous mode [ 266.379720][ T53] bridge0: port 1(bridge_slave_0) entered disabled state [ 266.473793][ T55] Bluetooth: hci3: command tx timeout [ 266.774953][ T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 266.790468][ T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 266.803425][ T53] bond0 (unregistering): Released all slaves [ 267.089271][T11273] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1710'. [ 267.113344][T11166] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 267.130054][T11166] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 267.193764][T11166] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 267.222972][T11166] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 267.236181][T11166] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 267.293771][T11281] Cannot find set identified by id 3 to match [ 267.309020][T11166] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 267.435589][ T55] Bluetooth: hci0: command tx timeout [ 267.661281][T11166] hsr_slave_0: entered promiscuous mode [ 267.676955][T11166] hsr_slave_1: entered promiscuous mode [ 267.687596][T11166] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 267.697487][T11166] Cannot create hsr debugfs directory [ 267.877720][ T53] hsr_slave_0: left promiscuous mode [ 267.899853][ T53] hsr_slave_1: left promiscuous mode [ 267.915852][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 267.924007][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 267.932643][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 267.940913][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 267.978745][ T53] veth1_macvtap: left promiscuous mode [ 267.985140][ T53] veth0_macvtap: left promiscuous mode [ 267.990937][ T53] veth1_vlan: left promiscuous mode [ 267.996491][ T53] veth0_vlan: left promiscuous mode [ 268.177896][ T55] block nbd11: Receive control failed (result -32) [ 268.553713][ T55] Bluetooth: hci3: command tx timeout [ 268.580848][ T53] team0 (unregistering): Port device team_slave_1 removed [ 268.626947][ T53] team0 (unregistering): Port device team_slave_0 removed [ 269.120015][T11311] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap2 [ 269.155693][T11311] gretap2: default qdisc (pfifo_fast) fail, fallback to noqueue [ 269.190878][T11311] gretap2: entered promiscuous mode [ 269.213336][T11311] gretap2: entered allmulticast mode [ 269.513256][ T55] Bluetooth: hci0: command tx timeout [ 269.564637][T11327] xt_socket: unknown flags 0x3c [ 269.568261][T11143] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 269.648594][T11143] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 269.686861][T11143] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 269.715691][T11143] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 270.098656][T11143] 8021q: adding VLAN 0 to HW filter on device bond0 [ 270.207119][T11143] 8021q: adding VLAN 0 to HW filter on device team0 [ 270.221354][T11345] xt_hashlimit: max too large, truncated to 1048576 [ 270.238068][ T5950] bridge0: port 1(bridge_slave_0) entered blocking state [ 270.245320][ T5950] bridge0: port 1(bridge_slave_0) entered forwarding state [ 270.360446][ T63] bridge0: port 2(bridge_slave_1) entered blocking state [ 270.367687][ T63] bridge0: port 2(bridge_slave_1) entered forwarding state [ 270.635900][ T55] Bluetooth: hci3: command tx timeout [ 270.659040][T11166] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 270.732136][T11166] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 270.779862][T11166] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 270.826512][T11166] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 271.101340][T11374] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1745'. [ 271.159327][T11377] bond0: (slave vcan0): The slave device specified does not support setting the MAC address [ 271.189638][T11380] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1745'. [ 271.219525][T11377] bond0: (slave vcan0): Error -95 calling set_mac_address [ 271.241318][T11380] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1745'. [ 271.758918][T11166] 8021q: adding VLAN 0 to HW filter on device bond0 [ 271.813494][T11143] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 271.896022][T11166] 8021q: adding VLAN 0 to HW filter on device team0 [ 271.925228][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 271.932417][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 271.998765][ T3474] bridge0: port 2(bridge_slave_1) entered blocking state [ 272.006025][ T3474] bridge0: port 2(bridge_slave_1) entered forwarding state [ 272.120720][T11406] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1753'. [ 272.146273][T11406] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1753'. [ 272.203481][T11143] veth0_vlan: entered promiscuous mode [ 272.237932][T11143] veth1_vlan: entered promiscuous mode [ 272.242606][T11408] netlink: 'syz.5.1754': attribute type 1 has an invalid length. [ 272.252376][T11408] netlink: 'syz.5.1754': attribute type 1 has an invalid length. [ 272.262283][T11408] netlink: 'syz.5.1754': attribute type 1 has an invalid length. [ 272.270778][T11408] netlink: 'syz.5.1754': attribute type 2 has an invalid length. [ 272.288838][T11408] netlink: 76 bytes leftover after parsing attributes in process `syz.5.1754'. [ 272.349541][T11143] veth0_macvtap: entered promiscuous mode [ 272.386037][T11143] veth1_macvtap: entered promiscuous mode [ 272.387170][T11409] netlink: 'syz.5.1754': attribute type 9 has an invalid length. [ 272.428473][T11409] netlink: 'syz.5.1754': attribute type 6 has an invalid length. [ 272.477408][T11143] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 272.533548][T11143] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 272.643090][T11037] hid-generic 0005:699A:5505.0001: unknown main item tag 0x0 [ 272.645070][T11415] 8021q: adding VLAN 0 to HW filter on device bond0 [ 272.650770][T11037] hid-generic 0005:699A:5505.0001: unknown main item tag 0x0 [ 272.666899][T11419] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1756'. [ 272.678496][T11037] hid-generic 0005:699A:5505.0001: unknown main item tag 0x0 [ 272.687069][T11037] hid-generic 0005:699A:5505.0001: unknown main item tag 0x0 [ 272.695071][T11037] hid-generic 0005:699A:5505.0001: unknown main item tag 0x0 [ 272.702601][T11037] hid-generic 0005:699A:5505.0001: unknown main item tag 0x0 [ 272.712161][T11037] hid-generic 0005:699A:5505.0001: unknown main item tag 0x1 [ 272.720771][T11415] bond0: (slave vcan0): The slave device specified does not support setting the MAC address [ 272.726710][T11037] hid-generic 0005:699A:5505.0001: hidraw0: BLUETOOTH HID v0.8b Device [syz1] on aa:aa:aa:aa:aa:aa [ 272.786131][T11415] bond0: (slave vcan0): Error -95 calling set_mac_address [ 272.829286][T11143] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 272.855527][T11143] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 272.875137][T11143] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 272.913525][T11143] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 273.067103][T11166] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 273.334543][T11166] veth0_vlan: entered promiscuous mode [ 273.362447][ T3474] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 273.413207][ T3474] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 273.592441][T11456] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1767'. [ 273.606313][T11166] veth1_vlan: entered promiscuous mode [ 273.623146][ T3474] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 273.631176][ T3474] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 273.697921][T11166] veth0_macvtap: entered promiscuous mode [ 273.712253][T11166] veth1_macvtap: entered promiscuous mode [ 273.748762][T11166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 273.761171][T11166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 273.784526][T11166] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 273.810892][T11166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 273.824241][T11166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 273.851140][T11166] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 273.880144][T11166] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 273.891005][T11166] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 273.901260][T11166] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 273.911929][T11166] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 274.129066][ T180] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.177285][ T3474] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 274.221047][ T3474] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 274.295346][ T180] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.399004][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 274.408657][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 274.460791][ T180] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.579175][ T180] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.710039][ T180] bridge_slave_1: left allmulticast mode [ 274.718634][ T180] bridge_slave_1: left promiscuous mode [ 274.726259][ T180] bridge0: port 2(bridge_slave_1) entered disabled state [ 274.737105][ T180] bridge_slave_0: left allmulticast mode [ 274.742815][ T180] bridge_slave_0: left promiscuous mode [ 274.748778][ T180] bridge0: port 1(bridge_slave_0) entered disabled state [ 275.214022][ T180] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 275.227923][ T180] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 275.239256][ T180] bond0 (unregistering): Released all slaves [ 275.385364][ T5829] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 275.395607][ T5829] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 275.404119][ T5829] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 275.412333][ T5829] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 275.424762][ T5829] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 275.546045][ T180] hsr_slave_0: left promiscuous mode [ 275.552606][ T180] hsr_slave_1: left promiscuous mode [ 275.560399][ T180] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 275.569349][ T180] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 275.578223][ T180] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 275.585830][ T180] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 275.608091][ T180] veth1_macvtap: left promiscuous mode [ 275.614667][ T180] veth0_macvtap: left promiscuous mode [ 275.620327][ T180] veth1_vlan: left promiscuous mode [ 275.626057][ T180] veth0_vlan: left promiscuous mode [ 276.232115][ T180] team0 (unregistering): Port device team_slave_1 removed [ 276.270102][ T5829] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 276.279901][ T5829] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 276.292764][ T5829] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 276.303799][ T5829] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 276.322760][ T5829] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 276.323372][ T180] team0 (unregistering): Port device team_slave_0 removed [ 277.211273][T11494] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1777'. [ 277.446341][T11466] chnl_net:caif_netlink_parms(): no params data found [ 277.513284][ T55] Bluetooth: hci0: command tx timeout [ 277.707771][T11466] bridge0: port 1(bridge_slave_0) entered blocking state [ 277.716280][T11466] bridge0: port 1(bridge_slave_0) entered disabled state [ 277.727225][T11466] bridge_slave_0: entered allmulticast mode [ 277.735283][T11466] bridge_slave_0: entered promiscuous mode [ 277.750643][T11466] bridge0: port 2(bridge_slave_1) entered blocking state [ 277.758402][T11466] bridge0: port 2(bridge_slave_1) entered disabled state [ 277.766367][T11466] bridge_slave_1: entered allmulticast mode [ 277.774807][T11466] bridge_slave_1: entered promiscuous mode [ 277.824398][T11466] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 277.872479][ T180] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 277.895178][T11466] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 277.910613][T11480] chnl_net:caif_netlink_parms(): no params data found [ 278.014633][ T180] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.037639][T11466] team0: Port device team_slave_0 added [ 278.049533][T11466] team0: Port device team_slave_1 added [ 278.143590][ T180] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.255298][ T180] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.277852][T11466] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 278.308957][T11466] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 278.378207][T11466] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 278.393464][ T55] Bluetooth: hci3: command tx timeout [ 278.423392][T11466] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 278.430404][T11466] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 278.459292][T11466] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 278.471682][T11480] bridge0: port 1(bridge_slave_0) entered blocking state [ 278.480153][T11480] bridge0: port 1(bridge_slave_0) entered disabled state [ 278.487665][T11480] bridge_slave_0: entered allmulticast mode [ 278.498332][T11480] bridge_slave_0: entered promiscuous mode [ 278.507137][T11480] bridge0: port 2(bridge_slave_1) entered blocking state [ 278.515797][T11480] bridge0: port 2(bridge_slave_1) entered disabled state [ 278.542238][T11534] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 278.542419][T11480] bridge_slave_1: entered allmulticast mode [ 278.568816][T11480] bridge_slave_1: entered promiscuous mode [ 278.775045][T11480] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 278.822790][T11466] hsr_slave_0: entered promiscuous mode [ 278.831514][T11466] hsr_slave_1: entered promiscuous mode [ 278.839939][T11466] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 278.848349][T11466] Cannot create hsr debugfs directory [ 278.871579][T11480] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 279.069965][T11554] netlink: 'syz.2.1794': attribute type 1 has an invalid length. [ 279.110859][T11480] team0: Port device team_slave_0 added [ 279.148757][T11554] 8021q: adding VLAN 0 to HW filter on device bond9 [ 279.220766][ T180] bridge_slave_1: left allmulticast mode [ 279.241561][ T180] bridge_slave_1: left promiscuous mode [ 279.264479][ T180] bridge0: port 2(bridge_slave_1) entered disabled state [ 279.282791][ T180] bridge_slave_0: left allmulticast mode [ 279.289566][ T180] bridge_slave_0: left promiscuous mode [ 279.295842][ T180] bridge0: port 1(bridge_slave_0) entered disabled state [ 279.593082][ T55] Bluetooth: hci0: command tx timeout [ 279.654987][ T180] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 279.669256][ T180] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 279.680668][ T180] bond0 (unregistering): Released all slaves [ 279.698105][T11480] team0: Port device team_slave_1 added [ 279.718221][T11556] 8021q: adding VLAN 0 to HW filter on device bond9 [ 279.726452][T11556] bond9: (slave vxcan1): The slave device specified does not support setting the MAC address [ 279.738937][T11556] bond9: (slave vxcan1): Error -95 calling set_mac_address [ 279.797180][T11554] veth3: entered promiscuous mode [ 279.819895][T11557] vlan3: entered allmulticast mode [ 279.833181][T11557] bond9: entered allmulticast mode [ 280.018972][T11480] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 280.026755][T11480] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 280.053639][T11480] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 280.090981][T11480] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 280.153110][T11480] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 280.244002][T11480] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 280.473415][ T55] Bluetooth: hci3: command tx timeout [ 280.590042][ T180] hsr_slave_0: left promiscuous mode [ 280.600430][ T180] hsr_slave_1: left promiscuous mode [ 280.612274][ T180] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 280.633394][ T55] block nbd12: Receive control failed (result -32) [ 280.653015][ T180] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 280.684639][ T180] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 280.692122][ T180] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 280.770762][ T180] veth1_macvtap: left promiscuous mode [ 280.800618][ T180] veth0_macvtap: left promiscuous mode [ 280.806567][ T180] veth1_vlan: left promiscuous mode [ 280.811961][ T180] veth0_vlan: left promiscuous mode [ 281.452697][ T180] team0 (unregistering): Port device team_slave_1 removed [ 281.493254][ T180] team0 (unregistering): Port device team_slave_0 removed [ 281.673219][ T55] Bluetooth: hci0: command tx timeout [ 282.002643][T11480] hsr_slave_0: entered promiscuous mode [ 282.010249][T11480] hsr_slave_1: entered promiscuous mode [ 282.021625][T11480] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 282.029327][T11480] Cannot create hsr debugfs directory [ 282.051399][T11595] batadv_slave_1: entered promiscuous mode [ 282.208305][T11610] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1812'. [ 282.391434][T11610] netlink: 'syz.5.1812': attribute type 1 has an invalid length. [ 282.411119][T11617] netlink: 96 bytes leftover after parsing attributes in process `syz.5.1812'. [ 282.499523][T11616] tipc: Enabled bearer , priority 0 [ 282.553652][ T55] Bluetooth: hci3: command tx timeout [ 282.611234][T11621] syzkaller0: entered promiscuous mode [ 282.616850][T11621] syzkaller0: entered allmulticast mode [ 282.623968][T11621] tipc: Resetting bearer [ 282.747775][T11615] tipc: Resetting bearer [ 282.788932][ T55] block nbd13: Receive control failed (result -32) [ 283.753276][ T55] Bluetooth: hci0: command tx timeout [ 284.360152][T11615] tipc: Disabling bearer [ 284.637690][ T55] Bluetooth: hci3: command tx timeout [ 284.751797][T11466] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 284.923055][T11466] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 284.996877][T11466] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 285.012641][T11466] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 285.066381][ T30] audit: type=1800 audit(1746572770.093:2): pid=11661 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1827" name="cgroup.controllers" dev="tmpfs" ino=2411 res=0 errno=0 [ 285.511584][T11480] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 285.531474][T11480] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 285.558729][T11466] 8021q: adding VLAN 0 to HW filter on device bond0 [ 285.569419][T11480] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 285.581630][T11480] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 285.631586][T11466] 8021q: adding VLAN 0 to HW filter on device team0 [ 285.649008][T10423] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.656219][T10423] bridge0: port 1(bridge_slave_0) entered forwarding state [ 285.667797][ T55] block nbd14: Receive control failed (result -32) [ 285.697270][ T180] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.704596][ T180] bridge0: port 2(bridge_slave_1) entered forwarding state [ 285.875347][T11480] 8021q: adding VLAN 0 to HW filter on device bond0 [ 285.905980][T11480] 8021q: adding VLAN 0 to HW filter on device team0 [ 285.920125][ T3474] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.927356][ T3474] bridge0: port 1(bridge_slave_0) entered forwarding state [ 285.953955][T10423] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.961309][T10423] bridge0: port 2(bridge_slave_1) entered forwarding state [ 286.246114][T11690] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1832'. [ 286.257319][T11466] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 286.322146][T11466] veth0_vlan: entered promiscuous mode [ 286.340715][T11466] veth1_vlan: entered promiscuous mode [ 286.415198][T11480] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 286.489563][T11466] veth0_macvtap: entered promiscuous mode [ 286.511676][T11466] veth1_macvtap: entered promiscuous mode [ 286.579442][T11466] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 286.627821][T11466] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 286.671028][T11466] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 286.693514][T11466] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 286.702280][T11466] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 286.734580][T11466] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 286.771379][T11480] veth0_vlan: entered promiscuous mode [ 286.811407][T11480] veth1_vlan: entered promiscuous mode [ 287.012160][T11480] veth0_macvtap: entered promiscuous mode [ 287.029681][T11714] Cannot find set identified by id 3 to match [ 287.083166][T10423] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 287.096397][T11480] veth1_macvtap: entered promiscuous mode [ 287.103323][T10423] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 287.289557][T10423] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 287.297761][T10423] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 287.307120][T11480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 287.318571][T11480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.332572][T11480] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 287.381147][T11480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 287.401275][T11480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.412797][T11480] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 287.462533][T11480] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.479566][T11480] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.498703][T11480] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.509326][T11480] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.657088][T10423] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 287.665247][T10423] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 287.710939][ T3474] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 287.720240][ T3474] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 288.130654][T10423] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.816896][T10423] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.143066][T10423] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.233541][T10423] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.269025][ T5829] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 289.279172][ T5829] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 289.289958][ T5829] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 289.299705][ T5829] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 289.308111][ T5829] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 289.450959][T10423] bridge_slave_1: left allmulticast mode [ 289.458690][T10423] bridge_slave_1: left promiscuous mode [ 289.465250][T10423] bridge0: port 2(bridge_slave_1) entered disabled state [ 289.477191][T10423] bridge_slave_0: left allmulticast mode [ 289.483484][T10423] bridge_slave_0: left promiscuous mode [ 289.489287][T10423] bridge0: port 1(bridge_slave_0) entered disabled state [ 289.818789][T10423] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 289.835350][T10423] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 289.846157][T10423] bond0 (unregistering): Released all slaves [ 290.064944][T11743] chnl_net:caif_netlink_parms(): no params data found [ 290.163226][T11756] netlink: 'syz.4.1851': attribute type 11 has an invalid length. [ 290.171103][T11756] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1851'. [ 290.253591][T11758] Cannot find set identified by id 3 to match [ 290.532096][ T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 290.543883][ T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 290.553413][ T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 290.561938][ T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 290.571299][ T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 290.751107][T11781] netlink: 224 bytes leftover after parsing attributes in process `syz.5.1857'. [ 290.828972][T11743] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.853302][T11743] bridge0: port 1(bridge_slave_0) entered disabled state [ 290.862452][T11743] bridge_slave_0: entered allmulticast mode [ 290.877492][T11743] bridge_slave_0: entered promiscuous mode [ 290.917285][T10423] hsr_slave_0: left promiscuous mode [ 290.924435][T10423] hsr_slave_1: left promiscuous mode [ 290.930434][T10423] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 290.939109][T10423] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 290.947734][T10423] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 290.958205][T10423] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 290.986335][T10423] veth1_macvtap: left promiscuous mode [ 290.992046][T10423] veth0_macvtap: left promiscuous mode [ 291.002296][T10423] veth1_vlan: left promiscuous mode [ 291.011052][T10423] veth0_vlan: left promiscuous mode [ 291.353689][ T55] Bluetooth: hci0: command tx timeout [ 291.602585][T10423] team0 (unregistering): Port device team_slave_1 removed [ 291.650453][T10423] team0 (unregistering): Port device team_slave_0 removed [ 292.118187][T11819] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1865'. [ 292.258009][T11743] bridge0: port 2(bridge_slave_1) entered blocking state [ 292.270198][T11743] bridge0: port 2(bridge_slave_1) entered disabled state [ 292.271306][T11820] netlink: 292 bytes leftover after parsing attributes in process `syz.2.1865'. [ 292.279559][T11743] bridge_slave_1: entered allmulticast mode [ 292.306875][T11743] bridge_slave_1: entered promiscuous mode [ 292.478521][T11743] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 292.491437][T11825] RDS: rds_bind could not find a transport for ::ffff:100.1.1.0, load rds_tcp or rds_rdma? [ 292.555163][T11743] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 292.575557][T11825] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1866'. [ 292.633075][ T55] Bluetooth: hci3: command tx timeout [ 292.729267][T11743] team0: Port device team_slave_0 added [ 292.783254][T11743] team0: Port device team_slave_1 added [ 292.989971][T11743] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 293.001307][T11743] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 293.031483][T11743] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 293.114286][T11743] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 293.121498][T11743] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 293.156183][T11743] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 293.378667][T11743] hsr_slave_0: entered promiscuous mode [ 293.390738][T11743] hsr_slave_1: entered promiscuous mode [ 293.398114][T11743] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 293.406287][T11743] Cannot create hsr debugfs directory [ 293.412173][T11771] chnl_net:caif_netlink_parms(): no params data found [ 293.433097][ T55] Bluetooth: hci0: command tx timeout [ 293.448149][T10423] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.579438][T10423] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.627812][T11871] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1876'. [ 293.728983][T10423] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.880748][T10423] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.897938][T11771] bridge0: port 1(bridge_slave_0) entered blocking state [ 293.905639][T11771] bridge0: port 1(bridge_slave_0) entered disabled state [ 293.913228][T11771] bridge_slave_0: entered allmulticast mode [ 293.921149][T11771] bridge_slave_0: entered promiscuous mode [ 293.988700][T11771] bridge0: port 2(bridge_slave_1) entered blocking state [ 294.015069][T11771] bridge0: port 2(bridge_slave_1) entered disabled state [ 294.022409][T11771] bridge_slave_1: entered allmulticast mode [ 294.052777][T11771] bridge_slave_1: entered promiscuous mode [ 294.209482][T11771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 294.270195][T11771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 294.473933][T11894] netlink: 'syz.2.1884': attribute type 1 has an invalid length. [ 294.518140][T11894] netlink: 228 bytes leftover after parsing attributes in process `syz.2.1884'. [ 294.554561][T11894] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1884'. [ 294.560804][T11896] FAULT_INJECTION: forcing a failure. [ 294.560804][T11896] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 294.610778][T11771] team0: Port device team_slave_0 added [ 294.645477][T11896] CPU: 0 UID: 0 PID: 11896 Comm: syz.4.1883 Not tainted 6.15.0-rc4-syzkaller-00163-ge8716b5b0dff #0 PREEMPT(full) [ 294.645509][T11896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 294.645531][T11896] Call Trace: [ 294.645540][T11896] [ 294.645549][T11896] dump_stack_lvl+0x189/0x250 [ 294.645588][T11896] ? __pfx_dump_stack_lvl+0x10/0x10 [ 294.645617][T11896] ? __pfx__printk+0x10/0x10 [ 294.645650][T11896] should_fail_ex+0x414/0x560 [ 294.645688][T11896] _copy_to_user+0x31/0xb0 [ 294.645717][T11896] simple_read_from_buffer+0xe1/0x170 [ 294.645747][T11896] proc_fail_nth_read+0x1df/0x250 [ 294.645779][T11896] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 294.645810][T11896] ? rw_verify_area+0x258/0x650 [ 294.645831][T11896] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 294.645860][T11896] vfs_read+0x1fd/0x980 [ 294.645888][T11896] ? __pfx___mutex_lock+0x10/0x10 [ 294.645912][T11896] ? __pfx_vfs_read+0x10/0x10 [ 294.645936][T11896] ? __fget_files+0x2a/0x420 [ 294.645966][T11896] ? __fget_files+0x3a0/0x420 [ 294.645989][T11896] ? __fget_files+0x2a/0x420 [ 294.646025][T11896] ksys_read+0x145/0x250 [ 294.646049][T11896] ? __pfx_ksys_read+0x10/0x10 [ 294.646082][T11896] do_syscall_64+0xf6/0x210 [ 294.646114][T11896] ? clear_bhb_loop+0x45/0xa0 [ 294.646139][T11896] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.646166][T11896] RIP: 0033:0x7f3e22b8d37c [ 294.646182][T11896] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 294.646205][T11896] RSP: 002b:00007f3e23ab6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 294.646226][T11896] RAX: ffffffffffffffda RBX: 00007f3e22db5fa0 RCX: 00007f3e22b8d37c [ 294.646240][T11896] RDX: 000000000000000f RSI: 00007f3e23ab60a0 RDI: 0000000000000013 [ 294.646252][T11896] RBP: 00007f3e23ab6090 R08: 0000000000000000 R09: 0000000000000000 [ 294.646264][T11896] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 294.646276][T11896] R13: 0000000000000000 R14: 00007f3e22db5fa0 R15: 00007ffef771a748 [ 294.646308][T11896] [ 294.753642][ T55] Bluetooth: hci3: command tx timeout [ 294.952346][T11771] team0: Port device team_slave_1 added [ 295.039667][T10423] bridge_slave_1: left allmulticast mode [ 295.046540][T10423] bridge_slave_1: left promiscuous mode [ 295.052351][T10423] bridge0: port 2(bridge_slave_1) entered disabled state [ 295.084233][T10423] bridge_slave_0: left allmulticast mode [ 295.094864][T10423] bridge_slave_0: left promiscuous mode [ 295.113320][T10423] bridge0: port 1(bridge_slave_0) entered disabled state [ 295.488203][T10423] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 295.499489][T10423] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 295.510071][T10423] bond0 (unregistering): Released all slaves [ 295.523001][ T5829] Bluetooth: hci0: command tx timeout [ 295.584677][ T55] block nbd15: Receive control failed (result -32) [ 295.639685][T11771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 295.662714][T11771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 295.698939][T11771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 295.778601][T11771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 295.785841][T11771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 295.822681][T11771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 296.048030][T11923] netlink: 'syz.2.1892': attribute type 2 has an invalid length. [ 296.079857][T11771] hsr_slave_0: entered promiscuous mode [ 296.108472][T11771] hsr_slave_1: entered promiscuous mode [ 296.138778][T11771] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 296.153092][T11771] Cannot create hsr debugfs directory [ 296.241332][T11930] Cannot find set identified by id 3 to match [ 296.312532][T10423] hsr_slave_0: left promiscuous mode [ 296.330001][T10423] hsr_slave_1: left promiscuous mode [ 296.339745][T10423] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 296.347494][T10423] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 296.358748][T10423] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 296.366663][T10423] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 296.399144][T10423] veth1_macvtap: left promiscuous mode [ 296.405221][T10423] veth0_macvtap: left promiscuous mode [ 296.423099][T10423] veth1_vlan: left promiscuous mode [ 296.428613][T10423] veth0_vlan: left promiscuous mode [ 296.794950][T11937] netlink: 'syz.5.1898': attribute type 15 has an invalid length. [ 296.817759][T11937] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1898'. [ 296.953230][ T55] Bluetooth: hci3: command tx timeout [ 297.593428][ T5829] Bluetooth: hci0: command tx timeout [ 297.770068][T10423] team0 (unregistering): Port device team_slave_1 removed [ 297.816044][T10423] team0 (unregistering): Port device team_slave_0 removed [ 297.941343][ T55] block nbd16: Receive control failed (result -32) [ 298.499092][T11944] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1901'. [ 298.508696][T11944] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1901'. [ 298.517999][T11944] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1901'. [ 298.548420][T11743] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 298.625236][T11743] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 298.675351][T11743] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 298.760963][T11743] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 299.034027][ T55] Bluetooth: hci3: command tx timeout [ 299.326847][T11743] 8021q: adding VLAN 0 to HW filter on device bond0 [ 299.482255][T11743] 8021q: adding VLAN 0 to HW filter on device team0 [ 299.590163][T10423] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.597482][T10423] bridge0: port 1(bridge_slave_0) entered forwarding state [ 299.675539][T10423] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.682790][T10423] bridge0: port 2(bridge_slave_1) entered forwarding state [ 299.976225][T11771] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 299.999662][T11986] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 300.022044][T11771] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 300.050530][T11771] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 300.078256][T11771] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 300.256045][T11993] bridge2: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 300.316819][T11771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 300.337752][T11743] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 300.372190][T11771] 8021q: adding VLAN 0 to HW filter on device team0 [ 300.398412][T10423] bridge0: port 1(bridge_slave_0) entered blocking state [ 300.405665][T10423] bridge0: port 1(bridge_slave_0) entered forwarding state [ 300.436946][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 300.444342][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 300.550421][T11743] veth0_vlan: entered promiscuous mode [ 300.582167][T11743] veth1_vlan: entered promiscuous mode [ 300.637482][T11743] veth0_macvtap: entered promiscuous mode [ 300.657867][T11743] veth1_macvtap: entered promiscuous mode [ 300.698303][T11743] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 300.744454][T11743] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 300.768389][T11743] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.782416][T11743] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.801296][T11743] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.815650][T11743] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.104273][T11771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 301.112167][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 301.136142][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 301.239605][ T5950] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 301.252134][ T5950] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 301.361041][T11771] veth0_vlan: entered promiscuous mode [ 301.419801][T11771] veth1_vlan: entered promiscuous mode [ 301.603873][T12031] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1925'. [ 301.888895][T11771] veth0_macvtap: entered promiscuous mode [ 302.009741][T11771] veth1_macvtap: entered promiscuous mode [ 302.181960][T12041] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1928'. [ 302.192500][T12039] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1927'. [ 302.218188][T12041] openvswitch: netlink: Invalid MD length 0 for MD type 0 [ 302.240599][T12041] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 302.308944][ T180] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.381153][T12042] netlink: 292 bytes leftover after parsing attributes in process `syz.5.1927'. [ 302.561327][ T180] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.581116][T11771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 302.594367][T11771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.606049][T11771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 302.626293][T11771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 302.637861][T11771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.650322][T11771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 302.662707][T11771] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.671734][T11771] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.682633][T11771] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.691498][T11771] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.788238][ T180] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.814453][T10423] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 302.822428][T10423] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 302.859575][ T5950] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 302.868636][ T5950] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 303.067879][ T180] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.201752][ T180] bridge_slave_1: left allmulticast mode [ 303.209924][ T180] bridge_slave_1: left promiscuous mode [ 303.219481][ T180] bridge0: port 2(bridge_slave_1) entered disabled state [ 303.230356][ T180] bridge_slave_0: left allmulticast mode [ 303.236880][ T180] bridge_slave_0: left promiscuous mode [ 303.242637][ T180] bridge0: port 1(bridge_slave_0) entered disabled state [ 303.467807][T12051] sctp: [Deprecated]: syz.5.1930 (pid 12051) Use of struct sctp_assoc_value in delayed_ack socket option. [ 303.467807][T12051] Use struct sctp_sack_info instead [ 303.845161][ T180] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 303.871344][ T180] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 303.893870][ T180] bond0 (unregistering): Released all slaves [ 303.962903][ T5829] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 303.979980][ T5829] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 303.992701][ T5829] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 304.016576][ T5829] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 304.029359][ T5829] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 304.335761][ T180] hsr_slave_0: left promiscuous mode [ 304.341670][ T180] hsr_slave_1: left promiscuous mode [ 304.349014][ T180] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 304.356820][ T180] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 304.365446][ T180] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 304.373058][ T180] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 304.395908][ T180] veth1_macvtap: left promiscuous mode [ 304.401467][ T180] veth0_macvtap: left promiscuous mode [ 304.407341][ T180] veth1_vlan: left promiscuous mode [ 304.412658][ T180] veth0_vlan: left promiscuous mode [ 304.838021][ T180] team0 (unregistering): Port device team_slave_1 removed [ 304.877999][ T180] team0 (unregistering): Port device team_slave_0 removed [ 305.569733][T12077] openvswitch: netlink: IP tunnel TTL not specified. [ 305.677500][ T5829] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 305.691531][ T5829] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 305.701662][ T5829] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 305.717342][T12059] chnl_net:caif_netlink_parms(): no params data found [ 305.725876][ T5829] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 305.743703][ T5829] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 305.862558][T12085] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1941'. [ 306.055074][T12085] netlink: 292 bytes leftover after parsing attributes in process `syz.2.1941'. [ 306.083954][ T55] Bluetooth: hci0: command tx timeout [ 306.121179][T12099] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1944'. [ 306.287002][T12059] bridge0: port 1(bridge_slave_0) entered blocking state [ 306.297633][T12059] bridge0: port 1(bridge_slave_0) entered disabled state [ 306.305846][T12059] bridge_slave_0: entered allmulticast mode [ 306.319393][T12059] bridge_slave_0: entered promiscuous mode [ 306.340446][T12059] bridge0: port 2(bridge_slave_1) entered blocking state [ 306.350192][T12059] bridge0: port 2(bridge_slave_1) entered disabled state [ 306.358275][T12109] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 306.363829][T12059] bridge_slave_1: entered allmulticast mode [ 306.382388][T12059] bridge_slave_1: entered promiscuous mode [ 306.487710][T12115] Cannot find set identified by id 3 to match [ 306.498464][T12111] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1949'. [ 306.541818][T12059] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 306.566457][T12059] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 306.760875][T12124] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1954'. [ 306.798183][T12059] team0: Port device team_slave_0 added [ 306.818874][T12059] team0: Port device team_slave_1 added [ 306.825184][T12130] netlink: 292 bytes leftover after parsing attributes in process `syz.4.1956'. [ 306.875583][ T180] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.086484][ T180] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.251484][ T180] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.306496][T12059] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 307.320706][T12059] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 307.361566][T12059] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 307.405279][T12059] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 307.414051][T12059] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 307.441284][T12059] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 307.453193][T12079] chnl_net:caif_netlink_parms(): no params data found [ 307.517540][ T180] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.561147][T12161] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1969'. [ 307.581214][T12164] netlink: 292 bytes leftover after parsing attributes in process `syz.5.1970'. [ 307.834142][ T55] Bluetooth: hci3: command tx timeout [ 307.852530][T12059] hsr_slave_0: entered promiscuous mode [ 307.861881][T12059] hsr_slave_1: entered promiscuous mode [ 307.870671][T12059] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 307.878648][T12059] Cannot create hsr debugfs directory [ 307.940023][T12181] Bluetooth: MGMT ver 1.23 [ 307.951571][T12181] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1975'. [ 308.153541][ T55] Bluetooth: hci0: command tx timeout [ 308.195106][T12192] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1977'. [ 308.210832][T12079] bridge0: port 1(bridge_slave_0) entered blocking state [ 308.223065][T12079] bridge0: port 1(bridge_slave_0) entered disabled state [ 308.246579][T12079] bridge_slave_0: entered allmulticast mode [ 308.263812][T12079] bridge_slave_0: entered promiscuous mode [ 308.350946][T12079] bridge0: port 2(bridge_slave_1) entered blocking state [ 308.366052][T12079] bridge0: port 2(bridge_slave_1) entered disabled state [ 308.391020][T12079] bridge_slave_1: entered allmulticast mode [ 308.399806][T12079] bridge_slave_1: entered promiscuous mode [ 308.447537][T12199] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1981'. [ 308.458144][T12201] netlink: 292 bytes leftover after parsing attributes in process `syz.4.1982'. [ 308.470224][ T180] bridge_slave_1: left allmulticast mode [ 308.477600][ T180] bridge_slave_1: left promiscuous mode [ 308.494680][ T180] bridge0: port 2(bridge_slave_1) entered disabled state [ 308.531098][ T180] bridge_slave_0: left allmulticast mode [ 308.553648][ T180] bridge_slave_0: left promiscuous mode [ 308.559550][ T180] bridge0: port 1(bridge_slave_0) entered disabled state [ 309.109505][ T180] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 309.121228][ T180] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 309.137878][ T180] bond0 (unregistering): Released all slaves [ 309.185903][T12079] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 309.307003][T12079] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 309.489190][T12079] team0: Port device team_slave_0 added [ 309.553730][ T55] block nbd17: Receive control failed (result -32) [ 309.567699][T12079] team0: Port device team_slave_1 added [ 309.731468][T12079] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 309.737026][T12239] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1998'. [ 309.759609][T12079] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 309.795501][T12079] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 309.876734][T12246] FAULT_INJECTION: forcing a failure. [ 309.876734][T12246] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 309.902737][T12246] CPU: 0 UID: 0 PID: 12246 Comm: syz.5.1999 Not tainted 6.15.0-rc4-syzkaller-00163-ge8716b5b0dff #0 PREEMPT(full) [ 309.902768][T12246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 309.902781][T12246] Call Trace: [ 309.902789][T12246] [ 309.902798][T12246] dump_stack_lvl+0x189/0x250 [ 309.902836][T12246] ? __lock_acquire+0xaac/0xd20 [ 309.902867][T12246] ? __pfx_dump_stack_lvl+0x10/0x10 [ 309.902894][T12246] ? __pfx__printk+0x10/0x10 [ 309.902914][T12246] ? __might_fault+0xb0/0x130 [ 309.902951][T12246] should_fail_ex+0x414/0x560 [ 309.902989][T12246] _copy_from_user+0x2d/0xb0 [ 309.903016][T12246] ___sys_sendmsg+0x158/0x2a0 [ 309.903044][T12246] ? __pfx____sys_sendmsg+0x10/0x10 [ 309.903108][T12246] ? __fget_files+0x2a/0x420 [ 309.903133][T12246] ? __fget_files+0x3a0/0x420 [ 309.903170][T12246] __x64_sys_sendmsg+0x19b/0x260 [ 309.903199][T12246] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 309.903243][T12246] ? do_syscall_64+0xba/0x210 [ 309.903271][T12246] do_syscall_64+0xf6/0x210 [ 309.903294][T12246] ? clear_bhb_loop+0x45/0xa0 [ 309.903319][T12246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.903339][T12246] RIP: 0033:0x7f560478e969 [ 309.903357][T12246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 309.903375][T12246] RSP: 002b:00007f560550f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 309.903397][T12246] RAX: ffffffffffffffda RBX: 00007f56049b5fa0 RCX: 00007f560478e969 [ 309.903412][T12246] RDX: 0000000004000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 309.903426][T12246] RBP: 00007f560550f090 R08: 0000000000000000 R09: 0000000000000000 [ 309.903438][T12246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 309.903450][T12246] R13: 0000000000000000 R14: 00007f56049b5fa0 R15: 00007fff310664c8 [ 309.903482][T12246] [ 309.913180][ T55] Bluetooth: hci3: command tx timeout [ 310.138985][ T180] hsr_slave_0: left promiscuous mode [ 310.159734][ T180] hsr_slave_1: left promiscuous mode [ 310.175349][ T180] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 310.198262][ T180] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 310.227929][ T180] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 310.233293][ T55] Bluetooth: hci0: command tx timeout [ 310.248597][ T180] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 310.311159][ T180] veth1_macvtap: left promiscuous mode [ 310.328076][ T180] veth0_macvtap: left promiscuous mode [ 310.334616][ T180] veth1_vlan: left promiscuous mode [ 310.340661][ T180] veth0_vlan: left promiscuous mode [ 310.800323][ T180] team0 (unregistering): Port device team_slave_1 removed [ 310.848063][ T180] team0 (unregistering): Port device team_slave_0 removed [ 311.250447][T12079] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 311.257966][T12079] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 311.290490][T12079] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 311.579472][T12079] hsr_slave_0: entered promiscuous mode [ 311.617447][T12079] hsr_slave_1: entered promiscuous mode [ 311.641047][T12079] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 311.663261][T12079] Cannot create hsr debugfs directory [ 311.851421][T12286] FAULT_INJECTION: forcing a failure. [ 311.851421][T12286] name failslab, interval 1, probability 0, space 0, times 0 [ 311.864941][T12286] CPU: 1 UID: 0 PID: 12286 Comm: syz.2.2014 Not tainted 6.15.0-rc4-syzkaller-00163-ge8716b5b0dff #0 PREEMPT(full) [ 311.864969][T12286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 311.864981][T12286] Call Trace: [ 311.864990][T12286] [ 311.864999][T12286] dump_stack_lvl+0x189/0x250 [ 311.865036][T12286] ? __pfx_dump_stack_lvl+0x10/0x10 [ 311.865065][T12286] ? __pfx__printk+0x10/0x10 [ 311.865091][T12286] ? __pfx___might_resched+0x10/0x10 [ 311.865115][T12286] should_fail_ex+0x414/0x560 [ 311.865153][T12286] should_failslab+0xa8/0x100 [ 311.865181][T12286] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 311.865207][T12286] ? __alloc_skb+0x112/0x2d0 [ 311.865233][T12286] __alloc_skb+0x112/0x2d0 [ 311.865258][T12286] netlink_sendmsg+0x5c6/0xb30 [ 311.865297][T12286] ? __pfx_netlink_sendmsg+0x10/0x10 [ 311.865322][T12286] ? aa_sock_msg_perm+0x94/0x160 [ 311.865350][T12286] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 311.865372][T12286] ? __pfx_netlink_sendmsg+0x10/0x10 [ 311.865394][T12286] __sock_sendmsg+0x219/0x270 [ 311.865427][T12286] ____sys_sendmsg+0x505/0x830 [ 311.865457][T12286] ? __pfx_____sys_sendmsg+0x10/0x10 [ 311.865490][T12286] ? import_iovec+0x74/0xa0 [ 311.865542][T12286] ___sys_sendmsg+0x21f/0x2a0 [ 311.865570][T12286] ? __pfx____sys_sendmsg+0x10/0x10 [ 311.865650][T12286] ? __fget_files+0x2a/0x420 [ 311.865675][T12286] ? __fget_files+0x3a0/0x420 [ 311.865710][T12286] __x64_sys_sendmsg+0x19b/0x260 [ 311.865749][T12286] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 311.865792][T12286] ? do_syscall_64+0xba/0x210 [ 311.865818][T12286] do_syscall_64+0xf6/0x210 [ 311.865841][T12286] ? clear_bhb_loop+0x45/0xa0 [ 311.865870][T12286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.865890][T12286] RIP: 0033:0x7f1199f8e969 [ 311.865907][T12286] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 311.865930][T12286] RSP: 002b:00007f119ae16038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 311.865952][T12286] RAX: ffffffffffffffda RBX: 00007f119a1b5fa0 RCX: 00007f1199f8e969 [ 311.865967][T12286] RDX: 0000000004000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 311.865979][T12286] RBP: 00007f119ae16090 R08: 0000000000000000 R09: 0000000000000000 [ 311.865991][T12286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 311.866003][T12286] R13: 0000000000000000 R14: 00007f119a1b5fa0 R15: 00007fff2c14b2a8 [ 311.866048][T12286] [ 311.908323][T12287] netlink: 16178 bytes leftover after parsing attributes in process `syz.5.2013'. [ 312.073848][ C1] ================================================================== [ 312.135533][ C1] BUG: KASAN: slab-use-after-free in rose_timer_expiry+0x471/0x4b0 [ 312.143450][ C1] Read of size 2 at addr ffff88803067d02a by task syz-executor/12293 [ 312.151519][ C1] [ 312.153852][ C1] CPU: 1 UID: 0 PID: 12293 Comm: syz-executor Not tainted 6.15.0-rc4-syzkaller-00163-ge8716b5b0dff #0 PREEMPT(full) [ 312.153872][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 312.153883][ C1] Call Trace: [ 312.153891][ C1] [ 312.153899][ C1] dump_stack_lvl+0x189/0x250 [ 312.153926][ C1] ? __virt_addr_valid+0x18c/0x540 [ 312.153947][ C1] ? rcu_is_watching+0x15/0xb0 [ 312.153971][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 312.153993][ C1] ? rcu_is_watching+0x15/0xb0 [ 312.154017][ C1] ? lock_release+0x4b/0x3e0 [ 312.154041][ C1] ? __virt_addr_valid+0x18c/0x540 [ 312.154062][ C1] ? __virt_addr_valid+0x469/0x540 [ 312.154083][ C1] print_report+0xb4/0x290 [ 312.154102][ C1] ? rose_timer_expiry+0x471/0x4b0 [ 312.154125][ C1] kasan_report+0x118/0x150 [ 312.154147][ C1] ? rose_timer_expiry+0x471/0x4b0 [ 312.154173][ C1] rose_timer_expiry+0x471/0x4b0 [ 312.154196][ C1] call_timer_fn+0x17b/0x5f0 [ 312.154218][ C1] ? __pfx_rose_timer_expiry+0x10/0x10 [ 312.154239][ C1] ? call_timer_fn+0xbe/0x5f0 [ 312.154260][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 312.154284][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 312.154300][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 312.154316][ C1] ? __pfx_rose_timer_expiry+0x10/0x10 [ 312.154341][ C1] __run_timer_base+0x61a/0x860 [ 312.154360][ C1] ? ktime_get+0x3e/0x1f0 [ 312.154380][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 312.154399][ C1] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 312.154423][ C1] run_timer_softirq+0xb7/0x180 [ 312.154443][ C1] handle_softirqs+0x283/0x870 [ 312.154470][ C1] ? __irq_exit_rcu+0xca/0x1f0 [ 312.154486][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 312.154515][ C1] __irq_exit_rcu+0xca/0x1f0 [ 312.154528][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 312.154546][ C1] irq_exit_rcu+0x9/0x30 [ 312.154558][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 312.154575][ C1] [ 312.154580][ C1] [ 312.154592][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 312.154610][ C1] RIP: 0010:mem_cgroup_from_task+0xbb/0x120 [ 312.154637][ C1] Code: 06 04 75 09 e8 76 99 7c ff 85 c0 74 28 48 83 c3 20 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 98 94 f8 ff 48 8b 03 <5b> 41 5e 41 5f c3 cc cc cc cc cc e8 85 cd 2c 09 85 c0 74 cf 80 3d [ 312.154651][ C1] RSP: 0000:ffffc90003e7fce0 EFLAGS: 00000246 [ 312.154667][ C1] RAX: ffff888058ae2000 RBX: ffff88814dcd7020 RCX: 0f70986a9aa03500 [ 312.154679][ C1] RDX: 0000000000000000 RSI: ffffffff8d93503a RDI: ffffffff8bc1cde0 [ 312.154690][ C1] RBP: ffffc90003e7fdd0 R08: 0000000000000000 R09: 0000000000000000 [ 312.154701][ C1] R10: 0000000000000000 R11: ffffffff8209b602 R12: 0000000000000001 [ 312.154710][ C1] R13: dffffc0000000000 R14: ffff88802b709e2c R15: dffffc0000000000 [ 312.154725][ C1] ? count_memcg_event_mm+0x92/0x3b0 [ 312.154748][ C1] count_memcg_event_mm+0x199/0x3b0 [ 312.154766][ C1] ? count_memcg_event_mm+0x92/0x3b0 [ 312.154782][ C1] ? __pfx_count_memcg_event_mm+0x10/0x10 [ 312.154799][ C1] ? lock_vma_under_rcu+0xf8/0x710 [ 312.154818][ C1] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 312.154840][ C1] handle_mm_fault+0x4ee/0x8c0 [ 312.154862][ C1] do_user_addr_fault+0xa81/0x1390 [ 312.154881][ C1] ? rcu_is_watching+0x15/0xb0 [ 312.154905][ C1] ? trace_irq_disable+0x37/0x110 [ 312.154925][ C1] exc_page_fault+0x68/0x110 [ 312.154942][ C1] asm_exc_page_fault+0x26/0x30 [ 312.154957][ C1] RIP: 0033:0x7f3e22b84e1a [ 312.154973][ C1] Code: 1f 00 00 48 89 05 86 79 d6 00 74 05 e8 ff b1 e7 ff 48 83 3d f7 7e 1f 00 00 74 05 e8 f0 b1 e7 ff 48 83 3d 48 80 1f 00 00 74 05 51 87 fc ff e8 4c f7 fb ff 49 89 c4 eb 12 0f 1f 80 00 00 00 00 [ 312.154986][ C1] RSP: 002b:00007ffef771a9d0 EFLAGS: 00010202 [ 312.154999][ C1] RAX: 0000000000000008 RBX: 0000000000000000 RCX: 00007f3e22b8520d [ 312.155009][ C1] RDX: 0000000000000000 RSI: 0000000000000018 RDI: 0000555556ff77e0 [ 312.155020][ C1] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 [ 312.155029][ C1] R10: 0000555556ff77d0 R11: 0000000000000246 R12: 0000000000000000 [ 312.155039][ C1] R13: 00000000000927c0 R14: 000000000004c2c4 R15: 00007ffef771ab60 [ 312.155064][ C1] [ 312.155070][ C1] [ 312.563726][ C1] Allocated by task 11743: [ 312.568236][ C1] kasan_save_track+0x3e/0x80 [ 312.572929][ C1] __kasan_kmalloc+0x93/0xb0 [ 312.577536][ C1] __kmalloc_noprof+0x27a/0x4f0 [ 312.582418][ C1] fib6_info_alloc+0x30/0xf0 [ 312.587028][ C1] ip6_route_info_create+0x4b3/0x1360 [ 312.592465][ C1] addrconf_f6i_alloc+0x1c6/0x3f0 [ 312.597494][ C1] addrconf_permanent_addr+0x274/0x9d0 [ 312.602955][ C1] addrconf_notify+0x887/0x1010 [ 312.607808][ C1] notifier_call_chain+0x1b3/0x3e0 [ 312.612923][ C1] __dev_notify_flags+0x18d/0x2e0 [ 312.617960][ C1] netif_change_flags+0xe8/0x1a0 [ 312.622903][ C1] do_setlink+0xcb9/0x40d0 [ 312.627321][ C1] rtnl_newlink+0x160b/0x1c70 [ 312.632002][ C1] rtnetlink_rcv_msg+0x7cc/0xb70 [ 312.636938][ C1] netlink_rcv_skb+0x219/0x490 [ 312.641877][ C1] netlink_unicast+0x758/0x8d0 [ 312.646651][ C1] netlink_sendmsg+0x805/0xb30 [ 312.651417][ C1] __sock_sendmsg+0x219/0x270 [ 312.656106][ C1] __sys_sendto+0x3bd/0x520 [ 312.660623][ C1] __x64_sys_sendto+0xde/0x100 [ 312.665389][ C1] do_syscall_64+0xf6/0x210 [ 312.669894][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.675806][ C1] [ 312.678133][ C1] Freed by task 180: [ 312.682032][ C1] kasan_save_track+0x3e/0x80 [ 312.686847][ C1] kasan_save_free_info+0x46/0x50 [ 312.691880][ C1] __kasan_slab_free+0x62/0x70 [ 312.696644][ C1] kfree+0x193/0x440 [ 312.700549][ C1] rcu_core+0xca5/0x1710 [ 312.704815][ C1] handle_softirqs+0x283/0x870 [ 312.709762][ C1] __irq_exit_rcu+0xca/0x1f0 [ 312.714353][ C1] irq_exit_rcu+0x9/0x30 [ 312.718609][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 312.724246][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 312.730256][ C1] [ 312.732580][ C1] Last potentially related work creation: [ 312.738385][ C1] kasan_save_stack+0x3e/0x60 [ 312.743081][ C1] kasan_record_aux_stack+0xbc/0xd0 [ 312.748312][ C1] call_rcu+0x142/0x990 [ 312.752475][ C1] __ip6_del_rt+0x111/0x180 [ 312.757527][ C1] ip6_del_rt+0xb3/0x100 [ 312.761822][ C1] __ipv6_ifa_notify+0x5c7/0xac0 [ 312.766772][ C1] addrconf_ifdown+0xe69/0x1880 [ 312.771746][ C1] addrconf_notify+0x1bc/0x1010 [ 312.776633][ C1] notifier_call_chain+0x1b3/0x3e0 [ 312.781784][ C1] dev_close_many+0x29c/0x410 [ 312.786485][ C1] unregister_netdevice_many_notify+0x834/0x2330 [ 312.792850][ C1] default_device_exit_batch+0x819/0x890 [ 312.798493][ C1] cleanup_net+0x7a9/0xbd0 [ 312.803008][ C1] process_scheduled_works+0xadb/0x17a0 [ 312.808574][ C1] worker_thread+0x8a0/0xda0 [ 312.813164][ C1] kthread+0x70e/0x8a0 [ 312.817244][ C1] ret_from_fork+0x4b/0x80 [ 312.821664][ C1] ret_from_fork_asm+0x1a/0x30 [ 312.826431][ C1] [ 312.828757][ C1] The buggy address belongs to the object at ffff88803067d000 [ 312.828757][ C1] which belongs to the cache kmalloc-512 of size 512 [ 312.842842][ C1] The buggy address is located 42 bytes inside of [ 312.842842][ C1] freed 512-byte region [ffff88803067d000, ffff88803067d200) [ 312.856581][ C1] [ 312.858911][ C1] The buggy address belongs to the physical page: [ 312.865368][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3067c [ 312.874244][ C1] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 312.882748][ C1] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 312.890304][ C1] page_type: f5(slab) [ 312.894470][ C1] raw: 00fff00000000040 ffff88801a041c80 ffffea0001ecd200 dead000000000002 [ 312.903060][ C1] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 312.911735][ C1] head: 00fff00000000040 ffff88801a041c80 ffffea0001ecd200 dead000000000002 [ 312.920496][ C1] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 312.929195][ C1] head: 00fff00000000002 ffffea0000c19f01 00000000ffffffff 00000000ffffffff [ 312.938143][ C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 312.946822][ C1] page dumped because: kasan: bad access detected [ 312.953246][ C1] page_owner tracks the page as allocated [ 312.959494][ C1] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5214, tgid 5214 (udevd), ts 38467482981, free_ts 37924955877 [ 312.980267][ C1] post_alloc_hook+0x1d8/0x230 [ 312.985066][ C1] get_page_from_freelist+0x21ce/0x22b0 [ 312.990641][ C1] __alloc_frozen_pages_noprof+0x181/0x370 [ 312.996477][ C1] alloc_pages_mpol+0x232/0x4a0 [ 313.001343][ C1] allocate_slab+0x8a/0x3b0 [ 313.005868][ C1] ___slab_alloc+0xbfc/0x1480 [ 313.010588][ C1] __kmalloc_cache_noprof+0x296/0x3d0 [ 313.016002][ C1] kernfs_fop_open+0x397/0xca0 [ 313.020796][ C1] do_dentry_open+0xdf0/0x1970 [ 313.025711][ C1] vfs_open+0x3b/0x340 [ 313.029802][ C1] path_openat+0x2ee5/0x3830 [ 313.034400][ C1] do_filp_open+0x1fa/0x410 [ 313.038925][ C1] do_sys_openat2+0x121/0x1c0 [ 313.043630][ C1] __x64_sys_openat+0x138/0x170 [ 313.048501][ C1] do_syscall_64+0xf6/0x210 [ 313.053021][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.058920][ C1] page last free pid 5200 tgid 5200 stack trace: [ 313.065246][ C1] __free_frozen_pages+0xb0e/0xcd0 [ 313.070368][ C1] __slab_free+0x326/0x400 [ 313.074786][ C1] qlist_free_all+0x9a/0x140 [ 313.079378][ C1] kasan_quarantine_reduce+0x148/0x160 [ 313.084837][ C1] __kasan_slab_alloc+0x22/0x80 [ 313.089690][ C1] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 313.095153][ C1] getname_flags+0xb8/0x540 [ 313.099663][ C1] do_sys_openat2+0xbc/0x1c0 [ 313.104261][ C1] __x64_sys_openat+0x138/0x170 [ 313.109172][ C1] do_syscall_64+0xf6/0x210 [ 313.113683][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.119578][ C1] [ 313.121904][ C1] Memory state around the buggy address: [ 313.127657][ C1] ffff88803067cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 313.135719][ C1] ffff88803067cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 313.143899][ C1] >ffff88803067d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 313.152070][ C1] ^ [ 313.157462][ C1] ffff88803067d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 313.165641][ C1] ffff88803067d100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 313.173899][ C1] ================================================================== [ 313.182246][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 313.189489][ C1] CPU: 1 UID: 0 PID: 12293 Comm: syz-executor Not tainted 6.15.0-rc4-syzkaller-00163-ge8716b5b0dff #0 PREEMPT(full) [ 313.201831][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 313.211895][ C1] Call Trace: [ 313.215185][ C1] [ 313.218137][ C1] dump_stack_lvl+0x99/0x250 [ 313.222754][ C1] ? __asan_memcpy+0x40/0x70 [ 313.227367][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 313.232773][ C1] ? __pfx__printk+0x10/0x10 [ 313.237395][ C1] panic+0x2db/0x790 [ 313.241397][ C1] ? __pfx_panic+0x10/0x10 [ 313.245847][ C1] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 313.251752][ C1] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 313.257747][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 313.264079][ C1] ? print_memory_metadata+0x314/0x400 [ 313.269550][ C1] ? rose_timer_expiry+0x471/0x4b0 [ 313.274674][ C1] check_panic_on_warn+0x89/0xb0 [ 313.279624][ C1] ? rose_timer_expiry+0x471/0x4b0 [ 313.284748][ C1] end_report+0x78/0x160 [ 313.289009][ C1] kasan_report+0x129/0x150 [ 313.293532][ C1] ? rose_timer_expiry+0x471/0x4b0 [ 313.298661][ C1] rose_timer_expiry+0x471/0x4b0 [ 313.303612][ C1] call_timer_fn+0x17b/0x5f0 [ 313.308223][ C1] ? __pfx_rose_timer_expiry+0x10/0x10 [ 313.313695][ C1] ? call_timer_fn+0xbe/0x5f0 [ 313.318385][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 313.323517][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 313.328720][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 313.333924][ C1] ? __pfx_rose_timer_expiry+0x10/0x10 [ 313.339396][ C1] __run_timer_base+0x61a/0x860 [ 313.344266][ C1] ? ktime_get+0x3e/0x1f0 [ 313.348607][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 313.354451][ C1] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 313.360736][ C1] run_timer_softirq+0xb7/0x180 [ 313.365697][ C1] handle_softirqs+0x283/0x870 [ 313.370492][ C1] ? __irq_exit_rcu+0xca/0x1f0 [ 313.375266][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 313.380574][ C1] __irq_exit_rcu+0xca/0x1f0 [ 313.385176][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 313.390400][ C1] irq_exit_rcu+0x9/0x30 [ 313.394643][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 313.400367][ C1] [ 313.403326][ C1] [ 313.406448][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 313.412522][ C1] RIP: 0010:mem_cgroup_from_task+0xbb/0x120 [ 313.418438][ C1] Code: 06 04 75 09 e8 76 99 7c ff 85 c0 74 28 48 83 c3 20 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 98 94 f8 ff 48 8b 03 <5b> 41 5e 41 5f c3 cc cc cc cc cc e8 85 cd 2c 09 85 c0 74 cf 80 3d [ 313.438054][ C1] RSP: 0000:ffffc90003e7fce0 EFLAGS: 00000246 [ 313.444137][ C1] RAX: ffff888058ae2000 RBX: ffff88814dcd7020 RCX: 0f70986a9aa03500 [ 313.452138][ C1] RDX: 0000000000000000 RSI: ffffffff8d93503a RDI: ffffffff8bc1cde0 [ 313.460113][ C1] RBP: ffffc90003e7fdd0 R08: 0000000000000000 R09: 0000000000000000 [ 313.468101][ C1] R10: 0000000000000000 R11: ffffffff8209b602 R12: 0000000000000001 [ 313.476209][ C1] R13: dffffc0000000000 R14: ffff88802b709e2c R15: dffffc0000000000 [ 313.484308][ C1] ? count_memcg_event_mm+0x92/0x3b0 [ 313.489757][ C1] count_memcg_event_mm+0x199/0x3b0 [ 313.494982][ C1] ? count_memcg_event_mm+0x92/0x3b0 [ 313.500384][ C1] ? __pfx_count_memcg_event_mm+0x10/0x10 [ 313.506291][ C1] ? lock_vma_under_rcu+0xf8/0x710 [ 313.511454][ C1] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 313.517021][ C1] handle_mm_fault+0x4ee/0x8c0 [ 313.522250][ C1] do_user_addr_fault+0xa81/0x1390 [ 313.527391][ C1] ? rcu_is_watching+0x15/0xb0 [ 313.532215][ C1] ? trace_irq_disable+0x37/0x110 [ 313.537287][ C1] exc_page_fault+0x68/0x110 [ 313.541902][ C1] asm_exc_page_fault+0x26/0x30 [ 313.546837][ C1] RIP: 0033:0x7f3e22b84e1a [ 313.551265][ C1] Code: 1f 00 00 48 89 05 86 79 d6 00 74 05 e8 ff b1 e7 ff 48 83 3d f7 7e 1f 00 00 74 05 e8 f0 b1 e7 ff 48 83 3d 48 80 1f 00 00 74 05 51 87 fc ff e8 4c f7 fb ff 49 89 c4 eb 12 0f 1f 80 00 00 00 00 [ 313.570907][ C1] RSP: 002b:00007ffef771a9d0 EFLAGS: 00010202 [ 313.577007][ C1] RAX: 0000000000000008 RBX: 0000000000000000 RCX: 00007f3e22b8520d [ 313.584998][ C1] RDX: 0000000000000000 RSI: 0000000000000018 RDI: 0000555556ff77e0 [ 313.592981][ C1] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 [ 313.601038][ C1] R10: 0000555556ff77d0 R11: 0000000000000246 R12: 0000000000000000 [ 313.609030][ C1] R13: 00000000000927c0 R14: 000000000004c2c4 R15: 00007ffef771ab60 [ 313.617030][ C1] [ 313.620340][ C1] Kernel Offset: disabled [ 313.624695][ C1] Rebooting in 86400 seconds..