last executing test programs: 1m55.391831334s ago: executing program 1 (id=3042): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="540000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000111c0010800800014000000000080002"], 0x54}}, 0x0) 1m41.9638573s ago: executing program 1 (id=3042): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="540000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000111c0010800800014000000000080002"], 0x54}}, 0x0) 1m29.155846556s ago: executing program 1 (id=3042): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="540000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000111c0010800800014000000000080002"], 0x54}}, 0x0) 1m12.437767586s ago: executing program 1 (id=3042): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="540000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000111c0010800800014000000000080002"], 0x54}}, 0x0) 1m1.22895948s ago: executing program 1 (id=3042): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="540000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000111c0010800800014000000000080002"], 0x54}}, 0x0) 50.15864844s ago: executing program 1 (id=3042): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="540000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000111c0010800800014000000000080002"], 0x54}}, 0x0) 26.762655315s ago: executing program 0 (id=4106): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc01000019000100000000000000000000000000000000000000000000000000fe8000000000000000050000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000004401050020010000000000000000000000000000000000022b0000000a000000fc010000000000000000000000000000000000000400000000000000000000fe5c00000000000000000000000000000000000001000000006c0000000a000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000000000000320000000a0000002001000000000000000000000000000100000000000000000300000000000000000000000000000000000000000000000000000000000000320000000a"], 0x1fc}}, 0x0) 26.61510714s ago: executing program 0 (id=4110): syz_emit_ethernet(0x4e, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c2000000ffffffffffff86dd60ecff8000181100fc000000000000000000000000000000ff02000000000000000000000000000100004e22"], 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)="711f664eb50cd5279c17da770c65", 0xe}, 0x1, 0x0, 0x0, 0x8885}, 0x24044054) recvmmsg(r0, &(0x7f0000002e40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x142, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r2, r3, 0x2, 0x2, 0x0, @void, @value}, 0x10) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000880)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000840)={&(0x7f00000006c0)=ANY=[@ANYBLOB="5c0100003a00010028bd7000fddbdf250c00000010003a80040063800400798004003980fe0014801400f300ff0100000000000000000000000000019355e2a9d556e57edd54744cdabc6bddb415515a8014d9022c6f2d7b4064dd572934e285f6fb86357c593b2b84825b643897c807ae7d3792d7b1d51028b4f07c0e03b287028e535e6be95ee8fa6edb016efd881a87ca971da7cfdf31ca9c5cac6cf6d8ac85d9ea5885f2b37c6bdeba76a080567cd99f3c8595eb9ad38baa661318343a11ffac696c6811e9f84f87ed5796415d7ec37e5f744d11e346c23ae7a5d724db29d9ef516bdd045069b035cda8c835cf695bb2d1281bc0dd89558e2c4c0c6c80abfa71401ccf31016c40e8a7f84a32cd74dd2865f47bef9ad120dda0c966fa51db62e0000008009d00e00000022d00be8004002580046f6761ea005d0065746800040027800400d080040021800400be000a0400d88004006480000000"], 0x15c}, 0x1, 0x0, 0x0, 0x24000040}, 0x20000044) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@cgroup=r4, 0x2, 0x0, 0x0, &(0x7f0000000280)=[0x0], 0x1, 0x0, &(0x7f00000014c0), 0x0, 0x0}, 0x40) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000040000000000000000000000850000002c000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="0200000004000000080000000100000180000000", @ANYRES32=0x1, @ANYRES8, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ff000000000000009d2ef546"], 0x50) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002300)={r6, 0x18000000000002a0, 0xd50, 0xffffffffffffff60, &(0x7f0000000380)="b9ff0300600d698cff9e14f08edd", 0x0, 0xe00, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffff}, 0x50) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000000000000100000004000480080002000100000008000b"], 0x28}}, 0x0) sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84) r9 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_FLUSH(r7, &(0x7f0000000640)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)={0x24c, r9, 0x8, 0x70bd27, 0x25dfdbfc, {}, [@TIPC_NLA_NET={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x80000001}]}, @TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x40}]}, @TIPC_NLA_NET={0x30, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x48c}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x5}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xaf5}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xd}]}, @TIPC_NLA_BEARER={0x7c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7fffffff}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0xfffffff8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x2}}, {0x14, 0x2, @in={0x2, 0x4e23, @multicast2}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x80}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}, @TIPC_NLA_PUBL={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8b}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xf}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}]}, @TIPC_NLA_BEARER={0x80, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @remote}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x1017, @mcast2, 0x1}}}}, @TIPC_NLA_BEARER_NAME={0x12, 0x1, @l2={'ib', 0x3a, 'virt_wifi0\x00'}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}, @TIPC_NLA_NODE={0x8, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_LINK={0x70, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xe8b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xd}]}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x575}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}]}, @TIPC_NLA_SOCK={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x6}]}]}, 0x24c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r10 = socket$kcm(0x29, 0x7, 0x0) recvmsg$kcm(r10, &(0x7f0000002280)={&(0x7f0000000e40)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast1}}, 0x80, &(0x7f0000002100)=[{&(0x7f0000000ec0)=""/14, 0xe}, {&(0x7f0000000f00)=""/105, 0x69}, {&(0x7f0000000f80)=""/62, 0x3e}, {&(0x7f0000000fc0)=""/56, 0x38}, {&(0x7f0000001000)=""/30, 0x1e}, {&(0x7f0000001040)=""/4096, 0x1000}, {&(0x7f0000002040)=""/84, 0x54}, {&(0x7f00000020c0)=""/16, 0x10}], 0x8, &(0x7f0000002180)=""/230, 0xe6}, 0x30000) 26.360012888s ago: executing program 0 (id=4113): socket$unix(0x1, 0x2, 0x0) socket$unix(0x1, 0x2, 0x0) socket$unix(0x1, 0x2, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000840)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRES64=r2], 0x64}, 0x1, 0x0, 0xfe0f0000}, 0x0) 26.271806281s ago: executing program 0 (id=4117): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000180)={r0, 0x725b, 0x2, 0x9}) ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f00000001c0)={'dvmrp0\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x25}}) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r3, &(0x7f0000000740)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}, 0x1c, &(0x7f0000000080)=[{&(0x7f00000022c0)='`', 0x1}], 0x1}}, {{&(0x7f0000000140)={0xa, 0x4e22, 0x3, @private2, 0x8}, 0x1c, &(0x7f0000000500)=[{&(0x7f0000000280)='1', 0x1}], 0x1}}], 0x2, 0x0) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x400500, 0x0) ioctl$PPPIOCSNPMODE(r4, 0x4008744b, &(0x7f0000000400)={0x281}) shutdown(r3, 0x1) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r3, 0x84, 0x19, &(0x7f0000000240)={0x0, 0x10}, 0x8) getpeername$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000140)=0x14) accept4(r0, &(0x7f0000000040), &(0x7f00000000c0)=0x80, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="6c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000002102004400128009000100766c616e00000000340002800600010000000000280003800c00010008000000008000000c00010008000000feffffff0c000100030000000500000008000500", @ANYRES32=r5, @ANYBLOB="ebb6d7a8e9bc2681e1acdadb9137715491c705bc6722c158db1f83c0da7faa13d80f06f3e7f12f01937c6784ef1a01184a617f4ae8c957820651ba57ac04ed085631efa330f0922e981f06067007d369533d10ba8c2ee7e8320f873183e6c1bad95c0c414ca55ac72797973d18a88c1b497272d7f235c2605500e1eaf1521b52070e077c0b49e94db0dd902c5cc748cbfa8a1bb040fc4bd131a350ac639f8d1c35cc823eb641b121473e00419a4c15d4651b0de5fc27b5f532c074c1738e7deafc6078d013778c21c853458a"], 0x6c}, 0x1, 0xba01, 0x0, 0x4004001}, 0x4000000) 15.093370291s ago: executing program 0 (id=4117): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000180)={r0, 0x725b, 0x2, 0x9}) ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f00000001c0)={'dvmrp0\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x25}}) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r3, &(0x7f0000000740)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}, 0x1c, &(0x7f0000000080)=[{&(0x7f00000022c0)='`', 0x1}], 0x1}}, {{&(0x7f0000000140)={0xa, 0x4e22, 0x3, @private2, 0x8}, 0x1c, &(0x7f0000000500)=[{&(0x7f0000000280)='1', 0x1}], 0x1}}], 0x2, 0x0) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x400500, 0x0) ioctl$PPPIOCSNPMODE(r4, 0x4008744b, &(0x7f0000000400)={0x281}) shutdown(r3, 0x1) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r3, 0x84, 0x19, &(0x7f0000000240)={0x0, 0x10}, 0x8) getpeername$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000140)=0x14) accept4(r0, &(0x7f0000000040), &(0x7f00000000c0)=0x80, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="6c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000002102004400128009000100766c616e00000000340002800600010000000000280003800c00010008000000008000000c00010008000000feffffff0c000100030000000500000008000500", @ANYRES32=r5, @ANYBLOB="ebb6d7a8e9bc2681e1acdadb9137715491c705bc6722c158db1f83c0da7faa13d80f06f3e7f12f01937c6784ef1a01184a617f4ae8c957820651ba57ac04ed085631efa330f0922e981f06067007d369533d10ba8c2ee7e8320f873183e6c1bad95c0c414ca55ac72797973d18a88c1b497272d7f235c2605500e1eaf1521b52070e077c0b49e94db0dd902c5cc748cbfa8a1bb040fc4bd131a350ac639f8d1c35cc823eb641b121473e00419a4c15d4651b0de5fc27b5f532c074c1738e7deafc6078d013778c21c853458a"], 0x6c}, 0x1, 0xba01, 0x0, 0x4004001}, 0x4000000) 4.796568375s ago: executing program 0 (id=4117): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000180)={r0, 0x725b, 0x2, 0x9}) ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f00000001c0)={'dvmrp0\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x25}}) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r3, &(0x7f0000000740)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}, 0x1c, &(0x7f0000000080)=[{&(0x7f00000022c0)='`', 0x1}], 0x1}}, {{&(0x7f0000000140)={0xa, 0x4e22, 0x3, @private2, 0x8}, 0x1c, &(0x7f0000000500)=[{&(0x7f0000000280)='1', 0x1}], 0x1}}], 0x2, 0x0) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x400500, 0x0) ioctl$PPPIOCSNPMODE(r4, 0x4008744b, &(0x7f0000000400)={0x281}) shutdown(r3, 0x1) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r3, 0x84, 0x19, &(0x7f0000000240)={0x0, 0x10}, 0x8) getpeername$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000140)=0x14) accept4(r0, &(0x7f0000000040), &(0x7f00000000c0)=0x80, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="6c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000002102004400128009000100766c616e00000000340002800600010000000000280003800c00010008000000008000000c00010008000000feffffff0c000100030000000500000008000500", @ANYRES32=r5, @ANYBLOB="ebb6d7a8e9bc2681e1acdadb9137715491c705bc6722c158db1f83c0da7faa13d80f06f3e7f12f01937c6784ef1a01184a617f4ae8c957820651ba57ac04ed085631efa330f0922e981f06067007d369533d10ba8c2ee7e8320f873183e6c1bad95c0c414ca55ac72797973d18a88c1b497272d7f235c2605500e1eaf1521b52070e077c0b49e94db0dd902c5cc748cbfa8a1bb040fc4bd131a350ac639f8d1c35cc823eb641b121473e00419a4c15d4651b0de5fc27b5f532c074c1738e7deafc6078d013778c21c853458a"], 0x6c}, 0x1, 0xba01, 0x0, 0x4004001}, 0x4000000) 2.623754669s ago: executing program 3 (id=4358): bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000090bfa300000000000007030000f1feffff720a06fef8ffffff71a400fe000000007110bf00000000001d300200000000004704000001ed03040f030000000000001d440000000000006b0a04fe0000000072030000000a0000b500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000f40), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x24) 2.506836562s ago: executing program 3 (id=4360): r0 = epoll_create1(0x0) r1 = socket(0x1, 0x80802, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, 0x0) close(r2) r3 = socket$inet(0xa, 0x801, 0x84) connect$inet(r3, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = socket$unix(0x1, 0x5, 0x0) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x2, 0x9, 0xfa, 0x0, 0x4, 0x0, 0x70bd25, 0x25dfdbfe, [@sadb_x_sec_ctx={0x1, 0x18, 0x7, 0xff}, @sadb_x_nat_t_type={0x1, 0x14, 0x57}]}, 0x20}}, 0x24000800) bind$unix(r5, &(0x7f0000003000)=@abs={0x1, 0x0, 0xffffffff}, 0x6e) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@private1, 0x6, 0x0, 0x1, 0x7}, 0x20) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl(r7, 0x8b32, &(0x7f0000000040)) bind$unix(r5, &(0x7f0000003000)=@abs={0x1}, 0x6e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10) r8 = socket$netlink(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) sendmsg$nl_route_sched(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=@newtaction={0x98, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x84, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0xfffffffd, 0x1000, 0x10000000, 0x7, 0x65fb}, 0x1, r10}}]}, {0x4, 0xa}, {0xc}, {0xc, 0x8, {0x1000000}}}}, @m_mpls={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x80}, 0x0) r11 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r11, 0x0, 0x4000054) shutdown(r1, 0x0) close(r0) 2.348017643s ago: executing program 2 (id=4361): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r3 = socket$kcm(0x21, 0x2, 0x2) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xd, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x6, 0x9, 0x0, 0x1, 0xe7030000}, {0x16, 0x0, 0x0, 0x6}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}, {0x56}}], {{0x4, 0x1, 0x3, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$kcm(r3, &(0x7f0000000040)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @local}}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000ac0)="ee", 0xffffff1f}], 0x2, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000001101000005040500002b24ec10064b6f2f000000fb71658bda99b49720fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0) r5 = socket$inet6(0xa, 0x3, 0xff) setsockopt$inet6_int(r5, 0x29, 0x16, &(0x7f00000001c0)=0x7f, 0x4) close(r5) recvmsg$kcm(r3, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000da0000f8ff00000000bfa2009b1eae8e5aa4860100f8ffffffb703000008000000b7040000000000008500000001000000850000000e00000095396dd4fafe5d5b166a8a015dbc3e6cc507b5963121b709b3dd96311754058b89aca27cfb31b4aa490981b102e9388512afd3ce8c3a3eccf2d83b0a9a50ea076bc654476e6aedd6be"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r6}, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x20, 0x40, 0x9, 0xffffffff, 0x0, {0x2}, [@typed={0x4, 0x11f}, @nested={0x8, 0x1, 0x0, 0x1, [@typed={0x4, 0x63}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x0) socket$netlink(0x10, 0x3, 0x0) pipe(&(0x7f0000019480)={0xffffffffffffffff, 0xffffffffffffffff}) close(r7) socket$inet6_sctp(0xa, 0x5, 0x84) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e24, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r8, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000010c0)=0x8) setsockopt$inet_sctp_SCTP_RESET_STREAMS(r7, 0x84, 0x77, &(0x7f0000000000)={r9, 0xe0}, 0x8) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x2c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x2c}}, 0x0) 1.279598806s ago: executing program 3 (id=4362): r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x9}]}, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f00000000c0)={r3, 0x9, 0x8, 0x300000, 0x7, 0x2}, 0x14) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x9, 0x0, 0x3, 0x2, 0x0, 0x700}, 0x10}, 0x1, 0x7}, 0x0) 1.246797615s ago: executing program 2 (id=4363): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={0x34, r1, 0x5, 0x70bd2c, 0x7, {{}, {@val={0x8, 0x3, r2}, @void}}, [@crypto_settings=[@NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0x4}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0xdada}], @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x40488c0) 1.068074037s ago: executing program 3 (id=4364): r0 = socket$netlink(0x10, 0x3, 0x4) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10) ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000240)=@add_del={0x2, &(0x7f0000000080)='wg2\x00'}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c0000001a0001005bc7ff997ad4283b81f6"], 0x1c}, 0x1, 0x0, 0x0, 0x4080}, 0x0) r5 = socket$inet_sctp(0x2, 0x5, 0x84) r6 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000200)=0x8) getsockopt$inet_sctp_SCTP_RTOINFO(r6, 0x84, 0x0, &(0x7f0000000040)={r3, 0xffff143a, 0x68, 0x11fe}, &(0x7f00000000c0)=0x10) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000100)={0x10, 0x2, 0x5, 0x1b55, r7}, 0x10) sendto$inet6(r1, &(0x7f0000001080)='\x00', 0x1, 0xc090, &(0x7f0000000100)={0xa, 0x1, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x4}, 0x1c) writev(r0, &(0x7f0000000a00)=[{&(0x7f0000000300)="480000001400190d09034beafd0d36020a841a000000230f00000000a2bc5603ca00000f7f89004e00200000000109ff00c00e03000200000000000000000300005839c9009100001a2bda0b16807c80cc57aa17024de5da7d293302713a984f4ce84dd6c0a45f804aa8c9f1edc73a87b49fc2eeac150f210091ee1ed4a2c109fe5276b0c2ae8f44dcdea45da9631a7a90a81ed119a0ba43950e75e337676d63963b4dda1528f890a5917a8d47ae8f3e154542aa7033b34434050c15c1abbeceebeafede5a757702d3460f4c1f7c2c1e2f446e21aafe72e144015b16f957fe7a2d45b903c32e3059a77c567aa43aad23a4ac00c81640ea8f9e1b9be1a3ca586df3b10b3cc73b9227bfbac8c11c242c4db38085ff8fa1", 0x116}, {&(0x7f0000000180)="7d42b88602fd1654dd8fdf687ec60d7ddb45e184d82dea2f04f2fa1daaaf97191045495452f2f5acc2411b9b4d6dcbd7f5050b40c5109c11a960312a38a6280962f1ce7b760c1eb341faaac37944645696c0ea14dc770c35f90ffa41a955184aee66a11d1cfac519f4fb23858d7279a132686bce302c6e330705a03307a1a55b", 0x80}, {&(0x7f0000000440)="52ef24e50d5efbddd50faf4e68cd0d387332797a0dd45a6060fba0d780457255fdbfe8d0dd11ba199d5f7aa24e7a1397ce4ffa94518ccf7ae82c43d26204787655050e02e64d0e2a2dbe91b1e7f33197afcf471b1438fd96ff755ac85b39a5164a675712a237635ef2ce028b3599c6ee670e1b1919766ad5ee9b176627e7cdb0e6c907b87cb5c51304d326b482406904ec83d1d8cd649acf6608a4e0f9f3a57f5a021a2aac3d80fc3aa1bb2c14f1f84d524f728c5b07f9b3e18eae8709b17ac0365bb955ef51bb9a50b2c9b0bcdaa3264e975e", 0xd3}, {&(0x7f0000000b00)="cbe82d6fb576224b24dbd9e58d88505024ea05572ad299174511b91f69dfa0961d2e26f6c80ac8ed1ab5428fd48bef75b0ce9121cedc2d0f5488c2ff0434060eefe9fbaab27058662084e836e008bfe98c49dcccf340327ae851f95a684ceb57a162376e791b5d9110210cb1876202b4220bc7c3416ccbf2aa09f0e24cbd912462536dd72ec5652c2737a3c490f2dae223e794ddd0f9aa920a6d7ba598d33ec066a7cd137901fd17dec7497e07721894a4b08ef25f4697818e4a07606d4265a0597113ccea679e12df849fce269b313b574bdba2cfdf7321b35f471c1e3e57f9f0008139305c2e1b9d7e9479eeea686dcb", 0xf1}, {&(0x7f0000000640)="50e9bf5bff4e9a774a2efe922a294caeb28edbd13367f37d3251672da9b307cfbc8c424a4295b5ef43e2de609964ab1416a1e1b2b97b93c2a000cef95b7b522be6354fa6da073849d83e1edecfffce1db87501b8b362400f0806185135605f431601cee3cdf331e43e2e991b056df31f8240e67b27f0a9e81a4ec5fdde523920ba6a0754561268689d2191c6fdf815c7591b8c0138631d26979372649b691c3e9dc6344383e235b5503e1ce7082c647675e5f9da030747b6c77c10aeac1744", 0xbf}, {&(0x7f0000000700)="e70e8cdcd2c4c15bd0a98e53e7e93bd32ed157c1356b2a191837fdc69e2ec176bb58e3cf84c466f6f509058daf930760d242ba1d2eddfefdd8e58fbc9a563c05aed360d3744ffa8b97037fadfa247c0528aa373c0bd37626f6e687accd327bf90c3e85e350e20335db2cb3e8d638701d9b9593482a1bcc517b8e30b734a71a38f1eaf78cd0e805b2e1452d675d7e68aa41eae62217b631532bf32a1beee7936725b9e9241d047d5674aad525d7d3bf185e14a11db9b4b108697b406e27c50f301bd6e677e14595ad751988fcfd49ce680a75fce2158d7efdb4f64cd14a24fe87537d1f50d676e7ca266dc16395b0", 0xee}, {&(0x7f0000000540)="5b1172816313598c32bb5e9ea6150d21f2d54f1d3f8fb4f518e8c69bd2f477f1c7385f5e6be3fd82074c52e4d9c31ef7156635912e15bd2485b3a35e726d82dc6325f64885c27ed4bd52839422ab9b0482d1ac7c74747f8c22ecf029dcbcdc5f20e62dbddced0c6a1ca24dd49656b76e7485da0cea4798d9562da4cb0c8975ea0dc0be14ad111e", 0x87}, {&(0x7f00000008c0)="2dd7c0a0dee91dad0a1e412600fa6f21cd778591da94f03891041b1704450c6f7a160f0d437c7551d99f4a089980d5a631eaab74d6b2684e9f1361e75cb60d0e813aee75a1cb179035e059b57f01c5f692990efa5fd7f5de1ec0ba83b48b45185719b6bfcf20bed73cf21d94974ee957ab156125cd6a2070513414a580e62cdbd58217f14847ae4cbb5b9cb1d9576a85f47e58111c6277053db8bb60207bf210fe8ef5ee81792a2b5686f5fe55611e71699181a0f8617bf89beae16c32a52cb2", 0xc0}, {&(0x7f0000000800)="ed2093a9915fa4713ebf8377707202537d6c30a8e6508cab8f37beb5f8708937106a8489c636bb4536035fcfd71cccd38c8244cdcedc44827aa30727d8e76fc0de217320a43adce71d3ffee6892cbc24b38b40adf4c4ade0fea6af07c4ba699f922535eeb3b15cad1671ff800881746366a58115374b9f821796c2886af6e5b9ab0b10375e5fbb50acab310e317c2b3ab446eb4ace82", 0x96}], 0x9) 1.02432374s ago: executing program 2 (id=4366): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r1, &(0x7f0000007cc0)=[{{&(0x7f0000000800)={0xa, 0x4e21, 0x6, @dev={0xfe, 0x80, '\x00', 0xd}, 0x6}, 0x1c, &(0x7f0000001880)=[{&(0x7f0000000340)='(', 0x1}], 0x1, &(0x7f00000019c0)=ANY=[@ANYBLOB="24000000000000002001000000000000000000000000000e14b65b156c4d1400", @ANYRES32=0x0, @ANYBLOB="00000000400000000000000029000000360000001d04000000000000000100c90300000000000000000000ffffac1414aac910fe8800000000000000000000000001010014000000000000008400000008000000070000000000000014000000000000002900000008000000060000000000000014"], 0xb0}}], 0x1, 0x931766f6319eed40) socket$kcm(0x10, 0x2, 0x0) r2 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r2, 0x0, 0x80) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xe8001, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000009080), 0x0, 0x2000c000) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000040000000c"], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b707000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_emit_ethernet(0x76, &(0x7f00000006c0)={@broadcast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x40, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x2, {0x0, 0x6, "5b29ab", 0xd718, 0x32, 0x0, @private1, @private2, [@dstopts={0x3a, 0x0, '\x00', [@generic={0x40}]}]}}}}}}}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r3}, &(0x7f0000000080), &(0x7f0000000240)=r5}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r4, 0x18000000000002a0, 0xd50, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) ioctl$sock_netdev_private(0xffffffffffffffff, 0x89f5, &(0x7f0000000440)="b113cbac7d510a3bc86d008ad27534c24f883c84803c87ab4211da54a2b65bc3293c1ace0093f271a162d7d8d35cbdf4db72c1e70b3b240cec9885392d997076b6b964648da8205342170f3e961fcbcdb4783a97057db6c8590bd1b66a0e2742f14741e918d027e8da83d2793a097a7afdf18298eba7e5f15eba5ef3d147aa3ba5d3fc59a627b944009560e8d6f5d1af75a54efb738cf8bc83f567bb5b3869d63d8e17a4c0f4e7b16f89ca7fdad5792890f8e94dff1a2d6798306dd5f77fc2926c7171") bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1700000005000000020000000000000008000000", @ANYRES32=0x1, @ANYBLOB="010035e46d5ea1fa0e5b894f97f39d2000"/34, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="040000000400"/28], 0x50) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r6, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000640)={{{@in6=@remote, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x4000, 0x0, 0x0, 0x0, 0xa}, {0x2, 0x0, 0x4, 0x0, 0x0, 0x4, 0x1}, {0x0, 0x40000000, 0x0, 0xff}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x32}, 0x2, @in=@multicast1, 0xffffffde, 0x4, 0x3, 0x0, 0x4000}}, 0xe8) sendmmsg$inet6(r7, &(0x7f0000000300)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @dev}, 0x1c, 0x0}}], 0x1, 0x40040d4) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r8, 0x27, 0x14, 0x0, &(0x7f0000000000)="f8ad1dcc02cb29dcc80032008100", 0x0, 0x4000, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="500000001000defe9ec94666df3813bdd7be030500"/32, @ANYRES32=0x0, @ANYBLOB="01000000000201000500100005000000280012800a000100767863616e000000180002801400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00@\x00\x00'], 0x50}, 0x1, 0x0, 0x0, 0x4040}, 0x0) 784.251454ms ago: executing program 4 (id=4368): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc01000019000100000000000000000000000000000000000000000000000000fe8000000000000000000100000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000004401050020010000000000000000000000000000000000022b0000000a000000fc010000000000000000000000000000000000000400000000000000000000fe5c00000000000000000000000000000000000001000000006c0000000a000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000000000000320000000a0000002001000000000000000000000000000100000000000000000300000000000000000000000000000000000000000000000000000000000000320000000a"], 0x1fc}}, 0x0) 783.789489ms ago: executing program 2 (id=4369): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000102711040000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 734.849352ms ago: executing program 2 (id=4370): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="6205000000400004611018000000000066050000020000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 656.290636ms ago: executing program 4 (id=4371): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000002380)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff0000f800b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006a00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x21780, 0x0, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 563.113016ms ago: executing program 2 (id=4372): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x8, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}, 0x1, 0x0, 0x0, 0xe703}, 0x0) 503.380281ms ago: executing program 4 (id=4373): r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) accept4(r0, 0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) pwrite64(r1, 0x0, 0x0, 0xee) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0xffffffffffffffff, 0x3e, 0x0, 0xa, 0x0, 0x0, @void, @value}, 0x28) bpf$MAP_CREATE(0x600000000000000, &(0x7f0000000580)=ANY=[@ANYBLOB="0f00000004000000040000000200020000000000", @ANYRES32=0x1, @ANYBLOB="fdffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000004000000000000000000"], 0x48) 356.789102ms ago: executing program 4 (id=4374): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x4f0, 0x340, 0x25, 0x148, 0x0, 0x60, 0x458, 0x2a8, 0x2a8, 0x458, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x44, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x3d, './file0\x00'}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_bond\x00', 'veth0\x00', {0xff}}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@unspec=@cgroup0={{0x28}, {0x4, 0x20}}, @common=@unspec=@statistic={{0x38}, {0x0, 0x0, 0x0, 0xe0030000}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x8000, 'syz0\x00', {0x481c}}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x550) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000580)='hugetlb.1GB.rsvd.limit_in_bytes\x00', 0x2, 0x0) r3 = socket$netlink(0x10, 0x3, 0xf) connect$netlink(r3, &(0x7f0000000040)=@kern={0x10, 0x0, 0x0, 0x90000004}, 0xc) r4 = openat$cgroup_procs(r1, &(0x7f0000000780)='cgroup.procs\x00', 0x2, 0x0) sendfile(r4, r2, 0x0, 0x7) socket$nl_generic(0x10, 0x3, 0x10) 227.810849ms ago: executing program 4 (id=4375): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r4}, 0x10) r5 = socket$nl_generic(0x11, 0x3, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x3f, 0x1c, 0x8000, 0x0, 0x0, 0x2, 0x0, @broadcast, @loopback}, {0x16, 0x7c, 0x0, @rand_addr=0x64010102}}}}}, 0x0) sendmsg(r5, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="fc00000019000100000000000000000000000000000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000b93760000000000000000000000000000000000000000000200000000000000010000000000000044000500ac141400000000000000000000000000000000003c"], 0xfc}, 0x1, 0x0, 0x0, 0x24008040}, 0x20040000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="18486967519d8f85a7f1fe62a1709887760f000009000000000000000300000095"], &(0x7f0000000180)='syzkaller\x00', 0x1, 0xa2, &(0x7f0000000500)=""/162, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_mptcp_buf(r6, 0x11c, 0x1, &(0x7f0000000640)=""/4, &(0x7f0000000680)=0x4) r7 = socket$inet6(0xa, 0x2, 0x3a) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x70, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2f}, @NFTA_SET_EXPRESSIONS={0x2c, 0x12, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}, {0x14, 0x1, 0x0, 0x1, @counter={{0xc}, @val={0x4}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x106}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb8}}, 0x20050800) bind$inet6(r7, &(0x7f0000000400)={0xa, 0x0, 0x0, @loopback={0xffff0000}}, 0x1c) r9 = accept4$ax25(0xffffffffffffffff, &(0x7f0000000440)={{0x3, @default}, [@netrom, @null, @rose, @null, @null, @default, @rose, @default]}, &(0x7f0000000040)=0x48, 0x80800) ioctl$SIOCAX25ADDFWD(r9, 0x89ea, &(0x7f00000004c0)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast}) syz_emit_ethernet(0x3e, &(0x7f0000001200)={@broadcast, @random="6487a2bed3d6", @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x6, 0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x14, 0x0, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, "5e722f5a3bc7afae27b241340b0e785fc538df57"}}}}}, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000600)=ANY=[@ANYBLOB="4c220e32c3239c598de0b1249181e7b32df579fa1c4094fb060000001e05000000000000000011002b00461dc071ca"], 0x24}], 0x1}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="c400000019000100fcffffff00000000ac14142c000000000000000000000000fe8000000000000000000000000000aa4e2200004e2400000a00006000000900", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000010feffffffffffffff000000400000000000000000000000001a000000000000000100000000000000feffffffffffffff770000000000000005000000000000000000000000000000ff7f000000000000080000000000000001000300000000000a0010000100000000000000"], 0xc4}}, 0x0) socket$kcm(0x10, 0x2, 0x0) r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000700), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_GET(r1, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000880)={0x410, r10, 0x20, 0x70bd26, 0x25dfdbfd, {}, [@TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}]}, @TIPC_NLA_PUBL={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x10000}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x39}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x60}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x6}]}, @TIPC_NLA_BEARER={0x16c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10000}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xb7e}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x7, @private2={0xfc, 0x2, '\x00', 0x1}, 0x5}}, {0x14, 0x2, @in={0x2, 0x4e21, @remote}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x4}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @empty}}, {0x14, 0x2, @in={0x2, 0x4e21, @multicast2}}}}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e1f, 0xa6ab, @empty, 0x10000}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x2, @mcast1, 0x7}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x2, @dev={0xfe, 0x80, '\x00', 0x2f}, 0x1ff}}, {0x14, 0x2, @in={0x2, 0x4e23, @multicast1}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}, @TIPC_NLA_NODE={0xac, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_NODE_ID={0xa0, 0x3, "25e46de9934febf3b61ae736d307fce1bf39b3937e94a091aeb9aa63635289c34d16c139b9b87164ce4fcf8f8f55aede68a5ef33b77202d52bb140d5093a0a0bfb58f973046a452acdfb6a192c0e62aeaf0baacc1721aa352dbac0ba459f9ae9019ada4da4aefe0ff0417d6de9b131e473e2d021ada997829f244159c158e6349d875c425072536da3521975795f56bf129c94366293bd76b62f75d9"}]}, @TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER={0x128, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x1, @private0, 0x8}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0xffff2736, @remote, 0x9}}}}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xe}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @rand_addr=0x64010101}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x400, @private1, 0x1}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x56}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_NAME={0x12, 0x1, @l2={'ib', 0x3a, 'veth1_vlan\x00'}}, @TIPC_NLA_BEARER_NAME={0xf, 0x1, @l2={'ib', 0x3a, 'bridge0\x00'}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}, @TIPC_NLA_MEDIA={0x40, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x16d7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_MEDIA_PROP={0x4}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}]}, 0x410}, 0x1, 0x0, 0x0, 0x4}, 0x10) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380), r11) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r11, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000003c0)={0x54, r12, 0x111, 0x70bd27, 0x25dfdbfc, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x9}, {0x6, 0x16, 0xfffa}, {0x5, 0x12, 0x1}}]}, 0x54}, 0x1, 0x0, 0x0, 0x804}, 0x20000) socket$nl_route(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000240)="8a", 0x1, 0x40051, &(0x7f0000000080)={0xa, 0x0, 0x1, @local, 0x9}, 0x1c) 159.961463ms ago: executing program 4 (id=4376): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={0x34, r1, 0x5, 0x70bd2c, 0x7, {{}, {@val={0x8, 0x3, r2}, @void}}, [@crypto_settings=[@NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0x4}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0xdada}], @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x40488c0) 133.246994ms ago: executing program 3 (id=4377): socket$inet(0x2, 0x2, 0x1) r0 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r0, &(0x7f0000000080)="18", 0x1, 0x0, &(0x7f00000000c0)={0x11, 0xe, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) 0s ago: executing program 3 (id=4378): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x4, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000020d700000000000095"], &(0x7f00000000c0)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1f00, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c) writev(r1, &(0x7f0000000180)=[{&(0x7f0000000280)="cdee918a5b2050a1fbcb4b79500705b87662cbe5e8037ef66ff7d27fa000574da54fd1f94e25399660b0da13398d0373d042df2da62d36923fbc0585", 0x3c}], 0x1) socket$inet_udp(0x2, 0x2, 0x0) socket$inet6(0xa, 0x5, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_emit_ethernet(0x140, &(0x7f00000002c0)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @udp={{0x13, 0x4, 0x0, 0x5, 0x132, 0x68, 0x0, 0x6, 0x11, 0x0, @dev={0xac, 0x14, 0x14, 0x35}, @loopback, {[@generic={0x88, 0x3, 'n'}, @timestamp_addr={0x44, 0xc, 0xb4, 0x1, 0x0, [{@rand_addr=0x64010101, 0xfffffffe}]}, @lsrr={0x83, 0x13, 0xf, [@private=0xa010100, @broadcast, @broadcast, @loopback]}, @timestamp={0x44, 0x14, 0x7a, 0x0, 0x6, [0x8, 0x7, 0xa, 0xc]}]}}, {0x4e24, 0x4e24, 0xe6, 0x0, @gue={{0x1, 0x1, 0x1, 0xfa, 0x0, @void}, "3d12737dbe4f51561b9f17a75b1bc50b788974e341ae0f6c448c4da76e810e1396ed22cfb83a9d6d150e04b8f950592c45223d07fe9299d8a0791882f420aa7a64aeed5d5f1bed73efc94d1af08c4f6595f5af50761439543208f9514bb383a823ae705dde69b61ab8dd7f62170a31973ec30ee87b0f84d958101df6bacbe7d4fad9da9082ee54221a6520b156340a4a6973efa76a308fee707e00d0188dc61656fc9be256fecca773eae4c6eb0d7276d06a4ff6045484cb5da6d05a78f2f68b5ca87f2268dc4bebece9e0c45a04536926f9c0ea8aa9f47b5af4"}}}}}}, 0x0) r4 = socket(0x2b, 0x80801, 0x1) r5 = socket$inet6_icmp(0xa, 0x2, 0x3a) shutdown(r5, 0x3) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r5, 0x890c, &(0x7f0000000400)={@mcast1, @mcast1, @local, 0x7, 0x8, 0x9329, 0x400, 0x3, 0x10080, r6}) r7 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000003040)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x1b0, 0x2b8, 0xb0000010, 0x2a8, 0x5c8f0200, 0x2a8, 0x3a8, 0x3a8, 0x2a8, 0x3a8, 0x3, 0x0, {[{{@ipv6={@private1={0xfc, 0x1, '\x00', 0x3}, @local, [0x0, 0xff000000], [0x0, 0x0, 0x0, 0xff], 'veth1_macvtap\x00', 'veth0_to_team\x00'}, 0x0, 0x140, 0x1b0, 0x700, {}, [@common=@inet=@set3={{0x50}, {{0x0, 0x5, 0x1}, {0x4, 0x8000000000000000}, {0x40, 0x8}, 0x9}}, @common=@unspec=@limit={{0x48}, {0x0, 0x3}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x80000003, 0xd68b, 0x6, 0x0, 0x0, "ee82d975ba431036a466e186bc212cc94ea71cd7c070359574aeb7e92357c313946d43b423725caeff472136e8e252f4e877658a618b285c092424d313abab9c"}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) ioctl$sock_inet_sctp_SIOCINQ(r4, 0x894b, &(0x7f0000000180)) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002d00010000000000fcdbdf250401f2800800180008ac0f"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) kernel console output (not intermixed with test programs): 0000 R11: 0000000000000246 R12: 0000000000000001 [ 350.804404][T14963] R13: 0000000000000000 R14: 00007f0ca7fb5fa0 R15: 00007ffedeaff5d8 [ 350.804436][T14963] [ 351.173586][T14818] team0: Port device team_slave_0 added [ 351.183519][T14818] team0: Port device team_slave_1 added [ 351.194830][T14964] netlink: 'syz.4.3211': attribute type 3 has an invalid length. [ 351.324392][T14818] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 351.331408][T14818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 351.370607][T14818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 351.389064][T14818] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 351.396555][T14818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 351.431870][T14973] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3217'. [ 351.441190][T14973] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3217'. [ 351.450478][T14818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 351.464399][ T51] Bluetooth: hci1: command tx timeout [ 351.498982][T14976] netlink: 88 bytes leftover after parsing attributes in process `syz.2.3218'. [ 351.508373][T14976] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3218'. [ 351.714478][T14818] hsr_slave_0: entered promiscuous mode [ 351.721229][T14818] hsr_slave_1: entered promiscuous mode [ 351.760861][T14818] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 351.787797][T14818] Cannot create hsr debugfs directory [ 351.837204][T14988] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 351.928572][T14994] xt_bpf: check failed: parse error [ 351.949714][T14990] syzkaller1: entered promiscuous mode [ 351.957483][T14990] syzkaller1: entered allmulticast mode [ 352.375815][T15014] netlink: 'syz.0.3233': attribute type 9 has an invalid length. [ 352.383892][T15014] netlink: 'syz.0.3233': attribute type 7 has an invalid length. [ 352.398827][T15014] netlink: 'syz.0.3233': attribute type 8 has an invalid length. [ 352.411008][T15016] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3232'. [ 352.596074][T15021] 8021q: adding VLAN 0 to HW filter on device bond1 [ 352.607328][T15022] FAULT_INJECTION: forcing a failure. [ 352.607328][T15022] name failslab, interval 1, probability 0, space 0, times 0 [ 352.628256][T15022] CPU: 1 UID: 0 PID: 15022 Comm: syz.0.3235 Not tainted 6.15.0-syzkaller-12489-g5d6d67c4cb10 #0 PREEMPT(full) [ 352.628287][T15022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 352.628300][T15022] Call Trace: [ 352.628308][T15022] [ 352.628317][T15022] dump_stack_lvl+0x189/0x250 [ 352.628353][T15022] ? __pfx____ratelimit+0x10/0x10 [ 352.628380][T15022] ? __pfx_dump_stack_lvl+0x10/0x10 [ 352.628412][T15022] ? __pfx__printk+0x10/0x10 [ 352.628441][T15022] ? __pfx___might_resched+0x10/0x10 [ 352.628458][T15022] ? fs_reclaim_acquire+0x7d/0x100 [ 352.628489][T15022] should_fail_ex+0x414/0x560 [ 352.628539][T15022] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 352.628559][T15022] should_failslab+0xa8/0x100 [ 352.628583][T15022] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 352.628601][T15022] kmem_cache_alloc_lru_noprof+0x78/0x3d0 [ 352.628621][T15022] ? alloc_inode+0x67/0x1b0 [ 352.628641][T15022] ? start_creating+0x2a3/0x3c0 [ 352.628662][T15022] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 352.628682][T15022] alloc_inode+0x67/0x1b0 [ 352.628705][T15022] new_inode+0x22/0x170 [ 352.628733][T15022] debugfs_create_dir+0xfb/0x420 [ 352.628758][T15022] ieee80211_debugfs_recreate_netdev+0x1a6/0x1460 [ 352.628795][T15022] ? __pfx_ieee80211_debugfs_recreate_netdev+0x10/0x10 [ 352.628826][T15022] ? ieee80211_do_stop+0x200/0x1fa0 [ 352.628868][T15022] ieee80211_if_change_type+0x156/0x990 [ 352.628906][T15022] ieee80211_change_iface+0xd5/0x510 [ 352.628939][T15022] cfg80211_change_iface+0x792/0xef0 [ 352.628975][T15022] nl80211_set_interface+0x773/0xaa0 [ 352.629014][T15022] ? __pfx_nl80211_set_interface+0x10/0x10 [ 352.629046][T15022] ? nl80211_pre_doit+0x4fb/0x930 [ 352.629079][T15022] genl_family_rcv_msg_doit+0x215/0x300 [ 352.629114][T15022] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 352.629162][T15022] ? bpf_lsm_capable+0x9/0x20 [ 352.629181][T15022] ? security_capable+0x7e/0x2e0 [ 352.629233][T15022] genl_rcv_msg+0x60e/0x790 [ 352.629269][T15022] ? __pfx_genl_rcv_msg+0x10/0x10 [ 352.629296][T15022] ? ref_tracker_free+0x63a/0x7d0 [ 352.629323][T15022] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 352.629346][T15022] ? __pfx_nl80211_set_interface+0x10/0x10 [ 352.629370][T15022] ? __pfx_nl80211_post_doit+0x10/0x10 [ 352.629396][T15022] ? __pfx_ref_tracker_free+0x10/0x10 [ 352.629438][T15022] netlink_rcv_skb+0x208/0x470 [ 352.629460][T15022] ? __pfx_genl_rcv_msg+0x10/0x10 [ 352.629489][T15022] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 352.629530][T15022] ? down_read+0x1ad/0x2e0 [ 352.629564][T15022] genl_rcv+0x28/0x40 [ 352.629588][T15022] netlink_unicast+0x75b/0x8d0 [ 352.629632][T15022] netlink_sendmsg+0x805/0xb30 [ 352.629665][T15022] ? __pfx_netlink_sendmsg+0x10/0x10 [ 352.629691][T15022] ? aa_sock_msg_perm+0x94/0x160 [ 352.629722][T15022] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 352.629749][T15022] ? __pfx_netlink_sendmsg+0x10/0x10 [ 352.629772][T15022] __sock_sendmsg+0x21c/0x270 [ 352.629804][T15022] ____sys_sendmsg+0x505/0x830 [ 352.629833][T15022] ? __pfx_____sys_sendmsg+0x10/0x10 [ 352.629869][T15022] ? import_iovec+0x74/0xa0 [ 352.629895][T15022] ___sys_sendmsg+0x21f/0x2a0 [ 352.629922][T15022] ? __pfx____sys_sendmsg+0x10/0x10 [ 352.629988][T15022] ? __fget_files+0x2a/0x420 [ 352.630012][T15022] ? __fget_files+0x3a0/0x420 [ 352.630049][T15022] __x64_sys_sendmsg+0x19b/0x260 [ 352.630076][T15022] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 352.630111][T15022] ? __pfx_ksys_write+0x10/0x10 [ 352.630129][T15022] ? rcu_is_watching+0x15/0xb0 [ 352.630162][T15022] ? do_syscall_64+0xbe/0x3b0 [ 352.630196][T15022] do_syscall_64+0xfa/0x3b0 [ 352.630223][T15022] ? lockdep_hardirqs_on+0x9c/0x150 [ 352.630249][T15022] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.630269][T15022] ? clear_bhb_loop+0x60/0xb0 [ 352.630295][T15022] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.630315][T15022] RIP: 0033:0x7f0ca7d8e929 [ 352.630334][T15022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 352.630352][T15022] RSP: 002b:00007f0ca8be1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 352.630375][T15022] RAX: ffffffffffffffda RBX: 00007f0ca7fb5fa0 RCX: 00007f0ca7d8e929 [ 352.630402][T15022] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 352.630415][T15022] RBP: 00007f0ca8be1090 R08: 0000000000000000 R09: 0000000000000000 [ 352.630427][T15022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 352.630439][T15022] R13: 0000000000000000 R14: 00007f0ca7fb5fa0 R15: 00007ffedeaff5d8 [ 352.630473][T15022] [ 352.630551][T15022] debugfs: out of free dentries, can not create directory 'netdev:wlan0' [ 352.726528][T15025] Cannot find add_set index 4 as target [ 352.897656][T15030] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3239'. [ 353.110209][T15030] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3239'. [ 353.136933][T15021] ip6erspan0: entered promiscuous mode [ 353.166552][T15021] bond1: (slave ip6erspan0): making interface the new active one [ 353.180942][T15021] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link [ 353.324511][T15035] team0: Port device batadv0 removed [ 353.523596][T15046] validate_nla: 1 callbacks suppressed [ 353.523616][T15046] netlink: 'syz.3.3244': attribute type 1 has an invalid length. [ 353.543796][ T51] Bluetooth: hci1: command tx timeout [ 353.600515][T15046] bond0: (slave ip6gretap1): Enslaving as an active interface with an up link [ 353.655699][T14818] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 353.684218][T14818] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 353.723919][T14818] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 353.750945][T14818] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 353.987114][T15076] lo speed is unknown, defaulting to 1000 [ 353.996328][T15076] lo speed is unknown, defaulting to 1000 [ 354.028205][T15076] lo speed is unknown, defaulting to 1000 [ 354.061602][T15081] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3255'. [ 354.129697][T15076] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 354.159634][T14818] 8021q: adding VLAN 0 to HW filter on device bond0 [ 354.222094][T14818] 8021q: adding VLAN 0 to HW filter on device team0 [ 354.253624][T15076] lo speed is unknown, defaulting to 1000 [ 354.261416][T15076] lo speed is unknown, defaulting to 1000 [ 354.272296][ T3494] bridge0: port 1(bridge_slave_0) entered blocking state [ 354.279619][ T3494] bridge0: port 1(bridge_slave_0) entered forwarding state [ 354.322461][T15076] lo speed is unknown, defaulting to 1000 [ 354.332432][ T3494] bridge0: port 2(bridge_slave_1) entered blocking state [ 354.339656][ T3494] bridge0: port 2(bridge_slave_1) entered forwarding state [ 354.381762][T15076] lo speed is unknown, defaulting to 1000 [ 354.436973][T15076] lo speed is unknown, defaulting to 1000 [ 354.870260][T15114] netlink: 88 bytes leftover after parsing attributes in process `syz.2.3264'. [ 354.920339][T15114] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3264'. [ 354.953908][T15114] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3264'. [ 354.977575][T15114] netlink: 88 bytes leftover after parsing attributes in process `syz.2.3264'. [ 355.007050][T15119] geneve3: entered promiscuous mode [ 355.035681][T15119] geneve3: entered allmulticast mode [ 355.199095][T14818] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 355.307420][T15136] netlink: 'syz.4.3271': attribute type 2 has an invalid length. [ 355.330855][T15130] syzkaller0: entered promiscuous mode [ 355.337813][T15130] syzkaller0: entered allmulticast mode [ 355.357365][T15136] k›*·]‘: entered promiscuous mode [ 355.385583][T15137] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3271'. [ 355.429242][T15136] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3271'. [ 355.439272][T15136] macvlan0: entered promiscuous mode [ 355.458588][T14818] veth0_vlan: entered promiscuous mode [ 355.472948][T15136] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3271'. [ 355.714493][T15151] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3273'. [ 355.782145][T15156] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3276'. [ 355.852125][T14818] veth1_vlan: entered promiscuous mode [ 355.859536][T15142] sctp: [Deprecated]: syz.2.3273 (pid 15142) Use of int in maxseg socket option. [ 355.859536][T15142] Use struct sctp_assoc_value instead [ 355.996248][T14818] veth0_macvtap: entered promiscuous mode [ 356.036638][T14818] veth1_macvtap: entered promiscuous mode [ 356.088239][T14818] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 356.107942][T14818] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 356.136741][T14818] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 356.163107][T14818] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 356.172046][T14818] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 356.190115][T14818] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 356.235216][T15169] vlan0: entered promiscuous mode [ 356.264188][T15171] macvtap1: entered promiscuous mode [ 356.269539][T15171] team0: entered promiscuous mode [ 356.275677][T15171] team_slave_0: entered promiscuous mode [ 356.281906][T15171] team_slave_1: entered promiscuous mode [ 356.288093][T15171] macvtap1: entered allmulticast mode [ 356.293667][T15171] team0: entered allmulticast mode [ 356.298813][T15171] team_slave_0: entered allmulticast mode [ 356.306799][T15171] team_slave_1: entered allmulticast mode [ 356.313656][T15171] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 356.334437][T15172] team0: left allmulticast mode [ 356.348377][T15172] team_slave_0: left allmulticast mode [ 356.356918][T15172] team_slave_1: left allmulticast mode [ 356.362439][T15172] team0: left promiscuous mode [ 356.368247][T15172] team_slave_0: left promiscuous mode [ 356.379346][T15172] team_slave_1: left promiscuous mode [ 356.527325][ T3507] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 356.540447][ T3507] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 356.624807][ T3507] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 356.634992][ T3507] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 356.700147][T15182] xt_bpf: check failed: parse error [ 356.791051][T15186] vlan0: entered promiscuous mode [ 357.218581][T15201] team_slave_0: entered promiscuous mode [ 357.224390][T15201] team_slave_1: entered promiscuous mode [ 357.237342][T15201] macvtap3: entered promiscuous mode [ 357.242695][T15201] team0: entered promiscuous mode [ 357.252376][T15201] macvtap3: entered allmulticast mode [ 357.262014][T15201] team0: entered allmulticast mode [ 357.268415][T15201] team_slave_0: entered allmulticast mode [ 357.283990][T15201] team_slave_1: entered allmulticast mode [ 357.302577][T15201] 8021q: adding VLAN 0 to HW filter on device macvtap3 [ 357.362153][T15208] team0: left allmulticast mode [ 357.377784][T15208] team_slave_0: left allmulticast mode [ 357.385532][T15214] FAULT_INJECTION: forcing a failure. [ 357.385532][T15214] name failslab, interval 1, probability 0, space 0, times 0 [ 357.424378][T15208] team_slave_1: left allmulticast mode [ 357.451086][T15208] team0: left promiscuous mode [ 357.476440][T15208] team_slave_0: left promiscuous mode [ 357.481948][T15208] team_slave_1: left promiscuous mode [ 357.497792][T15214] CPU: 1 UID: 0 PID: 15214 Comm: syz.4.3301 Not tainted 6.15.0-syzkaller-12489-g5d6d67c4cb10 #0 PREEMPT(full) [ 357.497823][T15214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 357.497837][T15214] Call Trace: [ 357.497845][T15214] [ 357.497854][T15214] dump_stack_lvl+0x189/0x250 [ 357.497892][T15214] ? __pfx____ratelimit+0x10/0x10 [ 357.497919][T15214] ? __pfx_dump_stack_lvl+0x10/0x10 [ 357.497950][T15214] ? __pfx__printk+0x10/0x10 [ 357.497979][T15214] ? __pfx___might_resched+0x10/0x10 [ 357.497998][T15214] ? fs_reclaim_acquire+0x7d/0x100 [ 357.498028][T15214] should_fail_ex+0x414/0x560 [ 357.498061][T15214] should_failslab+0xa8/0x100 [ 357.498087][T15214] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 357.498110][T15214] ? __lock_acquire+0xab9/0xd20 [ 357.498136][T15214] ? __alloc_skb+0x112/0x2d0 [ 357.498160][T15214] __alloc_skb+0x112/0x2d0 [ 357.498184][T15214] netlink_ack+0x146/0xa50 [ 357.498202][T15214] ? __up_read+0x280/0x680 [ 357.498226][T15214] ? __pfx___up_read+0x10/0x10 [ 357.498258][T15214] rdma_nl_rcv+0x3c8/0x980 [ 357.498293][T15214] ? __pfx_rdma_nl_rcv+0x10/0x10 [ 357.498314][T15214] ? __lock_acquire+0xab9/0xd20 [ 357.498365][T15214] ? netlink_deliver_tap+0x2e/0x1b0 [ 357.498382][T15214] ? netlink_deliver_tap+0x2e/0x1b0 [ 357.498405][T15214] netlink_unicast+0x75b/0x8d0 [ 357.498448][T15214] netlink_sendmsg+0x805/0xb30 [ 357.498478][T15214] ? __pfx_netlink_sendmsg+0x10/0x10 [ 357.498503][T15214] ? aa_sock_msg_perm+0x94/0x160 [ 357.498533][T15214] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 357.498562][T15214] ? __pfx_netlink_sendmsg+0x10/0x10 [ 357.498583][T15214] __sock_sendmsg+0x21c/0x270 [ 357.498616][T15214] ____sys_sendmsg+0x505/0x830 [ 357.498646][T15214] ? __pfx_____sys_sendmsg+0x10/0x10 [ 357.498679][T15214] ? import_iovec+0x74/0xa0 [ 357.498705][T15214] ___sys_sendmsg+0x21f/0x2a0 [ 357.498738][T15214] ? __pfx____sys_sendmsg+0x10/0x10 [ 357.498802][T15214] ? __fget_files+0x2a/0x420 [ 357.498824][T15214] ? __fget_files+0x3a0/0x420 [ 357.498859][T15214] __x64_sys_sendmsg+0x19b/0x260 [ 357.498885][T15214] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 357.498918][T15214] ? __pfx_ksys_write+0x10/0x10 [ 357.498936][T15214] ? rcu_is_watching+0x15/0xb0 [ 357.498961][T15214] ? do_syscall_64+0xbe/0x3b0 [ 357.498994][T15214] do_syscall_64+0xfa/0x3b0 [ 357.499021][T15214] ? lockdep_hardirqs_on+0x9c/0x150 [ 357.499046][T15214] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 357.499068][T15214] ? clear_bhb_loop+0x60/0xb0 [ 357.499093][T15214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 357.499113][T15214] RIP: 0033:0x7f133298e929 [ 357.499131][T15214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 357.499150][T15214] RSP: 002b:00007f1333722038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 357.499172][T15214] RAX: ffffffffffffffda RBX: 00007f1332bb5fa0 RCX: 00007f133298e929 [ 357.499187][T15214] RDX: 0000000000000004 RSI: 00002000000001c0 RDI: 0000000000000003 [ 357.499200][T15214] RBP: 00007f1333722090 R08: 0000000000000000 R09: 0000000000000000 [ 357.499212][T15214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 357.499224][T15214] R13: 0000000000000000 R14: 00007f1332bb5fa0 R15: 00007ffc2a2a7438 [ 357.499257][T15214] [ 358.037846][ T3494] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.201717][ T3494] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.249218][T15232] tipc: Enabling of bearer rejected, failed to enable media [ 358.565425][T15228] tipc: Resetting bearer [ 358.780218][T15228] veth1_macvtap: left allmulticast mode [ 358.813839][T15228] netdevsim netdevsim4 netdevsim0: left promiscuous mode [ 358.847838][ T5842] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 358.856782][ T5842] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 358.870289][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 358.884094][ T5842] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 358.892776][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 358.913269][T15228] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.923541][T15228] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.932598][T15228] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.942084][T15228] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.952550][T15228] geneve2: left allmulticast mode [ 358.962383][T15228] macvtap1: left promiscuous mode [ 358.984978][T15228] macvtap1: left allmulticast mode [ 358.998879][T15228] ipvlan2: left allmulticast mode [ 359.004047][T15228] macsec0: left allmulticast mode [ 359.021616][T15228] bond0: left allmulticast mode [ 359.038226][T15228] bond0: left promiscuous mode [ 359.048016][T15228] macvtap2: left promiscuous mode [ 359.053495][T15228] macvtap2: left allmulticast mode [ 359.075255][T15228] ip6erspan0: left promiscuous mode [ 359.083563][T15228] batman_adv: batadv0: Interface deactivated: ip6gretap1 [ 359.085019][T15251] __nla_validate_parse: 8 callbacks suppressed [ 359.085039][T15251] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3309'. [ 359.118498][T15228] ip6gre1: left allmulticast mode [ 359.137550][T15252] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3309'. [ 359.165262][T15228] macvtap3: left promiscuous mode [ 359.170440][T15228] macvtap3: left allmulticast mode [ 359.198499][T15228] bridge6: left promiscuous mode [ 359.209181][T15228] bridge6: left allmulticast mode [ 359.218687][T15228] bond8: left promiscuous mode [ 359.397695][ T3494] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.922584][ T3494] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.983607][ T5842] Bluetooth: hci1: command tx timeout [ 361.056642][T15244] lo speed is unknown, defaulting to 1000 [ 361.132651][T15268] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3316'. [ 361.208409][T15270] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3318'. [ 361.239177][T15264] netlink: 'syz.2.3316': attribute type 21 has an invalid length. [ 361.260415][T15275] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3318'. [ 361.291349][T15278] netlink: 'syz.2.3316': attribute type 13 has an invalid length. [ 361.306130][T15264] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3316'. [ 361.325944][T15278] netlink: 'syz.2.3316': attribute type 17 has an invalid length. [ 361.368318][T15281] af_packet: tpacket_rcv: packet too big, clamped from 18 to 4294967272. macoff=96 [ 361.633256][T15268] lo speed is unknown, defaulting to 1000 [ 361.692516][ T3494] bridge_slave_1: left allmulticast mode [ 361.721054][ T3494] bridge_slave_1: left promiscuous mode [ 361.746727][ T3494] bridge0: port 2(bridge_slave_1) entered disabled state [ 361.794630][ T3494] bridge_slave_0: left allmulticast mode [ 361.803506][ T3494] bridge_slave_0: left promiscuous mode [ 361.809649][ T3494] bridge0: port 1(bridge_slave_0) entered disabled state [ 361.844693][T15292] Cannot find del_set index 0 as target [ 362.080091][T15302] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3328'. [ 362.192568][T15304] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3327'. [ 362.335837][T15310] sctp: [Deprecated]: syz.3.3327 (pid 15310) Use of int in maxseg socket option. [ 362.335837][T15310] Use struct sctp_assoc_value instead [ 362.450882][ T3494] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 362.462975][ T3494] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 362.473580][ T3494] bond0 (unregistering): Released all slaves [ 362.506553][T15293] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3323'. [ 362.521495][T15293] A link change request failed with some changes committed already. Interface veth0_macvtap may have been left with an inconsistent configuration, please check. [ 362.703738][T15315] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3332'. [ 362.807917][T15314] Cannot find add_set index 4 as target [ 362.980428][T15319] bond0: entered promiscuous mode [ 363.000103][T15319] bond_slave_0: entered promiscuous mode [ 363.016654][T15319] bond_slave_1: entered promiscuous mode [ 363.022538][T15319] ip6gretap1: entered promiscuous mode [ 363.063548][ T5842] Bluetooth: hci1: command tx timeout [ 363.202374][ T3494] hsr_slave_0: left promiscuous mode [ 363.231077][ T3494] hsr_slave_1: left promiscuous mode [ 363.244164][ T3494] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 363.251718][ T3494] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 363.274586][ T3494] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 363.283893][ T3494] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 363.318428][ T3494] veth1_macvtap: left promiscuous mode [ 363.328634][ T3494] veth0_macvtap: left promiscuous mode [ 363.334810][ T3494] veth1_vlan: left promiscuous mode [ 363.340468][ T3494] veth0_vlan: left promiscuous mode [ 363.879703][ T3494] team0 (unregistering): Port device team_slave_1 removed [ 363.924281][ T3494] team0 (unregistering): Port device team_slave_0 removed [ 364.388589][T15352] __nla_validate_parse: 2 callbacks suppressed [ 364.388611][T15352] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3342'. [ 364.489098][T15244] chnl_net:caif_netlink_parms(): no params data found [ 364.699166][T15371] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3347'. [ 364.814480][T15244] bridge0: port 1(bridge_slave_0) entered blocking state [ 364.821758][T15244] bridge0: port 1(bridge_slave_0) entered disabled state [ 364.839567][T15244] bridge_slave_0: entered allmulticast mode [ 364.847811][T15244] bridge_slave_0: entered promiscuous mode [ 364.856437][T15244] bridge0: port 2(bridge_slave_1) entered blocking state [ 364.863838][T15244] bridge0: port 2(bridge_slave_1) entered disabled state [ 364.871072][T15244] bridge_slave_1: entered allmulticast mode [ 364.879338][T15244] bridge_slave_1: entered promiscuous mode [ 364.989243][T15244] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 365.026825][T15244] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 365.068533][T15384] IPVS: set_ctl: invalid protocol: 41 172.20.20.67:20000 [ 365.148894][ T5842] Bluetooth: hci1: command tx timeout [ 365.159785][T15244] team0: Port device team_slave_0 added [ 365.162085][T15390] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3354'. [ 365.209574][T15244] team0: Port device team_slave_1 added [ 365.257988][T15394] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3356'. [ 365.405214][T15244] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 365.420506][T15244] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 365.451808][T15244] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 365.492066][T15244] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 365.509442][T15244] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 365.558298][T15405] sctp: [Deprecated]: syz.2.3361 (pid 15405) Use of int in maxseg socket option. [ 365.558298][T15405] Use struct sctp_assoc_value instead [ 365.572112][T15244] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 365.617321][T15407] netlink: zone id is out of range [ 365.622930][T15407] netlink: zone id is out of range [ 365.633270][T15407] netlink: zone id is out of range [ 365.638607][T15407] netlink: zone id is out of range [ 365.648590][T15407] netlink: zone id is out of range [ 365.654496][T15407] netlink: zone id is out of range [ 365.660149][T15407] netlink: zone id is out of range [ 365.674166][T15407] netlink: zone id is out of range [ 365.681284][T15407] netlink: zone id is out of range [ 365.708587][T15411] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3363'. [ 365.762810][T15244] hsr_slave_0: entered promiscuous mode [ 365.769864][T15244] hsr_slave_1: entered promiscuous mode [ 365.776755][T15244] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 365.784557][T15244] Cannot create hsr debugfs directory [ 365.791040][T15411] sctp: [Deprecated]: syz.4.3363 (pid 15411) Use of int in maxseg socket option. [ 365.791040][T15411] Use struct sctp_assoc_value instead [ 365.862257][T15415] sit0: left promiscuous mode [ 365.926555][T15417] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3364'. [ 365.991491][T15419] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3366'. [ 366.007670][T15419] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3366'. [ 366.072172][T15423] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3368'. [ 366.206198][T15428] netlink: 88 bytes leftover after parsing attributes in process `syz.4.3371'. [ 366.406169][T15434] xt_bpf: check failed: parse error [ 366.538449][T15244] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 366.567370][T15244] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 366.618570][T15244] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 366.662800][T15244] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 366.690006][T15442] No such timeout policy "syz0" [ 367.021962][T15244] 8021q: adding VLAN 0 to HW filter on device bond0 [ 367.081237][T15244] 8021q: adding VLAN 0 to HW filter on device team0 [ 367.115577][ T3494] bridge0: port 1(bridge_slave_0) entered blocking state [ 367.122856][ T3494] bridge0: port 1(bridge_slave_0) entered forwarding state [ 367.199883][T15479] vlan4: entered promiscuous mode [ 367.226091][ T5842] Bluetooth: hci1: command tx timeout [ 367.271760][ T3507] bridge0: port 2(bridge_slave_1) entered blocking state [ 367.279038][ T3507] bridge0: port 2(bridge_slave_1) entered forwarding state [ 367.480994][T15491] netlink: 'syz.3.3394': attribute type 1 has an invalid length. [ 367.729686][T15502] vlan3: entered promiscuous mode [ 367.760134][T15502] gretap0: entered promiscuous mode [ 367.946884][T15244] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 367.981622][T15509] netlink: 'syz.0.3399': attribute type 10 has an invalid length. [ 368.006947][T15509] geneve0: left allmulticast mode [ 368.014036][T15509] netdevsim netdevsim0 netdevsim0: set [1, 2] type 2 family 0 port 6081 - 0 [ 368.024429][T15509] netdevsim netdevsim0 netdevsim1: set [1, 2] type 2 family 0 port 6081 - 0 [ 368.034587][T15509] netdevsim netdevsim0 netdevsim2: set [1, 2] type 2 family 0 port 6081 - 0 [ 368.072544][T15509] netdevsim netdevsim0 netdevsim3: set [1, 2] type 2 family 0 port 6081 - 0 [ 368.102266][T15509] team0: Port device geneve0 added [ 368.217867][T15511] sctp: [Deprecated]: syz.2.3400 (pid 15511) Use of int in maxseg socket option. [ 368.217867][T15511] Use struct sctp_assoc_value instead [ 368.272391][T15244] veth0_vlan: entered promiscuous mode [ 368.297605][T15244] veth1_vlan: entered promiscuous mode [ 368.358681][T15244] veth0_macvtap: entered promiscuous mode [ 368.375565][T15244] veth1_macvtap: entered promiscuous mode [ 368.472428][T15244] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 368.501771][T15244] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 368.528670][T15244] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 368.571655][T15244] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 368.580565][T15244] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 368.589671][T15244] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 368.622422][T15531] bond0: entered promiscuous mode [ 368.630775][T15531] bond_slave_0: entered promiscuous mode [ 368.637592][T15531] bond_slave_1: entered promiscuous mode [ 368.645335][T15531] batadv_slave_0: entered promiscuous mode [ 368.652441][T15531] hsr1: Slave B (batadv_slave_0) is not up; please bring it up to get a fully working HSR network [ 368.663885][T15531] hsr1: entered promiscuous mode [ 368.888100][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 368.912168][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 368.997717][ T3494] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 369.012109][ T3494] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 369.287734][T15558] syz_tun: entered promiscuous mode [ 369.305284][T15558] syz_tun: left promiscuous mode [ 369.351487][T15556] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 369.554424][T15574] net_ratelimit: 6 callbacks suppressed [ 369.554437][T15574] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 369.732848][T15585] __nla_validate_parse: 16 callbacks suppressed [ 369.732871][T15585] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3433'. [ 370.000990][T15596] lo speed is unknown, defaulting to 1000 [ 370.069241][T15601] sctp: [Deprecated]: syz.0.3438 (pid 15601) Use of int in maxseg socket option. [ 370.069241][T15601] Use struct sctp_assoc_value instead [ 370.279327][ T3507] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.789984][ T3507] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.017844][T15623] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3445'. [ 371.060106][T15617] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 371.076699][ T3507] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.301761][ T3507] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.560491][ T30] audit: type=1800 audit(1749762424.747:2): pid=15638 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3448" name="memory.events" dev="tmpfs" ino=3749 res=0 errno=0 [ 371.648613][ T30] audit: type=1804 audit(1749762424.747:3): pid=15638 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.3448" name="/newroot/738/memory.events" dev="tmpfs" ino=3749 res=1 errno=0 [ 371.768236][ T3507] bridge_slave_1: left allmulticast mode [ 371.783478][ T3507] bridge_slave_1: left promiscuous mode [ 371.793469][ T3507] bridge0: port 2(bridge_slave_1) entered disabled state [ 371.835042][ T3507] bridge_slave_0: left allmulticast mode [ 371.841590][ T3507] bridge_slave_0: left promiscuous mode [ 371.859250][ T3507] bridge0: port 1(bridge_slave_0) entered disabled state [ 371.890301][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 371.899571][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 371.908151][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 371.918018][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 371.926912][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 372.626993][ T3507] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 372.640221][ T3507] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 372.655997][ T3507] bond0 (unregistering): Released all slaves [ 372.673851][T15640] lo speed is unknown, defaulting to 1000 [ 372.689342][T15644] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3450'. [ 372.703988][T15644] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 372.722572][T15649] kthread_run failed with err -4 [ 372.880366][T15668] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3455'. [ 372.920441][T15645] lo speed is unknown, defaulting to 1000 [ 373.116501][T15648] lo speed is unknown, defaulting to 1000 [ 373.446790][T15694] xt_bpf: check failed: parse error [ 373.625326][ T3507] hsr_slave_0: left promiscuous mode [ 373.638081][ T3507] hsr_slave_1: left promiscuous mode [ 373.653973][ T3507] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 373.669501][ T3507] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 373.688283][ T3507] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 373.704118][ T3507] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 373.737973][ T3507] veth1_macvtap: left promiscuous mode [ 373.744290][ T3507] veth0_macvtap: left promiscuous mode [ 373.745988][T15700] netlink: 'syz.2.3466': attribute type 1 has an invalid length. [ 373.750104][ T3507] veth1_vlan: left promiscuous mode [ 373.763431][ T3507] veth0_vlan: left promiscuous mode [ 373.769591][T15700] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3466'. [ 373.779048][T15700] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3466'. [ 374.001072][T15704] netlink: 'syz.2.3468': attribute type 1 has an invalid length. [ 374.024529][ T5842] Bluetooth: hci1: command tx timeout [ 374.404259][ T3507] team0 (unregistering): Port device team_slave_1 removed [ 374.447585][ T3507] team0 (unregistering): Port device team_slave_0 removed [ 374.950288][T15704] 8021q: adding VLAN 0 to HW filter on device bond1 [ 374.972206][T15705] ip6erspan0: entered promiscuous mode [ 374.993236][T15705] bond1: (slave ip6erspan0): making interface the new active one [ 375.002697][T15705] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link [ 376.104408][ T5842] Bluetooth: hci1: command tx timeout [ 377.149126][T15648] chnl_net:caif_netlink_parms(): no params data found [ 377.638444][T15772] xt_bpf: check failed: parse error [ 377.698812][T15648] bridge0: port 1(bridge_slave_0) entered blocking state [ 377.713363][T15648] bridge0: port 1(bridge_slave_0) entered disabled state [ 377.720900][T15648] bridge_slave_0: entered allmulticast mode [ 377.729240][T15648] bridge_slave_0: entered promiscuous mode [ 377.742249][T15648] bridge0: port 2(bridge_slave_1) entered blocking state [ 377.749871][T15648] bridge0: port 2(bridge_slave_1) entered disabled state [ 377.757266][T15648] bridge_slave_1: entered allmulticast mode [ 377.767043][T15648] bridge_slave_1: entered promiscuous mode [ 377.827490][T15778] syz.2.3491 uses old SIOCAX25GETINFO [ 377.885195][T15648] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 377.916293][T15648] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 378.001404][T15780] lo speed is unknown, defaulting to 1000 [ 378.026569][T15648] team0: Port device team_slave_0 added [ 378.066311][T15648] team0: Port device team_slave_1 added [ 378.180465][T15791] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 378.190004][ T5842] Bluetooth: hci1: command tx timeout [ 378.195946][T15791] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 378.205292][T15791] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 378.214324][T15791] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 378.223665][T15791] geneve2: entered promiscuous mode [ 378.229075][T15791] geneve2: entered allmulticast mode [ 378.256819][T15791] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 378.268862][T15791] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 378.278142][T15791] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 378.287406][T15791] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 378.337614][T15648] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 378.346145][T15648] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 378.372581][T15648] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 378.387357][T15794] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3496'. [ 378.534351][T15648] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 378.541347][T15648] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 378.582094][T15648] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 378.621085][T15802] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 378.628850][T15802] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 378.721024][T15648] hsr_slave_0: entered promiscuous mode [ 378.734652][T15648] hsr_slave_1: entered promiscuous mode [ 378.750371][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.751675][T15648] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 378.779417][T15648] Cannot create hsr debugfs directory [ 378.785507][T15795] lo speed is unknown, defaulting to 1000 [ 378.803260][T15794] lo speed is unknown, defaulting to 1000 [ 378.822338][T15806] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3500'. [ 378.854305][T15808] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3501'. [ 379.098652][T15813] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 379.219264][T15819] netlink: 9 bytes leftover after parsing attributes in process `syz.2.3505'. [ 379.713492][T15825] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3506'. [ 379.740080][T15825] bridge0: entered promiscuous mode [ 379.764258][T15825] bridge0: left promiscuous mode [ 380.059835][T15841] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3513'. [ 380.240221][T15648] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 380.263524][ T5842] Bluetooth: hci1: command tx timeout [ 380.325556][T15648] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 380.371404][T15648] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 380.408494][T15648] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 380.532798][T15869] lo speed is unknown, defaulting to 1000 [ 380.739619][T15876] sctp: [Deprecated]: syz.0.3523 (pid 15876) Use of int in maxseg socket option. [ 380.739619][T15876] Use struct sctp_assoc_value instead [ 380.768305][T15875] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3524'. [ 381.150510][T15648] 8021q: adding VLAN 0 to HW filter on device bond0 [ 381.177643][T15648] 8021q: adding VLAN 0 to HW filter on device team0 [ 381.207154][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 381.214413][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 381.237043][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 381.244313][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 381.276646][T15881] Cannot find del_set index 0 as target [ 381.442074][T15888] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3528'. [ 382.515567][ T51] Bluetooth: hci1: command 0x0405 tx timeout [ 384.740798][T15904] lo speed is unknown, defaulting to 1000 [ 384.802788][T15895] dvmrp0: entered allmulticast mode [ 384.875001][T15895] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3531'. [ 384.940276][T15901] tipc: Started in network mode [ 384.947109][T15901] tipc: Node identity , cluster identity 4711 [ 384.957857][T15910] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3531'. [ 384.980635][T15895] macvtap2: entered promiscuous mode [ 384.987314][T15895] batadv0: entered promiscuous mode [ 384.993430][T15895] macvtap2: entered allmulticast mode [ 384.999592][T15895] batadv0: entered allmulticast mode [ 385.010771][T15895] 8021q: adding VLAN 0 to HW filter on device macvtap2 [ 385.051962][T15910] batadv0: left allmulticast mode [ 385.059817][T15910] batadv0: left promiscuous mode [ 385.105697][T15923] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3538'. [ 385.118660][T15648] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 385.147209][T15923] bridge0: entered promiscuous mode [ 385.174388][T15923] bridge0: left promiscuous mode [ 385.406394][T15648] veth0_vlan: entered promiscuous mode [ 385.420670][T15933] netlink: 'syz.3.3543': attribute type 29 has an invalid length. [ 385.450482][T15933] netlink: 'syz.3.3543': attribute type 29 has an invalid length. [ 385.466307][T15648] veth1_vlan: entered promiscuous mode [ 385.495503][T15933] netlink: 'syz.3.3543': attribute type 29 has an invalid length. [ 385.506381][T15933] netlink: 'syz.3.3543': attribute type 29 has an invalid length. [ 385.527694][T15933] netlink: 'syz.3.3543': attribute type 29 has an invalid length. [ 385.551850][T15939] erspan0: entered promiscuous mode [ 385.568353][T15939] erspan0: left promiscuous mode [ 385.608830][T15933] netlink: 'syz.3.3543': attribute type 29 has an invalid length. [ 385.624198][T15933] netlink: 'syz.3.3543': attribute type 29 has an invalid length. [ 385.632444][T15933] netlink: 'syz.3.3543': attribute type 29 has an invalid length. [ 385.649914][T15933] netlink: 'syz.3.3543': attribute type 29 has an invalid length. [ 385.655979][T15937] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3545'. [ 385.661771][T15933] netlink: 'syz.3.3543': attribute type 29 has an invalid length. [ 385.682226][T15648] veth0_macvtap: entered promiscuous mode [ 385.708760][T15648] veth1_macvtap: entered promiscuous mode [ 385.776791][T15648] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 385.805058][T15648] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 385.826217][T15648] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 385.840978][T15648] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 385.859655][T15648] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 385.870455][T15648] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 385.898430][T15945] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 386.189869][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 386.233413][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 386.233795][T15958] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3551'. [ 386.322006][T15962] RDS: rds_bind could not find a transport for fc00::, load rds_tcp or rds_rdma? [ 386.379780][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 386.402830][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 386.487121][T15965] lo speed is unknown, defaulting to 1000 [ 386.570614][T15970] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3554'. [ 386.722928][T15970] xt_CT: You must specify a L4 protocol and not use inversions on it [ 387.443005][ T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.607934][ T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.684839][ T36] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.702750][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 387.712372][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 387.722706][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 387.731690][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 387.740226][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 387.771897][ T36] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.808507][T15989] lo speed is unknown, defaulting to 1000 [ 387.968796][ T36] bridge_slave_1: left allmulticast mode [ 387.974987][ T36] bridge_slave_1: left promiscuous mode [ 387.980854][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 387.992250][ T36] bridge_slave_0: left allmulticast mode [ 387.998541][ T36] bridge_slave_0: left promiscuous mode [ 388.005003][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 388.608023][ T5842] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 388.618727][ T5842] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 388.639475][ T5842] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 388.650420][ T5842] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 388.661029][ T5842] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 388.814073][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 388.830935][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 388.841528][ T36] bond0 (unregistering): Released all slaves [ 388.862129][T15989] chnl_net:caif_netlink_parms(): no params data found [ 389.158094][T16013] lo speed is unknown, defaulting to 1000 [ 389.164526][T16025] Cannot find set identified by id 0 to match [ 389.289582][T15989] bridge0: port 1(bridge_slave_0) entered blocking state [ 389.314596][T15989] bridge0: port 1(bridge_slave_0) entered disabled state [ 389.321972][T15989] bridge_slave_0: entered allmulticast mode [ 389.330155][T15989] bridge_slave_0: entered promiscuous mode [ 389.378222][T16038] syzkaller1: tun_chr_ioctl cmd 1074025680 [ 389.384639][T16035] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 389.390632][T16035] syzkaller1: linktype set to 6 [ 389.402023][T15989] bridge0: port 2(bridge_slave_1) entered blocking state [ 389.410183][T15989] bridge0: port 2(bridge_slave_1) entered disabled state [ 389.421272][T15989] bridge_slave_1: entered allmulticast mode [ 389.429206][T15989] bridge_slave_1: entered promiscuous mode [ 389.457015][T16042] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 389.528782][ T36] hsr_slave_0: left promiscuous mode [ 389.548188][ T36] hsr_slave_1: left promiscuous mode [ 389.558136][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 389.566653][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 389.575742][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 389.583498][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 389.621622][ T36] veth1_macvtap: left promiscuous mode [ 389.631198][ T36] veth0_macvtap: left promiscuous mode [ 389.640775][ T36] veth1_vlan: left promiscuous mode [ 389.648753][ T36] veth0_vlan: left promiscuous mode [ 389.671660][T16051] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3581'. [ 389.793236][ T51] Bluetooth: hci1: command tx timeout [ 389.870505][T16054] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3581'. [ 390.236531][T16061] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3582'. [ 390.281991][ T36] team0 (unregistering): Port device team_slave_1 removed [ 390.328260][ T36] team0 (unregistering): Port device team_slave_0 removed [ 390.753977][ T51] Bluetooth: hci4: command tx timeout [ 390.820189][T16061] vlan4: entered promiscuous mode [ 390.916693][T15989] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 390.997700][T15989] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 391.160252][T15989] team0: Port device team_slave_0 added [ 391.241629][T15989] team0: Port device team_slave_1 added [ 391.389298][T15989] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 391.410992][T15989] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 391.442995][T15989] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 391.482989][T16013] chnl_net:caif_netlink_parms(): no params data found [ 391.556677][T15989] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 391.561555][T16092] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3594'. [ 391.580216][T15989] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 391.618946][T15989] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 391.630824][T16089] Cannot find add_set index 4 as target [ 391.869312][ T51] Bluetooth: hci1: command tx timeout [ 391.901385][T15989] hsr_slave_0: entered promiscuous mode [ 391.914137][T15989] hsr_slave_1: entered promiscuous mode [ 391.920673][T15989] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 391.928403][T15989] Cannot create hsr debugfs directory [ 391.996737][T16104] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3596'. [ 392.006195][T16104] netem: change failed [ 392.030183][T16013] bridge0: port 1(bridge_slave_0) entered blocking state [ 392.039753][T16013] bridge0: port 1(bridge_slave_0) entered disabled state [ 392.049852][T16013] bridge_slave_0: entered allmulticast mode [ 392.058263][T16013] bridge_slave_0: entered promiscuous mode [ 392.148481][T16013] bridge0: port 2(bridge_slave_1) entered blocking state [ 392.170069][T16013] bridge0: port 2(bridge_slave_1) entered disabled state [ 392.181213][T16013] bridge_slave_1: entered allmulticast mode [ 392.207688][T16013] bridge_slave_1: entered promiscuous mode [ 392.289947][T16121] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3601'. [ 392.318576][T16013] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 392.331833][T16013] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 392.462851][T16013] team0: Port device team_slave_0 added [ 392.482535][T16013] team0: Port device team_slave_1 added [ 392.604946][T16013] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 392.612101][T16013] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 392.645040][T16013] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 392.681218][T16013] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 392.698819][T16013] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 392.723738][T16134] validate_nla: 20 callbacks suppressed [ 392.723762][T16134] netlink: 'syz.0.3606': attribute type 10 has an invalid length. [ 392.731040][T16013] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 392.833563][ T51] Bluetooth: hci4: command tx timeout [ 392.916929][T16013] hsr_slave_0: entered promiscuous mode [ 392.924243][T16013] hsr_slave_1: entered promiscuous mode [ 392.930697][T16013] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 392.938970][T16013] Cannot create hsr debugfs directory [ 393.008785][T16141] netlink: 156224 bytes leftover after parsing attributes in process `syz.0.3608'. [ 393.368667][T16152] netlink: 'syz.3.3611': attribute type 9 has an invalid length. [ 393.383244][T16152] netlink: 'syz.3.3611': attribute type 6 has an invalid length. [ 393.411248][T16152] netlink: 'syz.3.3611': attribute type 7 has an invalid length. [ 393.428477][T16152] netlink: 'syz.3.3611': attribute type 8 has an invalid length. [ 393.608678][T15989] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 393.665457][T15989] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 393.687954][T15989] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 393.727588][T15989] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 393.952648][ T51] Bluetooth: hci1: command tx timeout [ 393.987798][T16182] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 394.244158][T16188] netlink: 'syz.3.3622': attribute type 1 has an invalid length. [ 394.252480][T16013] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 394.326722][T16188] 8021q: adding VLAN 0 to HW filter on device bond4 [ 394.359796][T16013] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 394.522859][T16194] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3622'. [ 394.563802][T16193] 8021q: adding VLAN 0 to HW filter on device bond4 [ 394.581821][T16193] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address [ 394.629528][T16193] bond4: (slave vxcan3): Error -95 calling set_mac_address [ 394.706616][T16188] veth3: entered promiscuous mode [ 394.723622][T16188] bond4: (slave veth3): Enslaving as an active interface with a down link [ 394.732416][T16013] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 394.755465][T16013] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 394.786228][T16194] 8021q: adding VLAN 0 to HW filter on device bond4 [ 394.809968][T15989] 8021q: adding VLAN 0 to HW filter on device bond0 [ 394.903497][ T51] Bluetooth: hci4: command tx timeout [ 394.945994][T15989] 8021q: adding VLAN 0 to HW filter on device team0 [ 394.970405][ T3507] bridge0: port 1(bridge_slave_0) entered blocking state [ 394.977694][ T3507] bridge0: port 1(bridge_slave_0) entered forwarding state [ 394.980971][T16213] SET target dimension over the limit! [ 395.035851][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 395.043212][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 395.205062][T16013] 8021q: adding VLAN 0 to HW filter on device bond0 [ 395.267339][T16013] 8021q: adding VLAN 0 to HW filter on device team0 [ 395.268076][T16220] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3631'. [ 395.292513][ T3507] bridge0: port 1(bridge_slave_0) entered blocking state [ 395.299710][ T3507] bridge0: port 1(bridge_slave_0) entered forwarding state [ 395.323587][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 395.330836][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 395.447891][T16013] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 395.476772][T16226] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3633'. [ 395.715013][T15989] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 396.024802][ T51] Bluetooth: hci1: command tx timeout [ 396.051458][T16013] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 396.286982][T16013] veth0_vlan: entered promiscuous mode [ 396.346639][T16013] veth1_vlan: entered promiscuous mode [ 396.472567][T16013] veth0_macvtap: entered promiscuous mode [ 396.504197][T16253] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.3637'. [ 396.527779][T16013] veth1_macvtap: entered promiscuous mode [ 396.554577][T16253] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3637'. [ 396.861472][T16013] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 396.899710][T16269] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 396.951662][T16013] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 396.990083][T16013] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.993695][ T51] Bluetooth: hci4: command tx timeout [ 397.007434][T16013] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 397.017290][T16013] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 397.026606][T16013] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 397.054135][T16276] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3646'. [ 397.131622][T15989] veth0_vlan: entered promiscuous mode [ 397.222979][T15989] veth1_vlan: entered promiscuous mode [ 397.307695][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 397.366404][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 397.445818][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 397.483104][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 397.528461][T15989] veth0_macvtap: entered promiscuous mode [ 397.552186][T16291] pim6reg: entered allmulticast mode [ 397.574258][T15989] veth1_macvtap: entered promiscuous mode [ 397.655366][T15989] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 397.681188][T15989] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 397.744869][T15989] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 397.765613][T15989] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 397.790838][T15989] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 397.813272][T15989] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 398.061647][ T3507] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 398.080099][ T3507] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 398.197584][ T3426] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 398.231634][ T3575] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 398.242089][ T3575] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 398.342786][ T3426] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 398.436821][ T3426] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 398.521908][ T3426] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 398.628482][ T3426] bridge_slave_1: left allmulticast mode [ 398.634332][ T3426] bridge_slave_1: left promiscuous mode [ 398.640112][ T3426] bridge0: port 2(bridge_slave_1) entered disabled state [ 398.651311][ T3426] bridge_slave_0: left allmulticast mode [ 398.657346][ T3426] bridge_slave_0: left promiscuous mode [ 398.663158][ T3426] bridge0: port 1(bridge_slave_0) entered disabled state [ 399.040846][ T3426] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 399.052971][ T3426] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 399.064458][ T3426] bond0 (unregistering): Released all slaves [ 399.158613][T16313] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 399.188586][T16313] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 399.485383][T16330] netlink: 'syz.4.3663': attribute type 1 has an invalid length. [ 399.564804][T16336] netlink: 248 bytes leftover after parsing attributes in process `syz.3.3665'. [ 399.851478][ T3426] hsr_slave_0: left promiscuous mode [ 399.868042][ T5842] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 399.879094][ T5842] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 399.887422][ T5842] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 399.895798][ T5842] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 399.906272][ T5842] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 399.923902][ T3426] hsr_slave_1: left promiscuous mode [ 399.932467][ T3426] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 399.942939][ T3426] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 399.951923][T16351] netlink: 300 bytes leftover after parsing attributes in process `syz.4.3671'. [ 399.962212][ T3426] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 399.968004][T16351] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3671'. [ 399.977804][ T3426] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 400.012723][ T3426] veth1_macvtap: left promiscuous mode [ 400.018810][ T3426] veth0_macvtap: left promiscuous mode [ 400.025643][ T3426] veth1_vlan: left promiscuous mode [ 400.031229][ T3426] veth0_vlan: left promiscuous mode [ 400.038124][T16354] sctp: [Deprecated]: syz.0.3670 (pid 16354) Use of int in maxseg socket option. [ 400.038124][T16354] Use struct sctp_assoc_value instead [ 400.692571][ T3426] team0 (unregistering): Port device team_slave_1 removed [ 400.745391][ T3426] team0 (unregistering): Port device team_slave_0 removed [ 401.194860][T16343] ipvlan2: entered promiscuous mode [ 401.320870][T16348] lo speed is unknown, defaulting to 1000 [ 401.550165][T16373] geneve2: entered promiscuous mode [ 401.642729][T16373] geneve2: entered allmulticast mode [ 401.949053][ T51] Bluetooth: hci4: command tx timeout [ 402.064372][T16348] chnl_net:caif_netlink_parms(): no params data found [ 402.138126][T16392] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 402.178230][T16397] netlink: 'syz.0.3683': attribute type 8 has an invalid length. [ 402.559813][T16348] bridge0: port 1(bridge_slave_0) entered blocking state [ 402.588183][T16348] bridge0: port 1(bridge_slave_0) entered disabled state [ 402.606828][T16348] bridge_slave_0: entered allmulticast mode [ 402.618499][T16416] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3691'. [ 402.644260][T16348] bridge_slave_0: entered promiscuous mode [ 402.677426][T16348] bridge0: port 2(bridge_slave_1) entered blocking state [ 402.690831][T16348] bridge0: port 2(bridge_slave_1) entered disabled state [ 402.709020][T16348] bridge_slave_1: entered allmulticast mode [ 402.732681][T16348] bridge_slave_1: entered promiscuous mode [ 402.982734][T16434] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3694'. [ 402.990157][T16348] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 403.033732][T16348] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 403.058704][T16434] bridge0: entered promiscuous mode [ 403.078126][T16434] bridge0: left promiscuous mode [ 403.089864][T16436] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3695'. [ 403.108299][T16436] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3695'. [ 403.202676][T16441] xt_bpf: check failed: parse error [ 403.262242][T16348] team0: Port device team_slave_0 added [ 403.301338][T16348] team0: Port device team_slave_1 added [ 403.433729][T16348] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 403.452023][T16348] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 403.489781][T16348] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 403.511850][T16348] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 403.527626][T16348] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 403.557823][T16348] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 403.601214][T16458] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3703'. [ 403.762494][T16348] hsr_slave_0: entered promiscuous mode [ 403.781909][T16348] hsr_slave_1: entered promiscuous mode [ 403.805978][T16348] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 403.829045][T16348] Cannot create hsr debugfs directory [ 404.023393][ T51] Bluetooth: hci4: command tx timeout [ 404.793349][T16506] xt_TPROXY: Can be used only with -p tcp or -p udp [ 405.115490][T16348] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 405.139879][T16518] bond0: left promiscuous mode [ 405.167105][T16520] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3728'. [ 405.176687][T16518] bond_slave_0: left promiscuous mode [ 405.182433][T16518] bond_slave_1: left promiscuous mode [ 405.188316][T16518] ip6gretap1: left promiscuous mode [ 405.196015][T16518] 8021q: adding VLAN 0 to HW filter on device bond0 [ 405.216067][T16518] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 405.263331][T16348] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 405.285687][T16348] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 405.304599][ T9] lo speed is unknown, defaulting to 1000 [ 405.315455][T16520] bridge0: entered promiscuous mode [ 405.331299][T16520] bridge0: left promiscuous mode [ 405.334716][T16526] netlink: 88 bytes leftover after parsing attributes in process `syz.2.3731'. [ 405.345676][T16526] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3731'. [ 405.379769][T16528] netlink: 'syz.4.3732': attribute type 4 has an invalid length. [ 405.389520][T16348] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 405.464960][T16534] netlink: 'syz.4.3732': attribute type 4 has an invalid length. [ 405.626080][T16547] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3736'. [ 405.766367][T16348] 8021q: adding VLAN 0 to HW filter on device bond0 [ 405.832772][T16551] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3736'. [ 406.017996][T16348] 8021q: adding VLAN 0 to HW filter on device team0 [ 406.042509][ T3575] bridge0: port 1(bridge_slave_0) entered blocking state [ 406.049761][ T3575] bridge0: port 1(bridge_slave_0) entered forwarding state [ 406.103154][ T51] Bluetooth: hci4: command tx timeout [ 406.180197][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 406.187495][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 406.305574][T16568] lo speed is unknown, defaulting to 1000 [ 406.644199][T16581] netlink: 'syz.0.3749': attribute type 27 has an invalid length. [ 406.844814][T16588] sctp: [Deprecated]: syz.2.3751 (pid 16588) Use of int in maxseg socket option. [ 406.844814][T16588] Use struct sctp_assoc_value instead [ 407.002960][T16601] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 407.110146][T16348] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 407.152461][T16607] geneve3: entered promiscuous mode [ 407.172279][T16607] geneve3: entered allmulticast mode [ 407.252629][T16612] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 407.389348][T16348] veth0_vlan: entered promiscuous mode [ 407.427699][T16348] veth1_vlan: entered promiscuous mode [ 407.539926][T16348] veth0_macvtap: entered promiscuous mode [ 407.585775][T16348] veth1_macvtap: entered promiscuous mode [ 407.601868][ T6425] IPVS: starting estimator thread 0... [ 407.727555][T16348] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 407.782531][T16348] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 407.787160][T16635] __nla_validate_parse: 5 callbacks suppressed [ 407.787192][T16635] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3765'. [ 407.811598][T16348] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 407.824180][T16630] IPVS: using max 26 ests per chain, 62400 per kthread [ 407.848066][T16348] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 407.859084][T16348] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 407.923230][T16348] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 407.931269][T16640] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3766'. [ 407.958791][T16635] bridge0: entered promiscuous mode [ 407.981787][T16635] bridge0: left promiscuous mode [ 408.061103][T16640] dummy0: entered promiscuous mode [ 408.122950][T16640] macsec1: entered promiscuous mode [ 408.149624][T16640] macsec1: entered allmulticast mode [ 408.160378][T16640] dummy0: entered allmulticast mode [ 408.185335][ T51] Bluetooth: hci4: command tx timeout [ 408.378813][T16648] SET target dimension over the limit! [ 408.400343][T16645] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 408.493603][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 408.502112][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 408.564396][T16652] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3772'. [ 408.606855][T16652] vlan0: entered promiscuous mode [ 408.647817][T16654] netlink: 'syz.0.3774': attribute type 1 has an invalid length. [ 408.679132][ T3575] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 408.692537][ T3575] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 408.729052][T16654] 8021q: adding VLAN 0 to HW filter on device bond21 [ 409.109594][T16670] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 409.139291][T16675] syzkaller1: entered promiscuous mode [ 409.145261][T16675] syzkaller1: entered allmulticast mode [ 409.358402][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 409.436234][T16681] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 409.660935][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 409.761026][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 410.078399][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 410.208151][ T12] bridge_slave_1: left allmulticast mode [ 410.213966][ T12] bridge_slave_1: left promiscuous mode [ 410.219998][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 410.229461][ T12] bridge_slave_0: left allmulticast mode [ 410.235824][ T12] bridge_slave_0: left promiscuous mode [ 410.241619][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 410.729829][T16696] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3790'. [ 410.978378][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 410.991392][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 411.001361][ T5842] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 411.011532][ T5842] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 411.019718][ T5842] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 411.030405][ T5842] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 411.031286][ T12] bond0 (unregistering): Released all slaves [ 411.049777][ T5842] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 411.121066][T16705] lo speed is unknown, defaulting to 1000 [ 411.349957][T16716] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3795'. [ 411.397124][T16712] syzkaller1: entered promiscuous mode [ 411.402764][T16712] syzkaller1: entered allmulticast mode [ 411.455762][T16716] lo speed is unknown, defaulting to 1000 [ 411.597886][T16715] lo speed is unknown, defaulting to 1000 [ 411.719416][ T12] hsr_slave_0: left promiscuous mode [ 411.741224][ T12] hsr_slave_1: left promiscuous mode [ 411.757870][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 411.771968][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 411.786644][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 411.801641][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 411.891642][ T12] veth1_macvtap: left promiscuous mode [ 411.902279][ T12] veth0_macvtap: left promiscuous mode [ 411.911114][ T12] veth1_vlan: left promiscuous mode [ 411.922949][ T12] veth0_vlan: left promiscuous mode [ 412.036588][T16733] netlink: 88 bytes leftover after parsing attributes in process `syz.4.3802'. [ 412.045843][T16733] netlink: 'syz.4.3802': attribute type 10 has an invalid length. [ 412.660835][ T12] team0 (unregistering): Port device team_slave_1 removed [ 412.709628][ T12] team0 (unregistering): Port device team_slave_0 removed [ 413.153406][ T5842] Bluetooth: hci4: command tx timeout [ 413.346191][T16742] batadv0: entered promiscuous mode [ 413.351692][T16742] macsec1: entered promiscuous mode [ 413.360209][T16742] batadv0: left promiscuous mode [ 413.523198][T16745] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3805'. [ 413.544642][T16705] chnl_net:caif_netlink_parms(): no params data found [ 413.854368][T16705] bridge0: port 1(bridge_slave_0) entered blocking state [ 413.861613][T16705] bridge0: port 1(bridge_slave_0) entered disabled state [ 413.869170][T16705] bridge_slave_0: entered allmulticast mode [ 413.877342][T16705] bridge_slave_0: entered promiscuous mode [ 413.900141][T16705] bridge0: port 2(bridge_slave_1) entered blocking state [ 413.917707][T16705] bridge0: port 2(bridge_slave_1) entered disabled state [ 413.933326][T16705] bridge_slave_1: entered allmulticast mode [ 413.941477][T16705] bridge_slave_1: entered promiscuous mode [ 414.052792][T16705] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 414.087318][T16705] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 414.207619][T16705] team0: Port device team_slave_0 added [ 414.231764][T16705] team0: Port device team_slave_1 added [ 414.310923][T16766] SET target dimension over the limit! [ 414.439947][T16705] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 414.471920][T16705] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 414.504724][T16705] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 414.522727][T16705] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 414.531503][T16705] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 414.570773][T16705] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 414.622333][T16776] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3814'. [ 414.655493][T16781] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3817'. [ 414.739246][T16776] sctp: [Deprecated]: syz.4.3814 (pid 16776) Use of int in maxseg socket option. [ 414.739246][T16776] Use struct sctp_assoc_value instead [ 414.936551][T16781] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 414.950035][T16781] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 414.968146][T16781] bond0 (unregistering): (slave ip6gretap1): Releasing backup interface [ 414.987239][T16781] bond0 (unregistering): Released all slaves [ 415.031796][T16705] hsr_slave_0: entered promiscuous mode [ 415.045801][T16705] hsr_slave_1: entered promiscuous mode [ 415.070348][T16705] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 415.089611][T16705] Cannot create hsr debugfs directory [ 415.224262][ T5842] Bluetooth: hci4: command tx timeout [ 415.339250][T16809] geneve2: entered promiscuous mode [ 415.344832][T16809] geneve2: entered allmulticast mode [ 415.441724][T16811] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 415.620653][T16818] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3827'. [ 415.651228][T16820] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3828'. [ 415.717041][T16823] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3827'. [ 415.807782][T16828] netlink: 'syz.4.3831': attribute type 83 has an invalid length. [ 416.021964][T16834] lo speed is unknown, defaulting to 1000 [ 416.212183][T16842] atomic_op ffff888034358198 conn xmit_atomic 0000000000000000 [ 416.295132][T16842] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 416.416284][T16705] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 416.488618][T16705] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 416.523680][T16705] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 416.559656][T16705] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 416.604388][T16858] netlink: 88 bytes leftover after parsing attributes in process `syz.4.3841'. [ 416.623312][T16858] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3841'. [ 416.761268][T16868] SET target dimension over the limit! [ 416.879950][T16705] 8021q: adding VLAN 0 to HW filter on device bond0 [ 416.957479][T16705] 8021q: adding VLAN 0 to HW filter on device team0 [ 417.067500][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 417.074788][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 417.118063][T16884] Cannot find add_set index 4 as target [ 417.145082][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 417.152426][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 417.307811][ T5842] Bluetooth: hci4: command tx timeout [ 417.610522][T16896] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3853'. [ 417.670558][T16896] bridge0: entered promiscuous mode [ 417.692256][T16896] bridge0: left promiscuous mode [ 418.045427][T16914] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3860'. [ 418.054441][T16912] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 418.064255][T16912] team0: Port device batadv0 added [ 418.106299][T16705] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 418.244079][T16921] netlink: 'syz.3.3863': attribute type 13 has an invalid length. [ 418.340421][T16705] veth0_vlan: entered promiscuous mode [ 418.381666][T16705] veth1_vlan: entered promiscuous mode [ 418.470788][T16933] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 418.490579][T16929] smc: net device bond0 applied user defined pnetid SYZ2 [ 418.575976][T16705] veth0_macvtap: entered promiscuous mode [ 418.606804][T16705] veth1_macvtap: entered promiscuous mode [ 418.692357][T16705] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 418.725668][T16705] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 418.741589][T16705] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 418.753985][T16705] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 418.762823][T16705] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 418.772072][T16705] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 418.836613][T16944] sctp: [Deprecated]: syz.4.3874 (pid 16944) Use of int in maxseg socket option. [ 418.836613][T16944] Use struct sctp_assoc_value instead [ 419.013977][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 419.034635][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 419.157719][T16958] __nla_validate_parse: 1 callbacks suppressed [ 419.157741][T16958] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3879'. [ 419.202361][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 419.217861][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 419.384465][ T51] Bluetooth: hci4: command tx timeout [ 419.448350][T16970] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3883'. [ 419.746211][T16981] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3885'. [ 419.840457][T16992] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 419.878702][T16995] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3891'. [ 419.899372][T16981] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3885'. [ 419.927282][T16995] bridge0: entered promiscuous mode [ 419.945167][T16995] bridge0: left promiscuous mode [ 420.219616][T17007] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3896'. [ 420.579964][T17026] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 420.632503][T17030] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3906'. [ 421.079638][T17045] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3912'. [ 421.133528][T17045] sctp: [Deprecated]: syz.2.3912 (pid 17045) Use of int in maxseg socket option. [ 421.133528][T17045] Use struct sctp_assoc_value instead [ 421.177359][T17053] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 421.376789][T17060] FAULT_INJECTION: forcing a failure. [ 421.376789][T17060] name failslab, interval 1, probability 0, space 0, times 0 [ 421.390545][T17060] CPU: 1 UID: 0 PID: 17060 Comm: syz.3.3915 Not tainted 6.15.0-syzkaller-12489-g5d6d67c4cb10 #0 PREEMPT(full) [ 421.390577][T17060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 421.390596][T17060] Call Trace: [ 421.390605][T17060] [ 421.390614][T17060] dump_stack_lvl+0x189/0x250 [ 421.390655][T17060] ? __pfx____ratelimit+0x10/0x10 [ 421.390684][T17060] ? __pfx_dump_stack_lvl+0x10/0x10 [ 421.390716][T17060] ? __pfx__printk+0x10/0x10 [ 421.390741][T17060] ? __lock_acquire+0xab9/0xd20 [ 421.390782][T17060] should_fail_ex+0x414/0x560 [ 421.390816][T17060] should_failslab+0xa8/0x100 [ 421.390842][T17060] kmem_cache_alloc_noprof+0x73/0x3c0 [ 421.390863][T17060] ? skb_clone+0x212/0x3a0 [ 421.390892][T17060] skb_clone+0x212/0x3a0 [ 421.390914][T17060] ? ip6_finish_output2+0x3d3/0x16a0 [ 421.390942][T17060] ip6_finish_output2+0x3e4/0x16a0 [ 421.390982][T17060] ? __pfx_ip6_finish_output2+0x10/0x10 [ 421.391008][T17060] ? ip6_mtu+0x7d/0x3f0 [ 421.391041][T17060] ? ip6_mtu+0x7d/0x3f0 [ 421.391065][T17060] ip6_finish_output+0x234/0x7d0 [ 421.391087][T17060] ? ip6_send_skb+0x10f/0x390 [ 421.391113][T17060] ip6_send_skb+0x1d5/0x390 [ 421.391142][T17060] rawv6_push_pending_frames+0x6e9/0x8d0 [ 421.391179][T17060] ? __pfx_rawv6_push_pending_frames+0x10/0x10 [ 421.391212][T17060] ? __pfx_raw6_getfrag+0x10/0x10 [ 421.391245][T17060] rawv6_sendmsg+0x12ff/0x17f0 [ 421.391297][T17060] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 421.391355][T17060] ? __pfx_aa_sk_perm+0x10/0x10 [ 421.391386][T17060] ? sock_rps_record_flow+0x19/0x410 [ 421.391420][T17060] ? inet_sendmsg+0x2f4/0x370 [ 421.391448][T17060] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 421.391482][T17060] __sock_sendmsg+0x19c/0x270 [ 421.391514][T17060] __sys_sendto+0x3bd/0x520 [ 421.391538][T17060] ? __pfx___sys_sendto+0x10/0x10 [ 421.391555][T17060] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 421.391600][T17060] ? __fget_files+0x3a0/0x420 [ 421.391638][T17060] ? ksys_write+0x22a/0x250 [ 421.391663][T17060] ? __pfx_ksys_write+0x10/0x10 [ 421.391681][T17060] ? rcu_is_watching+0x15/0xb0 [ 421.391708][T17060] __x64_sys_sendto+0xde/0x100 [ 421.391733][T17060] do_syscall_64+0xfa/0x3b0 [ 421.391760][T17060] ? lockdep_hardirqs_on+0x9c/0x150 [ 421.391787][T17060] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.391814][T17060] ? clear_bhb_loop+0x60/0xb0 [ 421.391840][T17060] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.391866][T17060] RIP: 0033:0x7f113a58e929 [ 421.391886][T17060] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 421.391903][T17060] RSP: 002b:00007f113b47b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 421.391927][T17060] RAX: ffffffffffffffda RBX: 00007f113a7b5fa0 RCX: 00007f113a58e929 [ 421.391943][T17060] RDX: 0000000000000016 RSI: 0000200000000300 RDI: 0000000000000004 [ 421.391957][T17060] RBP: 00007f113b47b090 R08: 0000000000000000 R09: fffffffffffffdfd [ 421.391971][T17060] R10: 0000000000001100 R11: 0000000000000246 R12: 0000000000000001 [ 421.391985][T17060] R13: 0000000000000000 R14: 00007f113a7b5fa0 R15: 00007ffe66b3fec8 [ 421.392018][T17060] [ 421.722195][T17063] Cannot find del_set index 0 as target [ 421.793872][T17065] Cannot find add_set index 4 as target [ 421.840920][T17067] bond0: option mode: unable to set because the bond device has slaves [ 421.893650][T17071] netlink: 'syz.3.3920': attribute type 2 has an invalid length. [ 421.908557][T17071] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 421.982710][T17075] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3922'. [ 422.426986][T17099] xt_bpf: check failed: parse error [ 422.456034][T17097] lo speed is unknown, defaulting to 1000 [ 422.514856][T17102] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3933'. [ 423.339817][T17129] lo speed is unknown, defaulting to 1000 [ 424.219712][T17172] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 424.229409][T17173] xt_bpf: check failed: parse error [ 424.488337][T17185] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 424.501100][T17184] __nla_validate_parse: 3 callbacks suppressed [ 424.501121][T17184] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3967'. [ 424.656767][T17190] vlan2: entered promiscuous mode [ 424.693380][T17190] vlan2: entered allmulticast mode [ 424.698692][T17190] hsr_slave_1: entered allmulticast mode [ 424.757273][T17190] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3970'. [ 425.181142][T17211] netlink: 'syz.4.3976': attribute type 1 has an invalid length. [ 425.230400][T17212] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3975'. [ 425.531366][T17233] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 425.542515][T17233] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 425.652886][T17238] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3986'. [ 425.692102][T17238] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 426.525967][T17268] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3995'. [ 426.719924][T17278] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4001'. [ 427.059685][T17296] xt_CT: You must specify a L4 protocol and not use inversions on it [ 427.086641][T17296] netlink: 'syz.3.4005': attribute type 1 has an invalid length. [ 427.108818][T17297] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4006'. [ 427.119088][T17296] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check. [ 427.143751][ T6428] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 427.216769][T17297] sctp: [Deprecated]: syz.0.4006 (pid 17297) Use of int in maxseg socket option. [ 427.216769][T17297] Use struct sctp_assoc_value instead [ 427.523393][T17314] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4013'. [ 427.540670][T17315] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4012'. [ 427.672877][T17321] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4015'. [ 427.838433][T17328] geneve3: entered promiscuous mode [ 427.875374][T17328] geneve3: entered allmulticast mode [ 427.885252][T17332] netlink: 'syz.2.4020': attribute type 1 has an invalid length. [ 427.918528][T17332] netlink: 'syz.2.4020': attribute type 11 has an invalid length. [ 428.103534][ T6428] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 428.179710][T17338] Cannot find add_set index 2 as target [ 428.193291][T17338] netlink: 'syz.4.4022': attribute type 2 has an invalid length. [ 428.632953][T17358] netlink: 'syz.2.4032': attribute type 1 has an invalid length. [ 428.985286][T17374] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 429.264614][T17386] xt_bpf: check failed: parse error [ 429.332831][T17390] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 429.400552][T17394] Cannot find add_set index 4 as target [ 429.616192][T17405] xt_TPROXY: Can be used only with -p tcp or -p udp [ 429.626611][T17408] __nla_validate_parse: 5 callbacks suppressed [ 429.626631][T17408] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4049'. [ 429.687189][T17408] syz_tun: entered promiscuous mode [ 429.710125][T17408] syz_tun: left promiscuous mode [ 429.811414][T17415] 8021q: VLANs not supported on vxcan0 [ 430.002636][T17426] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 430.387656][T17443] SET target dimension over the limit! [ 431.210615][T17479] xt_TPROXY: Can be used only with -p tcp or -p udp [ 431.338518][T17483] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4077'. [ 431.456389][T17486] sctp: [Deprecated]: syz.2.4078 (pid 17486) Use of int in maxseg socket option. [ 431.456389][T17486] Use struct sctp_assoc_value instead [ 431.510760][T17489] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4080'. [ 431.610207][T17493] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4082'. [ 431.646522][T17499] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4082'. [ 431.667021][T17498] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4084'. [ 431.686482][T17499] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4082'. [ 431.713328][T17499] netlink: 'syz.4.4082': attribute type 20 has an invalid length. [ 431.766728][T17502] SET target dimension over the limit! [ 432.026051][ T5157] Bluetooth: hci2: command 0x0406 tx timeout [ 432.308911][T17530] dummy0: entered allmulticast mode [ 432.338543][T17539] xt_bpf: check failed: parse error [ 432.767132][T17566] xt_TPROXY: Can be used only with -p tcp or -p udp [ 432.834572][T17567] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 433.121733][ T3507] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 59317 - 0 [ 433.153927][ T3507] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 40417 - 0 [ 433.178591][ T3507] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 2] type 2 family 0 port 6081 - 0 [ 433.201574][T17580] sctp: [Deprecated]: syz.3.4116 (pid 17580) Use of int in maxseg socket option. [ 433.201574][T17580] Use struct sctp_assoc_value instead [ 433.258954][T17584] geneve3: entered promiscuous mode [ 433.264401][T17584] geneve3: entered allmulticast mode [ 433.347242][ T3507] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 59317 - 0 [ 433.360107][T17585] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4115'. [ 433.369894][ T3507] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 40417 - 0 [ 433.403111][ T3507] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 2] type 2 family 0 port 6081 - 0 [ 433.447211][T17582] sctp: [Deprecated]: syz.2.4115 (pid 17582) Use of int in maxseg socket option. [ 433.447211][T17582] Use struct sctp_assoc_value instead [ 433.499512][ T3507] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 59317 - 0 [ 433.532250][ T3507] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 40417 - 0 [ 433.583825][ T3507] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 2] type 2 family 0 port 6081 - 0 [ 433.585904][T17590] netlink: 44 bytes leftover after parsing attributes in process `syz.3.4119'. [ 433.709429][ T3507] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 59317 - 0 [ 433.750450][ T3507] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 40417 - 0 [ 433.783109][ T3507] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 2] type 2 family 0 port 6081 - 0 [ 433.882229][T17595] bond2: entered promiscuous mode [ 433.903245][T17595] bond2: entered allmulticast mode [ 433.914480][T17595] 8021q: adding VLAN 0 to HW filter on device bond2 [ 434.009703][ T5157] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 434.023268][ T5157] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 434.041974][ T5157] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 434.050915][ T5157] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 434.064147][ T5157] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 434.243323][T17606] lo speed is unknown, defaulting to 1000 [ 434.771436][ T3507] team0: Port device geneve0 removed [ 435.397585][ T3507] bond0 (unregistering): left allmulticast mode [ 435.404187][ T3507] bond0 (unregistering): left promiscuous mode [ 435.439458][ T3507] bond0 (unregistering): Released all slaves [ 435.546979][ T3507] bond1 (unregistering): Released all slaves [ 435.654437][ T3507] bond2 (unregistering): Released all slaves [ 435.763743][ T3507] bond3 (unregistering): Released all slaves [ 435.781633][ T3507] bond4 (unregistering): Released all slaves [ 435.798129][ T3507] bond5 (unregistering): Released all slaves [ 435.812713][ T3507] bond6 (unregistering): Released all slaves [ 435.836334][ T3507] bond7 (unregistering): Released all slaves [ 435.851592][ T3507] bond8 (unregistering): Released all slaves [ 435.868873][ T3507] bond9 (unregistering): Released all slaves [ 435.885275][ T3507] bond10 (unregistering): Released all slaves [ 435.904698][ T3507] bond11 (unregistering): Released all slaves [ 435.922380][ T3507] bond12 (unregistering): Released all slaves [ 435.940836][ T3507] bond13 (unregistering): Released all slaves [ 435.959230][ T3507] bond14 (unregistering): Released all slaves [ 435.987458][ T3507] bond15 (unregistering): Released all slaves [ 436.097248][ T3507] bond16 (unregistering): Released all slaves [ 436.103582][ T5157] Bluetooth: hci0: command tx timeout [ 436.211345][ T3507] bond17 (unregistering): Released all slaves [ 436.317891][ T3507] bond18 (unregistering): Released all slaves [ 436.420795][ T3507] bond19 (unregistering): Released all slaves [ 436.437096][ T3507] bond20 (unregistering): Released all slaves [ 436.550668][ T3507] bond21 (unregistering): Released all slaves [ 436.922947][T17606] chnl_net:caif_netlink_parms(): no params data found [ 437.411202][T17663] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4138'. [ 437.445054][T17606] bridge0: port 1(bridge_slave_0) entered blocking state [ 437.449458][T17663] sctp: [Deprecated]: syz.2.4138 (pid 17663) Use of int in max_burst socket option. [ 437.449458][T17663] Use struct sctp_assoc_value instead [ 437.473810][T17606] bridge0: port 1(bridge_slave_0) entered disabled state [ 437.481110][T17606] bridge_slave_0: entered allmulticast mode [ 437.523301][T17606] bridge_slave_0: entered promiscuous mode [ 437.552036][T17606] bridge0: port 2(bridge_slave_1) entered blocking state [ 437.570510][T17606] bridge0: port 2(bridge_slave_1) entered disabled state [ 437.584321][T17606] bridge_slave_1: entered allmulticast mode [ 437.592264][T17606] bridge_slave_1: entered promiscuous mode [ 437.666780][T17671] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4140'. [ 438.086666][T17606] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 438.120535][T17671] bridge0: entered promiscuous mode [ 438.131123][T17671] bridge0: left promiscuous mode [ 438.183343][ T5157] Bluetooth: hci0: command tx timeout [ 438.206044][T17606] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 438.399339][T17606] team0: Port device team_slave_0 added [ 438.442331][T17606] team0: Port device team_slave_1 added [ 438.554342][T17606] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 438.561551][T17606] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 438.587812][T17606] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 438.604935][T17606] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 438.611947][T17606] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 438.669771][T17606] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 438.689429][T17683] xt_bpf: check failed: parse error [ 438.872381][T17606] hsr_slave_0: entered promiscuous mode [ 438.879430][T17606] hsr_slave_1: entered promiscuous mode [ 438.887384][T17606] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 438.895369][T17606] Cannot create hsr debugfs directory [ 438.930061][T17694] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4149'. [ 439.090848][T17698] netlink: 65051 bytes leftover after parsing attributes in process `syz.4.4151'. [ 439.109117][T17698] netlink: 11 bytes leftover after parsing attributes in process `syz.4.4151'. [ 439.120612][ T3507] hsr_slave_0: left promiscuous mode [ 439.126984][ T3507] hsr_slave_1: left promiscuous mode [ 439.174969][ T3507] team0 (unregistering): Port device batadv0 removed [ 439.217299][ T3507] team0 (unregistering): Port device batadv1 removed [ 440.192559][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.266029][ T51] Bluetooth: hci0: command tx timeout [ 440.289104][T17719] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4156'. [ 440.430450][T17724] sctp: [Deprecated]: syz.2.4156 (pid 17724) Use of int in maxseg socket option. [ 440.430450][T17724] Use struct sctp_assoc_value instead [ 440.919940][T17732] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4160'. [ 440.991720][T17732] syz_tun: entered promiscuous mode [ 441.020686][T17732] syz_tun: left promiscuous mode [ 441.092909][T17737] IPVS: length: 43 != 24 [ 441.150497][ T3507] IPVS: stop unused estimator thread 0... [ 441.586609][T17754] netlink: 56 bytes leftover after parsing attributes in process `syz.2.4167'. [ 441.599982][T17756] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4169'. [ 441.613132][T17754] netlink: 56 bytes leftover after parsing attributes in process `syz.2.4167'. [ 441.630701][T17756] bridge0: entered promiscuous mode [ 441.653712][T17756] bridge0: left promiscuous mode [ 441.718686][T17606] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 441.746400][T17606] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 441.765243][T17606] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 441.796430][T17606] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 441.888823][T17771] Bluetooth: MGMT ver 1.23 [ 441.960407][T17779] vlan1: entered promiscuous mode [ 441.969853][T17779] vlan1: entered allmulticast mode [ 441.981230][T17779] hsr_slave_1: entered allmulticast mode [ 442.056744][T17606] 8021q: adding VLAN 0 to HW filter on device bond0 [ 442.216031][T17606] 8021q: adding VLAN 0 to HW filter on device team0 [ 442.238740][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 442.245954][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 442.264095][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 442.306469][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 442.313722][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 442.343859][ T5157] Bluetooth: hci0: command tx timeout [ 442.411348][T17787] netlink: 'syz.4.4178': attribute type 8 has an invalid length. [ 442.443935][T17787] __nla_validate_parse: 3 callbacks suppressed [ 442.443957][T17787] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4178'. [ 442.668924][T17799] xt_bpf: check failed: parse error [ 442.709411][T17606] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 442.815089][T17606] veth0_vlan: entered promiscuous mode [ 442.849399][T17606] veth1_vlan: entered promiscuous mode [ 442.908345][T17805] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4184'. [ 442.934801][T17606] veth0_macvtap: entered promiscuous mode [ 442.955828][T17606] veth1_macvtap: entered promiscuous mode [ 442.977223][T17810] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4185'. [ 442.981788][T17805] bridge0: entered promiscuous mode [ 443.013850][T17805] bridge0: left promiscuous mode [ 443.106650][T17606] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 443.148015][T17606] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 443.186945][T17606] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.210523][T17606] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.219774][T17606] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.229427][T17606] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.421333][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 443.460788][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 443.518834][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 443.530749][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 443.548022][T17828] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4192'. [ 443.809196][T17841] netlink: 88 bytes leftover after parsing attributes in process `syz.2.4197'. [ 443.818517][T17841] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4197'. [ 443.828878][T17841] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4197'. [ 443.838652][T17841] netlink: 88 bytes leftover after parsing attributes in process `syz.2.4197'. [ 444.030746][T17846] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4199'. [ 444.348107][ T3507] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 444.432506][T17853] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4203'. [ 444.709784][T17872] xt_TPROXY: Can be used only with -p tcp or -p udp [ 444.909474][ T3507] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 444.953115][T17879] syz.4.4210 (17879) used obsolete PPPIOCDETACH ioctl [ 445.203907][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 445.212969][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 445.234032][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 445.257471][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 445.271077][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 445.364915][T17887] lo speed is unknown, defaulting to 1000 [ 445.550265][ T3507] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 445.696222][ T3507] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.105968][T17887] chnl_net:caif_netlink_parms(): no params data found [ 446.226588][ T3507] bridge_slave_1: left allmulticast mode [ 446.242516][ T3507] bridge_slave_1: left promiscuous mode [ 446.248983][ T3507] bridge0: port 2(bridge_slave_1) entered disabled state [ 446.274234][ T3507] bridge_slave_0: left allmulticast mode [ 446.280099][ T3507] bridge_slave_0: left promiscuous mode [ 446.293742][ T3507] bridge0: port 1(bridge_slave_0) entered disabled state [ 446.807377][ T3507] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 446.819099][ T3507] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 446.829751][ T3507] bond0 (unregistering): Released all slaves [ 446.865638][T17951] bridge0: port 2(bridge_slave_1) entered disabled state [ 446.875371][T17951] bridge0: port 1(bridge_slave_0) entered disabled state [ 447.303945][ T5157] Bluetooth: hci0: command tx timeout [ 447.389330][T17972] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 447.396516][T17972] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 447.406568][T17972] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 447.426841][T17887] bridge0: port 1(bridge_slave_0) entered blocking state [ 447.434525][T17887] bridge0: port 1(bridge_slave_0) entered disabled state [ 447.441854][T17887] bridge_slave_0: entered allmulticast mode [ 447.450406][T17887] bridge_slave_0: entered promiscuous mode [ 447.470194][T17887] bridge0: port 2(bridge_slave_1) entered blocking state [ 447.493465][T17887] bridge0: port 2(bridge_slave_1) entered disabled state [ 447.508348][T17887] bridge_slave_1: entered allmulticast mode [ 447.519105][T17887] bridge_slave_1: entered promiscuous mode [ 447.647594][ T3507] hsr_slave_0: left promiscuous mode [ 447.658608][ T3507] hsr_slave_1: left promiscuous mode [ 447.666181][ T3507] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 447.668462][T17976] __nla_validate_parse: 6 callbacks suppressed [ 447.668483][T17976] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4242'. [ 447.679969][ T3507] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 447.707466][ T3507] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 447.716519][ T3507] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 447.746817][ T3507] veth1_macvtap: left promiscuous mode [ 447.752767][ T3507] veth0_macvtap: left promiscuous mode [ 447.759552][ T3507] veth1_vlan: left promiscuous mode [ 447.765381][ T3507] veth0_vlan: left promiscuous mode [ 447.832947][T17987] sctp: [Deprecated]: syz.4.4242 (pid 17987) Use of int in maxseg socket option. [ 447.832947][T17987] Use struct sctp_assoc_value instead [ 448.253239][T17995] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4245'. [ 448.306345][T17997] SET target dimension over the limit! [ 448.597702][ T3507] team0 (unregistering): Port device team_slave_1 removed [ 448.683871][ T3507] team0 (unregistering): Port device team_slave_0 removed [ 449.245238][T18014] netlink: 56 bytes leftover after parsing attributes in process `syz.2.4252'. [ 449.260609][T18014] netlink: 56 bytes leftover after parsing attributes in process `syz.2.4252'. [ 449.286533][T17887] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 449.309942][T17887] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 449.401052][ T5157] Bluetooth: hci0: command tx timeout [ 449.420136][T18018] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4253'. [ 449.530403][T17887] team0: Port device team_slave_0 added [ 449.545600][T18021] batadv0: entered promiscuous mode [ 449.551126][T18021] macsec1: entered promiscuous mode [ 449.584337][T18021] batadv0: left promiscuous mode [ 449.659022][T17887] team0: Port device team_slave_1 added [ 449.770116][T17887] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 449.805866][T17887] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 449.836566][T17887] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 449.850684][T18030] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 449.873813][T17887] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 449.903272][T17887] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 449.941203][T17887] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 450.015962][T18036] _ÐZ`Ô€@ÿÿ: entered promiscuous mode [ 450.072552][T17887] hsr_slave_0: entered promiscuous mode [ 450.085199][T17887] hsr_slave_1: entered promiscuous mode [ 450.091642][T17887] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 450.100283][T17887] Cannot create hsr debugfs directory [ 450.176008][T18040] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4262'. [ 450.378834][T18052] batadv_slave_1: entered promiscuous mode [ 450.435118][T18056] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4268'. [ 450.445738][T18054] geneve3: entered promiscuous mode [ 450.450964][T18054] geneve3: entered allmulticast mode [ 451.145885][T17887] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 451.169711][T17887] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 451.189366][T18089] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4284'. [ 451.208061][T18089] syz_tun: entered promiscuous mode [ 451.221155][T18089] syz_tun: left promiscuous mode [ 451.279435][T17887] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 451.327547][T17887] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 451.474853][ T5157] Bluetooth: hci0: command tx timeout [ 451.549378][T18109] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4289'. [ 451.565329][T17887] 8021q: adding VLAN 0 to HW filter on device bond0 [ 451.586385][T18109] 8021q: VLANs not supported on lo [ 451.608241][T17887] 8021q: adding VLAN 0 to HW filter on device team0 [ 451.674022][ T3507] bridge0: port 1(bridge_slave_0) entered blocking state [ 451.681287][ T3507] bridge0: port 1(bridge_slave_0) entered forwarding state [ 451.720568][ T3507] bridge0: port 2(bridge_slave_1) entered blocking state [ 451.727824][ T3507] bridge0: port 2(bridge_slave_1) entered forwarding state [ 451.756979][T18117] netlink: 88 bytes leftover after parsing attributes in process `syz.3.4293'. [ 452.239325][T17887] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 452.332182][T18142] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 452.392750][T17887] veth0_vlan: entered promiscuous mode [ 452.423050][T17887] veth1_vlan: entered promiscuous mode [ 452.520236][T17887] veth0_macvtap: entered promiscuous mode [ 452.545716][T17887] veth1_macvtap: entered promiscuous mode [ 452.620560][T17887] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 452.651632][T17887] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 452.720056][T17887] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.738810][T17887] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.752542][T17887] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.768134][T17887] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.984759][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 452.992644][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 453.062519][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 453.071670][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 453.297395][T18185] _ÐZ`Ô€@: entered promiscuous mode [ 453.405083][T18189] netlink: 'syz.3.4318': attribute type 1 has an invalid length. [ 453.458005][T18189] 8021q: adding VLAN 0 to HW filter on device bond0 [ 453.500286][T18193] __nla_validate_parse: 5 callbacks suppressed [ 453.500317][T18193] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4319'. [ 453.581530][T18193] syz_tun: entered promiscuous mode [ 453.599021][T18193] syz_tun: left promiscuous mode [ 453.606226][T18199] xt_bpf: check failed: parse error [ 453.705924][T18203] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4321'. [ 453.960081][T18212] FAULT_INJECTION: forcing a failure. [ 453.960081][T18212] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 453.978396][T18212] CPU: 1 UID: 0 PID: 18212 Comm: syz.3.4326 Not tainted 6.15.0-syzkaller-12489-g5d6d67c4cb10 #0 PREEMPT(full) [ 453.978428][T18212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 453.978443][T18212] Call Trace: [ 453.978452][T18212] [ 453.978463][T18212] dump_stack_lvl+0x189/0x250 [ 453.978502][T18212] ? __pfx____ratelimit+0x10/0x10 [ 453.978531][T18212] ? __pfx_dump_stack_lvl+0x10/0x10 [ 453.978564][T18212] ? __pfx__printk+0x10/0x10 [ 453.978587][T18212] ? __might_fault+0xb0/0x130 [ 453.978621][T18212] should_fail_ex+0x414/0x560 [ 453.978655][T18212] _copy_from_user+0x2d/0xb0 [ 453.978679][T18212] __sys_connect+0x123/0x440 [ 453.978712][T18212] ? __fget_files+0x3a0/0x420 [ 453.978738][T18212] ? __pfx___sys_connect+0x10/0x10 [ 453.978782][T18212] ? __pfx_ksys_write+0x10/0x10 [ 453.978800][T18212] ? rcu_is_watching+0x15/0xb0 [ 453.978828][T18212] __x64_sys_connect+0x7a/0x90 [ 453.978861][T18212] do_syscall_64+0xfa/0x3b0 [ 453.978886][T18212] ? lockdep_hardirqs_on+0x9c/0x150 [ 453.978912][T18212] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.978932][T18212] ? clear_bhb_loop+0x60/0xb0 [ 453.978956][T18212] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.978976][T18212] RIP: 0033:0x7f113a58e929 [ 453.978994][T18212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 453.979013][T18212] RSP: 002b:00007f113b47b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 453.979036][T18212] RAX: ffffffffffffffda RBX: 00007f113a7b5fa0 RCX: 00007f113a58e929 [ 453.979052][T18212] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000003 [ 453.979067][T18212] RBP: 00007f113b47b090 R08: 0000000000000000 R09: 0000000000000000 [ 453.979079][T18212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 453.979091][T18212] R13: 0000000000000000 R14: 00007f113a7b5fa0 R15: 00007ffe66b3fec8 [ 453.979125][T18212] [ 454.186621][T18216] netlink: 'syz.4.4328': attribute type 39 has an invalid length. [ 454.669255][ T3507] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.054852][T18244] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4339'. [ 455.064082][T18243] FAULT_INJECTION: forcing a failure. [ 455.064082][T18243] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 455.064116][T18243] CPU: 0 UID: 0 PID: 18243 Comm: syz.4.4340 Not tainted 6.15.0-syzkaller-12489-g5d6d67c4cb10 #0 PREEMPT(full) [ 455.064141][T18243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 455.064154][T18243] Call Trace: [ 455.064172][T18243] [ 455.064182][T18243] dump_stack_lvl+0x189/0x250 [ 455.064217][T18243] ? __pfx____ratelimit+0x10/0x10 [ 455.064245][T18243] ? __pfx_dump_stack_lvl+0x10/0x10 [ 455.064276][T18243] ? __pfx__printk+0x10/0x10 [ 455.064311][T18243] should_fail_ex+0x414/0x560 [ 455.064343][T18243] _copy_to_user+0x31/0xb0 [ 455.064366][T18243] simple_read_from_buffer+0xe1/0x170 [ 455.064395][T18243] proc_fail_nth_read+0x1df/0x250 [ 455.064424][T18243] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 455.064457][T18243] ? rw_verify_area+0x258/0x650 [ 455.064494][T18243] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 455.064525][T18243] vfs_read+0x200/0x980 [ 455.064555][T18243] ? __pfx_vfs_read+0x10/0x10 [ 455.064577][T18243] ? rcu_is_watching+0x15/0xb0 [ 455.064597][T18243] ? do_sock_setsockopt+0x267/0x3e0 [ 455.064621][T18243] ? kfree+0x4d/0x440 [ 455.064642][T18243] ? __pfx_rds_setsockopt+0x10/0x10 [ 455.064670][T18243] ? do_sock_setsockopt+0x267/0x3e0 [ 455.064706][T18243] ksys_read+0x145/0x250 [ 455.064731][T18243] ? __pfx_ksys_read+0x10/0x10 [ 455.064760][T18243] ? do_syscall_64+0xbe/0x3b0 [ 455.064795][T18243] do_syscall_64+0xfa/0x3b0 [ 455.064825][T18243] ? lockdep_hardirqs_on+0x9c/0x150 [ 455.064855][T18243] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 455.064878][T18243] ? clear_bhb_loop+0x60/0xb0 [ 455.064906][T18243] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 455.064928][T18243] RIP: 0033:0x7fc298b8d33c [ 455.064950][T18243] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 455.064970][T18243] RSP: 002b:00007fc2999e5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 455.064996][T18243] RAX: ffffffffffffffda RBX: 00007fc298db5fa0 RCX: 00007fc298b8d33c [ 455.065031][T18243] RDX: 000000000000000f RSI: 00007fc2999e50a0 RDI: 0000000000000005 [ 455.065047][T18243] RBP: 00007fc2999e5090 R08: 0000000000000000 R09: 0000000000000000 [ 455.065061][T18243] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001 [ 455.065077][T18243] R13: 0000000000000000 R14: 00007fc298db5fa0 R15: 00007ffebf4af338 [ 455.065115][T18243] [ 455.341521][T18246] geneve3: entered promiscuous mode [ 455.369150][T18246] geneve3: entered allmulticast mode [ 455.459356][T18250] xt_TPROXY: Can be used only with -p tcp or -p udp [ 455.538743][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 455.553952][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 455.571018][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 455.585039][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 455.595122][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 455.613792][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 455.685860][T18251] lo speed is unknown, defaulting to 1000 [ 455.695012][T18256] netlink: 'syz.3.4345': attribute type 7 has an invalid length. [ 455.722912][T18256] netlink: 'syz.3.4345': attribute type 8 has an invalid length. [ 455.761967][T18256] netlink: 216 bytes leftover after parsing attributes in process `syz.3.4345'. [ 455.866232][ T3507] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.976603][T18259] wireguard0: entered promiscuous mode [ 455.982240][T18259] wireguard0: entered allmulticast mode [ 456.149040][ T3507] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 456.372134][ T3507] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 456.436223][T18281] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4354'. [ 456.652417][T18285] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4355'. [ 456.712719][T18251] chnl_net:caif_netlink_parms(): no params data found [ 456.790500][T18285] sctp: [Deprecated]: syz.4.4355 (pid 18285) Use of int in maxseg socket option. [ 456.790500][T18285] Use struct sctp_assoc_value instead [ 456.863173][T18295] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 456.883858][ T3507] bridge_slave_1: left allmulticast mode [ 456.889826][ T3507] bridge_slave_1: left promiscuous mode [ 456.900036][ T3507] bridge0: port 2(bridge_slave_1) entered disabled state [ 456.923001][ T3507] bridge_slave_0: left allmulticast mode [ 456.929335][ T3507] bridge_slave_0: left promiscuous mode [ 456.943499][ T3507] bridge0: port 1(bridge_slave_0) entered disabled state [ 457.703163][ T5157] Bluetooth: hci0: command tx timeout [ 457.956663][ T3507] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 457.970530][ T3507] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 457.981761][ T3507] bond0 (unregistering): Released all slaves [ 458.174876][T18251] bridge0: port 1(bridge_slave_0) entered blocking state [ 458.182147][T18251] bridge0: port 1(bridge_slave_0) entered disabled state [ 458.196302][T18251] bridge_slave_0: entered allmulticast mode [ 458.204787][T18251] bridge_slave_0: entered promiscuous mode [ 458.213558][T18251] bridge0: port 2(bridge_slave_1) entered blocking state [ 458.220761][T18251] bridge0: port 2(bridge_slave_1) entered disabled state [ 458.228226][T18251] bridge_slave_1: entered allmulticast mode [ 458.236379][T18251] bridge_slave_1: entered promiscuous mode [ 458.432669][T18320] netlink: 'syz.4.4367': attribute type 3 has an invalid length. [ 458.448654][T18319] netlink: 'syz.4.4367': attribute type 3 has an invalid length. [ 458.558482][T18251] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 458.586474][T18251] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 458.668767][T18251] team0: Port device team_slave_0 added [ 458.699096][ T3507] hsr_slave_0: left promiscuous mode [ 458.713401][ T3507] hsr_slave_1: left promiscuous mode [ 458.721531][ T3507] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 458.731859][ T3507] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 458.742179][ T3507] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 458.753937][ T3507] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 458.798095][ T3507] veth1_macvtap: left promiscuous mode [ 458.804326][ T3507] veth0_macvtap: left promiscuous mode [ 458.814407][ T3507] veth1_vlan: left promiscuous mode [ 458.819786][ T3507] veth0_vlan: left promiscuous mode [ 459.005031][T18335] xt_bpf: check failed: parse error [ 459.336506][T18343] netlink: 248 bytes leftover after parsing attributes in process `syz.3.4378'. [ 459.409754][ T6459] ------------[ cut here ]------------ [ 459.416162][ T6459] workqueue: cannot queue hci_conn_timeout on wq hci4 [ 459.423053][ T6459] WARNING: CPU: 0 PID: 6459 at kernel/workqueue.c:2258 __queue_work+0xd62/0xfe0 [ 459.432132][ T6459] Modules linked in: [ 459.442634][ T6459] CPU: 0 UID: 0 PID: 6459 Comm: kworker/0:13 Not tainted 6.15.0-syzkaller-12489-g5d6d67c4cb10 #0 PREEMPT(full) [ 459.454486][ T6459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 459.464560][ T6459] Workqueue: events l2cap_chan_timeout [ 459.470065][ T6459] RIP: 0010:__queue_work+0xd62/0xfe0 [ 459.475375][ T6459] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 c9 f7 98 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 40 e0 89 8b 4c 89 fa e8 1f 34 f9 ff 90 <0f> 0b 90 90 e9 f1 f4 ff ff e8 e0 85 35 00 90 0f 0b 90 e9 dd fc ff [ 459.494993][ T6459] RSP: 0018:ffffc9000f04f7a8 EFLAGS: 00010046 [ 459.501120][ T6459] RAX: 9939911af29dca00 RBX: 0000000000000020 RCX: ffff88802b25bc00 [ 459.509106][ T6459] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 459.517105][ T6459] RBP: 1ffff1100af3b738 R08: 0000000000000003 R09: 0000000000000004 [ 459.525096][ T6459] R10: dffffc0000000000 R11: fffffbfff1bfaa44 R12: dffffc0000000000 [ 459.533100][ T6459] R13: ffff888051550960 R14: ffff88801a494008 R15: ffff8880579db978 [ 459.541111][ T6459] FS: 0000000000000000(0000) GS:ffff888125c55000(0000) knlGS:0000000000000000 [ 459.550073][ T6459] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 459.556682][ T6459] CR2: 0000200000005d00 CR3: 0000000079270000 CR4: 00000000003526f0 [ 459.564687][ T6459] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 459.572678][ T6459] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 459.580657][ T6459] Call Trace: [ 459.583958][ T6459] [ 459.586925][ T6459] ? __queue_delayed_work+0xe1/0x2d0 [ 459.592235][ T6459] queue_delayed_work_on+0x18b/0x280 [ 459.597533][ T6459] ? __pfx___cancel_work+0x10/0x10 [ 459.602651][ T6459] ? __pfx_queue_delayed_work_on+0x10/0x10 [ 459.608481][ T6459] ? hci_conn_drop+0x14d/0x280 [ 459.613277][ T6459] l2cap_chan_del+0x285/0x5e0 [ 459.617969][ T6459] l2cap_chan_close+0x597/0x980 [ 459.622838][ T6459] ? __pfx_l2cap_chan_close+0x10/0x10 [ 459.628224][ T6459] ? process_scheduled_works+0x9ef/0x17b0 [ 459.634008][ T6459] l2cap_chan_timeout+0x158/0x390 [ 459.639042][ T6459] ? process_scheduled_works+0x9ef/0x17b0 [ 459.644799][ T6459] process_scheduled_works+0xae1/0x17b0 [ 459.650396][ T6459] ? __pfx_process_scheduled_works+0x10/0x10 [ 459.656414][ T6459] worker_thread+0x8a0/0xda0 [ 459.661037][ T6459] kthread+0x70e/0x8a0 [ 459.665135][ T6459] ? __pfx_worker_thread+0x10/0x10 [ 459.670271][ T6459] ? __pfx_kthread+0x10/0x10 [ 459.674886][ T6459] ? _raw_spin_unlock_irq+0x23/0x50 [ 459.680093][ T6459] ? lockdep_hardirqs_on+0x9c/0x150 [ 459.685304][ T6459] ? __pfx_kthread+0x10/0x10 [ 459.689922][ T6459] ret_from_fork+0x3f9/0x770 [ 459.694524][ T6459] ? __pfx_ret_from_fork+0x10/0x10 [ 459.699665][ T6459] ? __switch_to_asm+0x39/0x70 [ 459.704458][ T6459] ? __switch_to_asm+0x33/0x70 [ 459.709245][ T6459] ? __pfx_kthread+0x10/0x10 [ 459.713871][ T6459] ret_from_fork_asm+0x1a/0x30 [ 459.718660][ T6459] [ 459.721680][ T6459] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 459.728965][ T6459] CPU: 0 UID: 0 PID: 6459 Comm: kworker/0:13 Not tainted 6.15.0-syzkaller-12489-g5d6d67c4cb10 #0 PREEMPT(full) [ 459.740791][ T6459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 459.750879][ T6459] Workqueue: events l2cap_chan_timeout [ 459.756355][ T6459] Call Trace: [ 459.759653][ T6459] [ 459.762592][ T6459] dump_stack_lvl+0x99/0x250 [ 459.767209][ T6459] ? __asan_memcpy+0x40/0x70 [ 459.771834][ T6459] ? __pfx_dump_stack_lvl+0x10/0x10 [ 459.777065][ T6459] ? __pfx__printk+0x10/0x10 [ 459.781670][ T6459] panic+0x2db/0x790 [ 459.785595][ T6459] ? __pfx_panic+0x10/0x10 [ 459.790038][ T6459] ? show_trace_log_lvl+0x4fb/0x550 [ 459.795276][ T6459] ? ret_from_fork_asm+0x1a/0x30 [ 459.800229][ T6459] __warn+0x31b/0x4b0 [ 459.804235][ T6459] ? __queue_work+0xd62/0xfe0 [ 459.808938][ T6459] ? __queue_work+0xd62/0xfe0 [ 459.813630][ T6459] report_bug+0x2be/0x4f0 [ 459.817969][ T6459] ? __queue_work+0xd62/0xfe0 [ 459.822654][ T6459] ? __queue_work+0xd62/0xfe0 [ 459.827359][ T6459] ? __queue_work+0xd64/0xfe0 [ 459.832057][ T6459] handle_bug+0x84/0x160 [ 459.836316][ T6459] exc_invalid_op+0x1a/0x50 [ 459.840858][ T6459] asm_exc_invalid_op+0x1a/0x20 [ 459.845722][ T6459] RIP: 0010:__queue_work+0xd62/0xfe0 [ 459.851031][ T6459] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 c9 f7 98 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 40 e0 89 8b 4c 89 fa e8 1f 34 f9 ff 90 <0f> 0b 90 90 e9 f1 f4 ff ff e8 e0 85 35 00 90 0f 0b 90 e9 dd fc ff [ 459.870661][ T6459] RSP: 0018:ffffc9000f04f7a8 EFLAGS: 00010046 [ 459.876764][ T6459] RAX: 9939911af29dca00 RBX: 0000000000000020 RCX: ffff88802b25bc00 [ 459.884755][ T6459] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 459.892751][ T6459] RBP: 1ffff1100af3b738 R08: 0000000000000003 R09: 0000000000000004 [ 459.900900][ T6459] R10: dffffc0000000000 R11: fffffbfff1bfaa44 R12: dffffc0000000000 [ 459.908909][ T6459] R13: ffff888051550960 R14: ffff88801a494008 R15: ffff8880579db978 [ 459.916923][ T6459] ? __queue_work+0xd61/0xfe0 [ 459.921614][ T6459] ? __queue_delayed_work+0xe1/0x2d0 [ 459.926916][ T6459] queue_delayed_work_on+0x18b/0x280 [ 459.932230][ T6459] ? __pfx___cancel_work+0x10/0x10 [ 459.937351][ T6459] ? __pfx_queue_delayed_work_on+0x10/0x10 [ 459.943178][ T6459] ? hci_conn_drop+0x14d/0x280 [ 459.947974][ T6459] l2cap_chan_del+0x285/0x5e0 [ 459.952681][ T6459] l2cap_chan_close+0x597/0x980 [ 459.957545][ T6459] ? __pfx_l2cap_chan_close+0x10/0x10 [ 459.962924][ T6459] ? process_scheduled_works+0x9ef/0x17b0 [ 459.968678][ T6459] l2cap_chan_timeout+0x158/0x390 [ 459.973761][ T6459] ? process_scheduled_works+0x9ef/0x17b0 [ 459.979499][ T6459] process_scheduled_works+0xae1/0x17b0 [ 459.985103][ T6459] ? __pfx_process_scheduled_works+0x10/0x10 [ 459.991143][ T6459] worker_thread+0x8a0/0xda0 [ 459.995776][ T6459] kthread+0x70e/0x8a0 [ 459.999859][ T6459] ? __pfx_worker_thread+0x10/0x10 [ 460.004983][ T6459] ? __pfx_kthread+0x10/0x10 [ 460.009608][ T6459] ? _raw_spin_unlock_irq+0x23/0x50 [ 460.014829][ T6459] ? lockdep_hardirqs_on+0x9c/0x150 [ 460.020038][ T6459] ? __pfx_kthread+0x10/0x10 [ 460.024652][ T6459] ret_from_fork+0x3f9/0x770 [ 460.029300][ T6459] ? __pfx_ret_from_fork+0x10/0x10 [ 460.034458][ T6459] ? __switch_to_asm+0x39/0x70 [ 460.039256][ T6459] ? __switch_to_asm+0x33/0x70 [ 460.044050][ T6459] ? __pfx_kthread+0x10/0x10 [ 460.048674][ T6459] ret_from_fork_asm+0x1a/0x30 [ 460.053471][ T6459] [ 460.056898][ T6459] Kernel Offset: disabled [ 460.061234][ T6459] Rebooting in 86400 seconds..