last executing test programs: 6.201866053s ago: executing program 4 (id=9559): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32, @ANYBLOB="0000000000004a641c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff0000000001000000000000d7", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800a000100767863616e0000000400028008000a00", @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x8) sendmsg$IPVS_CMD_SET_INFO(r6, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x2d}, 0x1, 0x0, 0x0, 0x8801}, 0x8000) getsockname$packet(0xffffffffffffffff, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x4000) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x60, &(0x7f0000000300)={&(0x7f0000000900)=ANY=[@ANYBLOB="5c00000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800b0001006772657461700000240002800800070064010100060003001008000008001500700f0d0008000700ac1414bb08000a00", @ANYRES32=r7], 0x5c}}, 0x40) r8 = socket(0x2, 0x80805, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) close(0x3) sendmmsg$inet_sctp(r8, 0x0, 0x0, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a3100000000ac000000030a010300000000000000000100000014000480080002400000000008000140000000050900030073797a30000000000900010073797a310000000008000b4000000003640008800c0001"], 0x92fc}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000980)=ANY=[@ANYBLOB="3c0000001000030425bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0005000082180000140012800b00010062726964676500000400028008000a00", @ANYRES32=r4], 0x3c}, 0x1, 0x0, 0x0, 0x24000884}, 0x8000) r10 = socket$nl_route(0x10, 0x3, 0x0) r11 = socket(0x1, 0x803, 0x0) r12 = socket$netlink(0x10, 0x3, 0x4) writev(r12, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1) sendmsg$nl_route(r12, &(0x7f00000004c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)=@ipv6_newaddrlabel={0x70, 0x48, 0x200, 0x70bd2d, 0x25dfdbfc, {0xa, 0x0, 0x80, 0x0, r7, 0x5}, [@IFAL_LABEL={0x8, 0x2, 0xd}, @IFAL_ADDRESS={0x14, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}}, @IFAL_LABEL={0x8, 0x2, 0xc}, @IFAL_LABEL={0x8, 0x2, 0x1}, @IFAL_ADDRESS={0x14, 0x1, @private2}, @IFAL_ADDRESS={0x14, 0x1, @empty}]}, 0x70}, 0x1, 0x0, 0x0, 0x20008001}, 0x4005) getsockname$packet(r11, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00030000000000001c0012800c0001006d6163766c616e000c000280080001000800000008000500", @ANYRES32=r13, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r13, @ANYBLOB], 0x4c}}, 0x884) 5.821985526s ago: executing program 4 (id=9565): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) socket$inet_icmp(0x2, 0x2, 0x1) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r2, 0x8982, &(0x7f0000000180)={0x0, 'bridge0\x00', {0x4}, 0x2}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x54, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x8}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x29}, @NFTA_SET_DATA_TYPE={0x8}]}, @NFT_MSG_NEWSETELEM={0x44, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7, 0x0, 0x4004}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_DATA={0x8, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x4}]}]}]}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xe0}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newqdisc={0x38, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x7}}]}, 0x38}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080) sendmsg$nl_route_sched(r6, &(0x7f0000000680)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000640)={&(0x7f00000004c0)=@newqdisc={0x174, 0x24, 0x200, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, r9, {0xfff3, 0xffff}, {0xfffb, 0x3}, {0xffff, 0x3}}, [@TCA_RATE={0x6, 0x5, {0xc9}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x3ff}, @TCA_STAB={0x140, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x9, 0x0, 0xa02, 0x0, 0x2d0, 0x5, 0x9}}, {0x16, 0x2, [0x2, 0x1ff, 0x8000, 0x7, 0x5, 0xffff, 0x48b8, 0xfbff, 0x5]}}, {{0x1c, 0x1, {0x7, 0x4, 0x1, 0x8000, 0x1, 0x2, 0x8, 0x2}}, {0x8, 0x2, [0x0, 0x6]}}, {{0x1c, 0x1, {0xaa, 0x4, 0x9, 0x2, 0x0, 0x1, 0xffffffff, 0x6}}, {0x10, 0x2, [0x7, 0x245, 0x3, 0x0, 0x1000, 0x4214]}}, {{0x1c, 0x1, {0xa, 0x7, 0xe, 0x3, 0x0, 0x1, 0x9, 0x1}}, {0x6, 0x2, [0x7]}}, {{0x1c, 0x1, {0x3c, 0xa8, 0xe, 0x4, 0x1, 0x3, 0x3, 0x2}}, {0x8, 0x2, [0xa4, 0x4]}}, {{0x1c, 0x1, {0x2, 0xd, 0xa0, 0x7, 0x1, 0xfff, 0x3, 0x2}}, {0x8, 0x2, [0x7fff, 0x8]}}, {{0x1c, 0x1, {0x2, 0x4, 0x8, 0x2, 0x2, 0x2, 0x4, 0x2}}, {0x8, 0x2, [0x1ff, 0x2]}}, {{0x1c, 0x1, {0x8, 0x1, 0x2, 0x3, 0x2, 0xb, 0x3d98, 0x4}}, {0xc, 0x2, [0xae, 0x8, 0x2, 0x0]}}]}]}, 0x174}, 0x1, 0x0, 0x0, 0x20000054}, 0x20000000) r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_DEL(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r5, 0xe27, 0x70bd28, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x4000) sendmsg$SMC_PNETID_FLUSH(r4, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x28, r5, 0x10, 0x70bd2d, 0x25dfdbfb, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x20040010) unshare(0x6020400) r11 = socket(0x2a, 0x2, 0x0) getsockname$packet(r11, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x44884) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtfilter={0x24, 0x2c, 0xd27, 0x2070bd2d, 0x25dfdffd, {0x0, 0x0, 0x0, r12, {0x6, 0x10}, {}, {0x8, 0xffe0}}}, 0x24}}, 0x0) r13 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r13, &(0x7f00000002c0), 0x40000000000009f, 0x0) r14 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r14, &(0x7f0000000000)=ANY=[@ANYBLOB='V?\x00\x00-\x00'], 0xfe33) 5.215910186s ago: executing program 4 (id=9575): r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="0a00000016000000b30000007f"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @generic={0x66, 0x0, 0x0, 0x0, 0x102}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222}, 0x78) 4.928884665s ago: executing program 4 (id=9577): setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000000), 0x3) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000002c0), 0x4) 4.734591777s ago: executing program 4 (id=9579): mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) ioctl$XFS_IOC_OPEN_BY_HANDLE(0xffffffffffffffff, 0xc038586b, &(0x7f0000000100)={r0, &(0x7f0000000000)='\x00', 0x2000, &(0x7f0000000040)={@_ha_fsid={[0x3, 0x6]}, {0x4d, 0xffff, 0x8, 0x8}}, 0x6, &(0x7f0000000080)={@_ha_fsid}, &(0x7f00000000c0)=0x5c9d}) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0xedc623580215bdcd, 0x12, r0, 0x0) mmap(&(0x7f0000196000/0x4000)=nil, 0x4000, 0xffffffffefffffff, 0x8032, 0xffffffffffffffff, 0x0) 4.565340902s ago: executing program 1 (id=9581): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRES32, @ANYRES64=r0, @ANYRES32=0x0, @ANYRES32, @ANYRESOCT=r0], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007baaf8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x94) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000e40), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000f40)={0x0, 0x0, &(0x7f0000000f00)={&(0x7f0000000e80)={0x1c, r5, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@L2TP_ATTR_SESSION_ID={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x4000004) (async) getsockopt$sock_cred(r3, 0x1, 0x4d, 0x0, &(0x7f0000000200)=0x33) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @flow_dissector=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r2, 0xe0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000080)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x7, 0x8, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x47, &(0x7f0000000380)=[{}, {}], 0x10, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0xd, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r6, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 4.522307838s ago: executing program 4 (id=9582): r0 = socket(0x10, 0x803, 0x0) socket$netlink(0x10, 0x3, 0x4) syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), r0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newlink={0x48, 0x10, 0xffffff1f, 0xfffffffc, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x10000}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x28}}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x48}}, 0x0) 4.370718882s ago: executing program 1 (id=9585): unshare(0x8000400) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000005c0)='cpuacct.usage_percpu\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x20, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x41000, 0x49, '\x00', 0x0, @fallback=0xe, r1, 0x8, 0x0, 0x3b}, 0x94) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb010025"], 0x0, 0x46, 0x0, 0x1}, 0x28) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@mpls_newroute={0x1c, 0x18, 0x601, 0x0, 0x0, {0x1c, 0x14, 0x20, 0x0, 0xfe, 0x0, 0x0, 0x1}}, 0x1c}}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r3 = socket$inet6(0xa, 0x2, 0x3a) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600"/20, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xd, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000fbffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0xb, @mcast2, 0x5}, 0x19) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x7, 0xa, &(0x7f0000000680)=ANY=[@ANYBLOB="180800000000001000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000002c000000000000001800000000000000000000000000000095000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r5, 0xe0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) unshare(0x8000400) (async) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000005c0)='cpuacct.usage_percpu\x00', 0x26e1, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x20, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x41000, 0x49, '\x00', 0x0, @fallback=0xe, r1, 0x8, 0x0, 0x3b}, 0x94) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb010025"], 0x0, 0x46, 0x0, 0x1}, 0x28) (async) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) (async) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@mpls_newroute={0x1c, 0x18, 0x601, 0x0, 0x0, {0x1c, 0x14, 0x20, 0x0, 0xfe, 0x0, 0x0, 0x1}}, 0x1c}}, 0x0) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) (async) socket$inet6(0xa, 0x2, 0x3a) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600"/20, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xd, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000fbffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0xb, @mcast2, 0x5}, 0x19) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x7, 0xa, &(0x7f0000000680)=ANY=[@ANYBLOB="180800000000001000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000002c000000000000001800000000000000000000000000000095000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4}, 0x94) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r5, 0xe0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) (async) 4.112560323s ago: executing program 0 (id=9588): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="2001000016000100000000000000000064010100000000000000000000000000000000000000000000000000000000010000000000030000000080a000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe80000000000000000000000000002c000004d633000000fc0200000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffedffffffffffffff03000000000000000000000000000000000000000000000000000000000000000200000000000000fefffffffffffbff0000000000000000960700002dbd70000000000000000002be0000000000000000000000b1a0010008001f00040000000c002000"], 0x120}, 0x1, 0x0, 0x0, 0x40040}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r5 = socket$kcm(0xa, 0x3, 0x87) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd7000fedbdf2500000000000000000000000000000001fe8000000000000000000000000000bb00000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000c00000000000000000000000000000000000000000000000500000000000000ffffffffffffffff000000000000000000800000000000000000000000000000fdffffffffffff7ffeffffffff7f40000200000000000008000000000000000001000001000000004400050000000000000000000000000000000000000000002b"], 0xfc}, 0x1, 0x0, 0x0, 0xc040}, 0x40800) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) sendmsg$kcm(r5, &(0x7f0000000580)={&(0x7f0000000380)=@l2tp6={0xa, 0x0, 0x7, @dev={0xfe, 0x80, '\x00', 0x1e}, 0x0, 0x1}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000000)='\x00\x00\x00\x00', 0x4}], 0x1}, 0x40810) sendmsg$nl_route_sched(r2, 0x0, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001f00)=@newtfilter={0x58, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0xfff1, 0xa}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x2c, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}, @TCA_BPF_POLICE={0x4}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x1}, @TCA_BPF_CLASSID={0x8, 0x3, {0xd, 0xa}}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) setsockopt$netlink_NETLINK_PKTINFO(r1, 0x10e, 0x3, &(0x7f0000000000)=0x84c00000, 0x4) 4.061516796s ago: executing program 1 (id=9589): setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000000), 0x3) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000002c0), 0x4) 3.63290666s ago: executing program 1 (id=9593): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newlink={0x4c, 0x10, 0x503, 0x40000000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x115}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bond={{0x9}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x6}, @IFLA_BOND_XMIT_HASH_POLICY={0x5, 0xe, 0x1}, @IFLA_BOND_PACKETS_PER_SLAVE={0x8, 0x14, 0x8}]}}}]}, 0xfca1}, 0x1, 0x0, 0x0, 0x48080}, 0x4044800) 2.860779878s ago: executing program 0 (id=9596): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$vsock_stream(0x28, 0x1, 0x0) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000900), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_MODE(r0, &(0x7f0000000840)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x1c, r2, 0x510, 0x70bd26, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x221f524700a5e969}]}, 0x1c}, 0x1, 0x0, 0x0, 0x881}, 0x40) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) r5 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000940)=@mangle={'mangle\x00', 0x2, 0x6, 0x6e0, 0x0, 0x540, 0x540, 0x540, 0x1d0, 0x610, 0x610, 0x610, 0x610, 0x610, 0x6, 0x0, {[{{@ipv6={@mcast1, @private1, [], [0xffffffff, 0xff000000], 'pimreg0\x00', 'macvtap0\x00', {}, {}, 0x21}, 0x0, 0x188, 0x1d0, 0x0, {0x7a00000010000000}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @local, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private2}}, @common=@inet=@multiport={{0x50}, {0x0, 0x0, [0x0, 0x80]}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@private=0xa000000, @ipv4=@empty, 0xa, 0x30, 0x1}}}, {{@uncond, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @loopback}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0x0, 0x0, 0x0, 0xffffff00], [], '\x00', 'bond_slave_0\x00', {}, {}, 0x2f, 0x9}, 0x0, 0x168, 0x1a0, 0x48000000, {}, [@common=@ah={{0x30}, {[0x4d2, 0x4d3], 0xa000000, 0x4, 0x3}}, @common=@srh1={{0x90}, {0xc, 0x2, 0x4, 0x8, 0x8, @ipv4={'\x00', '\xff\xff', @loopback}, @private1, @private0, [0xff, 0xff000000, 0x0, 0xff000000], [0xffffffff, 0xffffff00, 0x0, 0xff], [0xff000000, 0x0, 0x0, 0x80], 0x804, 0x400}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x0, 0x6, 0x5}, {0xffffffffffffffff, 0x6, 0x1}, {0x0, 0x4, 0x2}, 0xfffffffe}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4, @ipv4=@loopback, 0x0, 0xfe}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @HL={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x740) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB="f8000000160004000000000000000000fe880000000000000000000000000001ff0100000000000000000000000000010000000000000082000000002b000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe800000000000000000000096cd4c7d212ca3702bb6000000aa000000002b"], 0xf8}}, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0) r6 = socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3", 0x5) r7 = accept4(r4, 0x0, 0x0, 0x800) sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {0x0}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085", 0xcb}], 0x3, &(0x7f0000000380)=[@assoc={0x18, 0x117, 0x4, 0x6}], 0x18}], 0x1, 0x40800) recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000700)=""/89, 0x59}, {&(0x7f0000000200)=""/72, 0x48}], 0x2}, 0x40000000) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a0300000003f500000000070000040900010073797a300000001288000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d44001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008210001800e000100636f6e6e6c696d69740000000c000280080001400000000008000340000001"], 0xd0}}, 0x20050800) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, 0x0) socketpair(0x5, 0x3, 0x81, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$XFS_IOC_ATTRLIST_BY_HANDLE(r1, 0x4058587a, &(0x7f0000000680)={{r8, &(0x7f0000000180)='\x00', 0x40, &(0x7f00000002c0)={@_ha_fsid={[0x5, 0x1]}, {0x1, 0x401, 0x3, 0x9}}, 0xd, &(0x7f0000000300), &(0x7f0000000340)=0x7}, {[0xc, 0x40, 0x6, 0x6]}, 0xb45, 0xbd, &(0x7f00000004c0)=""/189}) sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000009e297ee297b57169e9162a547647c12dacda7445d4223840d1fce19b6503709245ac72612e4300c0a5cad69b21a0930c924c97591846230eae4614321e03997993b5a57c6263f7c2c1e71c", @ANYRES16=r2, @ANYBLOB="010029bd7000fbdbdf25070000000c000600000000000000000008000100030000000a0004007770616e3400000008000300", @ANYRES64=r1], 0x44}, 0x1, 0x0, 0x0, 0x8004}, 0x800) 2.681739499s ago: executing program 1 (id=9597): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) unshare(0x6a040000) socketpair(0x8, 0x80000, 0x9, &(0x7f0000000000)) epoll_create(0x9) 2.368661211s ago: executing program 0 (id=9599): r0 = socket(0x2, 0x80805, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000010c0)={0xfffd, 0x478, 0x1ff, 0xce}, 0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000001040)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x42, 0x0}}]}, &(0x7f0000000180)=0x10) r2 = socket(0x1, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xf, 0x4, 0x4, 0x12}, 0x50) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000180), &(0x7f00000000c0)=@tcp6=r2}, 0x20) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x5452, &(0x7f0000000000)={'syztnl1\x00', 0x0}) recvmsg(r2, &(0x7f0000000880)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000440)=""/97, 0x61}], 0x1}, 0x0) sendmmsg$unix(r2, &(0x7f00000008c0)=[{{&(0x7f0000000280)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000801}}], 0x2, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000300)={r1, 0x9}, &(0x7f0000001140)=0x8) r4 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r4, &(0x7f0000002dc0)={&(0x7f0000001640)=@l2tp6={0xa, 0x0, 0x7fff, @local, 0x8}, 0x80, &(0x7f0000000340)=[{&(0x7f00000003c0)='`', 0x1}], 0x1}, 0x41) r5 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFDSTADDR(r5, 0x8918, &(0x7f0000000080)={@mcast2, 0x70, r6}) sendmsg$nl_route(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)=@can_delroute={0x64, 0x19, 0x100, 0x70bd29, 0x25dfdbfd, {0x1d, 0x1, 0x3}, [@CGW_CS_XOR={0x8, 0x5, {0x4, 0x4, 0x8, 0x1}}, @CGW_CS_XOR={0x8, 0x5, {0x3, 0xfffffffffffffffe, 0x4}}, @CGW_MOD_AND={0x15, 0x1, {{{0x4, 0x0, 0x1}, 0x1, 0x1, 0x0, 0x0, "e084b93939f20af8"}, 0x1}}, @CGW_FILTER={0xc, 0xb, {{0x0, 0x0, 0x1}, {0x0, 0x1, 0x1, 0x1}}}, @CGW_FILTER={0xc, 0xb, {{0x3, 0x0, 0x1, 0x1}, {0x2, 0x1, 0x0, 0x1}}}, @CGW_SRC_IF={0x8, 0x9, r6}, @CGW_DST_IF={0x8}]}, 0x64}, 0x1, 0x0, 0x0, 0x20040000}, 0x4000000) setsockopt$sock_attach_bpf(r4, 0x84, 0x1e, &(0x7f0000000000), 0x4) r7 = socket$kcm(0x2, 0x1, 0x84) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000003c0)={0x58, 0x0, 0x20, 0x70bd2c, 0x25dfdbfc, {}, [@ETHTOOL_A_STRSET_HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x40) setsockopt$sock_attach_bpf(r7, 0x84, 0x9, &(0x7f0000000380), 0x98) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, 0x0) r8 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r8, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)="d8000000100081046881f782db44b904021d080b01000000e8fe55a11800150006001400060000120800040043000000a80016000a00014006000d3f036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1, 0x0, 0x0, 0xc3ff}, 0x0) 1.961692776s ago: executing program 3 (id=9603): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) (async) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000080)='X', 0x1, 0x0, &(0x7f0000000140)={0xa, 0x0, 0x0, @private0}, 0x1c) (async) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000100)={0x66, 0xfe, 0x4, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x9}, 0xe) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000000)=0x6, 0x4) shutdown(r0, 0x1) recvmmsg(r0, &(0x7f0000005000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/19, 0x13}, 0x3}], 0x4000169, 0x60, 0x0) (async) recvfrom(r0, 0x0, 0x0, 0x121, 0x0, 0x0) (async) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) (async) r2 = socket$kcm(0x21, 0x2, 0x2) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x4001, 0x3, 0x280, 0x130, 0x700001b, 0x148, 0x0, 0x148, 0x1e8, 0x206, 0x240, 0x1e8, 0x240, 0x7fffffe, 0x0, {[{{@uncond, 0x1ea, 0xd0, 0x130, 0x0, {0x390, 0x8f00}, [@common=@unspec=@quota={{0x38}, {0xfffffffc, 0x0, 0x8, {0x7}}}, @inet=@rpfilter={{0x28}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @empty, 0x5, 0xb, [0x12, 0x36, 0x2a, 0x10, 0x27, 0x11, 0x31, 0x9, 0x16, 0x39, 0x4, 0x34, 0x36, 0x3d, 0x2a, 0x4], 0x2, 0x4, 0x1009}}}, {{@uncond, 0x0, 0x70, 0xb8}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@broadcast, 'veth0_vlan\x00', {0x7}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2e0) (async) sendmsg$kcm(r2, &(0x7f0000000040)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @local}}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000ac0)="ee", 0x1}, {0x0}, {&(0x7f0000000300)="da8d35e7f14ac823606ff0a267144d93a079e5c829857b37b65ae53c21ec8534ce53a4d2351a756c3b7cc616051f8320ee10b55321df946fe5f282ad2dac773afb26cbdaadeed994ca62331c2422f22ca7de83f165a7ec9f6fa4465c1132867ec34cabc788b33ae0abdc0ed0e27ab78ebb59e164d81ce11c91ecea0aeb39bfd43e2088161fb59137344cc95be9bc4600b5e134f2b6d9f451797188608b4d9a9d2985ed407e2ccf6b77db59dbe2135956a34125136fcb8e23b1be9a447a7ddad6febd5a560c93f6da1547a2dafac087875c072d9a454fe86ece57047eb4825ba157a41a94819dcf", 0xe7}], 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010", @ANYRES16=r2, @ANYRESHEX=r2, @ANYRESHEX=r2], 0x10b8}, 0x2000c011) (async) unshare(0xc040480) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1}, 0x48) (async) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58) (async) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) (async) r6 = accept4(r5, 0x0, 0x0, 0x800) sendmmsg$alg(r6, &(0x7f0000003280)=[{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000001000)="082a1e5dc7129b0a558de83d5a8fa38b3cb210dc2ef97d3b41a9024aaf70f996bcc0541f2e5502ec113f406a7771908e94f0f812329cb657212558f9f1616e86882012762d14a03f681804461ca01f11fc1c91a4b34c30fb1b627051ea2dc507e083f77b2d83ee0f00446252c5e07c6f6766c18a32d2faf74ace20749c266eaa5e4896835bb55c29d1eb2e2306cde34d0a36c77d69f8a93baca26ba06444a422bf1e33a4b42e1d2bb0b5c4491a7605a50c6a60783b8c76b84d81aa9bae2d41491cdb7edaa7a7872c9e29bdf5af9d6f0cce0badf8c684e8084de16324a478a2ab2846fba0ea0644b2f506c964fd3eddc089daea077f794e5f6c3331d650d1ca37dc94e143adaf483fb3c21dc865663c389df808a3b0e51c9e870a634272469184ea9358969d7d68f4db4b49ff948f974067b78d10f52650a2ec23cf30312e1aba7e8f31101245afb6bad58f8d661a37b31acb211c3b44cd93204185db6fad14f6fb3ef3f22e71d0321e94d4218e2b816893c5b718828b736f7379259588c63e80ac382dd57c292faae251163af17a33c4049b20d68e93ae4a7368352cf099c61b627dd3d755b8b399a9795494432b3f7752d2b6f72ae8ca27900a38e8048572f04b1e4f17879bce2b1119f40de7ba942feab2624a42bb98e0eb0c4083f45819eed114d2a82be9f794dcde285a0d2037c47b795a0d446f64b91a56fc7e46f44ca1eba89d302e5a4cf51d262254c4d342d439bf17df163bb999246e31d86e755da49e840ca80cc51ea6191cdd14f71b7f4f5c2166966c164eacbd39834a1737769aec0cac86548c6a45e556bb516552c7dbc45ca6b15c98e43c247b8b4632215a3fdd3828e92ed64e2221097fdf6a133951a90b1a22ebacac12dc21de849188c13e29e7e5e56d847885aeb4e39d071955d271a44a5f72328050cf3b4a079c5f00bbe416124deb2fd2176378ae52cd10abc238f322872386b4cffc19ca3ec208331ffb494de47b18f7cb6cf25dfdc980f5d9570da882ea829219f9318e90345665f3788136bd009fe469cb192f4750d7a6232599923ca1d425a437477f8c9eb142f7e3af1e0f3c629a146fde9f17f54c9a590c4c21d9bca4129977c7c2d181051d5fb0b79abe869d6758c2e263e076de812caf4c7dd32cf4cd6b877c41818d9ac6a79557c2519cb0c844b2869e8188f4f8ff75d7142cffa2ecd679172c0c222f8aa370a69f5360a5d797fe4143f0ad6f5af837e6dbd9cf4b74d62c844bf225fc9823e401a2b79f54a0875e2521731328c829f5b7f8da0bbe2765a87ee415cc21d3d362a2b55da521e93a265fc9b122d3131a8706324d92b8c3f259e8531effe106a7002be550f8f4b8d363d13b59694471c6e5b262d06fee886b449288e5c30701a11284e225ab192c756a0f6c800b671a698f9858c451afe958d201461fe116f308a0f971e7f5546ece1d8bdcc2b8dd2994c99aa648f707892b1fa7c6a49d683ce6775c64a9758bd023b36bd5aa8c163407121202dc791f7e5364036557388fcc534082f4a8bd2489aa4aafd74ea1c55e4221ef6506c0016ae29aaf05e575d596e3a8120742864b9809fd9b6bf1df6504c3638885b58e1a3efc062f19b2660b13f87d448fe89fedf18df20a99420da54bf4444b980fcdee005ec1e16f38ab89c3b535a13d4d6776030dbb64cf496793fd982f085311f5895d0db6b1a6fbd27c12f153b0ef6124e1dae4fcd8c7be323832afb21b4dd1fda50795f44255cde12b829aaeca98cf55e873371f27308ffe19da72455ce454582c6afcb0b51708e00c23fe80a1e643f423c64cd08153132f8cd92cfbc381946da9246ae8e7ca9ecaebfd24de177e2161efd2f51e7ca48f24924294f320de4e2b07a4c95541fc0a00f109ad8948d0037b5d89496d944ab62fdfb3f2ecd2be957de2c9c0f1c93b7500e4bd41f13ffea2695b16d9c039c7fb31102ea230caecc4e799e40fd1bf6cedf6fcc5b47bfd460c53f67201de69108f90e837c344fa18bcdc6c59780a348b27dcd44ce14c069c35bf9632b3e45f63f82da389388c4ace3cf0534d7c24e870f279f2376e3ece5cb4b7cd215c4ef9a2536a2c744ad72f89bfac99b7076847caedbaca5b16b155d3ed269e2d65ba15b568f5aa547751a7a5a48e7c4d1cb5043cfcb1d2ec3c15fab98a764166905b796639dbf327aa04b3ef78fcb7161f3523a053f53634d957e1137a89267c873b234034e23bb2e3d740e7ee10ea5b1687a661679726335418d5458a68587c0fd9c1c107711b5b9845e10d21b265b65b4bb3b32bcd22e753ec5ebab3eaecb1e64ccd8bf353297986dc9788f6a9f286358087dd64646ef6a6fe9473614fb7bc977aa66af8032b04d7c67ddac02bd149d60444c0481e5d3b774539a3d5e16616a327e2832dec3b166dd1b20d5d362a78cc63ea44d8cdc387314b948c5487895d4b1790d950587db59bf6c484ebcef6c9278c67ac085e7e25f18e661728ac9d26aa11028ad89206bfa0614964a1db27fcee472a4e61f1b95f8a198ef50d1b91890981854da490ae6a1c45680caf14d44e1c42027539b6eee47b5af414135ad79b12f8fde1d28b27e5e6f4a5b3111f90bb71c990f0225f64d561ad6f103cd783217a3db7366081719979b1fd2a9db6d2542dc4f1caa214951adc3a2b25014579b286dc9ec7e3b8a64ee2176df2275d0e5699ce166b55df514e579e5ab9eae67be8a5b1241702f6a602eac6dde39f69f38112d976b06bea0dd88d1f9781551eb51bb66a4efaef28d14f284a03cf21b8aa27086c63588311aa7d07add05476b84c0439062ae575e9fc66b7fb385873ed6c982e0b847dd04d1d3130993cd1d7e240f7a7919cf63cf095416aeca723f495061631de9d2967acdfe80ca7fe7e24370ddbe14daa227b047af2ecd4e7cbe561690eaef2f277c796c81ca9eba21cc47c36309c16e455e0662a38bcabe4b3c1ac11de045ac2ea9c9de73e973cc792d9af4df676877ff8e6ccb4db270953149fb924a0d77e7ab3e7336daeae746b88a1de1d63b0a62b2aa5953b3f1f8f29a421b95c98e7a97df1bc1aec80a6c42be77c4eda9592bd0e4b4e91923425988649c9d441916f4b138cae292afb1bc00b684bf7e6025ad49b7e228646a51e6f2cb833bad410666a1e7ac8120f253c8604b7b90d699073d6f856abad8a31599f36c6fe693f8285c0e48e4ae4e0a2654b6f9aa82baa0413d4757d81fb52f4f8ae73fdfca82b17fbec51e5159a2c0d86a3907c045bacaa3d1361cb16a2c24cb9beb55bb54fafd93ecb9283f03f8cac3d80603b526ebeb4263fcb42cf444c63126e6f8deaba455ebc03c2edb45e8b1cc723c30c605ed3bcf006e49b7da25c88a0e0a1686d01ab3b3da0d5e0eaa02c3ff4b5fe602f31432e215ccc1f44959d8af417811a9c752d3aa6b21c64e09479b79913a33cfef9546f90e48b4f7de400d3744c773c070c0a4b5f23ae31abb267f4e295a9c3204df6bbcf2782740d20c3a4ac18eba91f1e4c13c74b9e3d92b7a122e04a952dfead6d5aed043202336e61f23ca9792c14c764035f8a424e36fcfbe2cfb45920ac7951e434aad8e685f0e6ca69432e0e039bacbcde8a85e1678ed4e0138f2fc81bb2c4e2814ae7410de7ea54588a72b135ae82b516a06be5dcc01fcafa89132c140253e8df69b1086ceca543a775d9d429bf07ecbfabbd9c90ed767cfc4f3f476f2bb1edef58faffde4aa0f6096e46b8a26775059a8d304b475d8a69309e5fc59f7bdc8c89e7c351e565921913dc80e4c2993ff22013d493b60cb1477696334596d2a6c9518b08fcca0bcd36627dc764e910d759c953cf27ed6522970f3cde50ec540281d3de1c95fd5f8e8efd35a9487c45eecd3a4adb69a77bce711818a08c883d82fdbaf27643d3cef6c0b109eeb6e75a4554046af6ee1c1fee08b66891f57bef5df6c16ed590dfc931217b55fd22f5ee0bc13048368610b0ec018a75ab7a06ea9e07907909a767ae34f34f3f486383efc22a4da0c5af541c0d26db5d412cbf9e3ff68b0ff7179267f17969305011955384d8a9c3f8fbec4c8f0b8f171081ffd3c31bc135283e98e2e16e2b6f4c3bf09b42add9403d109a0a58269a99eb4a134f11b219fc5846ee0aa94427e5f915144f541a581c6ab3907111cf9a7417d352804d6631ec56a4d8026fc4b5e5241effdc3063cd1478bc5b56289559258a28c3bcccc760aeef4dca4aeec278b1a54c5297904021a9bf06352a9e8343fb96d979c073102a07691fff4506c2899a323d02b57728afd65657d84d8690d35546edaf3cc9d63890ba74d31cf363542da49802853bbd1a709f804346bd13b625181e70ebaadbe8b2bc44a6d354991a751eca9853fe66532eb79c5f08d0143de46d4610f04ab02f7fa3f81db50f4acf548a56f423a29e81cd5d2e148e4ac02dc251fd8be638b88381aa7decd216f84ebd25131dab90a1a5461690cc6cc2f4fe5a3867eeb47ec4f8c0824bf7845eb0b10d4b20f89604285385e135070dd4a4ce3b110e17683834840a24d7a036b5b945734840935a6d0d11ef88e7914e7e6c13f42d944ab1ca1fbbc7145606fb4c32039fdd2c8f38c1665591f936aa55b31e60d77645c72e241a27e5faa56cc843b25fc4e05872b9b29423ff9b1f2bb18d7c59bcdfc910a87ec9b3b8d32163a583e80e9bba30fd8795922a08b8a7d9f5b403a0337e90ed05060e9c36059de0d2d4ba48606e95635fb8e425c31c64c075456db1ba02a6071a50b858c9728a6a56c9811e2c9b54a056454f1a266ebf180cbec5b2604a0545521a640c565e3cf745b0c6162be546eb96a86800b908bb2ed9d3a16df9382cfebcb3211baeee7e3e0060123446bebc57b0dfcc64be6fd66705aa3a0df3390abf378c8f374b9c749df8873dd51e4da7619c41e1f77c051024304144d055f5481457752f43392d20c972bda9db5f301d308c5fa360f9d8ae605e22e6ccefe9f17ca0ebdb62aed7e740549adb035aed8b941c497d3692998a167d98dd26779832d9c01fe4807aa373219a7543627edbdea5400b4cde2c742e778c3adc0e98c37dedc94ff641195582f1c8b82cb4457fd0287e4528b75b3d3bc77f5518b6df3ae855d76fe2ec8fe31ba9c637ce07e4f8045c7f43ff8faf214ad8f1e69cd765194b906a2d7edfd59a41dc0b7012f357f94c8b800f34d4abd7a183b55866eb2f4956319571901bbdfeae8f8372ed168cc4d07ffc22064fd34a4e870e159ef6a18ccfada1610e4c07b78d8c774f7a8f974a2d2e62d60d5d9479b103e7b9b400261cd88e9a55c463a2faf2e33a288f02f66912f4a4f81b765ac9fa8d8c67bb0414c71ed1af505764e244cf33bf0fd4f31710e28780c93f6044e3dff515f86816156905f3cd50cd875b6a3ac1cc37dd516fb82b8d47ce30d3096135c2a00688378f1325906f60c714f2827b2ac4be3e7bebc552b6af30a5873a50ffd8a5e619042a8b47ff4d986d0eb100a9030b31b5dc9638ada1086c93e187ae0ecc3742918be7ad08addb49f6b762d185f05bd9f538919516d326fd5786977c7437900e104572e7e652928fab6ada48b774576fa1c759c5adb5ea7a97543721be23d4f124a81933ccebcfb57bcfc25eb5a4509033ca92f62d26f2f07b35bac7cf9a4a3c02dbd99d8f8048c6e264bcd171f6b3aed0e0e56d076e3602557e6b5d28cbb6dc96893a2267cfa7c514c964d808faed9e9b02c3d01ecfb07bb516d4b8acd4ddf91dc72d22cf191410008afcb881d87d53cd8663bdcaa135ae48498d6b8e6a02100733", 0x1000}, {&(0x7f0000000600)="82037611", 0x4}], 0x2, 0x0, 0x0, 0x40800}], 0x1, 0x40000) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r4}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r7}, &(0x7f0000000000), &(0x7f0000000500)=r7}, 0x20) (async) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) unshare(0x40000000) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f1, &(0x7f0000000000)={'sit0\x00', &(0x7f0000000140)=@ethtool_cmd={0x20, 0xb, 0x1, 0x8000, 0x2, 0x6, 0x2, 0xfe, 0x10, 0x5, 0x4b0, 0x200, 0x7e4, 0x1, 0x1, 0x45, [0x12, 0x10000002]}}) (async) write$cgroup_subtree(r8, &(0x7f0000000000)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r8, 0x0) sendmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x10b8}, 0x0) (async) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) (async) getsockopt$sock_buf(r1, 0x1, 0x3b, &(0x7f00000014c0)=""/145, &(0x7f0000000000)=0x91) 1.705199546s ago: executing program 0 (id=9605): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1000000004000000080000000800000000000000", @ANYRES32=0x1, @ANYBLOB="000000020000000000009a5801630000002000000ce29a37a863637b166a79ea", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x11, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000007000000000000000500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b703000000000000a500000083000000bf0900000000000055090100000000009500000000000000181a0000", @ANYRES32=r0, @ANYBLOB="0000000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x7, 0xfe7, &(0x7f0000001e00)=""/4071}, 0x94) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x10}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xc}, @NFTA_CT_DIRECTION={0x5, 0x3, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x80}, 0x1, 0x0, 0x0, 0x840}, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="851000000400000020998000f0ffffff185b00000500000626020009000000180000dfa133c318"], &(0x7f0000000040)='syzkaller\x00', 0x6, 0x26, &(0x7f0000000080)=""/232, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000180)=[0x1, 0xffffffffffffffff, r0, 0x1, 0x1, 0xffffffffffffffff], &(0x7f00000001c0)=[{0x3, 0x5, 0xc, 0x3}, {0x0, 0x2, 0xe, 0x9}, {0x4, 0x2, 0xe, 0x2}, {0x4, 0x2, 0x2, 0x7}, {0x5, 0x2, 0x9, 0x1}], 0x10, 0x7}, 0x94) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r2, 0xf502, 0x0) 1.704995803s ago: executing program 3 (id=9606): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000001580), r0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f00000000c0)={'veth0_to_batadv\x00', 0x400}) ioctl$TUNGETIFF(r2, 0x800454d2, &(0x7f0000000100)={'bond0\x00'}) sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f00000015c0)={0x14, r1, 0x200, 0x70bd2b, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x90}, 0x0) 1.50804714s ago: executing program 0 (id=9609): r0 = socket$kcm(0x29, 0x2, 0x0) write$cgroup_pressure(r0, &(0x7f0000000140)={'full'}, 0xfffffdef) setsockopt$sock_linger(r0, 0x1, 0x3d, &(0x7f0000000000)={0x1, 0x6}, 0x8) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42073, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$SMC_PNETID_GET(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="74000000221cea7bb41641a65a203e515b406809ea38c85d395ec9e22a0ef1a631f35fe760dc4071824f46dbec4a3c3f06e98864617a3e3291a250e32aa22b7f66feba15850a84365a054b645e3dae0dffff349fb9efadef2ac1f08dee0e18b6f1e2c325717e169d30a4c0c1287fa942af5f748ece29de632a698add98b471c2e4a2f6dbc2e86bca406113c52dec45fa7cea136d87f7e1b5e7d819b4d07a60764f1f00d55dfe646263dc8994634011aa43a6fdef338c96079aeab49a064c46f23fe1258f090e9d06a4826d7994f2f701eb660ca0", @ANYRES16=0x0, @ANYBLOB="01002dbd7000fbdbdf25010000000900030073797a30000000000900010073797a31000000001400020076657468315f746f5f626f6e640000000900010073797a30000000000900010073797a300000000005000400020000001400020064756d6d793000"/110], 0x74}, 0x1, 0x0, 0x0, 0x40000}, 0x20004800) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x1, 0x0, 0x1}, 0x48) sendmsg$netlink(r1, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="1c0000005e00010000000000fddbdf2508000000010000000b"], 0x1c}], 0x1}, 0x0) 1.279390992s ago: executing program 3 (id=9612): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCADDRT(r2, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x42}}, @hci={0x1f, 0x0, 0x3}, @nl=@unspec, 0x479, 0x0, 0x0, 0x0, 0x2, 0x0, 0x52c8, 0x8, 0x3ff}) r3 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) r5 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000400)={'veth0_to_hsr\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r6, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x9}}]}}]}, 0x48}}, 0xc840) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x60, 0x2c, 0xd2b, 0x70bd2d, 0x25dfdbf8, {0x0, 0x0, 0x0, r6, {0x6}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_matchall={{0xd}, {0x2c, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xb, 0xffe0}}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0x9, 0xc}}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x80000001}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0xfff1, 0x6}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4084}, 0x24040084) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@setlink={0x30, 0x13, 0x2, 0x70bd2b, 0x25dfdbfc, {0x0, 0x0, 0x0, r4, 0xb1, 0x10010}, [@IFLA_MASTER={0x8, 0xa, r4}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000) 1.143723516s ago: executing program 2 (id=9613): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000000), 0x3) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) 1.143438594s ago: executing program 0 (id=9614): sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, 0x0, 0x80) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00') unshare(0x6a040000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000000), r0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r2) getsockname$packet(r2, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="3800000010003704000080000000000000000000", @ANYRES32=r3, @ANYBLOB="c3040500000000001800128008000100677470000c00028008000100", @ANYRES32], 0x38}, 0x1, 0x0, 0x0, 0x2000c014}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001840), r4) sendmsg$TIPC_NL_MEDIA_SET(r4, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001a00)={&(0x7f0000000480)=ANY=[@ANYBLOB="84000000", @ANYRES16=r5, @ANYBLOB="200029bd7000fbdbdf250c0000007000068004000200040002000800060009000000080006000d00000000000300f2960df296166731d9f5b3d8dc214ff76166f843a3184173f24365834ee7faadb338d5e22942dbf6ebdd661eb16a95eaecca50f814be14879dd9e86fd273bbddbb91b677fa41859a2b53890840ed75468a79e448a9c60850c63de3d956e6f55aab674f649300000044000100070000000800060000000080"], 0x84}, 0x1, 0x0, 0x0, 0x4020}, 0x80d4) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, 0x0, 0x20008000) socket$inet6(0xa, 0x1, 0x8010000000000084) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_BATCH(r6, 0x0, 0x0) r7 = socket$kcm(0x2b, 0x1, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[], 0x28}}, 0x0) sendmsg$inet(r7, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x43}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x2000c08d) shutdown(r7, 0x1) sendmsg$GTP_CMD_DELPDP(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="b53fd075", @ANYRES16=r1, @ANYRES32=r1, @ANYRES32=r3, @ANYBLOB="08000200010002", @ANYRES16], 0x24}, 0x1, 0x0, 0x0, 0x44800}, 0x20000000) 1.04511984s ago: executing program 2 (id=9615): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="600000000206010100000000000000000700ffff140007800800124000000005050015000900000005000100f6ffff38050005000a00000005000400000000000900020073797a310000000013000300686173683a6e65742c6966616365"], 0x60}, 0x1, 0x0, 0x0, 0x4044081}, 0x0) r1 = socket(0x1d, 0x80802, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000380)={0x1d, r2, 0x1, {0x0, 0xf0, 0x3}, 0xfe}, 0x18) syz_genetlink_get_family_id$l2tp(&(0x7f0000000480), r1) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r1, 0x8040942d, &(0x7f0000000040)) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r3, 0x84, 0x2, &(0x7f00000000c0)={0xfffc, 0xc}, 0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1e, &(0x7f00000001c0)=[@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8}]}, &(0x7f0000000640)=0x10) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f0000000000), &(0x7f0000000040)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) sendto$inet(r1, &(0x7f0000000080)="64c7dd6c0ca9ea054ee69b997a00a2814ce63bb76d4d54801bcfbacd8e2601843eda39c3f3faa7a9fedf8cf4e04917822314a8d4873887e93741a586909c59065a7230f88d14640d314fb33c622dbf48bfaba628115f6a197a583762b587938d570286666a4e46c5d0b5ba34624f2c512963a849c0c960c4f52807ea3e888a8fdcae51cb8438780f04a25148c1b008363120b3fde80751df1953497d0f5c7eae9a88694b9d1288f88a57be8f78527bab86c506919ddd", 0xb6, 0x4008081, 0x0, 0x0) 804.424815ms ago: executing program 3 (id=9616): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x6, 0xf, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000030000008500000086000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x0, 0xe, 0x0, &(0x7f00000000c0)="b994bc444b9893b04bf30981fd1a", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1}, 0x50) 701.021479ms ago: executing program 2 (id=9617): r0 = socket$l2tp(0x2, 0x2, 0x73) getsockopt$EBT_SO_GET_ENTRIES(r0, 0x0, 0x81, &(0x7f0000000100)={'broute\x00', 0x0, 0x3, 0x0, [0x6, 0x0, 0x1, 0x6, 0x2, 0xc846], 0x0, 0x0, 0x0}, &(0x7f0000000180)=0xa8) r1 = socket(0x10, 0x803, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0), 0x4) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x4c, 0x10, 0x437, 0x1, 0x21dfdbff, {0x0, 0x0, 0x0, 0x0, 0x40c89}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x13, 0x2, 0x0, 0x1, [@IFLA_GRE_IKEY={0x8, 0x4, 0x3}, @IFLA_GRE_OFLAGS={0x5e, 0x3, 0x80}, @IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x3}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x44801}, 0x4040) 635.196949ms ago: executing program 3 (id=9618): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x6, 0x4, 0x8, 0x8}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000880)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000702f8fff8ffffffb703000008000000b704000012000000850000001500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 529.956269ms ago: executing program 3 (id=9619): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r0, 0x89fb, &(0x7f0000000180)={'sit0\x00', 0x0}) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) writev(r1, &(0x7f00000005c0)=[{&(0x7f0000000800)='//', 0x2}], 0x1) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r1, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async) setsockopt$netlink_NETLINK_PKTINFO(r1, 0x10e, 0x3, &(0x7f0000000080), 0x4) ioctl$sock_bt_hci(r3, 0x400448cb, 0x0) (async) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) setsockopt$TIPC_SRC_DROPPABLE(r4, 0x10f, 0x80, &(0x7f0000001640)=0x4f1d, 0x4) (async) sendmmsg$inet(r4, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0xf5) (async) recvfrom(r4, &(0x7f0000000200)=""/29, 0x1d, 0x140, 0x0, 0x0) (async) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r6 = socket(0x400000000010, 0x3, 0x0) (async) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xf, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0) (async) r9 = socket(0x400000000010, 0x3, 0x0) r10 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000004400)=@getchain={0x24, 0x66, 0xfff1, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, r11, {0xe, 0xfff2}, {0x0, 0xfff1}, {0xffff, 0x1ffef}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x800) (async) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x577801, 0x100408) 481.480109ms ago: executing program 2 (id=9620): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001b00)=ANY=[], 0x114}}, 0x0) 330.945902ms ago: executing program 2 (id=9621): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="0801000016000100000000000000000064010100000000000000000000000000000000000000000000000000000000010000000000030000000080a000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe80000000000000000000000000002c000004d633000000fc0200000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffedffffffffffffff03000000000000000000000000000000000000000000000000000000000000000200000000000000fefffffffffffbff0000000000000000960700002dbd70000000000000000002be0000000000000000000000b1a001000800d8"], 0x108}, 0x1, 0x0, 0x0, 0x40000}, 0x10) 319.918263ms ago: executing program 1 (id=9622): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000002c0)="f973085a6ea39ea1b25a1c6b351e11245900557d1c8e9f86bae5e5c64e50ef25afb0295d0c303850b4bff4d088bf9df67e013836e2882dad3f7698b52997", 0x3e}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x60}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, 0x0}}], 0x3, 0x20000044) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff08"], 0x6f4}}, 0x0) 0s ago: executing program 2 (id=9623): socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x1a3, 0x655c, 0x4, 0x40, 0x7fffffff, 0x7fffffff, 0x80, 0xffffffff, 0x1}}}}]}, 0x58}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000740)=@newtfilter={0x78, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r1, {0xe}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x48, 0x2, [@TCA_FLOWER_KEY_TCP_SRC={0x6}, @TCA_FLOWER_KEY_VLAN_PRIO={0x5, 0x18, 0x3}, @TCA_FLOWER_KEY_IPV6_SRC_MASK={0x14, 0xf, [0xffffffff, 0xff000000, 0xffffff00, 0xff]}, @TCA_FLOWER_KEY_ETH_DST={0xa}, @TCA_FLOWER_KEY_IPV6_SRC={0x14, 0xe, @mcast1}]}}]}, 0x78}}, 0x4000) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, &(0x7f0000000000)={'icmp\x00'}, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x10, &(0x7f0000000280)=[@in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) r6 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) r8 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r8, 0x28, 0x2, &(0x7f0000000000), 0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x7d, &(0x7f00000004c0)={r7, @in={{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x9, 0x400}, 0x90) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r9 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r3, &(0x7f0000000340)={@val={0x0, 0x22f0}, @void, @eth={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @val={@void, {0x8100, 0x0, 0x0, 0x20}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x17c1, 0x9c, 0x0, @wg=@initiation={0x1, 0x1, "626abd460020000000000079a700000040000000000000000000000000002000", "d89bc63b93b6d4092beb790344022cb8c49cc8022b5296be4673efd95df3fdc5a71ed1c7bc91dcf39f5550601185fa4a", "fcc815bc21b9e7be1497a9edd45189dacc307c357402a8c5a9c5b5b0", {"6cbc715d9569f2b2ee1cf210c588b607", "23e0cc4e1fdd8d6d18e2e9ee4939689f"}}}}}}}}, 0xc6) kernel console output (not intermixed with test programs): [ 1164.180460][ T4397] macvlan2: left allmulticast mode [ 1164.263666][ T4397] bond15: left promiscuous mode [ 1164.274605][ T4397] bridge4: left promiscuous mode [ 1164.297341][ T4397] macvlan3: left allmulticast mode [ 1164.306780][ T4397] macvlan4: left allmulticast mode [ 1164.316376][ T4397] gretap0: left allmulticast mode [ 1164.321732][ T4397] macvlan5: left allmulticast mode [ 1164.343674][ T4397] bridge5: left allmulticast mode [ 1164.429953][T30640] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1164.472400][T30640] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1164.509676][T30640] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1164.521336][T30640] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1164.643134][ T4451] netlink: 'syz.1.8324': attribute type 13 has an invalid length. [ 1164.669841][ T4451] netlink: 'syz.1.8324': attribute type 17 has an invalid length. [ 1164.760946][ T4451] gretap0: left promiscuous mode [ 1164.800900][ T4451] erspan0: left promiscuous mode [ 1164.889694][ T4451] bridge0: port 3(syz_tun) entered blocking state [ 1164.896349][ T4451] bridge0: port 3(syz_tun) entered forwarding state [ 1164.917459][ T4451] 8021q: adding VLAN 0 to HW filter on device team0 [ 1164.932616][ T4451] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1164.978051][ T4451] veth0_to_team: left promiscuous mode [ 1164.991814][ T4451] veth0_to_batadv: left allmulticast mode [ 1165.001174][ T4451] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1165.012992][ T4451] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1165.025957][ T4451] xfrm0: left allmulticast mode [ 1165.040205][ T4451] 0·: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1165.051579][ T4451] 0·: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1165.062728][ T4451] 0·: left allmulticast mode [ 1165.067944][ T4451] hsr_slave_0: left allmulticast mode [ 1165.073649][ T4451] hsr_slave_1: left allmulticast mode [ 1165.099065][ T4451] veth1_vlan: left promiscuous mode [ 1165.106982][ T4451] veth0_vlan: left promiscuous mode [ 1165.113323][ T4451] veth0_vlan: entered promiscuous mode [ 1165.128136][ T4451] veth1_vlan: entered promiscuous mode [ 1165.138441][ T4451] tipc: Resetting bearer [ 1165.145641][ T4451] tipc: Resetting bearer [ 1165.155451][ T4451] veth0_macvtap: left promiscuous mode [ 1165.162859][ T4451] veth0_macvtap: entered promiscuous mode [ 1165.199525][ T4451] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1165.220598][ T4451] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1165.242582][ T4451] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1165.276750][ T4451] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1165.309326][ T4451] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1165.319932][ T4451] erspan1: left promiscuous mode [ 1165.326749][ T4451] erspan1: left allmulticast mode [ 1165.346501][ T4451] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1165.362209][ T4451] bond2: left promiscuous mode [ 1165.368116][ T4451] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1165.401374][ T4451] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1165.436410][ T4451] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1165.458449][ T4451] ip6gretap2: left promiscuous mode [ 1165.479938][ T4451] 8021q: adding VLAN 0 to HW filter on device bond5 [ 1165.489927][ T4451] 8021q: adding VLAN 0 to HW filter on device bond6 [ 1165.500630][ T4451] erspan0: entered promiscuous mode [ 1165.506880][ T4451] erspan0: entered allmulticast mode [ 1165.512476][ T4451] macvlan2: left allmulticast mode [ 1165.517935][ T4451] erspan0: left allmulticast mode [ 1165.535445][ T4451] erspan0: entered allmulticast mode [ 1165.540868][ T4451] macvlan3: left allmulticast mode [ 1165.547189][ T4451] erspan0: left allmulticast mode [ 1165.570894][ T4451] 8021q: adding VLAN 0 to HW filter on device bond7 [ 1165.587636][ T4451] 8021q: adding VLAN 0 to HW filter on device bond8 [ 1165.606625][ T4451] 8021q: adding VLAN 0 to HW filter on device bond9 [ 1165.628935][ T4451] 8021q: adding VLAN 0 to HW filter on device bond10 [ 1165.659578][ T4451] 8021q: adding VLAN 0 to HW filter on device bond11 [ 1165.678537][ T4451] gretap0: entered promiscuous mode [ 1165.687142][ T4451] gretap0: entered allmulticast mode [ 1165.692597][ T4451] macvlan4: left allmulticast mode [ 1165.698385][ T4451] gretap0: left allmulticast mode [ 1165.707203][ T4451] gretap0: entered allmulticast mode [ 1165.713209][ T4451] macvlan5: left allmulticast mode [ 1165.718830][ T4451] gretap0: left allmulticast mode [ 1165.735812][ T4451] bond12: left allmulticast mode [ 1165.747469][ T4451] 8021q: adding VLAN 0 to HW filter on device bond12 [ 1165.756337][ T4451] gretap0: entered allmulticast mode [ 1165.761936][ T4451] macvlan6: left allmulticast mode [ 1165.767571][ T4451] gretap0: left allmulticast mode [ 1165.775654][ T4451] gretap0: entered allmulticast mode [ 1165.781343][ T4451] macvlan7: left allmulticast mode [ 1165.788760][ T4451] gretap0: left allmulticast mode [ 1165.851972][ T4451] gretap0: entered allmulticast mode [ 1165.863357][ T4451] macvlan8: left allmulticast mode [ 1165.869311][ T4451] gretap0: left allmulticast mode [ 1165.877061][ T4451] gretap0: entered allmulticast mode [ 1165.883303][ T4451] macvlan9: left allmulticast mode [ 1165.894270][ T4451] gretap0: left allmulticast mode [ 1165.907187][ T4451] 8021q: adding VLAN 0 to HW filter on device bond13 [ 1165.928249][T30645] bridge0: port 1(bridge_slave_0) entered blocking state [ 1165.935496][T30645] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1165.960364][T30645] bridge0: port 2(bridge_slave_1) entered blocking state [ 1165.967637][T30645] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1166.129415][T20142] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1166.147448][T20142] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1166.380445][ T4496] __nla_validate_parse: 1 callbacks suppressed [ 1166.380466][ T4496] netlink: 32 bytes leftover after parsing attributes in process `syz.3.8330'. [ 1166.406697][T20142] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1166.562225][T20142] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1166.795914][T30640] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 1167.002636][ T4504] netlink: 14 bytes leftover after parsing attributes in process `syz.1.8333'. [ 1167.112201][ T4509] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8335'. [ 1167.273723][ T4509] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8335'. [ 1167.897472][ T4523] netlink: 'syz.0.8341': attribute type 1 has an invalid length. [ 1167.968103][ T4529] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8341'. [ 1168.038410][ T4523] 8021q: adding VLAN 0 to HW filter on device bond16 [ 1168.172504][ T4529] netlink: 'syz.0.8341': attribute type 1 has an invalid length. [ 1168.202627][ T4529] bond16: (slave batadv1): Opening slave failed [ 1168.261476][ T4539] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8345'. [ 1168.389286][ T4549] netlink: 40 bytes leftover after parsing attributes in process `syz.2.8347'. [ 1168.453352][ T4552] netlink: 'syz.2.8347': attribute type 15 has an invalid length. [ 1168.479745][ T4552] netlink: 666 bytes leftover after parsing attributes in process `syz.2.8347'. [ 1168.682525][ T4557] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8351'. [ 1168.735810][ T4557] macvlan6: entered allmulticast mode [ 1168.752487][ T4557] gretap0: entered allmulticast mode [ 1169.156933][ T4575] netlink: 'syz.3.8356': attribute type 19 has an invalid length. [ 1169.173612][ T4575] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8356'. [ 1169.287821][ T4575] netlink: 'syz.3.8356': attribute type 19 has an invalid length. [ 1171.164773][ C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 1179.885435][ C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 1195.884942][ C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 1196.931694][ T4615] __nla_validate_parse: 1 callbacks suppressed [ 1196.931715][ T4615] netlink: 76 bytes leftover after parsing attributes in process `syz.1.8362'. [ 1196.939539][ T4619] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8366'. [ 1196.959722][ T4615] netlink: 6 bytes leftover after parsing attributes in process `syz.1.8362'. [ 1196.969594][ T4615] netlink: 6 bytes leftover after parsing attributes in process `syz.1.8362'. [ 1197.014067][ T4619] macvlan9: entered allmulticast mode [ 1197.155815][ T4621] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8367'. [ 1197.483159][ T4646] tipc: Started in network mode [ 1197.494685][ T4646] tipc: Node identity c2821e447d2b, cluster identity 4711 [ 1197.511607][ T4646] tipc: Enabled bearer , priority 0 [ 1197.537405][ T4646] syzkaller0: entered promiscuous mode [ 1197.559476][ T4646] syzkaller0: entered allmulticast mode [ 1197.620489][ T4646] tipc: Resetting bearer [ 1197.656344][ T4645] tipc: Resetting bearer [ 1197.727286][ T4645] tipc: Disabling bearer [ 1198.178110][ T4665] netlink: 'syz.2.8378': attribute type 1 has an invalid length. [ 1198.266326][ T4670] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8378'. [ 1198.361486][ T4665] 8021q: adding VLAN 0 to HW filter on device bond17 [ 1198.436392][ T4676] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8380'. [ 1198.478987][ T4665] netlink: 'syz.2.8378': attribute type 1 has an invalid length. [ 1198.637633][ T4675] bond10: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 1198.738250][ T4675] bond10: (slave lo): Enslaving as an active interface with an up link [ 1198.764842][ T4675] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 1198.812694][ T4678] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 1198.843644][ T4665] bond17: (slave batadv0): Opening slave failed [ 1199.408820][ T4718] netlink: 'syz.1.8392': attribute type 2 has an invalid length. [ 1200.029244][ T4757] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8396'. [ 1200.076298][ T4757] netlink: 40 bytes leftover after parsing attributes in process `syz.1.8396'. [ 1200.277383][ T4723] virt_wifi0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 1200.360052][ T4723] veth1_vlan: left promiscuous mode [ 1200.408087][ T4723] veth0_vlan: left promiscuous mode [ 1200.439009][ T4723] veth0_vlan: entered promiscuous mode [ 1200.475734][ T4723] veth1_vlan: entered promiscuous mode [ 1200.487765][ T4723] veth1_macvtap: left promiscuous mode [ 1200.509326][ T4723] veth0_macvtap: left promiscuous mode [ 1200.516871][ T4723] veth1_macvtap: entered promiscuous mode [ 1200.540536][ T4723] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1200.553443][ T4768] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8399'. [ 1200.579783][ T4723] macvlan0: left allmulticast mode [ 1200.646611][ T4723] macvlan2: left allmulticast mode [ 1200.651798][ T4723] v: left allmulticast mode [ 1200.665396][ T4723] bond11: left promiscuous mode [ 1200.670757][ T4723] 8021q: adding VLAN 0 to HW filter on device bond11 [ 1200.682183][ T4723] 8021q: adding VLAN 0 to HW filter on device eth0 [ 1200.699258][ T4723] 8021q: adding VLAN 0 to HW filter on device eth1 [ 1200.716939][ T4723] 8021q: adding VLAN 0 to HW filter on device eth2 [ 1200.737919][ T4723] 8021q: adding VLAN 0 to HW filter on device eth3 [ 1200.752023][ T4723] macvlan3: left allmulticast mode [ 1200.757949][ T4723] gretap0: left allmulticast mode [ 1200.888524][T30647] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1200.904288][T30647] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1200.916095][ T8131] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1201.043687][ T8127] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1201.325429][ T8131] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1202.603397][ T4843] netlink: 'syz.0.8417': attribute type 1 has an invalid length. [ 1202.816749][ T4851] __nla_validate_parse: 2 callbacks suppressed [ 1202.816769][ T4851] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8419'. [ 1202.861018][ T4851] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8419'. [ 1202.930555][T30639] wlan1: Trigger new scan to find an IBSS to join [ 1203.503170][ T4873] tipc: Enabling of bearer rejected, failed to enable media [ 1203.657632][ T4882] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1203.846659][ T4882] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1203.870577][ T4897] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8430'. [ 1203.891665][ T4897] hsr_slave_0: left promiscuous mode [ 1203.910527][ T4897] hsr_slave_1: left promiscuous mode [ 1204.010012][ T4882] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1204.348030][ T4882] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1204.647268][T30647] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1204.722097][T30639] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1204.791111][T30639] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1204.881239][T30639] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1205.164723][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1205.570919][ T4972] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8442'. [ 1205.689619][ T4983] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8443'. [ 1205.891188][T30644] wlan1: Trigger new scan to find an IBSS to join [ 1207.981211][ T5020] bond18: option updelay: invalid value (18446744073709518847) [ 1208.003087][ T5020] bond18: option updelay: allowed values 0 - 2147483647 [ 1208.032877][ T5020] bond18 (unregistering): Released all slaves [ 1208.100457][ T5023] vlan3: entered promiscuous mode [ 1208.112096][ T5023] team0: entered promiscuous mode [ 1208.429165][ T5040] netlink: 76 bytes leftover after parsing attributes in process `syz.0.8460'. [ 1208.441094][ T5041] netlink: 68 bytes leftover after parsing attributes in process `syz.2.8459'. [ 1208.598049][ T5052] netlink: 76 bytes leftover after parsing attributes in process `syz.1.8463'. [ 1208.849330][T30639] wlan1: Trigger new scan to find an IBSS to join [ 1208.934440][ T5068] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8466'. [ 1209.741886][T30645] wlan1: Creating new IBSS network, BSSID 5e:7a:b0:5c:d6:d9 [ 1211.642824][ T5080] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1211.705982][ T5084] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1211.734024][ T5086] tipc: Enabled bearer , priority 0 [ 1211.746296][ T5087] syzkaller0: entered promiscuous mode [ 1211.753403][ T5087] syzkaller0: entered allmulticast mode [ 1211.792759][ T5087] tipc: Resetting bearer [ 1211.824083][ T5085] tipc: Resetting bearer [ 1211.868512][ T5085] tipc: Disabling bearer [ 1212.165396][ T5095] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8474'. [ 1212.571123][ T5107] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8478'. [ 1212.835504][ T5111] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8480'. [ 1212.874666][ T5111] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8480'. [ 1212.917837][ T5111] netlink: 'syz.4.8480': attribute type 12 has an invalid length. [ 1212.956893][ T5111] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8480'. [ 1212.999445][ T5111] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8480'. [ 1213.042443][ T5111] netlink: 'syz.4.8480': attribute type 12 has an invalid length. [ 1213.389741][ T5122] tipc: Enabling of bearer rejected, failed to enable media [ 1213.694356][ T5106] netlink: 'syz.2.8477': attribute type 4 has an invalid length. [ 1213.715883][ T5106] netlink: 17 bytes leftover after parsing attributes in process `syz.2.8477'. [ 1213.805771][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1213.913892][ T5139] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8484'. [ 1214.102373][ T5139] bond15: option ad_actor_system: mode dependency failed, not supported in mode balance-rr(0) [ 1214.161327][ T5144] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8485'. [ 1214.177568][ T5139] bond15 (unregistering): Released all slaves [ 1214.661392][ T5161] netlink: 20 bytes leftover after parsing attributes in process `syz.4.8486'. [ 1214.816970][ T5164] netlink: 68 bytes leftover after parsing attributes in process `syz.1.8487'. [ 1215.187305][ T5174] netlink: 'syz.0.8490': attribute type 5 has an invalid length. [ 1215.372335][ T5179] netlink: 48 bytes leftover after parsing attributes in process `syz.0.8492'. [ 1216.274381][ T5215] ip6gre1: entered promiscuous mode [ 1216.297687][ T5215] ip6gre1: entered allmulticast mode [ 1216.442630][ T5222] netlink: 'syz.4.8504': attribute type 1 has an invalid length. [ 1216.503547][ T5228] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8504'. [ 1216.568302][ T5222] 8021q: adding VLAN 0 to HW filter on device bond11 [ 1216.680909][ T5222] netlink: 'syz.4.8504': attribute type 1 has an invalid length. [ 1216.764365][ T5222] bond11: (slave batadv1): Opening slave failed [ 1216.885519][ T5243] geneve1: Caught tx_queue_len zero misconfig [ 1216.926855][ T5243] netlink: 'syz.0.8510': attribute type 3 has an invalid length. [ 1217.184228][ T5261] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8517'. [ 1217.195022][ T5258] x_tables: duplicate underflow at hook 2 [ 1217.207566][ T5261] macvlan7: entered allmulticast mode [ 1217.352896][ T5267] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8518'. [ 1217.404443][ T5271] IPVS: ip_vs_edit_dest(): server weight less than zero [ 1217.612058][ T5279] netlink: 280 bytes leftover after parsing attributes in process `syz.1.8522'. [ 1217.636608][ T5281] syzkaller0: entered promiscuous mode [ 1217.642611][ T5281] syzkaller0: entered allmulticast mode [ 1217.898008][ T5296] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1218.009203][ T5302] macvlan10: entered allmulticast mode [ 1218.060877][ T5302] gretap0: entered allmulticast mode [ 1218.369364][ T5334] Bluetooth: hci0: Opcode 0x0401 failed: -22 [ 1219.142415][ T5360] __nla_validate_parse: 5 callbacks suppressed [ 1219.142435][ T5360] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8544'. [ 1219.182179][ T5360] macvlan5: entered allmulticast mode [ 1219.188664][ T5360] gretap0: entered allmulticast mode [ 1219.417133][ T5378] netlink: 76 bytes leftover after parsing attributes in process `syz.1.8549'. [ 1219.450740][ T5378] syzkaller0: entered promiscuous mode [ 1219.457449][ T5387] xt_policy: input policy not valid in POSTROUTING and OUTPUT [ 1219.463728][ T5378] syzkaller0: entered allmulticast mode [ 1219.499036][ T5378] tc action pedit offset must be on 32 bit boundaries [ 1219.508281][ T5378] tc action pedit offset must be on 32 bit boundaries [ 1219.515165][ T5378] tc action pedit offset must be on 32 bit boundaries [ 1219.521992][ T5378] tc action pedit offset must be on 32 bit boundaries [ 1219.528823][ T5378] tc action pedit offset must be on 32 bit boundaries [ 1219.535665][ T5378] tc action pedit offset must be on 32 bit boundaries [ 1219.542459][ T5378] tc action pedit offset must be on 32 bit boundaries [ 1219.549297][ T5378] tc action pedit offset must be on 32 bit boundaries [ 1219.556129][ T5378] tc action pedit offset must be on 32 bit boundaries [ 1219.562920][ T5378] tc action pedit offset must be on 32 bit boundaries [ 1219.569764][ T5378] 0: reclassify loop, rule prio 0, protocol 800 [ 1219.603683][ T5386] netlink: 'syz.4.8552': attribute type 4 has an invalid length. [ 1219.625928][ T5386] netlink: 3649 bytes leftover after parsing attributes in process `syz.4.8552'. [ 1219.722403][ T5401] netlink: 'syz.0.8553': attribute type 1 has an invalid length. [ 1219.939248][ T5401] 8021q: adding VLAN 0 to HW filter on device bond18 [ 1219.961930][ T5413] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8558'. [ 1220.068358][ T5404] bond18: (slave veth9): Enslaving as an active interface with an up link [ 1220.096587][ T5413] macvlan10: entered allmulticast mode [ 1220.108077][ T5394] netlink: 'syz.0.8553': attribute type 1 has an invalid length. [ 1220.164364][ T5394] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 1220.174168][ T5394] bond18: (slave batadv1): Enslaving as an active interface with an up link [ 1220.679514][ T5458] netlink: 'syz.2.8568': attribute type 12 has an invalid length. [ 1220.688039][ T5458] netlink: 132 bytes leftover after parsing attributes in process `syz.2.8568'. [ 1220.708725][ T5461] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8570'. [ 1220.743606][ T5461] macvlan6: entered allmulticast mode [ 1222.317537][ T5489] vlan2: entered promiscuous mode [ 1222.322656][ T5489] dummy0: entered promiscuous mode [ 1223.353165][ T5432] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1223.499289][ T5492] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8580'. [ 1223.524382][ T5492] netlink: 24 bytes leftover after parsing attributes in process `syz.4.8580'. [ 1223.587087][ T5499] netlink: 'syz.1.8578': attribute type 1 has an invalid length. [ 1223.602331][ T5502] netlink: 68 bytes leftover after parsing attributes in process `syz.3.8579'. [ 1223.632709][ T5502] netlink: 168 bytes leftover after parsing attributes in process `syz.3.8579'. [ 1223.699708][ T5499] 8021q: adding VLAN 0 to HW filter on device bond15 [ 1223.786865][ T5510] macvlan7: entered allmulticast mode [ 1223.816086][ T5507] netlink: 'syz.1.8578': attribute type 1 has an invalid length. [ 1223.899774][ T5507] bond15: (slave batadv1): Opening slave failed [ 1223.961464][ T5521] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1223.980505][ T5521] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1224.199665][ T5532] netlink: 'syz.0.8589': attribute type 33 has an invalid length. [ 1224.324235][ T5536] __nla_validate_parse: 4 callbacks suppressed [ 1224.324254][ T5536] netlink: 24 bytes leftover after parsing attributes in process `syz.4.8590'. [ 1224.343854][ T5536] netlink: 'syz.4.8590': attribute type 3 has an invalid length. [ 1224.353587][ T5536] netlink: 'syz.4.8590': attribute type 2 has an invalid length. [ 1224.362172][ T5536] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8590'. [ 1224.495212][ T5543] netlink: 68 bytes leftover after parsing attributes in process `syz.4.8593'. [ 1224.516195][ T5543] netlink: 168 bytes leftover after parsing attributes in process `syz.4.8593'. [ 1224.648438][ T5549] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8595'. [ 1224.725991][ T5552] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8597'. [ 1224.745543][ T5553] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8596'. [ 1224.772462][ T5555] netlink: 80 bytes leftover after parsing attributes in process `syz.1.8598'. [ 1224.825449][ T5552] macvlan8: entered allmulticast mode [ 1224.866391][ T5558] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.8596'. [ 1224.948886][ T5558] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8596'. [ 1225.238269][ T5572] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 1225.543906][ T5582] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1226.384911][ T5622] netlink: 'syz.4.8619': attribute type 10 has an invalid length. [ 1226.445684][ T5622] bond0: (slave dummy0): Releasing backup interface [ 1227.017126][ T5644] netlink: 'syz.2.8625': attribute type 1 has an invalid length. [ 1227.163953][ T5644] 8021q: adding VLAN 0 to HW filter on device bond18 [ 1227.254692][ C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 1227.603290][ T5651] netlink: 'syz.4.8626': attribute type 1 has an invalid length. [ 1227.802280][ T5668] macvlan11: entered allmulticast mode [ 1227.984247][ T5673] tipc: Resetting bearer [ 1228.042362][ T5681] netlink: 'syz.4.8636': attribute type 12 has an invalid length. [ 1229.349460][ T5733] __nla_validate_parse: 10 callbacks suppressed [ 1229.349483][ T5733] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8653'. [ 1229.463119][ T5736] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8654'. [ 1229.476796][ T5736] netlink: 32 bytes leftover after parsing attributes in process `syz.1.8654'. [ 1229.489395][ T5736] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8654'. [ 1229.499274][ T5736] netlink: 32 bytes leftover after parsing attributes in process `syz.1.8654'. [ 1229.805054][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1231.239375][ T5789] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8664'. [ 1231.372546][ T5789] dvmrp0: entered allmulticast mode [ 1232.362067][ T5823] netlink: 'syz.2.8671': attribute type 3 has an invalid length. [ 1232.384776][ T5823] netlink: 132 bytes leftover after parsing attributes in process `syz.2.8671'. [ 1232.518129][ T5827] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8672'. [ 1233.026293][T17513] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1233.042840][T17513] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1233.056555][T17513] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1233.068576][T17513] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1233.077365][T17513] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1234.316747][ T5889] netlink: 'syz.1.8682': attribute type 1 has an invalid length. [ 1234.403240][ T5891] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8682'. [ 1234.573077][ T5889] 8021q: adding VLAN 0 to HW filter on device bond16 [ 1234.672558][ T5889] netlink: 'syz.1.8682': attribute type 1 has an invalid length. [ 1234.735796][ T5889] bond16: (slave batadv1): Opening slave failed [ 1234.807099][ T5901] netlink: 'syz.4.8683': attribute type 10 has an invalid length. [ 1235.004998][ T5910] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8687'. [ 1235.164850][ T5628] Bluetooth: hci4: command tx timeout [ 1235.498770][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 1235.521805][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 1235.537513][ T5841] bridge_slave_0: entered allmulticast mode [ 1235.557132][ T5841] bridge_slave_0: entered promiscuous mode [ 1235.581941][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 1235.593079][ T5938] netlink: 'syz.1.8696': attribute type 1 has an invalid length. [ 1235.595384][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 1235.608829][ T5841] bridge_slave_1: entered allmulticast mode [ 1235.618442][ T5841] bridge_slave_1: entered promiscuous mode [ 1235.646510][ T5942] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8696'. [ 1235.666543][ T5938] 8021q: adding VLAN 0 to HW filter on device bond17 [ 1235.703845][ T5940] netlink: 180568 bytes leftover after parsing attributes in process `syz.3.8697'. [ 1235.719119][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1235.748389][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1235.820480][ T5949] netlink: 'syz.1.8696': attribute type 1 has an invalid length. [ 1235.850859][ T5949] bond17: (slave batadv1): Opening slave failed [ 1235.899888][ T5841] team0: Port device team_slave_0 added [ 1235.921371][ T5841] team0: Port device team_slave_1 added [ 1236.016318][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1236.023396][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1236.051253][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1236.065365][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1236.072442][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1236.108081][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1236.201065][ T5958] netlink: 277 bytes leftover after parsing attributes in process `syz.4.8702'. [ 1236.296041][ T5841] hsr_slave_0: entered promiscuous mode [ 1236.310378][ T5841] hsr_slave_1: entered promiscuous mode [ 1236.329264][ T5841] debugfs: 'hsr0' already exists in 'hsr' [ 1236.344854][ T5841] Cannot create hsr debugfs directory [ 1236.677631][ T5970] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8706'. [ 1236.831812][ T5841] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1236.952699][ T5975] netlink: 68 bytes leftover after parsing attributes in process `syz.1.8708'. [ 1236.980084][ T5975] netlink: 168 bytes leftover after parsing attributes in process `syz.1.8708'. [ 1237.045891][ T5977] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8709'. [ 1237.087563][ T5841] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1237.087651][ T5977] IPVS: set_ctl: invalid protocol: 108 172.20.20.187:20002 [ 1237.152103][ T5977] netlink: 216 bytes leftover after parsing attributes in process `syz.4.8709'. [ 1237.188757][ T5841] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1237.244805][ T5628] Bluetooth: hci4: command tx timeout [ 1237.303456][ T5841] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1237.749424][ T5841] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1237.786709][ T5841] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1237.809976][ T5841] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1237.848804][ T5841] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1237.880202][ T5841] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1237.919580][ T5841] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1237.943846][ T5841] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1237.990212][ T5841] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1238.141867][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1238.207967][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 1238.252916][T30639] bridge0: port 1(bridge_slave_0) entered blocking state [ 1238.260183][T30639] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1238.301509][T30639] bridge0: port 2(bridge_slave_1) entered blocking state [ 1238.308734][T30639] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1238.365974][ T6018] bridge6: entered allmulticast mode [ 1238.908048][ T6041] netlink: 'syz.4.8727': attribute type 1 has an invalid length. [ 1239.325206][ T5628] Bluetooth: hci4: command tx timeout [ 1239.504002][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1239.684358][ T5841] veth0_vlan: entered promiscuous mode [ 1239.724137][ T5841] veth1_vlan: entered promiscuous mode [ 1239.741138][ T6076] __nla_validate_parse: 6 callbacks suppressed [ 1239.741158][ T6076] netlink: 758 bytes leftover after parsing attributes in process `syz.1.8735'. [ 1239.917601][ T5841] veth0_macvtap: entered promiscuous mode [ 1239.960678][ T5841] veth1_macvtap: entered promiscuous mode [ 1240.018998][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1240.073438][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1240.509631][T20142] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1240.539562][T20142] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1240.568933][T20142] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1240.621117][T20142] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1240.984428][ T6106] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8747'. [ 1241.058774][T30647] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1241.097336][T30647] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1241.381860][T20142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1241.400440][T20142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1241.415545][ T5628] Bluetooth: hci4: command tx timeout [ 1241.743185][ T29] audit: type=1800 audit(1778632398.364:19): pid=6135 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.8755" name=CB dev="tmpfs" ino=2533 res=0 errno=0 [ 1241.815436][ T29] audit: type=1800 audit(1778632398.364:20): pid=6134 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.8755" name=CB dev="tmpfs" ino=2533 res=0 errno=0 [ 1242.141271][ T6148] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8759'. [ 1242.294814][ T6157] netlink: 36 bytes leftover after parsing attributes in process `syz.0.8761'. [ 1242.309442][ T6152] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8759'. [ 1242.340728][ T6152] netlink: 348 bytes leftover after parsing attributes in process `syz.2.8759'. [ 1242.390961][ T6162] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8762'. [ 1242.407094][ T6158] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8763'. [ 1242.416828][ T6152] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8759'. [ 1242.452120][ T6163] netlink: 'syz.0.8761': attribute type 1 has an invalid length. [ 1242.470739][ T6152] netlink: 348 bytes leftover after parsing attributes in process `syz.2.8759'. [ 1242.525296][T17513] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1242.546952][T17513] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1242.567959][T17513] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1242.578287][T17513] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1242.618854][T17513] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1243.050764][T28119] bridge0: port 3(syz_tun) entered disabled state [ 1243.200670][T28119] syz_tun (unregistering): left allmulticast mode [ 1243.212095][T28119] syz_tun (unregistering): left promiscuous mode [ 1243.223924][T28119] bridge0: port 3(syz_tun) entered disabled state [ 1243.586993][T20142] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1243.829707][T20142] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1244.080750][T20142] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1244.139018][ T6219] netlink: 'syz.3.8778': attribute type 3 has an invalid length. [ 1244.222483][T20142] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1244.313127][ T6227] x_tables: duplicate underflow at hook 2 [ 1244.524014][ T6230] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 1244.699267][T17513] Bluetooth: hci2: command tx timeout [ 1245.128231][T20142] bridge_slave_1: left allmulticast mode [ 1245.151534][T20142] bridge_slave_1: left promiscuous mode [ 1245.178140][T20142] bridge0: port 2(bridge_slave_1) entered disabled state [ 1245.222837][T20142] bridge_slave_0: left allmulticast mode [ 1245.244318][T20142] bridge_slave_0: left promiscuous mode [ 1245.277212][T20142] bridge0: port 1(bridge_slave_0) entered disabled state [ 1245.608048][ T6280] netlink: 'syz.0.8793': attribute type 1 has an invalid length. [ 1246.163709][T20142] gretap0 (unregistering): left allmulticast mode [ 1246.271906][T20142] bond0 (unregistering): (slave geneve2): Releasing active interface [ 1246.681595][T20142] bond1 (unregistering): Released all slaves [ 1246.721891][T20142] bond0 (unregistering): Released all slaves [ 1246.745930][T20142] bond2 (unregistering): Released all slaves [ 1246.763440][T20142] bond3 (unregistering): Released all slaves [ 1246.775098][T17513] Bluetooth: hci2: command tx timeout [ 1246.793903][T20142] bond4 (unregistering): Released all slaves [ 1246.817121][T20142] bond5 (unregistering): Released all slaves [ 1246.833836][T20142] bond6 (unregistering): Released all slaves [ 1246.856520][T20142] bond7 (unregistering): Released all slaves [ 1246.873853][T20142] bond8 (unregistering): Released all slaves [ 1246.900168][T20142] bond9 (unregistering): Released all slaves [ 1246.917609][T20142] bond10 (unregistering): Released all slaves [ 1246.935958][T20142] bond11 (unregistering): Released all slaves [ 1246.952685][T20142] bond12 (unregistering): Released all slaves [ 1246.976498][T20142] bond13 (unregistering): Released all slaves [ 1246.992657][T20142] bond14 (unregistering): Released all slaves [ 1247.013654][T20142] bond15 (unregistering): Released all slaves [ 1247.033559][T20142] bond16 (unregistering): Released all slaves [ 1247.054068][T20142] bond17 (unregistering): Released all slaves [ 1247.086325][ T5288] 8021q: adding VLAN 0 to HW filter on device eth1 [ 1247.300377][ T6299] netlink: 'syz.2.8796': attribute type 4 has an invalid length. [ 1247.350243][ T6299] __nla_validate_parse: 3 callbacks suppressed [ 1247.350265][ T6299] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.8796'. [ 1247.376385][ T6306] openvswitch: netlink: Key type 29 is not supported [ 1247.412940][ T6309] nbd: socks must be embedded in a SOCK_ITEM attr [ 1247.869807][T20142] 5Ò: left promiscuous mode [ 1248.272191][ T6167] bridge0: port 1(bridge_slave_0) entered blocking state [ 1248.279550][ T6167] bridge0: port 1(bridge_slave_0) entered disabled state [ 1248.292646][ T6167] bridge_slave_0: entered allmulticast mode [ 1248.301170][ T6167] bridge_slave_0: entered promiscuous mode [ 1248.310397][ T6167] bridge0: port 2(bridge_slave_1) entered blocking state [ 1248.318425][ T6167] bridge0: port 2(bridge_slave_1) entered disabled state [ 1248.321925][ T6346] netlink: 'syz.2.8805': attribute type 1 has an invalid length. [ 1248.326917][ T6167] bridge_slave_1: entered allmulticast mode [ 1248.341751][ T6167] bridge_slave_1: entered promiscuous mode [ 1248.444768][T20142] tipc: Disabling bearer [ 1248.476951][T20142] tipc: Left network mode [ 1248.494839][ T6167] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1248.538901][ T6167] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1248.585062][ T6355] netlink: 'syz.2.8807': attribute type 1 has an invalid length. [ 1248.649379][ T6358] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8807'. [ 1248.762449][ T6355] 8021q: adding VLAN 0 to HW filter on device bond19 [ 1248.835729][ T6167] team0: Port device team_slave_0 added [ 1248.854119][T17513] Bluetooth: hci2: command tx timeout [ 1248.898698][ T6355] netlink: 'syz.2.8807': attribute type 1 has an invalid length. [ 1248.908571][ T6167] team0: Port device team_slave_1 added [ 1248.985256][ T6365] team0: entered promiscuous mode [ 1248.997041][ T6365] team_slave_0: entered promiscuous mode [ 1249.013485][ T6365] team_slave_1: entered promiscuous mode [ 1249.030500][ T6364] team0: left promiscuous mode [ 1249.043315][ T6364] team_slave_0: left promiscuous mode [ 1249.063544][ T6364] team_slave_1: left promiscuous mode [ 1249.100705][ T6355] bond19: (slave batadv0): Opening slave failed [ 1249.170372][ T5288] 8021q: adding VLAN 0 to HW filter on device eth2 [ 1249.278860][ T6167] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1249.298444][ T6167] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1249.340922][ T6167] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1249.355724][ T6167] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1249.363075][ T6167] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1249.395013][ T6384] netlink: 'syz.4.8815': attribute type 9 has an invalid length. [ 1249.407073][ T6384] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.8815'. [ 1249.422152][ T6167] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1249.463176][ T6377] netlink: 56 bytes leftover after parsing attributes in process `syz.3.8814'. [ 1249.483348][ T6378] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8813'. [ 1249.871959][ T6167] hsr_slave_0: entered promiscuous mode [ 1249.928483][ T6167] hsr_slave_1: entered promiscuous mode [ 1249.965896][ T6167] debugfs: 'hsr0' already exists in 'hsr' [ 1249.988425][ T6167] Cannot create hsr debugfs directory [ 1250.007623][ T6402] sctp: [Deprecated]: syz.4.8820 (pid 6402) Use of int in max_burst socket option deprecated. [ 1250.007623][ T6402] Use struct sctp_assoc_value instead [ 1250.078655][ T6398] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8818'. [ 1250.632626][T20142] hsr_slave_0: left promiscuous mode [ 1250.681806][T20142] hsr_slave_1: left promiscuous mode [ 1250.704287][T20142] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1250.735640][T20142] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1250.760555][T20142] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1250.777573][ T6423] netlink: 'syz.0.8825': attribute type 1 has an invalid length. [ 1250.788783][T20142] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1250.823904][T20142] veth0_macvtap: left promiscuous mode [ 1250.830952][T20142] veth1_vlan: left promiscuous mode [ 1250.839498][T20142] veth0_vlan: left promiscuous mode [ 1250.854722][ T6427] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8825'. [ 1250.867475][ T6428] netlink: 'syz.4.8824': attribute type 10 has an invalid length. [ 1250.876362][ T6397] IPVS: length: 24 != 14328 [ 1250.901228][ T6424] netlink: 'syz.2.8819': attribute type 7 has an invalid length. [ 1250.927379][T17513] Bluetooth: hci2: command tx timeout [ 1251.045360][ T6436] netlink: 'syz.0.8825': attribute type 1 has an invalid length. [ 1251.456364][ T6445] netlink: 32 bytes leftover after parsing attributes in process `syz.2.8827'. [ 1251.563946][ T6447] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8828'. [ 1251.661151][ T6448] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input14 [ 1251.704905][ T6448] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8828'. [ 1251.761557][T20142] team0 (unregistering): Port device team_slave_1 removed [ 1251.779547][T20142] team0 (unregistering): Port device team_slave_0 removed [ 1251.942529][ T6428] syz_tun: entered promiscuous mode [ 1251.972219][ T6428] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 1252.029469][ T5288] 8021q: adding VLAN 0 to HW filter on device eth3 [ 1252.190831][ T6451] netlink: 'syz.2.8829': attribute type 1 has an invalid length. [ 1252.315281][ T6451] 8021q: adding VLAN 0 to HW filter on device bond20 [ 1252.404161][ T6463] __nla_validate_parse: 1 callbacks suppressed [ 1252.404182][ T6463] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8831'. [ 1252.546874][ T6458] netlink: 'syz.2.8829': attribute type 1 has an invalid length. [ 1252.672146][ T6458] bond20: (slave batadv0): Opening slave failed [ 1252.719578][T20142] IPVS: stop unused estimator thread 0... [ 1253.041596][ T6481] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8835'. [ 1253.079329][ T6476] smc: net device lo applied user defined pnetid SYZ2 [ 1253.152283][ T6478] smc: net device lo erased user defined pnetid SYZ2 [ 1253.284250][ T6481] team0: entered promiscuous mode [ 1253.316978][ T6481] team0: entered allmulticast mode [ 1253.341448][ T6481] 8021q: adding VLAN 0 to HW filter on device team0 [ 1253.403609][ T6488] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8837'. [ 1254.442214][ T6528] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8847'. [ 1254.721764][ T6167] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1254.777074][ T6167] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1254.798804][ T6167] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1254.827194][ T6537] Cannot find set identified by id 65534 to match [ 1254.830916][ T6167] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1254.882025][ T6167] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1254.933319][ T6167] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1254.966524][ T6167] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1255.011828][ T6167] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1255.100488][ T6541] tipc: Enabled bearer , priority 0 [ 1255.157343][ T6541] tipc: Resetting bearer [ 1255.173060][ T6554] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8852'. [ 1255.224201][ T6554] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8852'. [ 1255.290623][ T6557] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1255.336557][ T6535] tipc: Disabling bearer [ 1255.486609][ T6167] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1255.530153][ T6167] 8021q: adding VLAN 0 to HW filter on device team0 [ 1255.575326][T30644] bridge0: port 1(bridge_slave_0) entered blocking state [ 1255.582544][T30644] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1255.667960][ T6572] netlink: 24 bytes leftover after parsing attributes in process `syz.4.8857'. [ 1255.705314][T30644] bridge0: port 2(bridge_slave_1) entered blocking state [ 1255.712563][T30644] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1255.994267][ T6584] netlink: 20 bytes leftover after parsing attributes in process `syz.4.8859'. [ 1256.199804][ T6591] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.8860'. [ 1256.856782][ T6617] netlink: 148 bytes leftover after parsing attributes in process `syz.0.8864'. [ 1257.532703][ T6167] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1257.924280][ T6662] netlink: 20 bytes leftover after parsing attributes in process `syz.4.8871'. [ 1257.969210][ T6664] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8872'. [ 1258.032230][ T6668] netlink: 'syz.0.8872': attribute type 22 has an invalid length. [ 1258.051309][ T6668] netlink: 36 bytes leftover after parsing attributes in process `syz.0.8872'. [ 1258.271370][ T6167] veth0_vlan: entered promiscuous mode [ 1258.349095][ T6167] veth1_vlan: entered promiscuous mode [ 1258.454164][ T6167] veth0_macvtap: entered promiscuous mode [ 1258.540926][ T6167] veth1_macvtap: entered promiscuous mode [ 1258.645579][ T6167] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1258.676069][ T6686] netlink: 'syz.4.8876': attribute type 39 has an invalid length. [ 1258.725198][ T6167] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1258.780419][ T6686] bond0: (slave syz_tun): Releasing backup interface [ 1258.820462][ T6689] netlink: 750 bytes leftover after parsing attributes in process `syz.0.8877'. [ 1258.856824][T30648] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1258.879158][T30648] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1258.899585][ T6693] IPVS: set_ctl: invalid protocol: 46 172.20.20.187:20002 [ 1258.911075][T30648] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1258.941810][T30648] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1259.353764][T30645] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1259.399221][T30645] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1259.546603][T20142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1259.577727][T20142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1259.664383][ T6723] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8887'. [ 1259.748316][ T6723] macvlan5: entered allmulticast mode [ 1259.771406][ T6723] gretap0: entered allmulticast mode [ 1259.945941][ T5627] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 1259.993487][ T6739] openvswitch: netlink: VXLAN extension 307 out of range max 1 [ 1260.212376][T30648] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 1260.926074][ T5627] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 1261.059956][ T6764] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1261.263469][T30640] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 1261.297260][T30640] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 1261.481185][ T6764] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1261.764246][ T6798] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8900'. [ 1261.909355][ T6764] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1262.025404][ T6798] macvlan9: entered allmulticast mode [ 1262.062856][ T5627] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 1262.274034][ T6764] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1262.980721][ T6831] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8907'. [ 1263.001779][T30645] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1263.085426][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1263.131781][T30644] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1263.228935][T30644] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1263.347436][T30644] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1263.709313][ T6869] syzkaller0: entered promiscuous mode [ 1263.732045][ T6869] syzkaller0: entered allmulticast mode [ 1263.904279][ T6881] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8915'. [ 1263.944397][ T6885] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8919'. [ 1263.976795][ T6885] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8919'. [ 1264.209324][ T6892] netlink: 140 bytes leftover after parsing attributes in process `syz.0.8920'. [ 1264.758029][ T6898] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8921'. [ 1264.803617][ T6898] netlink: 20 bytes leftover after parsing attributes in process `syz.4.8921'. [ 1264.837740][ T6905] IPv6: Can't replace route, no match found [ 1264.920545][ T6909] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8923'. [ 1264.941454][ T6909] netlink: 24 bytes leftover after parsing attributes in process `syz.2.8923'. [ 1265.005398][ C1] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 1265.032064][ T6914] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8924'. [ 1266.993099][ T6970] tipc: Failed to remove unknown binding: 66,0,0/0:3977591940/3977591942 [ 1267.026323][ T6970] tipc: Failed to remove unknown binding: 66,0,0/0:3977591940/3977591941 [ 1267.099511][ T6970] tipc: Failed to remove unknown binding: 66,0,0/0:3977591940/3977591942 [ 1267.115412][ T6970] tipc: Failed to remove unknown binding: 66,0,0/0:3977591940/3977591941 [ 1267.203015][ T6975] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1268.473757][ T7020] netem: change failed [ 1268.722480][ T7033] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1269.536464][ T7071] __nla_validate_parse: 2 callbacks suppressed [ 1269.536484][ T7071] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8956'. [ 1269.712653][ T5627] IPVS: starting estimator thread 0... [ 1269.806212][ T7079] IPVS: using max 26 ests per chain, 62400 per kthread [ 1269.835431][ T7087] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8959'. [ 1270.033465][ T7098] netlink: 256 bytes leftover after parsing attributes in process `syz.3.8959'. [ 1270.096191][ T7098] openvswitch: netlink: Flow key attr not present in new flow. [ 1270.153378][ T7100] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1270.270270][ T5628] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1270.288339][ T5628] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1270.297754][ T5628] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1270.308480][ T5628] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1270.318471][ T5628] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1270.488251][ T7113] netlink: 212336 bytes leftover after parsing attributes in process `syz.4.8964'. [ 1270.512706][ T7113] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8964'. [ 1271.732015][ T7177] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1271.804432][ T7183] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8975'. [ 1271.881199][ T7186] netlink: 36 bytes leftover after parsing attributes in process `syz.4.8974'. [ 1272.074068][ T7191] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8977'. [ 1272.362786][ T7203] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8981'. [ 1272.365599][T17513] Bluetooth: hci5: command tx timeout [ 1272.399331][ T7204] netlink: 'syz.3.8980': attribute type 49 has an invalid length. [ 1272.539368][ T7129] bridge_slave_1: left allmulticast mode [ 1272.557014][ T7129] bridge_slave_1: left promiscuous mode [ 1272.563571][ T7129] bridge0: port 2(bridge_slave_1) entered disabled state [ 1272.578155][ T7209] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8983'. [ 1272.590995][ T7129] bridge_slave_0: left allmulticast mode [ 1272.615187][ T7129] bridge_slave_0: left promiscuous mode [ 1272.633548][ T7129] bridge0: port 1(bridge_slave_0) entered disabled state [ 1272.684670][ C1] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 1272.721577][ T7129] pimreg: left allmulticast mode [ 1273.039553][ T7129] gretap0 (unregistering): left allmulticast mode [ 1273.335345][ T7129] bond15 (unregistering): (slave bridge4): Releasing backup interface [ 1273.523438][ T7129] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1273.534323][ T7129] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1273.547304][ T7129] bond0 (unregistering): Released all slaves [ 1273.563000][ T7129] bond1 (unregistering): Released all slaves [ 1273.581825][ T7129] bond2 (unregistering): Released all slaves [ 1273.603447][ T7129] bond3 (unregistering): Released all slaves [ 1273.620813][ T7129] bond4 (unregistering): Released all slaves [ 1273.643192][ T7129] bond5 (unregistering): Released all slaves [ 1273.662144][ T7129] bond6 (unregistering): Released all slaves [ 1273.686866][ T7129] bond7 (unregistering): Released all slaves [ 1273.702974][ T7129] bond8 (unregistering): Released all slaves [ 1273.723947][ T7129] bond9 (unregistering): Released all slaves [ 1273.741211][ T7129] bond10 (unregistering): Released all slaves [ 1273.761181][ T7129] bond11 (unregistering): Released all slaves [ 1273.786021][ T7129] bond12 (unregistering): Released all slaves [ 1273.803758][ T7129] bond13 (unregistering): Released all slaves [ 1273.827873][ T7129] bond14 (unregistering): Released all slaves [ 1273.844634][ T7129] bond15 (unregistering): Released all slaves [ 1273.862085][ T7129] bond16 (unregistering): Released all slaves [ 1273.878689][ T7129] bond17 (unregistering): Released all slaves [ 1273.900597][ T7129] bond18 (unregistering): Released all slaves [ 1273.922549][ T7129] bond19 (unregistering): Released all slaves [ 1273.939283][ T7129] bond20 (unregistering): Released all slaves [ 1273.971664][ T7209] vlan2: entered allmulticast mode [ 1273.978519][ T7209] macvtap0: entered allmulticast mode [ 1273.984105][ T7209] veth0_macvtap: entered allmulticast mode [ 1274.320180][ T7129] : left promiscuous mode [ 1274.427003][ T7244] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1274.450818][T17513] Bluetooth: hci5: command tx timeout [ 1274.483377][ T7240] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 1274.495139][ T7244] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1274.549263][ T7244] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1274.570719][ T7244] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1274.685713][ T7129] tipc: Left network mode [ 1274.802302][ T7261] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 1274.821858][ T7261] bond1: (slave lo): Enslaving as an active interface with an up link [ 1274.832204][ T7261] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 1274.892960][ T7255] veth1_macvtap: left promiscuous mode [ 1274.898747][ T7255] macsec0: entered promiscuous mode [ 1274.906240][ T7255] macsec0: entered allmulticast mode [ 1274.922944][ T7129] IPVS: stopping backup sync thread 32179 ... [ 1275.191294][ T7284] netlink: 'syz.3.9000': attribute type 1 has an invalid length. [ 1275.219036][ T7281] geneve2: entered promiscuous mode [ 1275.260057][ T7282] __nla_validate_parse: 2 callbacks suppressed [ 1275.260077][ T7282] netlink: 56 bytes leftover after parsing attributes in process `syz.1.8998'. [ 1275.382718][ T7282] netlink: 19 bytes leftover after parsing attributes in process `syz.1.8998'. [ 1275.425155][ T7282] netlink: 19 bytes leftover after parsing attributes in process `syz.1.8998'. [ 1275.536332][ T7284] workqueue: Failed to create a rescuer kthread for wq "bond15": -EINTR [ 1275.840644][ T7325] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 1276.013996][ T7102] bridge0: port 1(bridge_slave_0) entered blocking state [ 1276.088363][ T7102] bridge0: port 1(bridge_slave_0) entered disabled state [ 1276.143021][ T7102] bridge_slave_0: entered allmulticast mode [ 1276.217776][ T7343] netlink: 'syz.0.9005': attribute type 1 has an invalid length. [ 1276.226164][ T7102] bridge_slave_0: entered promiscuous mode [ 1276.319164][ T7344] netlink: 28 bytes leftover after parsing attributes in process `syz.0.9005'. [ 1276.478735][ T7352] netlink: 'syz.1.9008': attribute type 1 has an invalid length. [ 1276.491158][ T7343] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1276.499715][ T7102] bridge0: port 2(bridge_slave_1) entered blocking state [ 1276.507815][ T7102] bridge0: port 2(bridge_slave_1) entered disabled state [ 1276.518032][ T7102] bridge_slave_1: entered allmulticast mode [ 1276.527951][T17513] Bluetooth: hci5: command tx timeout [ 1276.544001][ T7355] netlink: 28 bytes leftover after parsing attributes in process `syz.1.9008'. [ 1276.545731][ T7102] bridge_slave_1: entered promiscuous mode [ 1276.567595][ T7343] netlink: 'syz.0.9005': attribute type 1 has an invalid length. [ 1276.667191][ T7343] bond2: (slave batadv1): Opening slave failed [ 1276.706691][ T7102] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1276.729416][ T7102] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1276.750255][ T7360] netlink: 'syz.1.9008': attribute type 1 has an invalid length. [ 1276.772484][ T7361] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9010'. [ 1276.988489][ T7102] team0: Port device team_slave_0 added [ 1277.035578][ T7102] team0: Port device team_slave_1 added [ 1277.266862][ T7102] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1277.292357][ T7102] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1277.373699][ T7102] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1277.446503][ T7368] netlink: 'syz.3.9012': attribute type 22 has an invalid length. [ 1277.477484][ T7368] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9012'. [ 1277.487737][ T7102] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1277.517056][ T7102] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1277.584674][ T7102] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1277.739361][ T7129] hsr_slave_0: left promiscuous mode [ 1277.776416][ T7129] hsr_slave_1: left promiscuous mode [ 1277.818852][ T7386] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1277.838500][ T7129] pim6reg (unregistering): left allmulticast mode [ 1278.472124][ T7125] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1278.483615][ T7125] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1278.539078][ T7125] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1278.548790][ T7125] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1278.605233][T17513] Bluetooth: hci5: command tx timeout [ 1278.682819][ T7102] hsr_slave_0: entered promiscuous mode [ 1278.690112][ T7102] hsr_slave_1: entered promiscuous mode [ 1278.698544][ T7102] debugfs: 'hsr0' already exists in 'hsr' [ 1278.705660][ T7102] Cannot create hsr debugfs directory [ 1279.106528][ T7427] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1279.413999][ T7417] veth1_macvtap: entered promiscuous mode [ 1279.460325][ T7417] veth1_macvtap: entered allmulticast mode [ 1279.496521][ T7417] macsec0: left promiscuous mode [ 1279.595539][ T7417] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1279.603651][ T7417] geneve2: left promiscuous mode [ 1279.937115][ T7454] netlink: 192 bytes leftover after parsing attributes in process `syz.3.9026'. [ 1280.459897][ T7464] netlink: 76 bytes leftover after parsing attributes in process `syz.3.9027'. [ 1280.494370][ T7464] netlink: 76 bytes leftover after parsing attributes in process `syz.3.9027'. [ 1280.650717][ T7470] netlink: 5 bytes leftover after parsing attributes in process `syz.0.9028'. [ 1280.730840][ T7470] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1280.837517][ T7477] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1281.091425][ T7487] netlink: 'syz.3.9029': attribute type 1 has an invalid length. [ 1281.488577][ T7102] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1281.501199][ T7102] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1281.511066][ T7102] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1281.521248][ T7102] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1281.530388][ T7102] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1281.540946][ T7102] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1281.552370][ T7102] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1281.563670][ T7102] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1281.682418][ T7102] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1281.724390][ T7102] 8021q: adding VLAN 0 to HW filter on device team0 [ 1281.753829][T30650] bridge0: port 1(bridge_slave_0) entered blocking state [ 1281.761048][T30650] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1281.827921][T20151] bridge0: port 2(bridge_slave_1) entered blocking state [ 1281.835169][T20151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1282.608334][ T7539] sctp: [Deprecated]: syz.1.9033 (pid 7539) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1282.608334][ T7539] Use struct sctp_sack_info instead [ 1282.845181][T20151] wlan1: Trigger new scan to find an IBSS to join [ 1282.867232][ T7102] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1283.013980][ T7102] veth0_vlan: entered promiscuous mode [ 1283.100572][ T7102] veth1_vlan: entered promiscuous mode [ 1283.350665][ T7102] veth0_macvtap: entered promiscuous mode [ 1283.386022][ T7102] veth1_macvtap: entered promiscuous mode [ 1283.439961][ T7548] netlink: 6032 bytes leftover after parsing attributes in process `syz.1.9035'. [ 1283.442080][ T7102] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1283.496666][ T7102] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1283.564356][ T7125] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1283.627270][ T7125] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1283.654296][ T7125] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1283.687491][ T7125] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1283.698592][ T7554] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9037'. [ 1283.982174][ T7555] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1284.074005][ T7568] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9042'. [ 1284.076066][T20151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1284.123549][T20151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1284.193263][ T7571] netlink: 36 bytes leftover after parsing attributes in process `syz.4.9043'. [ 1284.202968][ T7571] netlink: 36 bytes leftover after parsing attributes in process `syz.4.9043'. [ 1284.296353][ T7555] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1284.367591][ T7125] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1284.394101][ T7125] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1284.405546][ T7579] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9046'. [ 1284.430810][ T7579] netlink: 'syz.1.9046': attribute type 1 has an invalid length. [ 1284.440403][ T7580] openvswitch: netlink: IPv4 tun info is not correct [ 1284.448448][ T7579] netlink: 240 bytes leftover after parsing attributes in process `syz.1.9046'. [ 1284.527209][ T7555] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1284.559628][ T7583] xt_cgroup: xt_cgroup: no path or classid specified [ 1284.631095][ T7588] xt_cgroup: xt_cgroup: no path or classid specified [ 1284.787836][ T7555] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1285.243754][T20151] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1285.312158][T20151] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1285.330011][T20151] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1285.421095][T20151] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1285.473992][ T5628] block nbd5: Receive control failed (result -32) [ 1285.473992][T17513] block nbd5: Receive control failed (result -32) [ 1285.828774][ T7635] __nla_validate_parse: 2 callbacks suppressed [ 1285.828793][ T7635] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9057'. [ 1286.048618][ T7635] vlan2: entered promiscuous mode [ 1286.057270][ T7635] veth1: entered promiscuous mode [ 1286.846687][T20151] wlan1: Trigger new scan to find an IBSS to join [ 1286.938411][T30636] wlan1: Creating new IBSS network, BSSID fa:f1:16:d9:f4:f0 [ 1287.293299][ T7682] bond1: up delay (1) is not a multiple of miimon (100), value rounded to 0 ms [ 1287.317095][ T7682] bond1: down delay (128) is not a multiple of miimon (100), value rounded to 100 ms [ 1287.501844][ T7697] netlink: 200 bytes leftover after parsing attributes in process `syz.4.9075'. [ 1287.534706][ T7688] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 1287.679796][ T7704] netlink: 68 bytes leftover after parsing attributes in process `syz.1.9078'. [ 1287.728037][ T7704] netlink: 168 bytes leftover after parsing attributes in process `syz.1.9078'. [ 1287.948696][ T7706] netlink: 364 bytes leftover after parsing attributes in process `syz.0.9079'. [ 1288.055040][ T7716] netlink: 36 bytes leftover after parsing attributes in process `syz.2.9080'. [ 1288.401906][ T7725] FAULT_INJECTION: forcing a failure. [ 1288.401906][ T7725] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1288.454384][ T7725] CPU: 1 UID: 0 PID: 7725 Comm: syz.2.9083 Not tainted syzkaller #0 PREEMPT(full) [ 1288.454414][ T7725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1288.454432][ T7725] Call Trace: [ 1288.454441][ T7725] [ 1288.454451][ T7725] dump_stack_lvl+0xe8/0x150 [ 1288.454489][ T7725] should_fail_ex+0x412/0x560 [ 1288.454526][ T7725] _copy_from_user+0x2d/0xb0 [ 1288.454561][ T7725] ___sys_recvmsg+0x175/0x590 [ 1288.454590][ T7725] ? __pfx____sys_recvmsg+0x10/0x10 [ 1288.454617][ T7725] ? __fget_files+0x2a/0x420 [ 1288.454679][ T7725] do_recvmmsg+0x334/0x800 [ 1288.454712][ T7725] ? __pfx_do_recvmmsg+0x10/0x10 [ 1288.454748][ T7725] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1288.454792][ T7725] __x64_sys_recvmmsg+0x198/0x250 [ 1288.454817][ T7725] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1288.454850][ T7725] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1288.454875][ T7725] do_syscall_64+0x15f/0xf80 [ 1288.454895][ T7725] ? trace_irq_disable+0x3b/0x140 [ 1288.454928][ T7725] ? clear_bhb_loop+0x40/0x90 [ 1288.454956][ T7725] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1288.454979][ T7725] RIP: 0033:0x7f2601f9ce59 [ 1288.455018][ T7725] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1288.455037][ T7725] RSP: 002b:00007f2602eba028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1288.455061][ T7725] RAX: ffffffffffffffda RBX: 00007f2602215fa0 RCX: 00007f2601f9ce59 [ 1288.455078][ T7725] RDX: 040000000000018c RSI: 00002000000050c0 RDI: 0000000000000004 [ 1288.455094][ T7725] RBP: 00007f2602eba090 R08: 0000000000000000 R09: 0000000000000000 [ 1288.455108][ T7725] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1288.455122][ T7725] R13: 00007f2602216038 R14: 00007f2602215fa0 R15: 00007fff7e6180d8 [ 1288.455159][ T7725] [ 1288.998117][ T7739] netlink: 'syz.0.9087': attribute type 1 has an invalid length. [ 1289.007641][ T7739] netlink: 'syz.0.9087': attribute type 1 has an invalid length. [ 1289.019035][ T7739] netlink: 'syz.0.9087': attribute type 1 has an invalid length. [ 1289.028118][ T7739] netlink: 'syz.0.9087': attribute type 1 has an invalid length. [ 1289.036515][ T7739] netlink: 'syz.0.9087': attribute type 1 has an invalid length. [ 1289.045611][ T7739] netlink: 'syz.0.9087': attribute type 1 has an invalid length. [ 1289.077588][ T7739] netlink: 'syz.0.9087': attribute type 1 has an invalid length. [ 1289.085878][ T5628] Bluetooth: hci5: command 0x0405 tx timeout [ 1289.099204][ T7739] netlink: 'syz.0.9087': attribute type 1 has an invalid length. [ 1289.107818][ T7739] netlink: 'syz.0.9087': attribute type 1 has an invalid length. [ 1289.181808][ T7748] netlink: 68 bytes leftover after parsing attributes in process `syz.2.9091'. [ 1289.205185][ T7748] netlink: 168 bytes leftover after parsing attributes in process `syz.2.9091'. [ 1289.419168][ T7759] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9095'. [ 1289.446598][ T7755] syzkaller0: entered promiscuous mode [ 1289.483314][ T7755] syzkaller0: entered allmulticast mode [ 1289.513471][ T7765] FAULT_INJECTION: forcing a failure. [ 1289.513471][ T7765] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1289.527800][ T7765] CPU: 0 UID: 0 PID: 7765 Comm: syz.2.9096 Not tainted syzkaller #0 PREEMPT(full) [ 1289.527836][ T7765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1289.527850][ T7765] Call Trace: [ 1289.527859][ T7765] [ 1289.527869][ T7765] dump_stack_lvl+0xe8/0x150 [ 1289.527906][ T7765] should_fail_ex+0x412/0x560 [ 1289.527940][ T7765] _copy_from_user+0x2d/0xb0 [ 1289.527975][ T7765] ___sys_recvmsg+0x175/0x590 [ 1289.528003][ T7765] ? __pfx____sys_recvmsg+0x10/0x10 [ 1289.528030][ T7765] ? __fget_files+0x2a/0x420 [ 1289.528091][ T7765] do_recvmmsg+0x334/0x800 [ 1289.528122][ T7765] ? __pfx_do_recvmmsg+0x10/0x10 [ 1289.528166][ T7765] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1289.528208][ T7765] __x64_sys_recvmmsg+0x198/0x250 [ 1289.528235][ T7765] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1289.528265][ T7765] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1289.528288][ T7765] do_syscall_64+0x15f/0xf80 [ 1289.528308][ T7765] ? trace_irq_disable+0x3b/0x140 [ 1289.528342][ T7765] ? clear_bhb_loop+0x40/0x90 [ 1289.528370][ T7765] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1289.528392][ T7765] RIP: 0033:0x7f2601f9ce59 [ 1289.528412][ T7765] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1289.528431][ T7765] RSP: 002b:00007f2602eba028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1289.528455][ T7765] RAX: ffffffffffffffda RBX: 00007f2602215fa0 RCX: 00007f2601f9ce59 [ 1289.528471][ T7765] RDX: 040000000000018c RSI: 00002000000050c0 RDI: 0000000000000004 [ 1289.528486][ T7765] RBP: 00007f2602eba090 R08: 0000000000000000 R09: 0000000000000000 [ 1289.528499][ T7765] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1289.528513][ T7765] R13: 00007f2602216038 R14: 00007f2602215fa0 R15: 00007fff7e6180d8 [ 1289.528548][ T7765] [ 1290.098564][T30638] tipc: Subscription rejected, illegal request [ 1290.148354][ T7777] can: request_module (can-proto-0) failed. [ 1290.219032][ T7782] tipc: Started in network mode [ 1290.224047][ T7782] tipc: Node identity 6acc4c890d44, cluster identity 4711 [ 1290.249341][ T7782] tipc: Enabled bearer , priority 0 [ 1290.258907][ T7782] syzkaller0: entered promiscuous mode [ 1290.266610][ T7782] syzkaller0: entered allmulticast mode [ 1290.370462][ T7788] netlink: 68 bytes leftover after parsing attributes in process `syz.0.9103'. [ 1290.391076][ T7782] tipc: Resetting bearer [ 1290.477700][ T7782] tipc: Resetting bearer [ 1290.505766][ T7793] IPv6: addrconf: prefix option has invalid lifetime [ 1290.539430][ T7793] x_tables: duplicate underflow at hook 3 [ 1290.633205][ T7782] tipc: Disabling bearer [ 1290.731034][ T7804] validate_nla: 47 callbacks suppressed [ 1290.731052][ T7804] netlink: 'syz.2.9108': attribute type 1 has an invalid length. [ 1290.776575][ T7805] netlink: 'syz.2.9108': attribute type 1 has an invalid length. [ 1290.860423][ T7805] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1290.908795][ T7804] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 1290.990098][ T7823] netlink: 'syz.3.9113': attribute type 58 has an invalid length. [ 1291.022693][ T7823] __nla_validate_parse: 1 callbacks suppressed [ 1291.022711][ T7823] netlink: 20 bytes leftover after parsing attributes in process `syz.3.9113'. [ 1291.258934][ T7837] netlink: 68 bytes leftover after parsing attributes in process `syz.1.9115'. [ 1291.299663][ T7837] netlink: 168 bytes leftover after parsing attributes in process `syz.1.9115'. [ 1291.682488][ T7852] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9119'. [ 1291.705020][ T7853] netlink: 'syz.3.9120': attribute type 21 has an invalid length. [ 1291.725584][ T7852] gretap0: entered promiscuous mode [ 1291.736847][ T7852] macvlan2: entered allmulticast mode [ 1291.743955][ T7853] IPv6: NLM_F_CREATE should be specified when creating new route [ 1291.754278][ T7852] gretap0: entered allmulticast mode [ 1291.765817][ T7853] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1291.773107][ T7853] IPv6: NLM_F_CREATE should be set when creating new route [ 1291.780436][ T7853] IPv6: NLM_F_CREATE should be set when creating new route [ 1291.787727][ T7853] IPv6: NLM_F_CREATE should be set when creating new route [ 1292.005385][ T7866] netlink: 'syz.4.9123': attribute type 12 has an invalid length. [ 1292.023741][ T7866] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9123'. [ 1292.035195][ T7866] bond0: option primary_reselect: invalid value (191) [ 1292.127421][ T7869] pim6reg0: tun_chr_ioctl cmd 1074025675 [ 1292.133372][ T7869] pim6reg0: persist disabled [ 1292.333004][ T7873] bond12: option resend_igmp: invalid value (14546) [ 1292.339853][ T7873] bond12: option resend_igmp: allowed values 0 - 255 [ 1292.458381][ T7873] bond12 (unregistering): Released all slaves [ 1292.560408][ T7880] netlink: 68 bytes leftover after parsing attributes in process `syz.3.9127'. [ 1292.586437][ T7880] netlink: 168 bytes leftover after parsing attributes in process `syz.3.9127'. [ 1293.219268][ T7898] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9135'. [ 1293.229111][ T7898] nbd: must specify a size in bytes for the device [ 1293.258206][ T7902] netlink: 36 bytes leftover after parsing attributes in process `syz.1.9134'. [ 1293.338919][ T7907] netlink: 44 bytes leftover after parsing attributes in process `syz.0.9137'. [ 1293.431235][ T7900] bond15: (slave bond_slave_1): Device is not bonding slave [ 1293.468843][ T7900] bond15: option active_slave: invalid value (bond_slave_1) [ 1293.510778][ T7900] bond15 (unregistering): Released all slaves [ 1293.705845][ T7924] macvlan1: entered allmulticast mode [ 1293.726404][ T7924] veth1_vlan: entered allmulticast mode [ 1293.805883][ T7924] macvlan1: left allmulticast mode [ 1293.831581][ T7924] veth1_vlan: left allmulticast mode [ 1293.871425][ T7935] netlink: 'syz.0.9144': attribute type 1 has an invalid length. [ 1294.576001][ T7954] "syz.0.9150" (7954) uses obsolete ecb(arc4) skcipher [ 1294.850996][ T7988] netlink: 'syz.1.9158': attribute type 1 has an invalid length. [ 1294.932778][ T7988] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1295.119073][ T7993] netlink: 'syz.1.9158': attribute type 1 has an invalid length. [ 1295.233547][ T7993] bond1: (slave batadv0): Opening slave failed [ 1295.631633][ T8019] FAULT_INJECTION: forcing a failure. [ 1295.631633][ T8019] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1295.687195][ T8019] CPU: 0 UID: 0 PID: 8019 Comm: syz.3.9166 Not tainted syzkaller #0 PREEMPT(full) [ 1295.687225][ T8019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1295.687238][ T8019] Call Trace: [ 1295.687247][ T8019] [ 1295.687256][ T8019] dump_stack_lvl+0xe8/0x150 [ 1295.687287][ T8019] should_fail_ex+0x412/0x560 [ 1295.687319][ T8019] _copy_from_user+0x2d/0xb0 [ 1295.687351][ T8019] ___sys_recvmsg+0x175/0x590 [ 1295.687378][ T8019] ? __pfx____sys_recvmsg+0x10/0x10 [ 1295.687402][ T8019] ? __fget_files+0x2a/0x420 [ 1295.687458][ T8019] do_recvmmsg+0x334/0x800 [ 1295.687488][ T8019] ? __pfx_do_recvmmsg+0x10/0x10 [ 1295.687519][ T8019] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1295.687557][ T8019] __x64_sys_recvmmsg+0x198/0x250 [ 1295.687582][ T8019] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1295.687612][ T8019] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1295.687635][ T8019] do_syscall_64+0x15f/0xf80 [ 1295.687660][ T8019] ? trace_irq_disable+0x3b/0x140 [ 1295.687691][ T8019] ? clear_bhb_loop+0x40/0x90 [ 1295.687715][ T8019] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1295.687735][ T8019] RIP: 0033:0x7f5144f9ce59 [ 1295.687754][ T8019] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1295.687772][ T8019] RSP: 002b:00007f5145f14028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1295.687798][ T8019] RAX: ffffffffffffffda RBX: 00007f5145215fa0 RCX: 00007f5144f9ce59 [ 1295.687813][ T8019] RDX: 040000000000018c RSI: 00002000000050c0 RDI: 0000000000000004 [ 1295.687827][ T8019] RBP: 00007f5145f14090 R08: 0000000000000000 R09: 0000000000000000 [ 1295.687858][ T8019] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1295.687872][ T8019] R13: 00007f5145216038 R14: 00007f5145215fa0 R15: 00007ffe2d454e78 [ 1295.687909][ T8019] [ 1296.493182][ T8057] __nla_validate_parse: 15 callbacks suppressed [ 1296.493205][ T8057] netlink: 128 bytes leftover after parsing attributes in process `syz.1.9175'. [ 1296.571154][ T8057] netlink: 20 bytes leftover after parsing attributes in process `syz.1.9175'. [ 1296.826194][ T8064] xt_hashlimit: size too large, truncated to 1048576 [ 1297.249940][ T8074] FAULT_INJECTION: forcing a failure. [ 1297.249940][ T8074] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1297.290385][ T8074] CPU: 1 UID: 0 PID: 8074 Comm: syz.3.9179 Not tainted syzkaller #0 PREEMPT(full) [ 1297.290413][ T8074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1297.290425][ T8074] Call Trace: [ 1297.290433][ T8074] [ 1297.290442][ T8074] dump_stack_lvl+0xe8/0x150 [ 1297.290471][ T8074] should_fail_ex+0x412/0x560 [ 1297.290500][ T8074] _copy_from_user+0x2d/0xb0 [ 1297.290526][ T8074] __sys_bpf+0x229/0x950 [ 1297.290554][ T8074] ? __pfx___sys_bpf+0x10/0x10 [ 1297.290591][ T8074] ? ksys_write+0x242/0x270 [ 1297.290619][ T8074] ? __pfx_ksys_write+0x10/0x10 [ 1297.290646][ T8074] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1297.290664][ T8074] __x64_sys_bpf+0x7c/0x90 [ 1297.290688][ T8074] do_syscall_64+0x15f/0xf80 [ 1297.290704][ T8074] ? trace_irq_disable+0x3b/0x140 [ 1297.290729][ T8074] ? clear_bhb_loop+0x40/0x90 [ 1297.290750][ T8074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1297.290766][ T8074] RIP: 0033:0x7f5144f9ce59 [ 1297.290781][ T8074] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1297.290795][ T8074] RSP: 002b:00007f5145f14028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1297.290813][ T8074] RAX: ffffffffffffffda RBX: 00007f5145215fa0 RCX: 00007f5144f9ce59 [ 1297.290825][ T8074] RDX: 0000000000000094 RSI: 0000200000000440 RDI: 0000000000000005 [ 1297.290838][ T8074] RBP: 00007f5145f14090 R08: 0000000000000000 R09: 0000000000000000 [ 1297.290849][ T8074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1297.290859][ T8074] R13: 00007f5145216038 R14: 00007f5145215fa0 R15: 00007ffe2d454e78 [ 1297.290884][ T8074] [ 1297.627906][ T8075] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9178'. [ 1297.793951][ T8091] netlink: 36 bytes leftover after parsing attributes in process `syz.0.9180'. [ 1298.177833][ T8104] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9185'. [ 1298.386486][ T8113] netlink: 'syz.0.9188': attribute type 1 has an invalid length. [ 1298.401426][ T8114] netlink: 'syz.0.9188': attribute type 1 has an invalid length. [ 1298.477341][ T8113] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address [ 1298.489723][ T8113] bond3: (slave vxcan3): Error -95 calling set_mac_address [ 1298.545153][ T29] audit: type=1804 audit(1778632455.164:21): pid=8118 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.9189" name="/newroot/517/cgroup.controllers" dev="tmpfs" ino=2653 res=1 errno=0 [ 1298.579049][ T29] audit: type=1800 audit(1778632455.174:22): pid=8118 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.9189" name="cgroup.controllers" dev="tmpfs" ino=2653 res=0 errno=0 [ 1298.637086][ T8114] bond3: (slave gretap1): making interface the new active one [ 1298.668635][ T8114] bond3: (slave gretap1): Enslaving as an active interface with an up link [ 1298.916991][ T8136] netlink: 'syz.3.9193': attribute type 1 has an invalid length. [ 1298.932209][ T8136] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9193'. [ 1299.036525][ T8142] netlink: 36 bytes leftover after parsing attributes in process `syz.3.9195'. [ 1299.309353][ T8149] FAULT_INJECTION: forcing a failure. [ 1299.309353][ T8149] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1299.325029][ T8149] CPU: 0 UID: 0 PID: 8149 Comm: syz.0.9198 Not tainted syzkaller #0 PREEMPT(full) [ 1299.325059][ T8149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1299.325073][ T8149] Call Trace: [ 1299.325091][ T8149] [ 1299.325101][ T8149] dump_stack_lvl+0xe8/0x150 [ 1299.325131][ T8149] should_fail_ex+0x412/0x560 [ 1299.325164][ T8149] _copy_from_user+0x2d/0xb0 [ 1299.325195][ T8149] ___sys_recvmsg+0x175/0x590 [ 1299.325223][ T8149] ? __pfx____sys_recvmsg+0x10/0x10 [ 1299.325248][ T8149] ? __fget_files+0x2a/0x420 [ 1299.325307][ T8149] do_recvmmsg+0x334/0x800 [ 1299.325337][ T8149] ? __pfx_do_recvmmsg+0x10/0x10 [ 1299.325371][ T8149] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1299.325411][ T8149] __x64_sys_recvmmsg+0x198/0x250 [ 1299.325436][ T8149] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1299.325466][ T8149] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1299.325489][ T8149] do_syscall_64+0x15f/0xf80 [ 1299.325507][ T8149] ? trace_irq_disable+0x3b/0x140 [ 1299.325539][ T8149] ? clear_bhb_loop+0x40/0x90 [ 1299.325568][ T8149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1299.325591][ T8149] RIP: 0033:0x7f82b4d9ce59 [ 1299.325610][ T8149] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1299.325629][ T8149] RSP: 002b:00007f82b5c61028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1299.325652][ T8149] RAX: ffffffffffffffda RBX: 00007f82b5015fa0 RCX: 00007f82b4d9ce59 [ 1299.325668][ T8149] RDX: 040000000000018c RSI: 00002000000050c0 RDI: 0000000000000004 [ 1299.325683][ T8149] RBP: 00007f82b5c61090 R08: 0000000000000000 R09: 0000000000000000 [ 1299.325697][ T8149] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1299.325710][ T8149] R13: 00007f82b5016038 R14: 00007f82b5015fa0 R15: 00007ffef847c9b8 [ 1299.325757][ T8149] [ 1299.531448][ T8150] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9197'. [ 1299.577091][ T8150] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1299.588112][ T8150] bond3: option lacp_rate: mode dependency failed, not supported in mode balance-rr(0) [ 1299.652008][ T8159] netlink: 20 bytes leftover after parsing attributes in process `syz.2.9200'. [ 1300.270175][ T8169] netlink: 20 bytes leftover after parsing attributes in process `syz.1.9202'. [ 1300.974351][ T8195] netlink: 'syz.0.9207': attribute type 1 has an invalid length. [ 1301.056287][ T8193] bond4: option broadcast_neighbor: invalid value (30) [ 1301.082249][ T8193] bond4 (unregistering): Released all slaves [ 1301.115446][ T8195] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR [ 1301.417846][ T8213] : entered promiscuous mode [ 1301.444226][ T8214] batadv_slave_1: entered promiscuous mode [ 1301.479440][ T8213] batadv_slave_1: left promiscuous mode [ 1301.725920][ T8223] __nla_validate_parse: 9 callbacks suppressed [ 1301.725937][ T8223] netlink: 24 bytes leftover after parsing attributes in process `syz.0.9217'. [ 1301.744290][ T8223] netlink: 24 bytes leftover after parsing attributes in process `syz.0.9217'. [ 1301.771436][ T8229] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9216'. [ 1302.047012][ T8237] bond0: (slave bond_slave_1): Releasing backup interface [ 1302.321168][ T8249] netlink: 24 bytes leftover after parsing attributes in process `syz.4.9224'. [ 1302.333702][ T8249] netlink: 24 bytes leftover after parsing attributes in process `syz.4.9224'. [ 1302.460292][ T8244] netlink: 65039 bytes leftover after parsing attributes in process `syz.0.9223'. [ 1302.941788][ T5628] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1302.954994][ T5628] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1302.967278][ T5628] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1302.977183][ T5628] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1302.990638][ T5628] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1303.748056][ T8298] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1304.087155][ T8310] netlink: 56 bytes leftover after parsing attributes in process `syz.0.9239'. [ 1304.486608][ T8324] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9241'. [ 1304.756544][ T8335] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9243'. [ 1304.815342][ T8335] gretap0: entered promiscuous mode [ 1304.843158][ T8335] macvlan2: entered allmulticast mode [ 1304.865134][ T8335] gretap0: entered allmulticast mode [ 1304.873668][ T8338] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9244'. [ 1305.095390][T17513] Bluetooth: hci0: command tx timeout [ 1305.213803][ T8346] veth3: entered allmulticast mode [ 1305.338460][ T8338] bond2 (unregistering): Released all slaves [ 1305.712396][ T8366] siw: device registration error -23 [ 1306.201394][ T8382] netlink: 'syz.4.9250': attribute type 1 has an invalid length. [ 1306.253576][ T8382] 8021q: adding VLAN 0 to HW filter on device bond12 [ 1306.358802][ T8389] netlink: 'syz.4.9250': attribute type 1 has an invalid length. [ 1306.436729][ T8389] bond12: (slave batadv0): Opening slave failed [ 1306.503141][ T8272] bridge0: port 1(bridge_slave_0) entered blocking state [ 1306.512325][ T8272] bridge0: port 1(bridge_slave_0) entered disabled state [ 1306.520361][ T8272] bridge_slave_0: entered allmulticast mode [ 1306.529764][ T8272] bridge_slave_0: entered promiscuous mode [ 1306.555652][ T8272] bridge0: port 2(bridge_slave_1) entered blocking state [ 1306.563396][ T8272] bridge0: port 2(bridge_slave_1) entered disabled state [ 1306.573524][ T8272] bridge_slave_1: entered allmulticast mode [ 1306.581535][ T8272] bridge_slave_1: entered promiscuous mode [ 1306.598769][ T8401] macvlan3: entered allmulticast mode [ 1306.655984][ T8272] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1306.673929][ T8272] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1306.723307][ T8272] team0: Port device team_slave_0 added [ 1306.732384][ T8272] team0: Port device team_slave_1 added [ 1306.770178][ T8272] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1306.777584][ T8272] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1306.803909][ T8272] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1306.820890][ T8272] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1306.828285][ T8272] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1306.855909][ T8272] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1306.921399][ T8272] hsr_slave_0: entered promiscuous mode [ 1306.930965][ T8272] hsr_slave_1: entered promiscuous mode [ 1306.937714][ T8272] debugfs: 'hsr0' already exists in 'hsr' [ 1306.943518][ T8272] Cannot create hsr debugfs directory [ 1307.165017][T17513] Bluetooth: hci0: command tx timeout [ 1307.319423][ T8272] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1307.572577][ T8272] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1307.705573][ T8272] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1307.815522][ T8431] __nla_validate_parse: 8 callbacks suppressed [ 1307.815541][ T8431] netlink: 16 bytes leftover after parsing attributes in process `syz.1.9261'. [ 1307.883315][ T8272] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1307.943852][ T8436] netlink: 'syz.4.9264': attribute type 7 has an invalid length. [ 1307.983060][ T8436] netlink: 148 bytes leftover after parsing attributes in process `syz.4.9264'. [ 1308.253086][ T8448] netlink: 'syz.1.9266': attribute type 1 has an invalid length. [ 1308.372647][ T8452] netlink: 28 bytes leftover after parsing attributes in process `syz.1.9266'. [ 1308.581515][ T8468] netlink: 'syz.1.9266': attribute type 1 has an invalid length. [ 1308.632319][ T8448] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1308.674652][ T8468] bond2: (slave batadv0): Opening slave failed [ 1308.891992][ T8477] netlink: 68 bytes leftover after parsing attributes in process `syz.4.9272'. [ 1308.947818][ T8477] netlink: 168 bytes leftover after parsing attributes in process `syz.4.9272'. [ 1309.218084][ T8490] xt_ipcomp: unknown flags 1D [ 1309.244688][T17513] Bluetooth: hci0: command tx timeout [ 1309.385570][ T8272] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1309.440823][ T8272] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1309.486662][ T8272] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1309.522465][ T8272] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1309.673014][ T8272] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1309.711064][ T8272] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1309.740377][ T8272] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1309.774777][ T8272] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1310.300204][ T8272] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1310.342319][ T6312] IPVS: starting estimator thread 0... [ 1310.393072][ T8272] 8021q: adding VLAN 0 to HW filter on device team0 [ 1310.438886][ T7125] bridge0: port 1(bridge_slave_0) entered blocking state [ 1310.446136][ T7125] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1310.460687][ T8542] IPVS: using max 26 ests per chain, 62400 per kthread [ 1310.521661][ T7132] bridge0: port 2(bridge_slave_1) entered blocking state [ 1310.528927][ T7132] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1311.326799][T17513] Bluetooth: hci0: command tx timeout [ 1311.452906][ T8575] netlink: 64 bytes leftover after parsing attributes in process `syz.1.9287'. [ 1311.480660][ T8573] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9288'. [ 1311.696898][ T8573] netlink: 32 bytes leftover after parsing attributes in process `syz.2.9288'. [ 1311.758338][ T8575] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9287'. [ 1311.811152][ T8583] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 1311.865394][ T8583] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1312.432135][ T8272] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1312.630074][ T8272] veth0_vlan: entered promiscuous mode [ 1312.676619][ T8272] veth1_vlan: entered promiscuous mode [ 1312.937854][ T8272] veth0_macvtap: entered promiscuous mode [ 1312.945730][ T8608] netlink: 'syz.2.9296': attribute type 10 has an invalid length. [ 1312.978715][ T8272] veth1_macvtap: entered promiscuous mode [ 1312.992662][ T8608] team0: Device vxcan0 is of different type [ 1313.051278][ T8272] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1313.068819][ T8272] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1313.093021][ T7129] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1313.112428][ T7129] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1313.156027][ T7129] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1313.210118][ T7129] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1313.381920][T30636] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1313.398848][T30636] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1313.517431][ T7125] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1313.535456][ T7125] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1313.763000][ T8622] netlink: 'syz.3.9230': attribute type 4 has an invalid length. [ 1314.303289][ T8630] netlink: 28 bytes leftover after parsing attributes in process `syz.0.9300'. [ 1314.373261][ T8630] netlink: 28 bytes leftover after parsing attributes in process `syz.0.9300'. [ 1314.900598][ T8655] vlan2: entered allmulticast mode [ 1314.906748][ T8655] bridge0: port 3(vlan2) entered blocking state [ 1314.913288][ T8655] bridge0: port 3(vlan2) entered disabled state [ 1314.922563][ T8655] vlan2: entered promiscuous mode [ 1315.196756][ T8672] netlink: 152 bytes leftover after parsing attributes in process `syz.4.9309'. [ 1315.232917][ T8668] netlink: 'syz.0.9310': attribute type 4 has an invalid length. [ 1315.287720][ T8676] netlink: 'syz.0.9310': attribute type 4 has an invalid length. [ 1315.427269][ T8685] netlink: 'syz.0.9315': attribute type 2 has an invalid length. [ 1315.619716][ T8689] netlink: 36 bytes leftover after parsing attributes in process `syz.0.9315'. [ 1315.859998][ T8693] netlink: 7064 bytes leftover after parsing attributes in process `syz.0.9317'. [ 1315.894711][ T8693] openvswitch: netlink: Missing key (keys=40, expected=100) [ 1316.429935][ T8721] geneve2: entered promiscuous mode [ 1316.707389][ T8695] netlink: 'syz.2.9318': attribute type 1 has an invalid length. [ 1316.830392][ T8744] netlink: 'syz.1.9327': attribute type 1 has an invalid length. [ 1316.887742][ T8747] netlink: 28 bytes leftover after parsing attributes in process `syz.1.9327'. [ 1316.995481][ T8726] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1317.114633][ T8760] netlink: 'syz.1.9327': attribute type 1 has an invalid length. [ 1317.192470][ T8695] bond4: entered promiscuous mode [ 1317.198246][ T8695] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1317.228451][ T8745] bond4: (slave bridge3): making interface the new active one [ 1317.239412][ T8745] bridge3: entered promiscuous mode [ 1317.246914][ T8745] bond4: (slave bridge3): Enslaving as an active interface with an up link [ 1317.337822][ T8744] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1317.457385][ T8760] bond4: (slave batadv0): Opening slave failed [ 1317.599338][ T8726] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1317.643097][ T8774] syzkaller0: entered promiscuous mode [ 1317.685675][ T8774] syzkaller0: entered allmulticast mode [ 1317.818965][ T8726] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1317.835929][ T8783] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9333'. [ 1317.850517][ T8774] tipc: Started in network mode [ 1317.865468][ T8774] tipc: Node identity 1efb8ad676d4, cluster identity 4711 [ 1317.876814][ T8774] tipc: Enabled bearer , priority 0 [ 1317.967559][ T8726] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1318.069884][ T8778] tipc: Resetting bearer [ 1318.097390][ T8778] tipc: Disabling bearer [ 1318.269214][ T8798] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1318.302470][T30640] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1318.329179][ T8800] syz_tun: entered allmulticast mode [ 1318.356379][T30640] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1318.387101][ T8800] dvmrp8: entered allmulticast mode [ 1318.459313][T20151] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1318.556935][ T7129] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1318.785165][ T8811] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9341'. [ 1318.809233][ T8812] nbd: must specify at least one socket [ 1319.299383][ T8815] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9342'. [ 1319.313225][ T8799] syz_tun: left allmulticast mode [ 1319.490160][ T8838] x_tables: duplicate underflow at hook 1 [ 1319.600927][ T8821] syzkaller0: entered promiscuous mode [ 1319.606861][ T8821] syzkaller0: entered allmulticast mode [ 1319.613109][ T8843] netlink: 19 bytes leftover after parsing attributes in process `syz.0.9345'. [ 1319.631743][ T8843] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9345'. [ 1322.430741][ T8862] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9352'. [ 1322.492671][ T8151] hsr0: entered promiscuous mode [ 1322.519757][ T8872] netlink: 'syz.2.9354': attribute type 1 has an invalid length. [ 1322.532183][ T8869] syzkaller0: entered promiscuous mode [ 1322.548209][ T8869] syzkaller0: entered allmulticast mode [ 1322.610032][ T8874] netlink: 28 bytes leftover after parsing attributes in process `syz.2.9354'. [ 1322.662135][ T8878] netlink: 68 bytes leftover after parsing attributes in process `syz.4.9355'. [ 1322.673228][ T8878] netlink: 168 bytes leftover after parsing attributes in process `syz.4.9355'. [ 1322.724319][ T8880] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9353'. [ 1322.737663][ T8872] 8021q: adding VLAN 0 to HW filter on device bond5 [ 1322.871842][ T8872] netlink: 'syz.2.9354': attribute type 1 has an invalid length. [ 1323.051036][ T8872] bond5: (slave batadv1): Opening slave failed [ 1323.236278][ T8903] netlink: 36 bytes leftover after parsing attributes in process `syz.1.9359'. [ 1323.696077][ T8916] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1500) ! [ 1323.751848][ T8914] syzkaller0: entered promiscuous mode [ 1323.775225][ T8914] syzkaller0: entered allmulticast mode [ 1323.796009][ T8918] netlink: 24 bytes leftover after parsing attributes in process `syz.2.9363'. [ 1323.871387][ T8922] netlink: 'syz.1.9364': attribute type 1 has an invalid length. [ 1323.939504][ T8922] 8021q: adding VLAN 0 to HW filter on device bond5 [ 1324.104896][ T8930] netlink: 'syz.0.9365': attribute type 30 has an invalid length. [ 1324.115029][ T8930] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9365'. [ 1324.177295][ T8923] bond5: (slave veth3): Enslaving as an active interface with a down link [ 1324.212190][ T8934] xt_hashlimit: size too large, truncated to 1048576 [ 1324.299812][ T8936] netlink: 'syz.0.9365': attribute type 1 has an invalid length. [ 1324.440900][ T8940] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1324.942814][ T8957] netlink: 'syz.3.9370': attribute type 1 has an invalid length. [ 1325.030621][ T8961] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9370'. [ 1325.060054][ T8963] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9371'. [ 1325.156915][ T8963] ip6gre1: entered promiscuous mode [ 1325.243053][ T8961] netlink: 'syz.3.9370': attribute type 1 has an invalid length. [ 1325.373029][ T8970] netlink: 'syz.0.9373': attribute type 1 has an invalid length. [ 1325.393378][ T8973] netlink: 'syz.1.9372': attribute type 1 has an invalid length. [ 1325.581002][ T8973] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR [ 1325.775239][ T8990] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1325.819645][ T8992] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1325.855154][ T8990] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1326.059638][ T9007] FAULT_INJECTION: forcing a failure. [ 1326.059638][ T9007] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1326.111240][ T9007] CPU: 1 UID: 0 PID: 9007 Comm: syz.4.9381 Not tainted syzkaller #0 PREEMPT(full) [ 1326.111270][ T9007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1326.111284][ T9007] Call Trace: [ 1326.111294][ T9007] [ 1326.111304][ T9007] dump_stack_lvl+0xe8/0x150 [ 1326.111336][ T9007] should_fail_ex+0x412/0x560 [ 1326.111372][ T9007] _copy_from_user+0x2d/0xb0 [ 1326.111407][ T9007] sctp_setsockopt+0x1c4/0x12c0 [ 1326.111435][ T9007] ? sock_common_setsockopt+0x36/0xc0 [ 1326.111464][ T9007] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 1326.111495][ T9007] do_sock_setsockopt+0x17c/0x1b0 [ 1326.111534][ T9007] __x64_sys_setsockopt+0x13d/0x1b0 [ 1326.111571][ T9007] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1326.111596][ T9007] do_syscall_64+0x15f/0xf80 [ 1326.111619][ T9007] ? clear_bhb_loop+0x40/0x90 [ 1326.111647][ T9007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1326.111670][ T9007] RIP: 0033:0x7fec8b19ce59 [ 1326.111691][ T9007] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1326.111711][ T9007] RSP: 002b:00007fec8c064028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1326.111735][ T9007] RAX: ffffffffffffffda RBX: 00007fec8b415fa0 RCX: 00007fec8b19ce59 [ 1326.111752][ T9007] RDX: 0000000000000085 RSI: 0000000000000084 RDI: 0000000000000003 [ 1326.111766][ T9007] RBP: 00007fec8c064090 R08: 0000000000000090 R09: 0000000000000000 [ 1326.111781][ T9007] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000001 [ 1326.111794][ T9007] R13: 00007fec8b416038 R14: 00007fec8b415fa0 R15: 00007ffc2ed10bb8 [ 1326.111829][ T9007] [ 1326.709531][ T9032] netlink: 64 bytes leftover after parsing attributes in process `syz.0.9387'. [ 1326.905883][ T9049] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9387'. [ 1327.116853][ T9057] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9393'. [ 1327.159133][ T9057] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9393'. [ 1327.261894][ T9059] netlink: 28 bytes leftover after parsing attributes in process `syz.4.9394'. [ 1327.281855][ T9059] netlink: 5 bytes leftover after parsing attributes in process `syz.4.9394'. [ 1327.291966][ T9059] netlink: 5 bytes leftover after parsing attributes in process `syz.4.9394'. [ 1327.315196][ T9059] netlink: 16 bytes leftover after parsing attributes in process `syz.4.9394'. [ 1327.471389][ T9063] FAULT_INJECTION: forcing a failure. [ 1327.471389][ T9063] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1327.504086][ T9063] CPU: 0 UID: 0 PID: 9063 Comm: syz.0.9395 Not tainted syzkaller #0 PREEMPT(full) [ 1327.504116][ T9063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1327.504130][ T9063] Call Trace: [ 1327.504140][ T9063] [ 1327.504150][ T9063] dump_stack_lvl+0xe8/0x150 [ 1327.504181][ T9063] should_fail_ex+0x412/0x560 [ 1327.504218][ T9063] _copy_to_user+0x31/0xb0 [ 1327.504254][ T9063] simple_read_from_buffer+0xe1/0x170 [ 1327.504288][ T9063] proc_fail_nth_read+0x1bb/0x230 [ 1327.504322][ T9063] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1327.504356][ T9063] ? rw_verify_area+0x2a6/0x4d0 [ 1327.504386][ T9063] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1327.504423][ T9063] vfs_read+0x20c/0xa70 [ 1327.504461][ T9063] ? __pfx___mutex_lock+0x10/0x10 [ 1327.504491][ T9063] ? __pfx_vfs_read+0x10/0x10 [ 1327.504525][ T9063] ? __fget_files+0x2a/0x420 [ 1327.504559][ T9063] ? __fget_files+0x3a0/0x420 [ 1327.504585][ T9063] ? __fget_files+0x2a/0x420 [ 1327.504624][ T9063] ksys_read+0x150/0x270 [ 1327.504659][ T9063] ? __pfx_ksys_read+0x10/0x10 [ 1327.504701][ T9063] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1327.504734][ T9063] do_syscall_64+0x15f/0xf80 [ 1327.504755][ T9063] ? trace_irq_disable+0x3b/0x140 [ 1327.504789][ T9063] ? clear_bhb_loop+0x40/0x90 [ 1327.504818][ T9063] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1327.504841][ T9063] RIP: 0033:0x7f82b4d5d68e [ 1327.504862][ T9063] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1327.504882][ T9063] RSP: 002b:00007f82b5c60fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1327.504906][ T9063] RAX: ffffffffffffffda RBX: 00007f82b5c616c0 RCX: 00007f82b4d5d68e [ 1327.504923][ T9063] RDX: 000000000000000f RSI: 00007f82b5c610a0 RDI: 0000000000000005 [ 1327.504938][ T9063] RBP: 00007f82b5c61090 R08: 0000000000000000 R09: 0000000000000000 [ 1327.504952][ T9063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1327.504965][ T9063] R13: 00007f82b5016038 R14: 00007f82b5015fa0 R15: 00007ffef847c9b8 [ 1327.505002][ T9063] [ 1328.488409][ T9084] netlink: 'syz.4.9404': attribute type 11 has an invalid length. [ 1328.666840][ T9089] syzkaller0: entered promiscuous mode [ 1328.691880][ T9089] syzkaller0: entered allmulticast mode [ 1329.053091][ T9104] netlink: 'syz.0.9410': attribute type 1 has an invalid length. [ 1329.261713][ T9104] bond4: entered promiscuous mode [ 1329.293574][ T9104] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1330.014418][ T9137] sctp: [Deprecated]: syz.0.9418 (pid 9137) Use of int in maxseg socket option. [ 1330.014418][ T9137] Use struct sctp_assoc_value instead [ 1330.141846][ T9143] netlink: 'syz.2.9419': attribute type 1 has an invalid length. [ 1330.171149][ T9144] __nla_validate_parse: 12 callbacks suppressed [ 1330.171172][ T9144] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9421'. [ 1330.202210][ T9147] netlink: 64 bytes leftover after parsing attributes in process `syz.3.9422'. [ 1330.276320][ T9143] 8021q: adding VLAN 0 to HW filter on device bond6 [ 1330.451980][ T9141] netlink: 36 bytes leftover after parsing attributes in process `syz.2.9419'. [ 1330.531847][ T9141] bond6: (slave geneve2): making interface the new active one [ 1330.556551][ T9141] bond6: (slave geneve2): Enslaving as an active interface with an up link [ 1330.742673][ T9165] netlink: 28 bytes leftover after parsing attributes in process `syz.0.9427'. [ 1330.779459][ T9165] netlink: 44 bytes leftover after parsing attributes in process `syz.0.9427'. [ 1330.925569][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1331.103820][ T9173] netlink: 28 bytes leftover after parsing attributes in process `syz.2.9429'. [ 1331.580140][ T9187] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9433'. [ 1331.593296][ T9183] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1331.989921][ T9183] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1332.079129][ T9183] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1332.181166][ T9183] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1332.391204][ T7129] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1332.445882][ T7125] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1332.540301][ T7125] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1332.619740][T30638] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1332.913334][ T9208] team0: No ports can be present during mode change [ 1332.966204][ T9211] netlink: 'syz.1.9441': attribute type 1 has an invalid length. [ 1333.005584][ T9211] netlink: 'syz.1.9441': attribute type 2 has an invalid length. [ 1333.131301][ T9223] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9446'. [ 1333.164679][ T9221] netlink: 'syz.3.9445': attribute type 12 has an invalid length. [ 1333.359936][ T9230] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9448'. [ 1333.390746][ T9230] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9448'. [ 1333.504677][ T9242] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 1333.717424][ T9250] RDS: rds_bind could not find a transport for fc02::, load rds_tcp or rds_rdma? [ 1333.870814][ T9240] bond13 (unregistering): Released all slaves [ 1334.349733][ T9272] ip6gre2: entered promiscuous mode [ 1334.355485][ T9272] ip6gre2: entered allmulticast mode [ 1335.269397][ T9289] __nla_validate_parse: 4 callbacks suppressed [ 1335.269412][ T9289] netlink: 16 bytes leftover after parsing attributes in process `syz.1.9463'. [ 1335.287250][ T9289] bridge0: port 2(bridge_slave_1) entered disabled state [ 1336.355302][ T9234] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1336.368773][ T9276] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9460'. [ 1336.657572][ T9325] netlink: 68 bytes leftover after parsing attributes in process `syz.2.9466'. [ 1336.669453][ T9322] bond6 (unregistering): Released all slaves [ 1336.679344][ T9325] netlink: 168 bytes leftover after parsing attributes in process `syz.2.9466'. [ 1337.403312][ T9361] netlink: 'syz.3.9478': attribute type 2 has an invalid length. [ 1338.398690][ T9405] netlink: 'syz.3.9488': attribute type 3 has an invalid length. [ 1338.433545][ T9408] netlink: 20 bytes leftover after parsing attributes in process `syz.2.9487'. [ 1338.584975][ T9414] netlink: 'syz.4.9490': attribute type 1 has an invalid length. [ 1338.635720][ T9414] netlink: 'syz.4.9490': attribute type 2 has an invalid length. [ 1338.671953][ T9417] netlink: 'syz.4.9490': attribute type 1 has an invalid length. [ 1338.696432][ T9417] netlink: 'syz.4.9490': attribute type 2 has an invalid length. [ 1338.708423][ T9420] netlink: 'syz.1.9492': attribute type 1 has an invalid length. [ 1338.807910][ T9424] netlink: 28 bytes leftover after parsing attributes in process `syz.1.9492'. [ 1338.860693][ T9420] 8021q: adding VLAN 0 to HW filter on device bond6 [ 1339.148114][ T9432] netlink: 'syz.1.9492': attribute type 1 has an invalid length. [ 1339.378100][ T9432] bond6: (slave batadv0): Opening slave failed [ 1339.926537][ T9466] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9502'. [ 1340.407083][ T9480] tipc: Enabling of bearer rejected, failed to enable media [ 1340.510953][ T9480] bond7: (slave bond_slave_1): Device is not our slave [ 1340.519346][ T9480] bond7: option active_slave: invalid value (bond_slave_1) [ 1340.539989][ T9480] bond7 (unregistering): Released all slaves [ 1340.600536][ T9482] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9508'. [ 1341.095367][ T9500] Unknown options in mask 6 [ 1341.583661][ T9510] syzkaller0: entered promiscuous mode [ 1341.595684][ T9510] syzkaller0: entered allmulticast mode [ 1341.711879][ T9510] netlink: 170648 bytes leftover after parsing attributes in process `syz.2.9512'. [ 1342.155058][ T9537] netlink: 16 bytes leftover after parsing attributes in process `syz.0.9515'. [ 1344.803617][ T9549] netlink: 20 bytes leftover after parsing attributes in process `syz.0.9518'. [ 1344.877881][ T9553] netlink: 'syz.1.9517': attribute type 13 has an invalid length. [ 1344.909439][ T9553] netlink: 'syz.1.9517': attribute type 17 has an invalid length. [ 1344.962184][ T9546] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9517'. [ 1345.020294][ T9552] netlink: 20 bytes leftover after parsing attributes in process `syz.0.9518'. [ 1345.035541][ T9552] nbd: nbd64 already in use [ 1345.176931][ T9545] bond7: option resend_igmp: invalid value (2878) [ 1345.200022][ T9545] bond7: option resend_igmp: allowed values 0 - 255 [ 1345.242770][ T9545] bond7 (unregistering): Released all slaves [ 1345.431206][ T9542] udevd[9542]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 1345.665078][ T9553] 8021q: adding VLAN 0 to HW filter on device eth0 [ 1345.688074][ T9553] 8021q: adding VLAN 0 to HW filter on device eth1 [ 1345.703148][ T9553] 8021q: adding VLAN 0 to HW filter on device eth2 [ 1345.719451][ T9553] 8021q: adding VLAN 0 to HW filter on device eth3 [ 1345.747750][ T9553] vlan2: left allmulticast mode [ 1345.752768][ T9553] macvtap0: left allmulticast mode [ 1345.758839][ T9553] veth0_macvtap: left allmulticast mode [ 1345.809622][ T9553] macvlan2: left allmulticast mode [ 1345.816126][ T9553] gretap0: left allmulticast mode [ 1345.862329][ T9576] netlink: 20 bytes leftover after parsing attributes in process `syz.0.9523'. [ 1348.192243][ T9594] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.9529'. [ 1348.678781][ T9598] netlink: 'syz.0.9530': attribute type 1 has an invalid length. [ 1348.735096][ T9599] netlink: 28 bytes leftover after parsing attributes in process `syz.0.9530'. [ 1349.033132][ T9603] netlink: 'syz.0.9530': attribute type 1 has an invalid length. [ 1349.311319][ T9553] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1349.320857][ T9553] geneve2: left promiscuous mode [ 1349.386887][T20151] bridge0: port 2(bridge_slave_1) entered blocking state [ 1349.394129][T20151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1349.413021][ T9565] bridge_slave_0: left allmulticast mode [ 1349.421723][ T9565] bridge_slave_0: left promiscuous mode [ 1349.427810][ T9565] bridge0: port 1(bridge_slave_0) entered disabled state [ 1349.448649][ T9565] bridge_slave_1: left allmulticast mode [ 1349.455296][ T9565] bridge_slave_1: left promiscuous mode [ 1349.461188][ T9565] bridge0: port 2(bridge_slave_1) entered disabled state [ 1349.482505][ T9565] bond0: (slave bond_slave_0): Releasing backup interface [ 1349.511463][ T9565] bond0: (slave bond_slave_1): Releasing backup interface [ 1349.542437][ T9565] team0: Port device team_slave_0 removed [ 1349.557897][ T9565] team0: Port device team_slave_1 removed [ 1349.565903][ T9565] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1349.573647][ T9565] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1349.585014][ T9565] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1349.592520][ T9565] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1349.603843][ T9565] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 1349.629588][ T9607] netlink: 'syz.1.9532': attribute type 19 has an invalid length. [ 1349.638853][ T9607] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9532'. [ 1349.653005][ T9571] ip6gre1: entered allmulticast mode [ 1349.661476][ T9571] team0: Port device ip6gre1 added [ 1349.668016][ T9598] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR [ 1349.730720][ T9607] netlink: 'syz.1.9532': attribute type 19 has an invalid length. [ 1349.753712][ T9607] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9532'. [ 1349.774044][T20151] bond5: (slave veth3): link status definitely up, 10000 Mbps full duplex [ 1349.792220][T20151] bond5: (slave veth3): making interface the new active one [ 1349.805842][T20151] bond5: active interface up! [ 1349.813272][ T7129] ip6_tunnel:  xmit: Local address not yet configured! [ 1349.832757][T30640] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1349.867560][ T9610] netlink: 'syz.2.9533': attribute type 39 has an invalid length. [ 1349.880320][T30640] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1349.911467][ T9614] netlink: 212108 bytes leftover after parsing attributes in process `syz.4.9534'. [ 1349.917382][T30640] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1349.989094][T30640] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1350.226712][ T9627] netlink: 'syz.0.9541': attribute type 1 has an invalid length. [ 1350.301218][ T9634] netlink: 28 bytes leftover after parsing attributes in process `syz.0.9541'. [ 1350.403310][ T9627] netlink: 44 bytes leftover after parsing attributes in process `syz.0.9541'. [ 1350.763645][ T9654] netlink: 'syz.2.9547': attribute type 1 has an invalid length. [ 1350.820613][ T9657] netlink: 28 bytes leftover after parsing attributes in process `syz.2.9547'. [ 1350.865005][ T9654] 8021q: adding VLAN 0 to HW filter on device bond7 [ 1350.987016][ T9666] netlink: 'syz.2.9547': attribute type 1 has an invalid length. [ 1351.029077][ T9657] bond7: (slave batadv1): Opening slave failed [ 1351.162371][ T9674] FAULT_INJECTION: forcing a failure. [ 1351.162371][ T9674] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1351.194722][ T9674] CPU: 0 UID: 0 PID: 9674 Comm: syz.0.9551 Not tainted syzkaller #0 PREEMPT(full) [ 1351.194753][ T9674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1351.194768][ T9674] Call Trace: [ 1351.194778][ T9674] [ 1351.194787][ T9674] dump_stack_lvl+0xe8/0x150 [ 1351.194828][ T9674] should_fail_ex+0x412/0x560 [ 1351.194864][ T9674] _copy_to_user+0x31/0xb0 [ 1351.194900][ T9674] simple_read_from_buffer+0xe1/0x170 [ 1351.194935][ T9674] proc_fail_nth_read+0x1bb/0x230 [ 1351.194969][ T9674] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1351.195002][ T9674] ? rw_verify_area+0x2a6/0x4d0 [ 1351.195034][ T9674] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1351.195064][ T9674] vfs_read+0x20c/0xa70 [ 1351.195104][ T9674] ? __pfx___mutex_lock+0x10/0x10 [ 1351.195132][ T9674] ? __pfx_vfs_read+0x10/0x10 [ 1351.195167][ T9674] ? __fget_files+0x2a/0x420 [ 1351.195200][ T9674] ? __fget_files+0x3a0/0x420 [ 1351.195226][ T9674] ? __fget_files+0x2a/0x420 [ 1351.195263][ T9674] ksys_read+0x150/0x270 [ 1351.195298][ T9674] ? __pfx_ksys_read+0x10/0x10 [ 1351.195339][ T9674] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1351.195365][ T9674] do_syscall_64+0x15f/0xf80 [ 1351.195385][ T9674] ? trace_irq_disable+0x3b/0x140 [ 1351.195419][ T9674] ? clear_bhb_loop+0x40/0x90 [ 1351.195446][ T9674] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1351.195469][ T9674] RIP: 0033:0x7f82b4d5d68e [ 1351.195491][ T9674] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1351.195510][ T9674] RSP: 002b:00007f82b5c3ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1351.195534][ T9674] RAX: ffffffffffffffda RBX: 00007f82b5c406c0 RCX: 00007f82b4d5d68e [ 1351.195551][ T9674] RDX: 000000000000000f RSI: 00007f82b5c400a0 RDI: 0000000000000006 [ 1351.195565][ T9674] RBP: 00007f82b5c40090 R08: 0000000000000000 R09: 0000000000000000 [ 1351.195579][ T9674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1351.195592][ T9674] R13: 00007f82b5016128 R14: 00007f82b5016090 R15: 00007ffef847c9b8 [ 1351.195629][ T9674] [ 1351.614055][ T9687] IPVS: set_ctl: invalid protocol: 47 127.0.0.1:20001 [ 1351.683650][ T9688] netlink: 'syz.4.9556': attribute type 2 has an invalid length. [ 1351.971472][ T9692] netlink: 292 bytes leftover after parsing attributes in process `syz.2.9558'. [ 1352.108623][ T9695] netlink: 'syz.4.9559': attribute type 1 has an invalid length. [ 1352.171313][ T9699] netlink: 36 bytes leftover after parsing attributes in process `syz.1.9561'. [ 1352.253403][ T9695] netlink: 84 bytes leftover after parsing attributes in process `syz.4.9559'. [ 1352.292673][ T9704] netlink: 64 bytes leftover after parsing attributes in process `syz.1.9562'. [ 1352.350327][T17513] Bluetooth: hci0: link tx timeout [ 1352.360653][T17513] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 1352.593196][ T9723] netlink: 'syz.3.9567': attribute type 1 has an invalid length. [ 1352.631740][ T9723] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1352.644096][ T9723] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9567'. [ 1352.659313][ T9726] smc: net device wlan0 erased user defined pnetid SYZ0 [ 1352.703527][ T9726] netlink: 16178 bytes leftover after parsing attributes in process `syz.4.9565'. [ 1352.728388][ T9730] netlink: 'syz.3.9567': attribute type 1 has an invalid length. [ 1352.773627][ T9730] bond1: (slave batadv1): Opening slave failed [ 1352.905955][ T9736] netlink: 36 bytes leftover after parsing attributes in process `syz.0.9572'. [ 1352.907350][ T9737] netlink: 'syz.1.9571': attribute type 1 has an invalid length. [ 1353.092220][ T9746] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9574'. [ 1353.106925][ T9746] netlink: 24 bytes leftover after parsing attributes in process `syz.1.9574'. [ 1353.496578][ T9762] netlink: 'syz.2.9578': attribute type 15 has an invalid length. [ 1353.670957][ T9766] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9580'. [ 1354.204899][ C1] ip6_tunnel:  xmit: Local address not yet configured! [ 1354.291049][ T9788] netlink: 'syz.0.9588': attribute type 32 has an invalid length. [ 1354.356365][ T9246] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1354.382991][ T9246] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1354.394895][ T9246] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1354.402831][ T9246] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1354.410659][ T9246] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1354.447815][ T5628] Bluetooth: hci0: command 0x0406 tx timeout [ 1354.956494][ T9814] bond7: option packets_per_slave: mode dependency failed, not supported in mode balance-alb(6) [ 1355.043700][ T9814] bond7 (unregistering): Released all slaves [ 1355.575353][ T9822] bridge1: entered promiscuous mode [ 1356.213276][ T9851] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1356.445202][T17513] Bluetooth: hci1: command tx timeout [ 1357.057473][ T9892] netlink: 'syz.3.9612': attribute type 1 has an invalid length. [ 1357.532085][ T9911] __nla_validate_parse: 2 callbacks suppressed [ 1357.532107][ T9911] netlink: 7 bytes leftover after parsing attributes in process `syz.2.9617'. [ 1358.103741][ T9935] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9621'. [ 1358.176048][ T8857] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] SMP KASAN PTI [ 1358.187994][ T8857] KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f] [ 1358.192867][ T9926] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 1358.202319][ T8857] CPU: 1 UID: 0 PID: 8857 Comm: kbnepd bnep0 Not tainted syzkaller #0 PREEMPT(full) [ 1358.211876][ T8857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1358.222121][ T8857] RIP: 0010:klist_del+0x49/0x110 [ 1358.227089][ T8857] Code: f6 49 89 dd 49 c1 ed 03 43 80 7c 25 00 00 74 08 48 89 df e8 09 e1 90 f6 4c 8b 33 49 83 e6 fe 49 8d 7e 58 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 05 e8 eb e0 90 f6 4d 8b 7e 58 4c 89 f7 e8 0f 43 [ 1358.246702][ T8857] RSP: 0018:ffffc9000517f828 EFLAGS: 00010202 [ 1358.252779][ T8857] RAX: 000000000000000b RBX: ffff88806d1c6460 RCX: ffff8880658e8000 [ 1358.260762][ T8857] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000058 [ 1358.268824][ T8857] RBP: ffffc9000517f950 R08: ffff88809a7a24b3 R09: 1ffff110134f4496 [ 1358.276813][ T8857] R10: dffffc0000000000 R11: ffffed10134f4497 R12: dffffc0000000000 [ 1358.284889][ T8857] R13: 1ffff1100da38c8c R14: 0000000000000000 R15: ffff8880685ea7e0 [ 1358.292874][ T8857] FS: 0000000000000000(0000) GS:ffff888125387000(0000) knlGS:0000000000000000 [ 1358.301816][ T8857] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1358.308406][ T8857] CR2: 00007f84f4210030 CR3: 000000005231c000 CR4: 00000000003526f0 [ 1358.316479][ T8857] Call Trace: [ 1358.319765][ T8857] [ 1358.322709][ T8857] device_del+0x27f/0x8f0 [ 1358.327057][ T8857] ? pm_runtime_set_memalloc_noio+0x1f4/0x260 [ 1358.333131][ T8857] ? __pfx_device_del+0x10/0x10 [ 1358.337989][ T8857] ? netdev_unregister_kobject+0x344/0x450 [ 1358.343809][ T8857] unregister_netdevice_many_notify+0x1d5f/0x22c0 [ 1358.350337][ T8857] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1358.357114][ T8857] ? rtnl_net_dev_lock+0x36/0x2f0 [ 1358.362213][ T8857] ? rtnl_net_dev_lock+0x36/0x2f0 [ 1358.367280][ T8857] unregister_netdev+0x15f/0x200 [ 1358.372248][ T8857] ? __pfx_unregister_netdev+0x10/0x10 [ 1358.378585][ T8857] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1358.384418][ T8857] bnep_session+0x2a2a/0x2c50 [ 1358.389119][ T8857] ? __lock_acquire+0x6b5/0x2cf0 [ 1358.394077][ T8857] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 1358.399719][ T8857] ? __pfx_bnep_session+0x10/0x10 [ 1358.404754][ T8857] ? __pfx_woken_wake_function+0x10/0x10 [ 1358.410397][ T8857] ? __kthread_parkme+0x7a/0x1f0 [ 1358.415346][ T8857] ? __kthread_parkme+0x19c/0x1f0 [ 1358.420403][ T8857] kthread+0x388/0x470 [ 1358.424488][ T8857] ? __pfx_bnep_session+0x10/0x10 [ 1358.429544][ T8857] ? __pfx_kthread+0x10/0x10 [ 1358.434138][ T8857] ret_from_fork+0x514/0xb70 [ 1358.438730][ T8857] ? __pfx_ret_from_fork+0x10/0x10 [ 1358.443846][ T8857] ? __switch_to+0xc79/0x1410 [ 1358.448540][ T8857] ? __pfx_kthread+0x10/0x10 [ 1358.453138][ T8857] ret_from_fork_asm+0x1a/0x30 [ 1358.457912][ T8857] [ 1358.460948][ T8857] Modules linked in: [ 1358.466494][ T8857] ---[ end trace 0000000000000000 ]--- [ 1358.485366][ T8857] RIP: 0010:klist_del+0x49/0x110 [ 1358.490477][ T8857] Code: f6 49 89 dd 49 c1 ed 03 43 80 7c 25 00 00 74 08 48 89 df e8 09 e1 90 f6 4c 8b 33 49 83 e6 fe 49 8d 7e 58 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 05 e8 eb e0 90 f6 4d 8b 7e 58 4c 89 f7 e8 0f 43 [ 1358.511170][ T8857] RSP: 0018:ffffc9000517f828 EFLAGS: 00010202 [ 1358.519826][ T8857] RAX: 000000000000000b RBX: ffff88806d1c6460 RCX: ffff8880658e8000 [ 1358.528193][T17513] Bluetooth: hci1: command tx timeout [ 1358.534210][ T8857] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000058 [ 1358.543477][ T8857] RBP: ffffc9000517f950 R08: ffff88809a7a24b3 R09: 1ffff110134f4496 [ 1358.551914][ T8857] R10: dffffc0000000000 R11: ffffed10134f4497 R12: dffffc0000000000 [ 1358.560098][ T8857] R13: 1ffff1100da38c8c R14: 0000000000000000 R15: ffff8880685ea7e0 [ 1358.568565][ T8857] FS: 0000000000000000(0000) GS:ffff888125287000(0000) knlGS:0000000000000000 [ 1358.578441][ T8857] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1358.585523][ T8857] CR2: 00007f260204f0d7 CR3: 00000000280dc000 CR4: 00000000003526f0 [ 1358.593674][ T8857] Kernel panic - not syncing: Fatal exception [ 1358.600332][ T8857] Kernel Offset: disabled [ 1358.604660][ T8857] Rebooting in 86400 seconds..