last executing test programs: 34.131526475s ago: executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0xffff}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_XFRM_IF_ID={0x8}]}}}]}, 0x3c}}, 0x0) 33.990884224s ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, 0x0, 0x0}, 0x90) r0 = socket$inet6(0xa, 0x3, 0x3c) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x5e, 0x0, 0x1, 0x39, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000340)={'ip6_vti0\x00', &(0x7f00000002c0)={'ip6_vti0\x00', 0x0, 0x4, 0x5, 0x1f, 0x10000, 0xd, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @local, 0x40, 0x20, 0x4e, 0x80000001}}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001680)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x4, [@const={0xf}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x3, 0x800}}]}, {0x0, [0x2e, 0x30]}}, &(0x7f00000003c0)=""/4096, 0x40, 0x1000, 0x0, 0x7}, 0x20) r1 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000013c0)=0xffffffffffffffff, 0x4) bpf$MAP_CREATE(0x0, &(0x7f00000016c0)=@bloom_filter={0x1e, 0x100, 0xe234, 0xfffffff8, 0x24, 0xffffffffffffffff, 0x6, '\x00', 0x0, r1, 0x1, 0x1, 0x1, 0xb}, 0x48) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r2) sendmsg$IEEE802154_ASSOCIATE_REQ(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x24, r3, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_COORD_PAN_ID={0x6}, @IEEE802154_ATTR_CHANNEL={0x5}]}, 0x24}}, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x7}, 0x1c) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)='3', 0xffdf}], 0x1) 33.932447098s ago: executing program 1: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5}, @IFLA_BR_MCAST_QUERY_USE_IFADDR={0x5}]}}}]}, 0x44}}, 0x0) r0 = socket$inet6(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @empty}, 0x10) sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) 33.854034796s ago: executing program 2: socket$inet6_tcp(0xa, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) ioctl$sock_netrom_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0) r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @local}}, 0x24) sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000001880)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffd2d}}], 0xf000, 0x10002, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0xfecc) socket$nl_route(0x10, 0x3, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000073c0)=[{{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000780)=""/130, 0x82}, {0x0}, {&(0x7f0000000840)=""/100, 0x64}, {&(0x7f00000008c0)=""/122, 0x7a}], 0x4, &(0x7f00000009c0)=""/209, 0xd1}, 0x3}, {{&(0x7f0000004a80)=@l2tp={0x2, 0x0, @local}, 0x80, &(0x7f0000004b00), 0x0, &(0x7f0000004b40)=""/242, 0xf2}, 0xfb}, {{0x0, 0x0, &(0x7f0000004c80)=[{&(0x7f0000004c40)=""/8, 0x8}], 0x1, &(0x7f0000004cc0)=""/88, 0x58}, 0x5}, {{&(0x7f0000004d40)=@x25, 0x80, &(0x7f0000006040)=[{0x0}, {&(0x7f0000004f40)=""/235, 0xeb}], 0x2, &(0x7f0000006080)=""/148, 0x94}, 0x1}, {{&(0x7f0000006140)=@phonet, 0x80, &(0x7f0000006240)=[{&(0x7f00000061c0)=""/88, 0x58}], 0x1}, 0x5}, {{0x0, 0x0, &(0x7f0000006380)=[{&(0x7f0000006280)=""/164, 0xa4}, {&(0x7f0000006340)=""/18, 0x12}], 0x2, &(0x7f00000063c0)=""/4096, 0x1000}, 0x2}], 0x6, 0x40010021, &(0x7f0000007600)={0x0, 0x989680}) socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001f80), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_RESET_STATS(r1, &(0x7f0000002200)={0x0, 0x0, &(0x7f00000021c0)={&(0x7f0000000240)={0x50, r2, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x3c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x0, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, 0x0, 0x4000084) socket$nl_route(0x10, 0x3, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, &(0x7f0000007880)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000007840)={&(0x7f0000007780)={0xa0, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller0\x00'}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="5400000010000104000000000200000000000000", @ANYRES32=r5, @ANYBLOB="000000000000000034001280110001006272696467655f736c617665000000001c000580050021000000000006001f0000000000080022"], 0x54}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REQ_SET_REG(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="050100000000000000001b00000008009a00020045"], 0x1c}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x5, 0x0, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x90) socket$packet(0x11, 0x3, 0x300) 33.804271731s ago: executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000028000b05d25a806f8c6394f90a24fc60", 0x14}], 0x1}, 0x0) 33.743792077s ago: executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_DELETE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r1, 0x1}, 0x14}}, 0x0) 33.653487493s ago: executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8}, @NFTA_META_KEY={0x8}, @NFTA_META_SREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}}, 0x0) 33.543579271s ago: executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x5, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000004830000000000000fa400000070a0000080020007500feff0000820095000000d3031a006da911b0d632b4e2e86b7ad015836e4d27f5182b60bbb7c19e21eec859fe68f9428ac407630eac8eb682f5b2d86b4abf9e63ad263fec7db9338ca9eebf2218c8b9ca64bcdcdaa06fc4c7aa217fcecd9443c54143bde8ddcbc3b8ac619930206d8d0881af823d6d18c66f021c20b55013d7fb6ea7013c062d13176d71d7dad98eb976ed679fa639"], &(0x7f0000000100)='GPL\x00', 0x8, 0xfa, &(0x7f0000000140)=""/250, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x23}, 0x23) 33.530578858s ago: executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x7, 0x0, 0x9, 0x0, 0x0, 0x1, 0xfffffffffffffff0}]}, &(0x7f00000000c0)='syzkaller\x00', 0x7}, 0x90) 33.443357147s ago: executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f00000001c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0xab}, [@call={0x85, 0x0, 0x0, 0x41}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x27, 0x0, 0x0, 0x0, 0x0, 0x21, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x48) 33.404398908s ago: executing program 1: r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10) bind$tipc(r0, &(0x7f0000000400)=@nameseq={0x1e, 0x1, 0x0, {0x41, 0x0, 0x10000}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000240)={0x41, 0x2}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) sendmsg$tipc(r1, &(0x7f0000000840)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x41, 0x3, 0x3}}, 0x55, 0x0}, 0x0) 33.297255123s ago: executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c710016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa73d897e3896d863081b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbd744e517e65ddab19e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f200004304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188541c300f5c1bf56705ba12d198e897186b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710f7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47cbb0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9ea410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be0a33c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06a6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c6062368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c5bed4b0d73dffb17a88aaad5921aee7dae6a2f3009d9cb434898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a64d903b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e7ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00000000000000000000000000006a728258ca3d846a000e80d5f43109a48ddc54cec5d7f78c80e010ed02ffc0846577cafcd9e0ad83149bfb08ba7b5b431311041deb5e5d65610ad6e8d6ed55e900071b4d37d9fadb17a0407e7251866b63faccfe936980f59ceaa9d6b6863024b482023799a4f30a225b560f320e89ed44130e78f8cf000ac3c743b08d4256f282fc36162ac4b59527a3b67560313914ff6ac4ac43cd0e79d6372da631de3fde6c29de3b43d3046df23019ecadd57f175a2443928b1bcb9be16f54936796c3b928dc07c70771622cef2fafeb239a3ca4"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001c40)=@newtaction={0xf0, 0x30, 0x1, 0x0, 0x0, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf0}}, 0x0) 33.241731304s ago: executing program 1: r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000001c0)={'vxcan1\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000040), 0x10) r2 = socket$can_raw(0x1d, 0x3, 0x1) sendmsg$can_raw(r2, &(0x7f0000000180)={&(0x7f00000000c0)={0x1d, r1}, 0x10, &(0x7f0000000080)={&(0x7f00000005c0)=@can={{}, 0x0, 0x0, 0x4, 0x0, "000000000000ecff"}, 0x10}}, 0x0) recvfrom(r0, 0x0, 0x2, 0x0, 0x0, 0x0) 32.152720139s ago: executing program 2: r0 = socket(0x18, 0x0, 0x2) getsockname$packet(r0, 0x0, &(0x7f0000000300)) 32.102903725s ago: executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r3, 0x800448d2, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10) bind$bt_hci(r0, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6) 32.059168388s ago: executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) pipe(&(0x7f0000000a40)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) splice(r2, 0x0, r4, 0x0, 0x800ff06, 0x0) write$cgroup_int(r1, &(0x7f0000000000), 0x12) write$binfmt_misc(r1, &(0x7f0000000740)=ANY=[], 0xfffffc8f) splice(r0, 0x0, r3, 0x0, 0x800, 0x0) 31.992664064s ago: executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r1, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x18, 0x140f, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8}]}, 0x18}}, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@loopback, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {}, {}, 0x0, 0x0, 0x1}, {{@in, 0x0, 0x6c}, 0x0, @in=@multicast1}}, 0xe8) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b702000000200000850000"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001b80)={&(0x7f0000000040)='scsi_dispatch_cmd_start\x00', r3}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x26e1, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x41}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_DELETE_ELEM(0x2, 0x0, 0x0) bpf$MAP_DELETE_ELEM(0x15, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8924, &(0x7f0000000000)={'vlan0\x00', 0x1}) 31.984544664s ago: executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) write$cgroup_pid(r0, &(0x7f0000000000), 0x2a979d) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendfile(r1, r0, 0x0, 0x3042) 31.785034811s ago: executing program 3: bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{}, 0x0, 0x0}, 0x20) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000001400000000000000001801000020786c2500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000005000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='jbd2_handle_stats\x00', r0}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0x40010) 31.619129413s ago: executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000140), 0x4) getsockopt$bt_hci(r1, 0x11a, 0x2, 0x0, &(0x7f00000004c0)=0x4) bind$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0xff, @none, 0x7, 0x2}, 0xe) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.events\x00', 0x7a05, 0x1700) r2 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000d0dcf36a8574fe8ce31000000001a000002000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x55, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r7, 0x6, 0x13, &(0x7f0000000080)=0x1, 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r7, 0x6, 0x1d, &(0x7f00000000c0), &(0x7f0000000100)=0x14) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYRESHEX=r5, @ANYRES16=r1], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffde7, 0x0, 0x0, 0x0}, 0x90) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000280)={'ip6erspan0\x00', {0x2, 0x4e24, @local}}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000100)={0x20000014}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xf, &(0x7f0000000000)=ANY=[@ANYRESHEX=r10, @ANYRES32, @ANYBLOB="0000000000000000b702000040420fffb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$AUTOFS_IOC_EXPIRE_MULTI(r9, 0x40049366, &(0x7f00000001c0)=0x2) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0xfffff001) 31.113837217s ago: executing program 4: r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@ipv6_getroute={0x24, 0x1a, 0x1, 0x0, 0x0, {0x2}, [@RTA_OIF={0x8, 0x10}]}, 0x24}}, 0x0) 31.004720311s ago: executing program 4: r0 = socket(0x40000000015, 0x5, 0x0) setsockopt$RDS_FREE_MR(r0, 0x114, 0x7, 0x0, 0x0) 30.894420372s ago: executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$FOU_CMD_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004300)={0x2c, r1, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_IPPROTO={0x5}, @FOU_ATTR_TYPE={0x5}, @FOU_ATTR_AF={0x5, 0x2, 0x2}]}, 0x2c}}, 0x0) 30.796609163s ago: executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) ioctl$sock_netrom_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0) r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @local}}, 0x24) sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000001880)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffd2d}}], 0xf000, 0x10002, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0xfecc) socket$nl_route(0x10, 0x3, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000073c0)=[{{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000780)=""/130, 0x82}, {0x0}, {&(0x7f0000000840)=""/100, 0x64}, {&(0x7f00000008c0)=""/122, 0x7a}], 0x4, &(0x7f00000009c0)=""/209, 0xd1}, 0x3}, {{&(0x7f0000004a80)=@l2tp={0x2, 0x0, @local}, 0x80, &(0x7f0000004b00), 0x0, &(0x7f0000004b40)=""/242, 0xf2}, 0xfb}, {{0x0, 0x0, &(0x7f0000004c80)=[{&(0x7f0000004c40)=""/8, 0x8}], 0x1, &(0x7f0000004cc0)=""/88, 0x58}, 0x5}, {{&(0x7f0000004d40)=@x25, 0x80, &(0x7f0000006040)=[{0x0}, {&(0x7f0000004f40)=""/235, 0xeb}], 0x2, &(0x7f0000006080)=""/148, 0x94}, 0x1}, {{&(0x7f0000006140)=@phonet, 0x80, &(0x7f0000006240)=[{&(0x7f00000061c0)=""/88, 0x58}], 0x1}, 0x5}, {{0x0, 0x0, &(0x7f0000006380)=[{&(0x7f0000006280)=""/164, 0xa4}, {&(0x7f0000006340)=""/18, 0x12}], 0x2, &(0x7f00000063c0)=""/4096, 0x1000}, 0x2}], 0x6, 0x40010021, &(0x7f0000007600)={0x0, 0x989680}) socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001f80), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_RESET_STATS(r1, &(0x7f0000002200)={0x0, 0x0, &(0x7f00000021c0)={&(0x7f0000000240)={0x50, r2, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x3c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x0, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, 0x0, 0x4000084) socket$nl_route(0x10, 0x3, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, &(0x7f0000007880)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000007840)={&(0x7f0000007780)={0xa0, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller0\x00'}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="5400000010000104000000000200000000000000", @ANYRES32=r5, @ANYBLOB="000000000000000034001280110001006272696467655f736c617665000000001c000580050021000000000006001f0000000000080022"], 0x54}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REQ_SET_REG(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="050100000000000000001b00000008009a00020045"], 0x1c}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x5, 0x0, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x90) socket$packet(0x11, 0x3, 0x300) 30.013963532s ago: executing program 3: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5}, @IFLA_BR_MCAST_QUERY_USE_IFADDR={0x5}]}}}]}, 0x44}}, 0x0) r0 = socket$inet6(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @empty}, 0x10) sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) 3.279545568s ago: executing program 0: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000480)=0x5, 0x4) r1 = socket$kcm(0x2, 0xa, 0x2) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x5, &(0x7f0000001080)=ANY=[@ANYBLOB="180000000000000000000000000000ca85000000ae000000850000005000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='block_plug\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) r6 = socket(0x2, 0x80805, 0x0) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r6, 0x84, 0x14, &(0x7f0000000280)={r5}, 0x8) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f0000000280)={r5, 0x2}, &(0x7f0000000700)=0x8) write$cgroup_int(r4, &(0x7f0000000200), 0x43400) getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, &(0x7f0000000740)) socket$kcm(0x10, 0x3, 0x10) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000600)=ANY=[@ANYBLOB="18020000000000000000000000000000850000001700000085000000a00000009500000000000000d2200ad6b98ddccd32abd94d80141ec18e1e67d480cee8d5062addb221660810b65876f6bf4fac964ae278cae4e4ab62e300b2012f02697db3de09ccfb2bc49a4530bb913320229d99784d52a0bfe90aa2873657d4db0633a0f73154bfe4f65509e5e861e0610136f7e3de3154622f8afe492664d01fa5be08a6ead82cdd2b627bed5478c61ef16913dce3cddf2c7435c4482aeda9912817d0"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180800000300000000000000000000009500000000000000"], &(0x7f0000000780)='syzkaller\x00', 0x4, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r7, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) syz_genetlink_get_family_id$batadv(&(0x7f0000000280), 0xffffffffffffffff) socket$l2tp(0x2, 0x2, 0x73) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000007110000000000000950308d634a7f1c1dfa7946832cc00000700000000785e38ddc84afc57665d426001d963feb9ccc958d88855d07ff86edf8bd33b8bfea22c2a48c4a91c05714e73b606b59d97d9bc57bbad06d78e93476af6d8809031ec2b70a8ad57d5cd244bd3adcc734bee8b9f26dfc8efd32e990b448cfca734ddd0bf2551664a3b397bc119ad89db7389cd10db9cacca83ccfc2798ece326fcd46dbceb6e1973676eab9ceaac30f27b69c2bd3fa6dec98f42d2713e5e8ab737cea0cf4b5554859135ad64841c29a181b8a7aaddd07162ea6a6858568ec4ef3715548f0dcfa6b5d437529f63c242aacd5052f121f4ec72a942803fb4232ccb8f4919910c37f258466da7558d14ca2cc78fb7e89cd05fd1eab6b8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x22}, 0x90) socket(0x10, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) ioctl$FS_IOC_GETFSMAP(r8, 0xc0c0583b, &(0x7f0000000d40)={0x0, 0x2904c, 0xc, 0x10003, '\x00', [{0x801, 0x0, 0x0, 0x0, 0x0, 0x20000000}, {0xffffffff}]}) 3.214469591s ago: executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000000)=0x40, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x1000000, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="f1ff2dbd7000fddbdf250e00000008003900360c006008000300", @ANYRES32], 0x24}, 0x1, 0x14}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000004c0)={'batadv_slave_1\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000d00)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8}]}}]}, 0x38}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000006c0)={'sit0\x00', &(0x7f0000000540)={'syztnl2\x00', 0x0, 0x8, 0x20, 0x0, 0x3c1, {{0x31, 0x4, 0x3, 0x1, 0xc4, 0x66, 0x0, 0x6f, 0x4, 0x0, @rand_addr=0x64010102, @multicast2, {[@noop, @timestamp_addr={0x44, 0x2c, 0xb9, 0x1, 0x6, [{@empty, 0x4}, {@loopback, 0x9}, {@loopback, 0x1}, {@multicast1, 0x4}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x6}]}, @cipso={0x86, 0x61, 0x1, [{0x7, 0xe, "91329eee5be51362967cb0b2"}, {0x0, 0x9, "644313a8096cc0"}, {0x0, 0xb, "782a0d4063b18ee1f2"}, {0x0, 0x5, '.F&'}, {0x7, 0x9, "0f1e5970536334"}, {0x5, 0xe, "bd514de1d3d8a73bed46393d"}, {0x2, 0xb, "4f73337ec2331f8539"}, {0x7, 0x12, "4261dfce5c874d10c19b4d5c1eb35d8e"}]}, @rr={0x7, 0x17, 0xcb, [@broadcast, @remote, @broadcast, @broadcast, @multicast1]}, @rr={0x7, 0xb, 0x63, [@private=0xa010100, @remote]}]}}}}}) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x1, 0x803, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r8, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000780)={'syztnl1\x00', &(0x7f0000000700)={'ip6gre0\x00', 0x0, 0x29, 0x0, 0x8, 0x1, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x37}, 0x14e, 0x40, 0x4, 0x101}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000840)={'ip6gre0\x00', &(0x7f00000007c0)={'syztnl2\x00', 0x0, 0x29, 0x6, 0x40, 0x10001, 0x1, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7, 0x8000, 0xfff, 0xffff}}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000880)={'team0\x00', 0x0}) r12 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) r14 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb4, 0x7f}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000002c0)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r14}, @generic={0x66}, @initr0, @exit, @alu={0x5, 0x0, 0xa, 0xa}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0xee, &(0x7f0000000340)=""/238}, 0x80) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x9, &(0x7f0000000140)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r14}}, @call={0x85, 0x0, 0x0, 0xb5}, @exit, @map_fd={0x18, 0x6}], &(0x7f0000000040)='syzkaller\x00', 0x100, 0x80, &(0x7f00000001c0)=""/128, 0x41100, 0x6, '\x00', r13, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x5, 0x1}, 0x8, 0x10, &(0x7f00000002c0)={0x3, 0x8, 0xffff0001, 0x3}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0x90) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000008c0)={'ipvlan1\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000a00)={'tunl0\x00', &(0x7f0000000940)={'syztnl2\x00', 0x0, 0x8, 0x1, 0x5, 0x2, {{0x1b, 0x4, 0x0, 0x9, 0x6c, 0x64, 0x0, 0x0, 0x4, 0x0, @rand_addr=0x64010101, @empty, {[@timestamp={0x44, 0x8, 0x22, 0x0, 0x6, [0x2]}, @lsrr={0x83, 0x1f, 0xd0, [@dev={0xac, 0x14, 0x14, 0x1d}, @rand_addr=0x64010101, @remote, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, @dev={0xac, 0x14, 0x14, 0x32}]}, @timestamp_addr={0x44, 0x2c, 0x29, 0x1, 0x4, [{@local, 0xe7c}, {@multicast2, 0x10000}, {@loopback, 0x3}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4}, {@initdev={0xac, 0x1e, 0x5, 0x0}, 0xc2}]}, @generic={0x86, 0x2}]}}}}}) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000001400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000013c0)={&(0x7f0000000ac0)={0x8d4, 0x0, 0x2, 0x70bd2a, 0x25dfdbfd, {}, [{{0x8}, {0x138, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x84, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xc9b9}}, {0x8}}}]}}, {{0x8}, {0x234, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xc900}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x200}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7ff}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x100}}, {0x8}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x1, 0x4, 0x95, 0x328}, {0x101, 0x1f, 0x3, 0x200}]}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}]}}, {{0x8}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x174, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8f27}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xa9}}, {0x8, 0x6, r1}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x1bb9}}, {0x8, 0x6, r4}}}]}}, {{0x8}, {0x1b4, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x800}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r9}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xff}}, {0x8, 0x6, r10}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x5afa}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r11}}}]}}, {{0x8, 0x1, r13}, {0x130, 0x2, 0x0, 0x1, [{0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8, 0x6, r15}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x40000}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r16}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}]}, 0x8d4}, 0x1, 0x0, 0x0, 0x20000080}, 0x20008002) sendmmsg$inet(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000640)="0036d551863e1902129da79f5986e05288f50e5398660c1a29b0f45c0cc36902e0251c8d34197b357b32b161f9ad72d55a0eab976aae24ed805271b43f0ce2fea5e764494873e0d82a172b3bb54f59b458fd35039c7d81e9ab07f2fb4dad61bd500a119b54c74a12e4569e47b69a95f92c6380", 0x73}, {0x0}], 0x2}}], 0x1, 0x0) 1.965601556s ago: executing program 2: r0 = socket(0x18, 0x0, 0x2) getsockname$packet(r0, 0x0, &(0x7f0000000300)) 754.95866ms ago: executing program 4: r0 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) syz_emit_ethernet(0xa4, &(0x7f0000000540)={@empty, @broadcast, @void, {@mpls_mc={0x8848, {[{0x101, 0x0, 0x1}, {0xe24, 0x0, 0x1}], @generic="41abd28420e089874ff37da6705fbe1d00a81b806a9b9cef09aa3c2fc5134d1e3185e3f610be33c1260b0f5fa7c40ce0ff2377be2778beab828dc5f73f85faed99368f2344546f1e9fa66b7bc3da27b3a995b6a5ed1dd9078d997e6a1bf3579f78c4bc6543583ee70087370bc2d6c0fe67c0efc52e8b35688c2a8b902c3ee64821df41fe2b2bd83af9bd0099b4cd"}}}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0) bpf$MAP_CREATE(0x12, &(0x7f00000003c0), 0x48) socket$nl_generic(0x10, 0x3, 0x10) getsockopt$sock_cred(r0, 0x1, 0x23, 0x0, &(0x7f0000001dc0)) 0s ago: executing program 3: bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0}, 0x90) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='block_plug\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000e40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3576], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r3}, 0x10) socketpair(0xb, 0xa, 0x1, &(0x7f00000003c0)={0xffffffffffffffff}) setsockopt$bt_BT_FLUSHABLE(r4, 0x112, 0x8, &(0x7f0000000400)=0x2, 0x4) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv6_newnexthop={0x24, 0x68, 0xa898cf170ab9f9b9, 0x0, 0x0, {}, [@NHA_ID={0x8, 0x1, 0x2}, @NHA_FDB={0x4}]}, 0x24}}, 0x0) r5 = ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x30, 0x0, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@GTPA_NET_NS_FD={0x8, 0x7, r5}, @GTPA_O_TEI={0x8, 0x9, 0x2}, @GTPA_TID={0xc}]}, 0x30}, 0x1, 0x0, 0x0, 0x40090}, 0x8004) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r6, &(0x7f0000000200), 0x43400) kernel console output (not intermixed with test programs): s leftover after parsing attributes in process `syz-executor.1'. [ 103.653141][ T6632] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 103.776270][ T6636] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 103.799750][ T6636] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 103.848059][ T11] bridge_slave_1: left allmulticast mode [ 103.853747][ T11] bridge_slave_1: left promiscuous mode [ 103.878018][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.915775][ T11] bridge_slave_0: left allmulticast mode [ 103.925352][ T11] bridge_slave_0: left promiscuous mode [ 103.954063][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.245967][ T6665] xt_connbytes: Forcing CT accounting to be enabled [ 104.254186][ T6665] xt_CT: You must specify a L4 protocol and not use inversions on it [ 104.460392][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 104.473849][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 104.486913][ T11] bond0 (unregistering): Released all slaves [ 104.871293][ T6690] dummy0: entered promiscuous mode [ 104.882998][ T6690] macsec1: entered promiscuous mode [ 104.890185][ T6690] macsec1: entered allmulticast mode [ 104.895645][ T6690] dummy0: entered allmulticast mode [ 104.954848][ T6695] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'. [ 105.011108][ T6698] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 105.021937][ T11] hsr_slave_0: left promiscuous mode [ 105.045564][ T11] hsr_slave_1: left promiscuous mode [ 105.079951][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 105.096560][ T6702] xt_connbytes: Forcing CT accounting to be enabled [ 105.103534][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 105.114269][ T6702] xt_CT: You must specify a L4 protocol and not use inversions on it [ 105.133824][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 105.155243][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 105.202381][ T11] veth1_macvtap: left promiscuous mode [ 105.208161][ T11] veth0_macvtap: left promiscuous mode [ 105.214276][ T11] veth1_vlan: left promiscuous mode [ 105.220123][ T11] veth0_vlan: left promiscuous mode [ 105.353157][ T5126] Bluetooth: hci1: command tx timeout [ 105.848746][ T11] team0 (unregistering): Port device team_slave_1 removed [ 105.886987][ T11] team0 (unregistering): Port device team_slave_0 removed [ 106.219234][ T6704] hsr0: entered promiscuous mode [ 106.226490][ T6707] hsr_slave_0: left promiscuous mode [ 106.233348][ T6707] hsr_slave_1: left promiscuous mode [ 106.287097][ T6718] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.1'. [ 106.457430][ T6737] A link change request failed with some changes committed already. Interface veth1_to_batadv may have been left with an inconsistent configuration, please check. [ 106.633488][ T6527] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 106.663599][ T6527] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 106.684019][ T6745] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 106.703350][ T6527] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 106.735422][ T6749] openvswitch: netlink: Key type 29 is not supported [ 106.744579][ T6527] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 106.971350][ T6755] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 107.032249][ T6755] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 107.064011][ T6752] 8021q: adding VLAN 0 to HW filter on device bond1 [ 107.353435][ T6752] bond1 (unregistering): (slave batadv1): Releasing backup interface [ 107.390554][ T6752] bond1 (unregistering): Released all slaves [ 107.438017][ T5126] Bluetooth: hci1: command tx timeout [ 107.551390][ T6527] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.607534][ T6527] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.635644][ T5163] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.642873][ T5163] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.693462][ T5207] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.700666][ T5207] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.030127][ T6789] nftables ruleset with unbound chain [ 108.198197][ T6527] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.322951][ T6527] veth0_vlan: entered promiscuous mode [ 108.341822][ T6527] veth1_vlan: entered promiscuous mode [ 108.354978][ T6803] __nla_validate_parse: 3 callbacks suppressed [ 108.355002][ T6803] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 108.462789][ T6807] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 108.473043][ T6807] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 108.521031][ T6527] veth0_macvtap: entered promiscuous mode [ 108.534175][ T6527] veth1_macvtap: entered promiscuous mode [ 108.555058][ T6527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 108.566146][ T6527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.576159][ T6527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 108.586856][ T6527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.596933][ T6527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 108.622288][ T6527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.640208][ T6527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 108.663332][ T6527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.689585][ T6527] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.704456][ T6803] 8021q: adding VLAN 0 to HW filter on device bond1 [ 108.972108][ T6818] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 109.068854][ T6807] bond1 (unregistering): (slave batadv1): Releasing backup interface [ 109.105848][ T6807] bond1 (unregistering): Released all slaves [ 109.154731][ T6527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 109.179923][ T6527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.190261][ T6527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 109.200999][ T6527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.212140][ T6527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 109.222929][ T6527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.233209][ T6527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 109.244009][ T6527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.258560][ T6527] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.302447][ T6821] vlan2: entered promiscuous mode [ 109.312688][ T6821] xfrm0: entered promiscuous mode [ 109.328753][ T6821] team0: Port device vlan2 added [ 109.342824][ T6527] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.387894][ T6527] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.417897][ T6527] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.427633][ T6527] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.519062][ T5126] Bluetooth: hci1: command tx timeout [ 109.582811][ T6832] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 109.623451][ T6832] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address. [ 109.652264][ T6832] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (1) [ 109.777888][ T1099] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.788318][ T1099] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.811181][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.827117][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.939939][ T6848] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 110.229510][ T6859] netlink: 244 bytes leftover after parsing attributes in process `syz-executor.3'. [ 111.026110][ T6897] Bluetooth: MGMT ver 1.22 [ 111.041604][ T6897] netlink: 'syz-executor.1': attribute type 14 has an invalid length. [ 111.052130][ T6899] Cannot find add_set index 0 as target [ 111.215749][ T6906] tipc: Started in network mode [ 111.226836][ T6906] tipc: Node identity 9ca6, cluster identity 3 [ 111.234550][ T6906] tipc: Node number set to 40102 [ 111.240931][ T6908] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 111.345015][ T6908] bond1: (slave bridge1): Enslaving as a backup interface with an up link [ 111.378697][ T6908] bridge0: port 3(bond1) entered blocking state [ 111.385216][ T6908] bridge0: port 3(bond1) entered disabled state [ 111.408473][ T6908] bond1: entered allmulticast mode [ 111.413636][ T6908] bridge1: entered allmulticast mode [ 111.439968][ T6908] bond1: entered promiscuous mode [ 111.445146][ T6908] bridge1: entered promiscuous mode [ 112.056498][ T6932] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 112.165247][ T6937] tipc: Started in network mode [ 112.189303][ T6937] tipc: Node identity 9ca6, cluster identity 3 [ 112.217993][ T6937] tipc: Node number set to 40102 [ 112.244862][ T6940] vlan2: entered promiscuous mode [ 112.265074][ T6940] xfrm0: entered promiscuous mode [ 112.293341][ T6940] team0: Port device vlan2 added [ 112.454754][ T6946] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 112.810098][ T6969] netlink: 'syz-executor.1': attribute type 5 has an invalid length. [ 112.831336][ T6972] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 112.975595][ T6976] sch_tbf: burst 0 is lower than device veth1_to_bridge mtu (1514) ! [ 113.086564][ T6980] netlink: 360 bytes leftover after parsing attributes in process `syz-executor.0'. [ 113.152939][ T6986] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 113.234336][ T6988] bond1: (slave bridge1): Enslaving as a backup interface with an up link [ 113.363444][ T6986] bridge0: port 3(bond1) entered blocking state [ 113.370801][ T6986] bridge0: port 3(bond1) entered disabled state [ 113.377263][ T6986] bond1: entered allmulticast mode [ 113.384291][ T6986] bridge1: entered allmulticast mode [ 113.391697][ T6986] bond1: entered promiscuous mode [ 113.396760][ T6986] bridge1: entered promiscuous mode [ 113.653479][ T7004] batadv0: entered promiscuous mode [ 113.679828][ T7004] batadv_slave_0: entered promiscuous mode [ 113.685869][ T7004] batadv_slave_0: left promiscuous mode [ 113.716174][ T7004] batadv0: left promiscuous mode [ 113.724458][ T7011] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 113.753116][ T7011] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 114.181236][ T7042] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 114.197233][ T7042] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 114.330546][ T7052] batadv0: entered promiscuous mode [ 114.378544][ T7052] batadv_slave_0: entered promiscuous mode [ 114.384612][ T7052] batadv_slave_0: left promiscuous mode [ 114.394686][ T7052] batadv0: left promiscuous mode [ 114.422631][ T7061] ip6t_srh: unknown srh match flags 4001 [ 114.431277][ T7058] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 114.468100][ T7061] netlink: 'syz-executor.2': attribute type 11 has an invalid length. [ 114.627468][ T7076] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.805162][ T7076] bridge_slave_1 (unregistering): left allmulticast mode [ 114.819402][ T7076] bridge_slave_1 (unregistering): left promiscuous mode [ 114.833626][ T7076] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.859027][ T7087] netlink: 248 bytes leftover after parsing attributes in process `syz-executor.4'. [ 114.873837][ T7087] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 115.112682][ T7100] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 115.142214][ T7100] netlink: 'syz-executor.1': attribute type 11 has an invalid length. [ 115.164745][ T7100] netlink: 'syz-executor.1': attribute type 14 has an invalid length. [ 115.214849][ T7100] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 115.224117][ T7100] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 115.232941][ T7100] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 115.241900][ T7100] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 115.270140][ T7100] vxlan0: entered promiscuous mode [ 115.661170][ T7119] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 116.106044][ T5122] syz-executor.3 (5122) used greatest stack depth: 18448 bytes left [ 116.155835][ T53] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 116.174990][ T53] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 116.183614][ T53] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 116.195095][ T53] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 116.204973][ T53] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 116.216872][ T53] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 116.398611][ T7153] tipc: New replicast peer: 0.0.0.0 [ 116.405718][ T7153] tipc: Enabled bearer , priority 10 [ 116.732331][ T7138] chnl_net:caif_netlink_parms(): no params data found [ 116.858520][ T7186] netlink: 360 bytes leftover after parsing attributes in process `syz-executor.0'. [ 116.967312][ T7138] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.994533][ T7138] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.037178][ T7138] bridge_slave_0: entered allmulticast mode [ 117.061817][ T7138] bridge_slave_0: entered promiscuous mode [ 117.080339][ T7138] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.087566][ T7138] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.116052][ T7138] bridge_slave_1: entered allmulticast mode [ 117.131336][ T7138] bridge_slave_1: entered promiscuous mode [ 117.242370][ T7138] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 117.244484][ T7212] dccp_invalid_packet: P.Data Offset(63) too large [ 117.272548][ T7138] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 117.384723][ T7138] team0: Port device team_slave_0 added [ 117.405235][ T7138] team0: Port device team_slave_1 added [ 117.469343][ T7138] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 117.476624][ T7138] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.503221][ T7138] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 117.519981][ T7138] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 117.537830][ T7138] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.571586][ T7138] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 117.659714][ T7229] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 117.794139][ T7138] hsr_slave_0: entered promiscuous mode [ 117.829829][ T7138] hsr_slave_1: entered promiscuous mode [ 118.199669][ T7259] netlink: 'syz-executor.1': attribute type 10 has an invalid length. [ 118.244211][ T7259] team0: Device veth1_vlan failed to register rx_handler [ 118.305645][ T7264] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 118.313706][ T53] Bluetooth: hci3: command tx timeout [ 118.314618][ T7264] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 118.329036][ T7264] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 118.337816][ T7264] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 118.347364][ T7264] vxlan0: entered promiscuous mode [ 118.405009][ T7138] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.496419][ T7138] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.581215][ T7138] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.677481][ T7138] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.809744][ T7138] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 118.819851][ T7138] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 118.830810][ T7138] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 118.842479][ T7138] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 118.935172][ T7138] 8021q: adding VLAN 0 to HW filter on device bond0 [ 118.965757][ T7138] 8021q: adding VLAN 0 to HW filter on device team0 [ 118.983938][ T5163] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.991730][ T5163] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.011538][ T5163] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.018780][ T5163] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.115273][ T7138] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 119.140262][ T7138] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 119.393069][ T7285] __nla_validate_parse: 5 callbacks suppressed [ 119.393088][ T7285] netlink: 80 bytes leftover after parsing attributes in process `syz-executor.4'. [ 119.551247][ T7138] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 119.711299][ T7301] netlink: 209840 bytes leftover after parsing attributes in process `syz-executor.0'. [ 119.721491][ T7138] veth0_vlan: entered promiscuous mode [ 119.743140][ T7138] veth1_vlan: entered promiscuous mode [ 119.851119][ T7138] veth0_macvtap: entered promiscuous mode [ 119.891938][ T7138] veth1_macvtap: entered promiscuous mode [ 119.945474][ T7138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 119.964757][ T7315] xt_socket: unknown flags 0x8 [ 119.970980][ T7138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.005502][ T7138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 120.030963][ T7138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.053999][ T7138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 120.077181][ T7138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.108734][ T7138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 120.141429][ T7138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.164908][ T7138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 120.190090][ T7138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.213141][ T7138] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 120.249079][ T7314] bond0: entered promiscuous mode [ 120.255709][ T7314] bond_slave_0: entered promiscuous mode [ 120.274785][ T7314] bond_slave_1: entered promiscuous mode [ 120.359537][ T7138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 120.398631][ T5126] Bluetooth: hci3: command tx timeout [ 120.402163][ T7138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.414222][ T7138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 120.428424][ T7138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.444447][ T7138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 120.465167][ T7138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.472192][ T7333] Bluetooth: MGMT ver 1.22 [ 120.477959][ T7138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 120.490596][ T7138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.501710][ T7138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 120.512555][ T7333] Bluetooth: hci3: unsupported parameter 65535 [ 120.512588][ T7333] Bluetooth: hci3: unsupported parameter 65535 [ 120.555663][ T7138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.576959][ T7138] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 120.649449][ T7138] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.667971][ T7138] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.688892][ T7138] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.703438][ T7138] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.939347][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.947569][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.055881][ T1099] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.095662][ T1099] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.200912][ T7374] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 121.582220][ T7395] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.0'. [ 121.603183][ T7396] netlink: 209840 bytes leftover after parsing attributes in process `syz-executor.2'. [ 121.802808][ T7406] bond0: entered promiscuous mode [ 121.825576][ T7406] bond_slave_0: entered promiscuous mode [ 121.849178][ T7406] bond_slave_1: entered promiscuous mode [ 122.392743][ T7442] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 122.413107][ T7442] netlink: 616 bytes leftover after parsing attributes in process `syz-executor.1'. [ 122.468025][ T5126] Bluetooth: hci3: command tx timeout [ 123.276800][ T7495] netlink: 9404 bytes leftover after parsing attributes in process `syz-executor.3'. [ 123.482739][ T7508] netlink: 'syz-executor.4': attribute type 10 has an invalid length. [ 123.562211][ T7508] team0: Device veth1_vlan failed to register rx_handler [ 123.580344][ T7511] xt_l2tp: v2 sid > 0xffff: 16777216 [ 123.643790][ T7516] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 123.709063][ T7512] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.745006][ T7512] bridge_slave_1: left promiscuous mode [ 123.756649][ T7512] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.781469][ T7518] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 123.781907][ T7512] bridge2: port 1(bridge_slave_1) entered blocking state [ 123.798523][ T7512] bridge2: port 1(bridge_slave_1) entered disabled state [ 123.807436][ T7512] bridge_slave_1: entered promiscuous mode [ 123.818565][ T7515] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 123.828852][ T7523] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.3'. [ 123.844156][ T7515] ip6gretap0: entered promiscuous mode [ 124.149115][ T7536] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 124.157230][ T7536] netlink: 'syz-executor.0': attribute type 8 has an invalid length. [ 124.167432][ T7536] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 124.184437][ T7536] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.548054][ T5126] Bluetooth: hci3: command tx timeout [ 124.602335][ T7550] syzkaller0: entered promiscuous mode [ 124.608147][ T7550] syzkaller0: entered allmulticast mode [ 124.718303][ T7564] __nla_validate_parse: 3 callbacks suppressed [ 124.718324][ T7564] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 124.753746][ T7568] netlink: 184 bytes leftover after parsing attributes in process `syz-executor.3'. [ 126.233213][ T7581] netlink: 256 bytes leftover after parsing attributes in process `syz-executor.0'. [ 126.426385][ T7599] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 126.487921][ T7594] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 126.521949][ T7599] bridge_slave_1: entered allmulticast mode [ 126.548447][ T7599] bridge1: port 1(bridge_slave_1) entered blocking state [ 126.585675][ T7599] bridge1: port 1(bridge_slave_1) entered disabled state [ 126.610494][ T7599] bridge_slave_1: entered promiscuous mode [ 126.769681][ T7616] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.3'. [ 126.974863][ T7632] netlink: 184 bytes leftover after parsing attributes in process `syz-executor.1'. [ 127.458434][ T7647] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 127.622595][ T7669] xt_hashlimit: max too large, truncated to 1048576 [ 127.627738][ T7668] netlink: 'syz-executor.2': attribute type 10 has an invalid length. [ 127.693880][ T7668] team0: Device veth1_vlan failed to register rx_handler [ 128.080863][ T7697] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 128.128492][ T7697] bridge_slave_1: left promiscuous mode [ 128.134314][ T7697] bridge2: port 1(bridge_slave_1) entered disabled state [ 128.145799][ T7697] bridge3: port 1(bridge_slave_1) entered blocking state [ 128.155063][ T7697] bridge3: port 1(bridge_slave_1) entered disabled state [ 128.164469][ T7697] bridge_slave_1: entered promiscuous mode [ 128.502325][ T7718] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 128.708812][ T7725] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 129.176393][ T7758] Bluetooth: hci3: unsupported parameter 64512 [ 129.185080][ T7758] Bluetooth: hci3: invalid length 0, exp 2 for type 1 [ 129.295964][ T7763] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 129.700347][ T7788] dccp_invalid_packet: P.Data Offset(0) too small [ 129.726134][ T7789] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 129.816054][ T7791] trusted_key: syz-executor.4 sent an empty control message without MSG_MORE. [ 129.913967][ T7797] syz_tun: entered promiscuous mode [ 129.936017][ T7797] macsec1: entered promiscuous mode [ 129.947247][ T7797] syz_tun: left promiscuous mode [ 130.250023][ T7817] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 130.389566][ T7823] Bluetooth: hci3: unsupported parameter 64512 [ 130.397849][ T7823] Bluetooth: hci3: invalid length 0, exp 2 for type 1 [ 130.749975][ T7852] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 130.805896][ T7856] netlink: 'syz-executor.3': attribute type 33 has an invalid length. [ 131.030614][ T7870] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 131.044481][ T7871] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.0'. [ 131.160090][ T7870] bond2 (unregistering): Released all slaves [ 131.206222][ T7875] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 131.451044][ T7892] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 131.476608][ T7892] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 132.536180][ T7906] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.3'. [ 133.194921][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.595181][ T7897] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.4'. [ 133.979312][ T7940] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 134.359084][ T7950] netlink: 'syz-executor.2': attribute type 9 has an invalid length. [ 134.384623][ T7950] netlink: 'syz-executor.2': attribute type 7 has an invalid length. [ 134.407954][ T7950] netlink: 'syz-executor.2': attribute type 8 has an invalid length. [ 134.788415][ T7971] netlink: 'syz-executor.1': attribute type 30 has an invalid length. [ 134.985979][ T7982] tipc: Enabling of bearer rejected, failed to enable media [ 135.310959][ T8002] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 135.392689][ T8007] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 135.404020][ T8007] (unnamed net_device) (uninitialized): option ad_actor_system: mode dependency failed, not supported in mode balance-rr(0) [ 135.436669][ T8002] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 135.473590][ T8002] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 135.980298][ T8039] netlink: 209840 bytes leftover after parsing attributes in process `syz-executor.0'. [ 136.078173][ T8047] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 136.213124][ T8047] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 136.245368][ T8047] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 137.053165][ T8072] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.1'. [ 137.666390][ T8133] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 137.687685][ T8133] (unnamed net_device) (uninitialized): option ad_actor_system: mode dependency failed, not supported in mode balance-rr(0) [ 137.705779][ T8135] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 138.044263][ T8153] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 138.089866][ T8151] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 138.420385][ T8173] Bluetooth: hci3: invalid length 0, exp 2 for type 10 [ 138.669819][ T8187] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 139.597912][ T8226] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 139.938850][ T8239] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 140.154663][ T8254] ip6gretap0: entered promiscuous mode [ 140.189177][ T8256] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.4'. [ 140.225695][ T8254] batadv_slave_0: entered promiscuous mode [ 143.444947][ T8350] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 145.717810][ T8405] openvswitch: netlink: Missing key (keys=40, expected=100) [ 146.079559][ T8429] wg1: entered promiscuous mode [ 146.229637][ T8438] openvswitch: netlink: Missing key (keys=40, expected=100) [ 146.258888][ T8440] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 146.328516][ T8440] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 146.362887][ T8440] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.4'. [ 146.420169][ T8440] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 146.426871][ T8443] netlink: 'syz-executor.1': attribute type 28 has an invalid length. [ 146.448617][ T8440] netlink: 224 bytes leftover after parsing attributes in process `syz-executor.4'. [ 146.450307][ T8443] netlink: 160 bytes leftover after parsing attributes in process `syz-executor.1'. [ 146.492886][ T8454] delete_channel: no stack [ 146.497971][ T8440] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 146.670209][ T8466] xt_TCPMSS: Only works on TCP SYN packets [ 146.698965][ T8466] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 147.030715][ T8488] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 147.053048][ T5210] IPVS: starting estimator thread 0... [ 147.054874][ T8491] delete_channel: no stack [ 147.158632][ T8492] IPVS: using max 21 ests per chain, 50400 per kthread [ 147.463668][ T8513] netlink: 21 bytes leftover after parsing attributes in process `syz-executor.0'. [ 147.516917][ T8513] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 147.597751][ T5210] IPVS: starting estimator thread 0... [ 147.677509][ T8528] x_tables: duplicate underflow at hook 3 [ 147.707950][ T8521] IPVS: using max 19 ests per chain, 45600 per kthread [ 148.410462][ T8567] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 148.437440][ T8567] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 148.473325][ T8567] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 148.489388][ T8567] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 148.508081][ T8573] xt_TCPMSS: Only works on TCP SYN packets [ 148.522650][ T8573] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 148.571075][ T8577] x_tables: duplicate underflow at hook 3 [ 148.787442][ T8586] netlink: 21 bytes leftover after parsing attributes in process `syz-executor.3'. [ 149.000282][ T8590] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 149.837811][ T29] audit: type=1800 audit(1718884419.279:13): pid=8608 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="memory.events" dev="sda1" ino=1951 res=0 errno=0 [ 149.897205][ T29] audit: type=1804 audit(1718884419.319:14): pid=8608 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir1233750071/syzkaller.Q2eCEL/286/memory.events" dev="sda1" ino=1951 res=1 errno=0 [ 149.913073][ T8613] xt_TCPMSS: Only works on TCP SYN packets [ 149.999448][ T8613] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 150.276435][ T8634] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 150.876189][ T8676] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 151.208628][ T8695] xt_policy: input policy not valid in POSTROUTING and OUTPUT [ 151.341445][ T8696] netlink: 'syz-executor.4': attribute type 5 has an invalid length. [ 152.015990][ T8736] team0: entered promiscuous mode [ 152.042287][ T8736] team_slave_0: entered promiscuous mode [ 152.067280][ T8736] team_slave_1: entered promiscuous mode [ 152.105100][ T8736] batadv0: entered promiscuous mode [ 152.298896][ T8755] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 152.319560][ T8755] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 152.393530][ T8764] ieee802154 phy0 wpan0: encryption failed: -22 [ 152.614633][ T8777] sctp: [Deprecated]: syz-executor.3 (pid 8777) Use of int in max_burst socket option deprecated. [ 152.614633][ T8777] Use struct sctp_assoc_value instead [ 152.822625][ T8787] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'. [ 152.845901][ T8787] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'. [ 153.250553][ T8815] sctp: [Deprecated]: syz-executor.1 (pid 8815) Use of int in max_burst socket option deprecated. [ 153.250553][ T8815] Use struct sctp_assoc_value instead [ 153.499923][ T8830] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 153.577455][ T8837] tipc: Started in network mode [ 153.583797][ T8837] tipc: Node identity type_len, cluster identity 4711 [ 153.593961][ T8837] tipc: Enabling of bearer rejected, failed to enable media [ 153.636093][ T8840] openvswitch: netlink: Key 0 has unexpected len 4 expected 0 [ 153.766580][ T8847] ieee802154 phy0 wpan0: encryption failed: -22 [ 153.923913][ T8853] netlink: 256 bytes leftover after parsing attributes in process `syz-executor.2'. [ 154.007951][ T8858] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 154.624847][ T8886] netlink: 256 bytes leftover after parsing attributes in process `syz-executor.0'. [ 154.665266][ T8886] IPv6: Can't replace route, no match found [ 154.700680][ T8890] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 156.140351][ T8955] vlan1: entered promiscuous mode [ 156.226568][ T8955] vlan1 (unregistering): left promiscuous mode [ 156.288554][ T8962] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 156.379135][ T8962] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 156.727986][ T8980] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 157.331349][ T9017] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 157.342783][ T9016] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 157.590270][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.645398][ T9036] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 157.691100][ T9036] bond1: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 157.775809][ T9036] bond1: (slave vcan1): making interface the new active one [ 157.787051][ T9036] bond1: (slave vcan1): Enslaving as an active interface with an up link [ 157.798549][ T9043] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 157.818603][ T9046] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 157.882292][ T9040] bond2: (slave vcan1): The slave device specified does not support setting the MAC address [ 157.941883][ T9040] bond2: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 157.955732][ T9040] bond2: (slave vcan1): making interface the new active one [ 157.964283][ T9040] bond2: (slave vcan1): Enslaving as an active interface with an up link [ 158.064579][ T9059] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 158.108056][ T9063] ICMPv6: NA: 6a:00:08:4f:a5:3b advertised our address fe80::aa on syz_tun! [ 158.263608][ T9073] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 158.333167][ T9073] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 158.342223][ T9073] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 158.351034][ T9073] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 158.359827][ T9073] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 158.384013][ T9073] vxlan0: entered promiscuous mode [ 158.450620][ T9084] ip6gretap0: entered promiscuous mode [ 158.464996][ T9084] bridge0: entered promiscuous mode [ 158.485967][ T9084] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 158.503617][ T9084] Cannot create hsr debugfs directory [ 158.514137][ T9084] hsr1: Slave B (bridge0) is not up; please bring it up to get a fully working HSR network [ 158.572669][ T9077] __nla_validate_parse: 3 callbacks suppressed [ 158.572689][ T9077] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 158.683357][ T9099] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 158.822162][ T9105] lo speed is unknown, defaulting to 1000 [ 158.885028][ T9102] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.892263][ T9102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 158.975446][ T9105] lo speed is unknown, defaulting to 1000 [ 159.002815][ T9105] lo speed is unknown, defaulting to 1000 [ 159.693553][ T9151] vlan1: entered promiscuous mode [ 159.713887][ T9105] infiniband syz0: set active [ 159.732735][ T9105] infiniband syz0: added lo [ 159.752023][ T9105] syz0: rxe_create_cq: returned err = -12 [ 159.768833][ T9105] infiniband syz0: Couldn't create ib_mad CQ [ 159.775398][ T9105] infiniband syz0: Couldn't open port 1 [ 159.784150][ T9151] vlan1 (unregistering): left promiscuous mode [ 159.830498][ T9105] RDS/IB: syz0: added [ 159.835512][ T5210] lo speed is unknown, defaulting to 1000 [ 159.845660][ T9105] smc: adding ib device syz0 with port count 1 [ 159.858880][ T9105] smc: ib device syz0 port 1 has pnetid [ 159.867410][ T5209] lo speed is unknown, defaulting to 1000 [ 159.886233][ T9105] lo speed is unknown, defaulting to 1000 [ 159.994522][ T9159] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 160.000312][ T9161] (unnamed net_device) (uninitialized): (slave tunl0): Device is not bonding slave [ 160.018044][ T9161] (unnamed net_device) (uninitialized): option active_slave: invalid value (tunl0) [ 160.170753][ T9165] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 160.205865][ T9168] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 160.247374][ T9105] lo speed is unknown, defaulting to 1000 [ 160.300826][ T9174] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 160.640346][ T9105] lo speed is unknown, defaulting to 1000 [ 160.672968][ T9174] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 160.709492][ T9174] bond1: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 160.749630][ T9174] bond1: (slave vcan1): making interface the new active one [ 160.773027][ T9174] bond1: (slave vcan1): Enslaving as an active interface with an up link [ 160.796445][ T9191] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 161.083323][ T9105] lo speed is unknown, defaulting to 1000 [ 161.110041][ T9203] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 161.531975][ T9105] lo speed is unknown, defaulting to 1000 [ 162.103940][ T9244] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 162.141320][ T9105] lo speed is unknown, defaulting to 1000 [ 162.147917][ T9244] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 162.222910][ T9252] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 164.056652][ T9302] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 164.108838][ T9306] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 164.119049][ T9307] batadv_slave_1: entered promiscuous mode [ 164.125505][ T9306] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 164.170332][ T9304] batadv_slave_1: left promiscuous mode [ 164.209812][ T29] audit: type=1800 audit(1718884433.649:15): pid=9312 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="memory.events" dev="sda1" ino=1960 res=0 errno=0 [ 164.283276][ T29] audit: type=1804 audit(1718884433.679:16): pid=9312 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir1602816497/syzkaller.qlACZ5/307/memory.events" dev="sda1" ino=1960 res=1 errno=0 [ 164.347789][ T29] audit: type=1804 audit(1718884433.689:17): pid=9312 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir1602816497/syzkaller.qlACZ5/307/memory.events" dev="sda1" ino=1960 res=1 errno=0 [ 164.986681][ T9320] ieee802154 phy0 wpan0: encryption failed: -22 [ 165.015140][ T9360] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 165.150194][ T9368] dvmrp0: left allmulticast mode [ 166.349041][ T9403] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 166.393397][ T9403] infiniband syz0: set down [ 166.428095][ T5111] lo speed is unknown, defaulting to 1000 [ 166.434693][ T9401] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 166.465313][ T9401] infiniband syz0: set active [ 166.534859][ T5111] lo speed is unknown, defaulting to 1000 [ 166.553957][ T5209] lo speed is unknown, defaulting to 1000 [ 166.568171][ T5209] lo speed is unknown, defaulting to 1000 [ 166.666138][ T9413] netlink: 168 bytes leftover after parsing attributes in process `syz-executor.4'. [ 166.864162][ T9423] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 167.475774][ T9429] ieee802154 phy0 wpan0: encryption failed: -22 [ 167.610058][ T9459] Cannot find set identified by id 0 to match [ 167.712462][ T9459] mac80211_hwsim hwsim20 wlan1: entered promiscuous mode [ 168.045127][ T9468] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 168.357819][ T9475] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 168.367165][ T9475] netlink: 7 bytes leftover after parsing attributes in process `syz-executor.3'. [ 169.763272][ T9535] syzkaller0: entered promiscuous mode [ 169.773578][ T9535] syzkaller0: entered allmulticast mode [ 169.998709][ T9544] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.3'. [ 170.029434][ T9544] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 170.149515][ T9549] netlink: 'syz-executor.3': attribute type 30 has an invalid length. [ 170.677443][ T29] audit: type=1804 audit(1718884440.119:18): pid=9565 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir702587070/syzkaller.PytUde/315/cgroup.controllers" dev="sda1" ino=1967 res=1 errno=0 [ 172.531641][ T9546] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 172.560615][ T9550] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 173.262919][ T9611] netlink: 'syz-executor.3': attribute type 30 has an invalid length. [ 173.809733][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 173.821598][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 173.832670][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 173.840884][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 173.850384][ T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 173.859342][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 173.953969][ T9624] lo speed is unknown, defaulting to 1000 [ 174.131582][ T9636] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.3'. [ 174.160215][ T9636] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 174.735038][ T9624] chnl_net:caif_netlink_parms(): no params data found [ 174.896998][ T9674] netlink: 224 bytes leftover after parsing attributes in process `syz-executor.1'. [ 175.112763][ T9624] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.129157][ T9624] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.155344][ T9624] bridge_slave_0: entered allmulticast mode [ 175.176127][ T9624] bridge_slave_0: entered promiscuous mode [ 175.208584][ T9624] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.229003][ T9624] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.259396][ T9624] bridge_slave_1: entered allmulticast mode [ 175.275691][ T9624] bridge_slave_1: entered promiscuous mode [ 175.300191][ T9686] netlink: 576 bytes leftover after parsing attributes in process `syz-executor.3'. [ 175.451341][ T9624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 175.492804][ T9624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 175.627110][ T9624] team0: Port device team_slave_0 added [ 175.666137][ T9624] team0: Port device team_slave_1 added [ 175.683082][ T29] audit: type=1804 audit(1718884445.129:19): pid=9701 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir713031970/syzkaller.98Frpa/200/cgroup.controllers" dev="sda1" ino=1956 res=1 errno=0 [ 175.812052][ T9624] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 175.827778][ T9624] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 175.902340][ T9624] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 175.913141][ T5126] Bluetooth: hci0: command tx timeout [ 175.992602][ T9624] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 176.000359][ T9624] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.027829][ T9624] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 176.114032][ T9703] ipip0: entered promiscuous mode [ 176.318684][ T9624] hsr_slave_0: entered promiscuous mode [ 176.353081][ T9624] hsr_slave_1: entered promiscuous mode [ 176.370595][ T9624] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 176.386954][ T9624] Cannot create hsr debugfs directory [ 176.832132][ T9624] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.986475][ T9624] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.151353][ T9624] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.320532][ T9624] bond0: (slave netdevsim0): Releasing backup interface [ 177.342231][ T9624] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.423459][ T9752] Bluetooth: MGMT ver 1.22 [ 177.470648][ T9752] wg2: entered promiscuous mode [ 177.481689][ T9752] wg2: entered allmulticast mode [ 177.763443][ T9624] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 177.799721][ T9624] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 177.832979][ T9624] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 177.868185][ T9624] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 177.988615][ T5126] Bluetooth: hci0: command tx timeout [ 178.177017][ T9624] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.225723][ T9624] 8021q: adding VLAN 0 to HW filter on device team0 [ 178.260264][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.267433][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.299399][ T5207] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.306674][ T5207] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.341158][ T9793] bond0: (slave bond_slave_0): Releasing backup interface [ 178.466700][ T9624] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 178.510194][ T9624] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 178.662614][ T9806] ieee802154 phy0 wpan0: encryption failed: -22 [ 178.938388][ T9624] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.174420][ T9814] syzkaller0: entered promiscuous mode [ 179.194805][ T9814] syzkaller0: entered allmulticast mode [ 180.067928][ T5126] Bluetooth: hci0: command tx timeout [ 182.148602][ T5126] Bluetooth: hci0: command tx timeout [ 182.539047][ T9848] netlink: 'syz-executor.0': attribute type 33 has an invalid length. [ 182.690235][ T9849] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.0'. [ 182.738870][ T9849] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.0'. [ 182.775599][ T9624] veth0_vlan: entered promiscuous mode [ 182.842268][ T9624] veth1_vlan: entered promiscuous mode [ 182.956051][ T9624] veth0_macvtap: entered promiscuous mode [ 183.001549][ T9624] veth1_macvtap: entered promiscuous mode [ 183.062189][ T9624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 183.118477][ T9624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.138854][ T9624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 183.157724][ T9624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.167569][ T9624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 183.216461][ T9624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.247078][ T9624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 183.284622][ T9624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.314908][ T9624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 183.338267][ T9624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.358588][ T9624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 183.383133][ T9624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.405173][ T9624] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 183.432885][ T9624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 183.468389][ T9624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.487737][ T9624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 183.508201][ T9624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.528069][ T9624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 183.548081][ T9624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.567909][ T9624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 183.589890][ T9624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.607779][ T9624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 183.627750][ T9624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.647781][ T9624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 183.668081][ T9624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.679836][ T9624] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 183.708871][ T9624] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.737788][ T9624] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.746532][ T9624] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.774867][ T9624] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.031776][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 184.060684][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 184.137197][ T1049] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 184.159471][ T1049] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 184.259942][ T9904] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 184.460587][ T9911] pim6reg1: entered promiscuous mode [ 184.465933][ T9911] pim6reg1: entered allmulticast mode [ 184.580291][ T9918] xt_NFQUEUE: number of queues (65530) out of range (got 66566) [ 184.644604][ T9920] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 186.078451][ T9984] xt_NFQUEUE: number of total queues is 0 [ 186.107248][ T9984] Bluetooth: MGMT ver 1.22 [ 186.360406][T10002] pim6reg1: entered promiscuous mode [ 186.376673][T10002] pim6reg1: entered allmulticast mode [ 186.470697][ T5120] Bluetooth: hci0: command 0x0405 tx timeout [ 186.476565][ T5112] Bluetooth: hci2: command 0x0406 tx timeout [ 187.465724][T10045] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 187.474354][T10045] netlink: 512 bytes leftover after parsing attributes in process `syz-executor.2'. [ 187.633758][T10057] bridge: RTM_NEWNEIGH with invalid state 0x0 [ 188.170588][T10094] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 188.275917][T10096] xt_CT: No such helper "netbios-ns" [ 188.354976][T10104] syzkaller1: entered promiscuous mode [ 188.377768][T10104] syzkaller1: entered allmulticast mode [ 188.416704][T10104] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc. [ 188.435369][T10110] sctp: [Deprecated]: syz-executor.2 (pid 10110) Use of int in maxseg socket option. [ 188.435369][T10110] Use struct sctp_assoc_value instead [ 188.548276][ T5120] Bluetooth: hci0: command 0x0405 tx timeout [ 189.900476][T10191] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 190.128437][T10200] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 190.181618][T10200] netlink: 'syz-executor.0': attribute type 15 has an invalid length. [ 190.194732][T10204] netlink: 'syz-executor.2': attribute type 20 has an invalid length. [ 190.243501][T10206] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 190.373761][T10216] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 190.501835][T10224] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.4'. [ 190.714295][T10234] netlink: 'syz-executor.1': attribute type 20 has an invalid length. [ 190.771514][T10237] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 190.953593][T10247] GUP no longer grows the stack in syz-executor.3 (10247): 20006000-2000a000 (20005000) [ 190.988022][T10247] CPU: 0 PID: 10247 Comm: syz-executor.3 Not tainted 6.10.0-rc2-syzkaller-00761-g3ec8d7572a69 #0 [ 190.998664][T10247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 191.008749][T10247] Call Trace: [ 191.012047][T10247] [ 191.014996][T10247] dump_stack_lvl+0x241/0x360 [ 191.019723][T10247] ? __pfx_dump_stack_lvl+0x10/0x10 [ 191.024941][T10247] ? __pfx__printk+0x10/0x10 [ 191.029559][T10247] ? find_vma+0xf9/0x170 [ 191.033838][T10247] __get_user_pages+0x10e3/0x1590 [ 191.038901][T10247] ? __gup_longterm_locked+0x1ec9/0x2a80 [ 191.044551][T10247] ? __pfx___get_user_pages+0x10/0x10 [ 191.049931][T10247] ? __lock_acquire+0x1346/0x1fd0 [ 191.054986][T10247] __gup_longterm_locked+0x1ff6/0x2a80 [ 191.060500][T10247] ? __pfx___gup_longterm_locked+0x10/0x10 [ 191.066336][T10247] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 191.072345][T10247] ? sanity_check_pinned_pages+0x12bb/0x13c0 [ 191.078355][T10247] gup_fast_fallback+0x2732/0x2b40 [ 191.083508][T10247] ? __pfx_gup_fast_fallback+0x10/0x10 [ 191.088972][T10247] ? __pfx_validate_chain+0x10/0x10 [ 191.094180][T10247] ? unwind_get_return_address+0x91/0xc0 [ 191.099830][T10247] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.105905][T10247] ? arch_stack_walk+0x16d/0x1b0 [ 191.110864][T10247] ? __lock_acquire+0x1346/0x1fd0 [ 191.115886][T10247] ? is_valid_gup_args+0x124/0x200 [ 191.120992][T10247] pin_user_pages_fast+0xcc/0x160 [ 191.126015][T10247] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 191.131650][T10247] iov_iter_extract_pages+0x3db/0x720 [ 191.137045][T10247] bio_iov_iter_get_pages+0x541/0x1930 [ 191.142513][T10247] ? bio_associate_blkg+0x6c/0x230 [ 191.147627][T10247] ? bio_associate_blkg_from_css+0xb0c/0xc70 [ 191.153614][T10247] ? bio_associate_blkg_from_css+0xa4/0xc70 [ 191.159505][T10247] ? __pfx_bio_iov_iter_get_pages+0x10/0x10 [ 191.165402][T10247] ? bio_alloc_bioset+0x6d7/0x1130 [ 191.170515][T10247] iomap_dio_bio_iter+0xc8e/0x1670 [ 191.175648][T10247] __iomap_dio_rw+0x1295/0x2370 [ 191.180562][T10247] ? do_syscall_64+0xf3/0x230 [ 191.185264][T10247] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.191371][T10247] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 191.197366][T10247] ? __pfx___iomap_dio_rw+0x10/0x10 [ 191.202607][T10247] ? jbd2_journal_stop+0x902/0xd80 [ 191.207733][T10247] ? __pfx_jbd2_journal_stop+0x10/0x10 [ 191.213197][T10247] ? __pfx_ext4_orphan_add+0x10/0x10 [ 191.218543][T10247] iomap_dio_rw+0x46/0xa0 [ 191.222898][T10247] ext4_file_write_iter+0x15e5/0x1a10 [ 191.228294][T10247] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 191.234021][T10247] vfs_write+0xa72/0xc90 [ 191.238265][T10247] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 191.243979][T10247] ? __pfx_vfs_write+0x10/0x10 [ 191.248740][T10247] ? do_futex+0x392/0x560 [ 191.253087][T10247] ksys_write+0x1a0/0x2c0 [ 191.257418][T10247] ? __pfx_ksys_write+0x10/0x10 [ 191.262260][T10247] ? do_syscall_64+0x100/0x230 [ 191.267132][T10247] ? do_syscall_64+0xb6/0x230 [ 191.271822][T10247] do_syscall_64+0xf3/0x230 [ 191.276329][T10247] ? clear_bhb_loop+0x35/0x90 [ 191.281030][T10247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.286966][T10247] RIP: 0033:0x7f9d9e87cf29 [ 191.291569][T10247] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 191.311183][T10247] RSP: 002b:00007f9d9f67f0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 191.319742][T10247] RAX: ffffffffffffffda RBX: 00007f9d9e9b3f80 RCX: 00007f9d9e87cf29 [ 191.327793][T10247] RDX: 0000000000043400 RSI: 0000000020000200 RDI: 000000000000000b [ 191.335754][T10247] RBP: 00007f9d9e8ec074 R08: 0000000000000000 R09: 0000000000000000 [ 191.343715][T10247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 191.351698][T10247] R13: 000000000000000b R14: 00007f9d9e9b3f80 R15: 00007ffd07f65108 [ 191.359697][T10247] [ 191.532870][T10266] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 191.618197][T10267] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 191.651928][T10267] bond2: entered promiscuous mode [ 191.721131][T10272] 8021q: adding VLAN 0 to HW filter on device bond3 [ 191.730205][T10272] bond3: entered promiscuous mode [ 191.735936][T10272] bond2: (slave bond3): Enslaving as an active interface with an up link [ 191.746439][T10268] veth0_vlan: left promiscuous mode [ 191.800258][T10277] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 191.831534][T10277] netlink: 'syz-executor.0': attribute type 15 has an invalid length. [ 191.840530][T10249] delete_channel: no stack [ 191.858061][T10267] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 191.900661][T10267] bond2 (unregistering): (slave bond3): Releasing backup interface [ 191.925899][T10267] bond3: left promiscuous mode [ 191.949705][T10267] bond2 (unregistering): Released all slaves [ 192.018005][T10280] pimreg: entered allmulticast mode [ 192.042036][T10289] (unnamed net_device) (uninitialized): option miimon: invalid value (18446744071562067969) [ 192.077906][T10289] (unnamed net_device) (uninitialized): option miimon: allowed values 0 - 2147483647 [ 192.384335][T10308] netlink: 'syz-executor.3': attribute type 21 has an invalid length. [ 192.407578][T10308] IPv6: NLM_F_CREATE should be specified when creating new route [ 192.433107][T10308] IPv6: Can't replace route, no match found [ 192.547088][T10309] pim6reg: entered allmulticast mode [ 192.662654][T10324] (unnamed net_device) (uninitialized): option miimon: invalid value (18446744071562067969) [ 192.697974][T10324] (unnamed net_device) (uninitialized): option miimon: allowed values 0 - 2147483647 [ 192.747059][T10309] pim6reg: left allmulticast mode [ 193.346768][T10356] netlink: 'syz-executor.1': attribute type 20 has an invalid length. [ 193.435936][T10362] netlink: 'syz-executor.2': attribute type 21 has an invalid length. [ 193.469116][T10362] IPv6: NLM_F_CREATE should be specified when creating new route [ 193.496050][T10366] ieee802154 phy0 wpan0: encryption failed: -90 [ 193.509578][T10362] IPv6: Can't replace route, no match found [ 193.699547][T10381] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.1'. [ 193.914719][T10394] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 193.950202][T10394] netlink: 112860 bytes leftover after parsing attributes in process `syz-executor.4'. [ 193.989457][T10394] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 194.440464][T10427] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 194.636783][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.808054][ T29] audit: type=1804 audit(1718884464.249:20): pid=10439 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir713031970/syzkaller.98Frpa/283/cgroup.controllers" dev="sda1" ino=1966 res=1 errno=0 [ 194.849013][T10439] netlink: 'syz-executor.3': attribute type 11 has an invalid length. [ 195.212593][T10460] __nla_validate_parse: 5 callbacks suppressed [ 195.212610][T10460] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 195.325697][ C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 195.913371][T10498] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'. [ 196.770697][T10529] validate_nla: 1 callbacks suppressed [ 196.770716][T10529] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 196.804560][T10529] netlink: 112860 bytes leftover after parsing attributes in process `syz-executor.4'. [ 196.828473][T10529] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 197.101006][T10555] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 197.304550][T10566] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 197.326069][T10566] infiniband syz0: set down [ 197.336083][ T5111] lo speed is unknown, defaulting to 1000 [ 197.347245][T10566] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 197.361233][T10566] infiniband syz0: set active [ 197.368011][ T5111] lo speed is unknown, defaulting to 1000 [ 197.375753][ T9] lo speed is unknown, defaulting to 1000 [ 197.385013][ T9] lo speed is unknown, defaulting to 1000 [ 197.591242][T10574] Cannot find add_set index 0 as target [ 197.630501][T10574] veth0_vlan: left promiscuous mode [ 197.726886][T10573] delete_channel: no stack [ 198.297361][T10604] netlink: 256 bytes leftover after parsing attributes in process `syz-executor.1'. [ 198.916836][T10645] netlink: 'syz-executor.0': attribute type 21 has an invalid length. [ 198.975080][T10647] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 199.398600][T10674] netlink: 'syz-executor.1': attribute type 21 has an invalid length. [ 199.464864][T10676] netlink: 'syz-executor.2': attribute type 8 has an invalid length. [ 199.535848][T10678] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 199.571597][T10678] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 199.992121][T10704] netlink: 256 bytes leftover after parsing attributes in process `syz-executor.3'. [ 200.002587][T10704] unsupported nlmsg_type 40 [ 200.098661][T10702] geneve0: entered allmulticast mode [ 200.129304][T10706] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 200.493482][T10725] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 200.828809][T10744] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 201.403924][T10779] ebt_among: dst integrity fail: 100 [ 201.828440][ T53] Bluetooth: hci4: command 0x0406 tx timeout [ 201.946396][T10815] validate_nla: 1 callbacks suppressed [ 201.946414][T10815] netlink: 'syz-executor.1': attribute type 21 has an invalid length. [ 202.331693][T10838] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 202.440596][ T29] audit: type=1804 audit(1718884471.879:21): pid=10840 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir713031970/syzkaller.98Frpa/326/cgroup.controllers" dev="sda1" ino=1952 res=1 errno=0 [ 202.472678][T10836] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 202.532981][T10836] infiniband syz0: set down [ 202.558540][ T5207] lo speed is unknown, defaulting to 1000 [ 202.578846][T10836] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 202.618183][T10836] infiniband syz0: set active [ 202.622964][ T5207] lo speed is unknown, defaulting to 1000 [ 202.645253][ T5207] lo speed is unknown, defaulting to 1000 [ 202.671936][ T5207] lo speed is unknown, defaulting to 1000 [ 203.045382][T10873] netlink: 596 bytes leftover after parsing attributes in process `syz-executor.3'. [ 203.119020][ T5120] Bluetooth: hci0: command 0x0405 tx timeout [ 203.341725][T10880] pim6reg: entered allmulticast mode [ 203.380509][T10880] pim6reg: left allmulticast mode [ 203.700987][T10905] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 203.722534][T10900] pim6reg: entered allmulticast mode [ 203.753758][T10907] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 203.776187][T10900] pim6reg: left allmulticast mode [ 203.835421][T10910] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 204.342813][T10932] bridge0: port 1(vlan0) entered blocking state [ 204.356073][T10932] bridge0: port 1(vlan0) entered disabled state [ 204.368986][T10932] vlan0: entered allmulticast mode [ 204.388955][T10932] vlan0: left allmulticast mode [ 204.438250][T10936] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.0'. [ 204.454705][T10945] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 204.464286][T10945] netlink: 'syz-executor.3': attribute type 8 has an invalid length. [ 204.474299][T10945] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.3'. [ 205.009422][T10976] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 205.049185][T10976] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 205.073178][T10973] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 205.218115][T10990] pim6reg: entered allmulticast mode [ 205.283595][T10985] pim6reg: left allmulticast mode [ 205.334097][T10997] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 205.919529][T11026] netlink: 120 bytes leftover after parsing attributes in process `syz-executor.1'. [ 206.138476][T11042] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.1'. [ 206.475210][T11059] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 206.511681][T11056] netlink: 120 bytes leftover after parsing attributes in process `syz-executor.4'. [ 206.658497][ T29] audit: type=1800 audit(1718884476.109:22): pid=11074 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="memory.events" dev="sda1" ino=1962 res=0 errno=0 [ 206.716962][ T29] audit: type=1804 audit(1718884476.139:23): pid=11074 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir713031970/syzkaller.98Frpa/349/memory.events" dev="sda1" ino=1962 res=1 errno=0 [ 206.795881][ T29] audit: type=1804 audit(1718884476.149:24): pid=11074 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir713031970/syzkaller.98Frpa/349/memory.events" dev="sda1" ino=1962 res=1 errno=0 [ 206.862727][ T29] audit: type=1804 audit(1718884476.149:25): pid=11074 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir713031970/syzkaller.98Frpa/349/memory.events" dev="sda1" ino=1962 res=1 errno=0 [ 207.561188][T11122] netlink: 120 bytes leftover after parsing attributes in process `syz-executor.2'. [ 207.603927][T11136] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 207.832266][T11147] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 208.038603][T11164] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 208.176968][T11169] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 208.220674][T11169] sch_fq: defrate 2 ignored. [ 208.453666][T11187] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 208.569797][T11187] 8021q: adding VLAN 0 to HW filter on device bond1 [ 208.645896][T11187] bond0: (slave bond1): Enslaving as an active interface with an up link [ 208.859971][T11210] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 208.913814][T11219] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 209.214384][T11244] netlink: 'syz-executor.1': attribute type 11 has an invalid length. [ 209.423530][T11263] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 209.826773][T11285] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 210.419774][T11318] validate_nla: 5 callbacks suppressed [ 210.419794][T11318] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 210.690226][T11333] sctp: [Deprecated]: syz-executor.0 (pid 11333) Use of struct sctp_assoc_value in delayed_ack socket option. [ 210.690226][T11333] Use struct sctp_sack_info instead [ 210.890057][T11350] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-rr(0) [ 211.119080][T11360] __nla_validate_parse: 2 callbacks suppressed [ 211.119098][T11360] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'. [ 211.165102][T11360] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'. [ 211.217321][T11366] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 212.023263][T11401] pim6reg: entered allmulticast mode [ 212.086559][T11401] pim6reg: left allmulticast mode [ 212.286738][T11419] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 212.778154][T11449] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 212.793219][T11449] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for erspan1 [ 213.059932][T11470] netlink: 224 bytes leftover after parsing attributes in process `syz-executor.0'. [ 213.445162][T11495] netlink: 'syz-executor.2': attribute type 11 has an invalid length. [ 213.469343][T11495] netlink: 'syz-executor.2': attribute type 3 has an invalid length. [ 213.606180][T11497] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 213.627710][T11497] netlink: 'syz-executor.3': attribute type 8 has an invalid length. [ 213.652899][T11497] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.3'. [ 213.824474][T11514] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 213.852569][T11514] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for erspan1 [ 214.618841][T11566] vlan1: entered promiscuous mode [ 214.648544][T11566] macvtap0: entered promiscuous mode [ 214.660204][T11566] vlan1: entered allmulticast mode [ 214.676985][T11566] macvtap0: entered allmulticast mode [ 214.690461][T11566] veth0_macvtap: entered allmulticast mode [ 215.416406][T11611] netlink: 'syz-executor.1': attribute type 11 has an invalid length. [ 216.319353][T11677] vlan2: entered promiscuous mode [ 216.331047][T11677] macvtap0: entered promiscuous mode [ 216.339222][T11677] vlan2: entered allmulticast mode [ 216.344445][T11677] macvtap0: entered allmulticast mode [ 216.350453][T11677] veth0_macvtap: entered allmulticast mode [ 216.428790][T11683] netlink: 'syz-executor.2': attribute type 6 has an invalid length. [ 217.027421][T11719] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 217.634808][T11750] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 217.701701][ T5111] IPVS: starting estimator thread 0... [ 217.743800][T11757] xt_limit: Overflow, try lower: 16384/524288 [ 217.798684][T11755] IPVS: using max 20 ests per chain, 48000 per kthread [ 218.689046][T11807] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.1'. [ 218.714676][T11810] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 218.742247][T11810] netlink: 160 bytes leftover after parsing attributes in process `syz-executor.3'. [ 218.944707][T11817] syz-executor.4[11817] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 218.944860][T11817] syz-executor.4[11817] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 219.225447][T11829] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 219.380013][T11833] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 219.417090][T11833] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 219.439537][T11836] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 219.457337][T11833] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 219.874160][T11849] syz-executor.1[11849] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 219.874395][T11849] syz-executor.1[11849] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 220.113204][T11857] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 220.785823][T11873] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 220.804691][T11874] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 221.113953][T11884] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 221.264505][T11891] dccp_invalid_packet: P.Data Offset(144) too large [ 221.271499][T11889] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.1'. [ 221.319923][T11889] xt_CT: You must specify a L4 protocol and not use inversions on it [ 221.848906][T11901] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 222.424458][T11926] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 223.418073][T11935] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'. [ 225.267244][T12011] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.1'. [ 225.288665][T12011] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.1'. [ 225.997460][T12041] netlink: 'syz-executor.0': attribute type 8 has an invalid length. [ 226.033036][T12041] netlink: 199836 bytes leftover after parsing attributes in process `syz-executor.0'. [ 226.100730][T12049] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 226.981859][T12103] netlink: 'syz-executor.3': attribute type 63 has an invalid length. [ 227.001274][T12094] IPVS: set_ctl: invalid protocol: 44 172.20.20.187:20003 [ 227.018743][T12103] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.3'. [ 227.371127][T12130] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 227.442056][T12135] tc_dump_action: action bad kind [ 227.571237][T12143] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.1'. [ 227.581001][T12143] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 227.590561][T12143] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 227.643275][T12145] tipc: Started in network mode [ 227.649024][T12145] tipc: Node identity 4, cluster identity 4711 [ 227.666997][T12145] tipc: Node number set to 4 [ 227.673446][T12145] tipc: Cannot configure node identity twice [ 229.036625][T12220] netlink: 'syz-executor.4': attribute type 23 has an invalid length. [ 229.182531][T12230] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 229.239627][T12234] ebt_among: src integrity fail: 30a [ 229.290150][T12230] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 229.341014][T12236] IPVS: set_ctl: invalid protocol: 44 172.20.20.187:20003 [ 229.548882][T12251] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 229.590868][T12251] batman_adv: batadv0: Adding interface: ipvlan2 [ 229.609583][T12251] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 229.653660][T12251] batman_adv: batadv0: Not using interface ipvlan2 (retrying later): interface not active [ 229.932075][T12270] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 229.992541][T12270] 8021q: adding VLAN 0 to HW filter on device team1 [ 230.025076][T12278] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 230.465961][T12304] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 231.019118][T12335] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 231.052812][T12338] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.4'. [ 232.214006][T12389] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.1'. [ 232.380501][T12400] netlink: 'syz-executor.1': attribute type 23 has an invalid length. [ 232.761034][T12427] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 233.004279][T12441] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 233.021130][T12443] netlink: 'syz-executor.0': attribute type 23 has an invalid length. [ 233.470042][T12478] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 233.494249][T12479] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.1'. [ 233.517986][T12477] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 233.537921][T12479] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 233.554868][T12479] CPU: 1 PID: 12479 Comm: syz-executor.1 Not tainted 6.10.0-rc2-syzkaller-00761-g3ec8d7572a69 #0 [ 233.565413][T12479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 233.575491][T12479] Call Trace: [ 233.578795][T12479] [ 233.581743][T12479] dump_stack_lvl+0x241/0x360 [ 233.586452][T12479] ? __pfx_dump_stack_lvl+0x10/0x10 [ 233.591679][T12479] ? __pfx__printk+0x10/0x10 [ 233.596305][T12479] ? sysfs_warn_dup+0x51/0xa0 [ 233.601015][T12479] ? kmalloc_trace_noprof+0x19c/0x2c0 [ 233.606417][T12479] sysfs_warn_dup+0x8e/0xa0 [ 233.610951][T12479] sysfs_do_create_link_sd+0xbe/0x110 [ 233.616381][T12479] device_add_class_symlinks+0x1c5/0x250 [ 233.622051][T12479] device_add+0x553/0xbf0 [ 233.626421][T12479] wiphy_register+0x1d3f/0x2b30 [ 233.631328][T12479] ? __pfx_wiphy_register+0x10/0x10 [ 233.636559][T12479] ? minstrel_ht_alloc+0x72b/0x860 [ 233.641709][T12479] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 233.647791][T12479] ieee80211_register_hw+0x3098/0x3d80 [ 233.653263][T12479] ? ieee80211_register_hw+0x1161/0x3d80 [ 233.658902][T12479] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 233.664715][T12479] ? __asan_memset+0x23/0x50 [ 233.669313][T12479] ? __hrtimer_init+0x170/0x250 [ 233.674180][T12479] mac80211_hwsim_new_radio+0x2597/0x44c0 [ 233.679915][T12479] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 233.685975][T12479] ? kmalloc_node_track_caller_noprof+0x242/0x440 [ 233.692384][T12479] ? kstrndup+0x5c/0xb0 [ 233.696536][T12479] ? __asan_memcpy+0x40/0x70 [ 233.701140][T12479] hwsim_new_radio_nl+0xe4c/0x21d0 [ 233.706279][T12479] ? __pfx___nla_validate_parse+0x10/0x10 [ 233.712016][T12479] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 233.717653][T12479] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 233.724035][T12479] genl_rcv_msg+0xb14/0xec0 [ 233.728553][T12479] ? mark_lock+0x9a/0x350 [ 233.732918][T12479] ? __pfx_genl_rcv_msg+0x10/0x10 [ 233.737979][T12479] ? __pfx_lock_acquire+0x10/0x10 [ 233.743024][T12479] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 233.748603][T12479] ? __pfx___might_resched+0x10/0x10 [ 233.753910][T12479] netlink_rcv_skb+0x1e3/0x430 [ 233.758692][T12479] ? __pfx_genl_rcv_msg+0x10/0x10 [ 233.763734][T12479] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 233.769134][T12479] ? __netlink_deliver_tap+0x77e/0x7c0 [ 233.774620][T12479] genl_rcv+0x28/0x40 [ 233.778600][T12479] netlink_unicast+0x7ea/0x980 [ 233.783396][T12479] ? __pfx_netlink_unicast+0x10/0x10 [ 233.788694][T12479] ? __virt_addr_valid+0x183/0x520 [ 233.793819][T12479] ? __check_object_size+0x49c/0x900 [ 233.799102][T12479] ? bpf_lsm_netlink_send+0x9/0x10 [ 233.804241][T12479] netlink_sendmsg+0x8db/0xcb0 [ 233.809027][T12479] ? __pfx_netlink_sendmsg+0x10/0x10 [ 233.814315][T12479] ? __import_iovec+0x536/0x820 [ 233.819175][T12479] ? aa_sock_msg_perm+0x91/0x160 [ 233.824123][T12479] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 233.829421][T12479] ? security_socket_sendmsg+0x87/0xb0 [ 233.834890][T12479] ? __pfx_netlink_sendmsg+0x10/0x10 [ 233.840185][T12479] __sock_sendmsg+0x221/0x270 [ 233.844874][T12479] ____sys_sendmsg+0x525/0x7d0 [ 233.849645][T12479] ? __pfx_____sys_sendmsg+0x10/0x10 [ 233.854938][T12479] __sys_sendmsg+0x2b0/0x3a0 [ 233.859532][T12479] ? __pfx___sys_sendmsg+0x10/0x10 [ 233.864676][T12479] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 233.871008][T12479] ? do_syscall_64+0x100/0x230 [ 233.875765][T12479] ? do_syscall_64+0xb6/0x230 [ 233.880439][T12479] do_syscall_64+0xf3/0x230 [ 233.884934][T12479] ? clear_bhb_loop+0x35/0x90 [ 233.889606][T12479] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.895494][T12479] RIP: 0033:0x7f95c567cf29 [ 233.899903][T12479] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 233.919506][T12479] RSP: 002b:00007f95c63130c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 233.927915][T12479] RAX: ffffffffffffffda RBX: 00007f95c57b3f80 RCX: 00007f95c567cf29 [ 233.935876][T12479] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 233.943837][T12479] RBP: 00007f95c56ec074 R08: 0000000000000000 R09: 0000000000000000 [ 233.951800][T12479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 233.959762][T12479] R13: 000000000000000b R14: 00007f95c57b3f80 R15: 00007ffeb879eb98 [ 233.967768][T12479] [ 234.251915][T12495] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 234.345980][T12495] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 234.569109][T12520] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 235.093550][T12551] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 235.675963][T12590] netlink: 'syz-executor.0': attribute type 10 has an invalid length. [ 235.696398][T12590] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.0'. [ 235.716267][T12588] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 235.725568][T12588] netlink: 224 bytes leftover after parsing attributes in process `syz-executor.4'. [ 236.066510][T12614] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 236.089042][T12614] netlink: 9348 bytes leftover after parsing attributes in process `syz-executor.2'. [ 236.109142][T12614] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 236.582821][T12640] openvswitch: netlink: Missing key (keys=40, expected=100) [ 236.790042][T12654] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 237.563352][T12694] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 237.566943][T12693] syzkaller0: entered promiscuous mode [ 237.588975][T12693] syzkaller0: entered allmulticast mode [ 237.677908][ T53] Bluetooth: hci1: command 0x0405 tx timeout [ 239.366587][T12701] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.3'. [ 239.801182][T12732] syzkaller1: entered promiscuous mode [ 239.817107][T12732] syzkaller1: entered allmulticast mode [ 240.339236][T12767] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 241.060662][T12796] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 241.240116][T12806] netlink: 'syz-executor.2': attribute type 8 has an invalid length. [ 241.418431][T12812] netlink: 'syz-executor.4': attribute type 10 has an invalid length. [ 241.442062][T12812] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.4'. [ 241.465083][T12812] bridge0: port 3(dummy0) entered blocking state [ 241.480456][T12812] bridge0: port 3(dummy0) entered disabled state [ 241.491404][T12812] dummy0: entered allmulticast mode [ 241.499114][T12812] dummy0: left allmulticast mode [ 241.504492][T12812] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 242.239104][T12852] netlink: 'syz-executor.2': attribute type 10 has an invalid length. [ 242.265469][T12852] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 242.295488][T12852] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 242.361532][T12861] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 242.770982][T12875] nftables ruleset with unbound set [ 243.412480][T12910] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 1025 (only 8 groups) [ 243.601910][T12917] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.4'. [ 243.813696][T12933] nbd: must specify at least one socket [ 243.953299][T12940] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 243.966698][T12935] syzkaller0: entered promiscuous mode [ 243.983773][T12935] syzkaller0: entered allmulticast mode [ 244.108926][T12948] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'. [ 245.953748][T12961] bond0: left promiscuous mode [ 245.958999][T12961] bond_slave_0: left promiscuous mode [ 245.964620][T12961] bond_slave_1: left promiscuous mode [ 245.971109][T12964] team_slave_0: left promiscuous mode [ 246.036253][T12964] team0: Port device team_slave_0 removed [ 246.053132][T12964] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 246.105982][T12975] netlink: 'syz-executor.1': attribute type 9 has an invalid length. [ 246.132228][T12975] netlink: 209836 bytes leftover after parsing attributes in process `syz-executor.1'. [ 246.285069][T12990] nbd: must specify at least one socket [ 246.397153][T12999] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 246.405275][T12996] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 246.407960][T12999] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 246.487878][T12994] netlink: 'syz-executor.0': attribute type 10 has an invalid length. [ 246.498415][T12994] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.0'. [ 246.538632][T12994] bridge0: port 2(dummy0) entered blocking state [ 246.545194][T12994] bridge0: port 2(dummy0) entered disabled state [ 246.571499][T12994] dummy0: entered allmulticast mode [ 246.589453][T12994] dummy0: entered promiscuous mode [ 246.595815][T12994] bridge0: port 2(dummy0) entered blocking state [ 246.602402][T12994] bridge0: port 2(dummy0) entered forwarding state [ 246.625510][T13010] netlink: 'syz-executor.2': attribute type 9 has an invalid length. [ 246.656367][T13010] netlink: 209836 bytes leftover after parsing attributes in process `syz-executor.2'. [ 246.828778][T13020] bond0: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 246.878479][T13023] netlink: 'syz-executor.1': attribute type 21 has an invalid length. [ 246.913550][T13023] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.1'. [ 247.182415][T13040] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 247.222464][T13040] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 247.628887][T13073] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 248.031770][T13093] vlan2: entered promiscuous mode [ 248.044524][T13093] bond0: entered promiscuous mode [ 248.049856][T13093] bond_slave_0: entered promiscuous mode [ 248.055893][T13093] bond_slave_1: entered promiscuous mode [ 248.062008][T13093] bond1: entered promiscuous mode [ 248.088715][T13093] bond0: left promiscuous mode [ 248.094530][T13093] bond_slave_0: left promiscuous mode [ 248.106721][T13093] bond_slave_1: left promiscuous mode [ 248.110582][T13099] netlink: 'syz-executor.2': attribute type 9 has an invalid length. [ 248.122406][T13093] bond1: left promiscuous mode [ 248.176382][T13097] netlink: 'syz-executor.1': attribute type 10 has an invalid length. [ 248.189357][T13097] bridge0: port 2(dummy0) entered blocking state [ 248.201787][T13097] bridge0: port 2(dummy0) entered disabled state [ 248.211929][T13097] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 248.315802][T13106] netlink: 'syz-executor.4': attribute type 21 has an invalid length. [ 250.584333][T13230] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 250.592971][T13230] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 252.481491][T13327] __nla_validate_parse: 12 callbacks suppressed [ 252.481512][T13327] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 253.395328][T13369] tipc: Can't bind to reserved service type 0 [ 253.668757][T13386] netlink: 256 bytes leftover after parsing attributes in process `syz-executor.4'. [ 253.842426][T13390] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 254.717346][T13418] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'. [ 255.069178][T13435] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 255.325065][T13443] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. [ 255.393412][ T5160] IPVS: starting estimator thread 0... [ 255.435464][T13448] xt_TCPMSS: Only works on TCP SYN packets [ 255.488913][T13448] rdma_op ffff8880615d51f0 conn xmit_rdma 0000000000000000 [ 255.497937][T13446] IPVS: using max 19 ests per chain, 45600 per kthread [ 255.827341][T13448] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 256.072031][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.083028][T13479] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 256.320318][T13495] netlink: 256 bytes leftover after parsing attributes in process `syz-executor.2'. [ 256.474154][T13501] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'. [ 257.213505][T13521] x_tables: duplicate underflow at hook 2 [ 257.280500][T13521] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 257.895692][T13552] x_tables: duplicate underflow at hook 2 [ 257.937924][T13552] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 258.214364][T13569] netlink: 'syz-executor.4': attribute type 21 has an invalid length. [ 258.242815][T13569] netlink: 156 bytes leftover after parsing attributes in process `syz-executor.4'. [ 258.403410][T13576] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 258.460884][T13576] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 258.800415][T13606] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 258.914597][T13617] No such timeout policy "syz1" [ 260.014779][T13658] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 260.638715][T13675] bond0: option use_carrier: invalid value (164) [ 260.810007][T13680] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 261.177311][ T5160] IPVS: starting estimator thread 0... [ 261.267981][T13706] IPVS: using max 19 ests per chain, 45600 per kthread [ 261.448293][T13717] bond0: option use_carrier: invalid value (164) [ 262.432130][T13768] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 262.472349][T13768] bridge_slave_1: left allmulticast mode [ 262.502715][T13768] bridge_slave_1: left promiscuous mode [ 262.520948][T13768] bridge0: port 2(bridge_slave_1) entered disabled state [ 262.556031][T13776] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 262.560876][T13768] bridge_slave_0: left allmulticast mode [ 262.584800][T13768] bridge_slave_0: left promiscuous mode [ 262.595872][T13768] bridge0: port 1(bridge_slave_0) entered disabled state [ 262.752014][T13775] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 262.801284][T13778] netlink: 'syz-executor.1': attribute type 6 has an invalid length. [ 262.822912][T13778] netlink: 168 bytes leftover after parsing attributes in process `syz-executor.1'. [ 262.844973][T13779] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 262.869658][ T5120] Bluetooth: hci0: command 0x0405 tx timeout [ 263.555660][T13837] netlink: 156 bytes leftover after parsing attributes in process `syz-executor.3'. [ 263.661501][T13842] syz-executor.4[13842] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 263.661652][T13842] syz-executor.4[13842] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 264.173759][T13862] bond0: (slave bond_slave_0): Releasing backup interface [ 264.311974][T13872] netlink: 224 bytes leftover after parsing attributes in process `syz-executor.1'. [ 264.383212][T13882] syz-executor.4[13882] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 264.383361][T13882] syz-executor.4[13882] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 264.514273][T13888] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 264.659124][T13890] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 264.666447][T13890] IPv6: NLM_F_CREATE should be set when creating new route [ 264.676914][T13896] netlink: 'syz-executor.4': attribute type 3 has an invalid length. [ 264.700704][T13896] netlink: 130984 bytes leftover after parsing attributes in process `syz-executor.4'. [ 264.768140][T13894] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 264.775429][T13894] IPv6: NLM_F_CREATE should be set when creating new route [ 264.821902][T13888] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 264.948262][ T5120] Bluetooth: hci0: command 0x0405 tx timeout [ 265.006600][T13909] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 265.332333][T13927] team0: Device vlan2 failed to change mtu [ 265.404464][T13929] netlink: 'syz-executor.4': attribute type 3 has an invalid length. [ 265.498276][T13929] netlink: 130984 bytes leftover after parsing attributes in process `syz-executor.4'. [ 265.628138][T13941] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 265.650374][T13941] bond1: left allmulticast mode [ 265.655289][T13941] bridge1: left allmulticast mode [ 265.663757][T13941] bond1: left promiscuous mode [ 265.669584][T13941] bridge1: left promiscuous mode [ 265.675166][T13941] bridge0: port 3(bond1) entered disabled state [ 265.720049][T13941] bridge_slave_0: left allmulticast mode [ 265.725748][T13941] bridge_slave_0: left promiscuous mode [ 265.788187][T13941] bridge0: port 1(bridge_slave_0) entered disabled state [ 265.925815][T13950] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 265.936975][T13957] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 265.945928][T13967] netlink: 'syz-executor.3': attribute type 3 has an invalid length. [ 265.945951][T13967] netlink: 130984 bytes leftover after parsing attributes in process `syz-executor.3'. [ 266.543531][T13995] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 266.610654][T13997] netlink: 'syz-executor.2': attribute type 6 has an invalid length. [ 266.696962][T14004] netlink: 'syz-executor.3': attribute type 6 has an invalid length. [ 267.195016][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 267.204644][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 267.215164][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 267.225204][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 267.234394][ T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 267.242121][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 267.323069][T14031] lo speed is unknown, defaulting to 1000 [ 267.490373][ T11] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 267.558962][T14037] netlink: 'syz-executor.0': attribute type 6 has an invalid length. [ 267.631940][ T11] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 267.712985][T14039] syzkaller0: entered allmulticast mode [ 267.763805][ T11] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 267.817034][T14050] netlink: 'syz-executor.2': attribute type 3 has an invalid length. [ 267.854270][T14052] No such timeout policy "syz0" [ 269.273449][ T53] Bluetooth: hci0: command tx timeout [ 269.551376][ T11] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 269.564138][T14047] netlink: 'syz-executor.0': attribute type 10 has an invalid length. [ 269.606464][T14047] team0: Device hsr_slave_0 failed to register rx_handler [ 269.671096][T14047] syz-executor.0 (14047) used greatest stack depth: 17464 bytes left [ 269.884921][T14074] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 270.281812][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 270.293232][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 270.304333][ T11] bond0 (unregistering): (slave bond1): Releasing backup interface [ 270.315572][ T11] bond0 (unregistering): Released all slaves [ 270.421378][ T11] bond1 (unregistering): Released all slaves [ 270.435447][T14076] __nla_validate_parse: 3 callbacks suppressed [ 270.435468][T14076] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 270.656780][T14090] netlink: 'syz-executor.3': attribute type 3 has an invalid length. [ 270.677806][T14090] netlink: 130984 bytes leftover after parsing attributes in process `syz-executor.3'. [ 270.710357][T14093] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 270.749211][T14092] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 270.843758][T14097] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 270.854533][T14097] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 270.873821][T14031] chnl_net:caif_netlink_parms(): no params data found [ 270.935960][T14100] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 270.945681][T14100] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 270.965249][T14100] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 270.973834][T14100] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 270.984030][T14100] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 271.242004][T14110] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 271.348489][ T5120] Bluetooth: hci0: command tx timeout [ 271.464617][ T11] hsr_slave_0: left promiscuous mode [ 271.484211][ T11] hsr_slave_1: left promiscuous mode [ 271.497550][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 271.524556][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 271.545117][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 271.564445][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 271.626797][ T11] veth1_macvtap: left promiscuous mode [ 271.633772][ T11] veth0_macvtap: left promiscuous mode [ 271.640083][ T11] veth1_vlan: left promiscuous mode [ 271.645613][ T11] veth0_vlan: left promiscuous mode [ 271.865123][ T11] pimreg (unregistering): left allmulticast mode [ 272.286390][ T11] team0 (unregistering): Port device team_slave_1 removed [ 272.333144][ T11] team0 (unregistering): Port device team_slave_0 removed [ 272.770804][T14031] bridge0: port 1(bridge_slave_0) entered blocking state [ 272.781191][T14031] bridge0: port 1(bridge_slave_0) entered disabled state [ 272.791374][T14031] bridge_slave_0: entered allmulticast mode [ 272.798786][T14031] bridge_slave_0: entered promiscuous mode [ 272.939267][T14031] bridge0: port 2(bridge_slave_1) entered blocking state [ 272.964657][T14031] bridge0: port 2(bridge_slave_1) entered disabled state [ 272.988075][T14031] bridge_slave_1: entered allmulticast mode [ 273.010178][T14031] bridge_slave_1: entered promiscuous mode [ 273.068345][T14147] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 273.138728][T14149] wireguard0: entered promiscuous mode [ 273.167824][T14149] wireguard0: entered allmulticast mode [ 273.228953][T14158] RDS: rds_bind could not find a transport for ::ffff:172.20.20.0, load rds_tcp or rds_rdma? [ 273.294057][T14031] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 273.345107][T14031] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 273.431053][ T5120] Bluetooth: hci0: command tx timeout [ 273.509322][ T11] IPVS: stop unused estimator thread 0... [ 273.529676][T14031] team0: Port device team_slave_0 added [ 273.569337][T14031] team0: Port device team_slave_1 added [ 273.656742][T14031] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 273.679798][T14031] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 273.743582][T14031] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 273.789620][T14031] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 273.796607][T14031] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 273.842107][T14031] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 273.953648][T14186] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 273.989040][T14031] hsr_slave_0: entered promiscuous mode [ 273.996111][T14031] hsr_slave_1: entered promiscuous mode [ 274.006924][T14031] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 274.018036][T14031] Cannot create hsr debugfs directory [ 274.179953][T14190] RDS: rds_bind could not find a transport for ::ffff:172.20.20.0, load rds_tcp or rds_rdma? [ 274.362691][T14196] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 274.918359][T14031] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 274.942413][T14031] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 274.967999][T14031] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 274.992491][T14031] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 275.200088][T14031] 8021q: adding VLAN 0 to HW filter on device bond0 [ 275.255576][T14031] 8021q: adding VLAN 0 to HW filter on device team0 [ 275.294622][T14208] wireguard0: entered promiscuous mode [ 275.305802][T14208] wireguard0: entered allmulticast mode [ 275.366044][ T5207] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.373266][ T5207] bridge0: port 1(bridge_slave_0) entered forwarding state [ 275.421437][ T5210] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.428663][ T5210] bridge0: port 2(bridge_slave_1) entered forwarding state [ 275.508160][ T5120] Bluetooth: hci0: command tx timeout [ 275.995278][T14031] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 276.028411][T14243] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 276.080308][T14246] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.1'. [ 276.088204][T14243] syz_tun: entered promiscuous mode [ 276.309860][T14253] wireguard0: entered promiscuous mode [ 276.315505][T14253] wireguard0: entered allmulticast mode [ 276.377405][T14261] No such timeout policy "syz0" [ 276.494587][T14261] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 276.545071][T14261] team0: Device hsr_slave_0 failed to register rx_handler [ 276.723969][T14031] veth0_vlan: entered promiscuous mode [ 276.750747][T14031] veth1_vlan: entered promiscuous mode [ 276.831460][T14031] veth0_macvtap: entered promiscuous mode [ 276.853532][T14031] veth1_macvtap: entered promiscuous mode [ 276.909348][T14031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.938783][T14031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.956382][T14031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.967412][T14031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.982509][T14031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 277.001484][T14031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.033375][T14031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 277.073232][T14031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.092570][T14031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 277.113634][T14031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.144323][T14031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 277.165436][T14031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.185188][T14031] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 277.260346][T14031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 277.317745][T14031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.346465][T14031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 277.353310][T14296] No such timeout policy "syz0" [ 277.387730][T14031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.427667][T14031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 277.467719][T14031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.490989][T14031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 277.511991][T14031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.532682][T14031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 277.553672][T14031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.573954][T14031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 277.599579][T14031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.621471][T14031] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 277.643661][T14296] netlink: 'syz-executor.0': attribute type 10 has an invalid length. [ 277.658916][T14296] team0: Device hsr_slave_0 failed to register rx_handler [ 277.695329][T14031] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.720886][T14031] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.748342][T14031] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.767108][T14031] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.947320][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 277.976599][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 278.025270][ T29] audit: type=1804 audit(1718884547.469:26): pid=14313 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1925777566/syzkaller.PqBhql/605/cgroup.controllers" dev="sda1" ino=1955 res=1 errno=0 [ 278.080397][T14312] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'. [ 278.148631][ T1108] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 278.156581][ T1108] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 278.269251][T14317] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'. [ 278.324441][T14325] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 278.327392][T14317] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 278.427460][T14317] batadv_slave_1: entered promiscuous mode [ 278.459428][T14316] batadv_slave_1: left promiscuous mode [ 278.525504][T14335] netlink: 196 bytes leftover after parsing attributes in process `syz-executor.1'. [ 278.548535][T14335] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 278.628284][ T5126] Bluetooth: hci3: command 0x0405 tx timeout [ 278.629767][T14342] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 278.904775][T14362] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.1'. [ 278.915612][T14365] netlink: 1276 bytes leftover after parsing attributes in process `syz-executor.2'. [ 278.974888][T14362] batadv_slave_1: entered promiscuous mode [ 278.984737][T14361] batadv_slave_1: left promiscuous mode [ 279.726150][T14413] No such timeout policy "syz0" [ 279.785809][T14413] netlink: 'syz-executor.1': attribute type 10 has an invalid length. [ 279.809101][T14418] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 279.832832][T14418] netlink: 'syz-executor.2': attribute type 3 has an invalid length. [ 279.839758][T14413] team0: Device hsr_slave_0 failed to register rx_handler [ 280.381021][T14440] syzkaller0: entered allmulticast mode [ 280.565377][T14458] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 280.584346][T14458] netlink: 'syz-executor.3': attribute type 3 has an invalid length. [ 283.497995][T14514] __nla_validate_parse: 7 callbacks suppressed [ 283.498014][T14514] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 283.555881][T14518] netlink: 'syz-executor.2': attribute type 10 has an invalid length. [ 283.655828][T14518] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 283.720530][T14527] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 283.777950][T14527] batadv0: entered promiscuous mode [ 283.786811][T14527] macvtap1: entered promiscuous mode [ 283.804904][T14527] macvtap1: entered allmulticast mode [ 283.822124][T14527] batadv0: entered allmulticast mode [ 283.845961][T14527] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 284.958209][T14556] syzkaller0: entered promiscuous mode [ 284.974261][T14556] syzkaller0: entered allmulticast mode [ 285.173170][T14571] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.0'. [ 286.858446][T14618] xt_nat: multiple ranges no longer supported [ 287.044236][T14624] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.0'. [ 287.676794][T14639] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 287.686545][T14639] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 287.696070][T14639] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 287.705296][T14639] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 287.853687][T14654] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.1'. [ 287.875979][T14655] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 288.219617][T14673] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 288.236549][T14673] macvtap2: entered promiscuous mode [ 288.242262][T14673] macvtap2: entered allmulticast mode [ 288.251323][T14673] 8021q: adding VLAN 0 to HW filter on device macvtap2 [ 289.411305][T14745] netlink: 47 bytes leftover after parsing attributes in process `syz-executor.1'. [ 289.580248][T14755] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.2'. [ 289.809987][T14765] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 289.834142][T14765] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 289.871168][T14771] xt_nat: multiple ranges no longer supported [ 291.129723][T14806] xt_connbytes: Forcing CT accounting to be enabled [ 291.161276][T14806] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 292.663066][T14837] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.4'. [ 317.525873][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 320.800162][ T5126] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 320.813475][ T5126] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 320.818031][ T5117] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 320.839205][ T5117] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 320.840466][ T5126] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 320.855673][ T5117] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 320.863510][ T5126] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 320.872037][ T5117] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 320.872094][ T5126] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 320.887472][ T5117] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 320.897351][ T5117] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 320.908172][ T5117] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 321.595703][ T5112] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 321.604991][ T5112] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 321.615613][ T5112] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 321.637101][ T5112] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 321.648589][ T5112] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 321.656405][ T5112] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 322.958791][ T5117] Bluetooth: hci6: command tx timeout [ 322.964926][ T5117] Bluetooth: hci5: command tx timeout [ 323.028723][ T5112] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 323.038942][ T5112] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 323.046875][ T5112] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 323.060714][ T5112] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 323.071826][ T5112] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 323.083257][ T5112] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 323.649724][ T5112] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 323.665442][ T5112] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 323.674555][ T5112] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 323.683763][ T5112] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 323.698406][ T5112] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 323.707283][ T5112] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 323.748201][ T5117] Bluetooth: hci7: command tx timeout [ 325.028713][ T5117] Bluetooth: hci5: command tx timeout [ 325.034160][ T5117] Bluetooth: hci6: command tx timeout [ 325.108094][ T5117] Bluetooth: hci8: command tx timeout [ 325.747882][ T5117] Bluetooth: hci9: command tx timeout [ 325.837924][ T5117] Bluetooth: hci7: command tx timeout [ 327.117880][ T5117] Bluetooth: hci6: command tx timeout [ 327.117921][ T5112] Bluetooth: hci5: command tx timeout [ 327.187945][ T5112] Bluetooth: hci8: command tx timeout [ 327.837821][ T5112] Bluetooth: hci9: command tx timeout [ 327.907955][ T5112] Bluetooth: hci7: command tx timeout [ 329.188279][ T5117] Bluetooth: hci6: command tx timeout [ 329.193767][ T5112] Bluetooth: hci5: command tx timeout [ 329.268269][ T5112] Bluetooth: hci8: command tx timeout [ 329.908734][ T5112] Bluetooth: hci9: command tx timeout [ 329.988056][ T5112] Bluetooth: hci7: command tx timeout [ 331.347840][ T5112] Bluetooth: hci8: command tx timeout [ 331.987895][ T5112] Bluetooth: hci9: command tx timeout [ 378.954862][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 386.338662][ T5120] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 386.348377][ T5126] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 386.360055][ T5120] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 386.369915][ T5126] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 386.379530][ T5126] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 386.387473][ T5126] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 386.396536][ T5126] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 386.406616][ T5120] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 386.416844][ T5126] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 386.425052][ T5120] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 386.432685][ T5126] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 386.440578][ T5126] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 386.624240][ T5112] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 386.650757][ T5112] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 386.660346][ T5112] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 386.669976][ T5112] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 386.679610][ T5112] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 386.687074][ T5112] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 387.888984][ T5126] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 387.898593][ T5126] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 387.907131][ T5126] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 387.915942][ T5126] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 387.926796][ T5126] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 387.934408][ T5126] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 388.467765][ T5126] Bluetooth: hci11: command tx timeout [ 388.548169][ T5126] Bluetooth: hci10: command tx timeout [ 388.787687][ T5112] Bluetooth: hci12: command tx timeout [ 388.851822][ T5126] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 388.861943][ T5126] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 388.870239][ T5126] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 388.885695][ T5126] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 388.898403][ T5126] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3 [ 388.905863][ T5126] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 389.988259][ T5112] Bluetooth: hci13: command tx timeout [ 390.548026][ T5112] Bluetooth: hci11: command tx timeout [ 390.628022][ T5112] Bluetooth: hci10: command tx timeout [ 390.878099][ T5112] Bluetooth: hci12: command tx timeout [ 390.948058][ T5112] Bluetooth: hci14: command tx timeout [ 391.274579][ T5112] Bluetooth: hci0: command 0x0406 tx timeout [ 392.078286][ T5126] Bluetooth: hci13: command tx timeout [ 392.627835][ T5126] Bluetooth: hci11: command tx timeout [ 392.708164][ T5126] Bluetooth: hci10: command tx timeout [ 392.947790][ T5126] Bluetooth: hci12: command tx timeout [ 393.028271][ T5126] Bluetooth: hci14: command tx timeout [ 394.148746][ T5126] Bluetooth: hci13: command tx timeout [ 394.707913][ T5126] Bluetooth: hci11: command tx timeout [ 394.787940][ T5126] Bluetooth: hci10: command tx timeout [ 395.037866][ T5126] Bluetooth: hci12: command tx timeout [ 395.108143][ T5126] Bluetooth: hci14: command tx timeout [ 396.228288][ T5126] Bluetooth: hci13: command tx timeout [ 397.197790][ T5126] Bluetooth: hci14: command tx timeout [ 440.391908][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 446.788133][ T30] INFO: task syz-executor.1:14783 blocked for more than 143 seconds. [ 446.796262][ T30] Not tainted 6.10.0-rc2-syzkaller-00761-g3ec8d7572a69 #0 [ 446.821806][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. 2024/06/20 11:58:36 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 446.830806][ T30] task:syz-executor.1 state:D stack:24672 pid:14783 tgid:14783 ppid:5543 flags:0x00000006 [ 446.857688][ T30] Call Trace: [ 446.861024][ T30] [ 446.863996][ T30] __schedule+0x17e8/0x4a20 [ 446.887622][ T30] ? __pfx___schedule+0x10/0x10 [ 446.892548][ T30] ? __pfx_lock_release+0x10/0x10 [ 446.907801][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 446.913599][ T30] ? schedule+0x90/0x320 [ 446.927597][ T30] schedule+0x14b/0x320 [ 446.931921][ T30] schedule_preempt_disabled+0x13/0x30 [ 446.947713][ T30] __mutex_lock+0x6a4/0xd70 [ 446.952313][ T30] ? __mutex_lock+0x527/0xd70 [ 446.957031][ T30] ? raw_release+0x1b8/0x8a0 [ 446.977678][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 446.982865][ T30] ? do_raw_spin_unlock+0x13c/0x8b0 [ 446.997839][ T30] ? __down_write_common+0x162/0x200 [ 447.003191][ T30] raw_release+0x1b8/0x8a0 [ 447.029880][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 447.035775][ T30] sock_close+0xbc/0x240 [ 447.069020][ T30] ? __pfx_sock_close+0x10/0x10 [ 447.073959][ T30] __fput+0x406/0x8b0 [ 447.087734][ T30] task_work_run+0x24f/0x310 [ 447.093507][ T30] ? __pfx_task_work_run+0x10/0x10 [ 447.107666][ T30] ? syscall_exit_to_user_mode+0xa3/0x370 [ 447.113475][ T30] syscall_exit_to_user_mode+0x168/0x370 [ 447.127721][ T30] do_syscall_64+0x100/0x230 [ 447.132382][ T30] ? clear_bhb_loop+0x35/0x90 [ 447.137087][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 447.168319][ T30] RIP: 0033:0x7f95c567cf29 [ 447.172794][ T30] RSP: 002b:00007ffeb879ec78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 447.188710][ T30] RAX: 0000000000000000 RBX: 00007f95c57b5980 RCX: 00007f95c567cf29 [ 447.207591][ T30] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 447.215615][ T30] RBP: 00007f95c57b5980 R08: 00000000819d620a R09: 0000000600000000 [ 447.237590][ T30] R10: 0000001b2cf20000 R11: 0000000000000246 R12: 0000000000047040 [ 447.245609][ T30] R13: 00007f95c57b412c R14: 0000000000000032 R15: 00007f95c57b5980 [