last executing test programs: 1.285017904s ago: executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000002680)='./cgroup/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000100)='cgroup.controllers\x00', 0x0, 0x0) close(r1) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x50, 0xd, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}]}, 0x50}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f0020000", @ANYRES16=r5, @ANYBLOB="010400000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="d2023300802b0001080211000000080211"], 0x2f0}}, 0x0) 1.138275674s ago: executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=@getchain={0x24}, 0x24}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000a40)=@delchain={0x24, 0x2e, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0x0, 0xffff}}}, 0x24}}, 0x0) 953.791992ms ago: executing program 0: socket$kcm(0x10, 0x0, 0x10) r0 = socket$inet6(0xa, 0x80002, 0x88) setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f0000000080)=0x6, 0x4) recvmmsg(r0, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000480)=""/148, 0x94}], 0x1}}], 0x1, 0x0, 0x0) 895.791252ms ago: executing program 1: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000980), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000b00)={0x38, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_DEVKEY={0x18, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}]}]}, 0x38}}, 0x0) 728.590233ms ago: executing program 1: r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e020000feda26040c199e4a00"/54], 0x0, 0x37}, 0x20) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0x9, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x2, 0x1}, 0x48) r2 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @none}, 0x0, 0x0) r3 = accept4$bt_l2cap(r2, &(0x7f0000000140)={0x1f, 0x0, @none}, 0x0, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) splice(r5, 0x0, r7, 0x0, 0x8000f28, 0x0) splice(r6, 0x0, r8, 0x0, 0x800000000, 0x2) write$binfmt_misc(r7, 0x0, 0x99) write(r4, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan0\x00'}) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="b80000001900010000000000000000000000000000000000000000000000000100000000000000000001000000000000000000000000000002000000", @ANYRESDEC=r3, @ANYRES8=r2, @ANYRES64], 0xb8}}, 0x20000004) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000240)={r1, 0x58, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@bloom_filter={0x1e, 0x4, 0x1, 0x9, 0x1000, r1, 0x828d, '\x00', r10, r0, 0x0, 0x4, 0x5, 0x6}, 0x48) close(0xffffffffffffffff) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xc, 0x8, &(0x7f00000007c0)=ANY=[@ANYRESHEX=r9, @ANYRES32=r0, @ANYRESHEX=r4], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x1}, 0x10}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r11}, 0x10) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r12 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000140)=@newqdisc={0x78, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r14, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x0, 0x2000000}}}}]}, 0x92}}, 0x0) 298.809465ms ago: executing program 1: r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e020000feda26040c199e4a00"/54], 0x0, 0x37}, 0x20) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0x9, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x2, 0x1}, 0x48) r2 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @none}, 0x0, 0x0) r3 = accept4$bt_l2cap(r2, &(0x7f0000000140)={0x1f, 0x0, @none}, 0x0, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) splice(r5, 0x0, r7, 0x0, 0x8000f28, 0x0) splice(r6, 0x0, r8, 0x0, 0x800000000, 0x2) write$binfmt_misc(r7, 0x0, 0x99) write(r4, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan0\x00'}) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="b80000001900010000000000000000000000000000000000000000000000000100000000000000000001000000000000000000000000000002000000", @ANYRESDEC=r3, @ANYRES8=r2, @ANYRES64], 0xb8}}, 0x20000004) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000240)={r1, 0x58, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@bloom_filter={0x1e, 0x4, 0x1, 0x9, 0x1000, r1, 0x828d, '\x00', r10, r0, 0x0, 0x4, 0x5, 0x6}, 0x48) close(0xffffffffffffffff) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xc, 0x8, &(0x7f00000007c0)=ANY=[@ANYRESHEX=r9, @ANYRES32=r0, @ANYRESHEX=r4], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x1}, 0x10}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r11}, 0x10) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r12 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000140)=@newqdisc={0x78, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r14, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x0, 0x2000000}}}}]}, 0x92}}, 0x0) 251.930717ms ago: executing program 4: bpf$MAP_CREATE(0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r0}, &(0x7f0000000480), &(0x7f00000004c0)=r2}, 0x20) socket$igmp(0x2, 0x3, 0x2) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x8, 0x3a, 0x2}, 0x48) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) getsockopt$nfc_llcp(r4, 0x10f, 0x0, 0x0, 0x3b514ca05b9f5cc7) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000b00)={{r3}, &(0x7f0000000a80), &(0x7f0000000ac0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000e80)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd9754087b5f1324c5b22c8579328438cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d5f4919dca7fe89c3cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a614800c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f302f0f871ab5c2ff88afc60027f4e5b52710aeee835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000400000000000000000000000000b347abe6ff0100008140e5fd10747b6ecdb33a0546bf636e3d6e700e5bc6d3fd05000000c8f7a187eaf60f3a17f0f046a307a403c19da529c90bd2114252581567acae715cbe326c2ed0a432c5b910400623d2419540b37b41215c184e731fb1c384f8a43caf29fe968bfeb1ae93f4ef564316aaa71863fde2b97e2b185cd7fe7cf5d41332a7ac202a58a6fc052968873f0a5cdadc18d061da8522e8cc23498be607f9d14e21b320e9428c165ce1c119d3543ff2c1b7addb0c4806000000000000001fbd91638000f3226a31346c0628e6178140d6576a94f86ae7154e14722ab5d791cd9d732ad9862ebba23cc0a340809a82c776c3e6443632c3738b49372e"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x2, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="140100000000b2000500000000000000850000007b00000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r5 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r5, &(0x7f000047b000)={0xa, 0x4e23, 0x0, @empty}, 0x1c) listen(r5, 0x400000001ffffffd) r6 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r6, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) recvmmsg(r6, &(0x7f0000007940), 0x55, 0x0, 0x0) close(0xffffffffffffffff) 15.276002ms ago: executing program 0: bpf$MAP_CREATE(0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r0}, &(0x7f0000000480), &(0x7f00000004c0)=r2}, 0x20) socket$igmp(0x2, 0x3, 0x2) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x8, 0x3a, 0x2}, 0x48) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) getsockopt$nfc_llcp(r4, 0x10f, 0x0, 0x0, 0x3b514ca05b9f5cc7) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000b00)={{r3}, &(0x7f0000000a80), &(0x7f0000000ac0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000e80)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd9754087b5f1324c5b22c8579328438cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d5f4919dca7fe89c3cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a614800c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f302f0f871ab5c2ff88afc60027f4e5b52710aeee835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000400000000000000000000000000b347abe6ff0100008140e5fd10747b6ecdb33a0546bf636e3d6e700e5bc6d3fd05000000c8f7a187eaf60f3a17f0f046a307a403c19da529c90bd2114252581567acae715cbe326c2ed0a432c5b910400623d2419540b37b41215c184e731fb1c384f8a43caf29fe968bfeb1ae93f4ef564316aaa71863fde2b97e2b185cd7fe7cf5d41332a7ac202a58a6fc052968873f0a5cdadc18d061da8522e8cc23498be607f9d14e21b320e9428c165ce1c119d3543ff2c1b7addb0c4806000000000000001fbd91638000f3226a31346c0628e6178140d6576a94f86ae7154e14722ab5d791cd9d732ad9862ebba23cc0a340809a82c776c3e6443632c3738b49372e"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x2, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="140100000000b2000500000000000000850000007b00000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r5 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r5, &(0x7f000047b000)={0xa, 0x4e23, 0x0, @empty}, 0x1c) listen(r5, 0x400000001ffffffd) r6 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r6, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) recvmmsg(r6, &(0x7f0000007940), 0x55, 0x0, 0x0) close(0xffffffffffffffff) 0s ago: executing program 2: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e20, 0x0, @loopback}], 0x1c) listen(r0, 0x80000004) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = socket$kcm(0x10, 0x0, 0x0) sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="d8000000180081054e81f782db44b904021d005c06007c09e8fe55a10a0015400100142603600e1208000b0000000401a80016000800014003001100036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) socket$inet6(0xa, 0x3, 0x84) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa}, 0x48) socket$inet(0x2, 0x4, 0x6) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0xf, &(0x7f0000001580)={0x0, @in={{0x2, 0x0, @private}}}, &(0x7f0000000540)=0x9c) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x3c, &(0x7f0000000100)=[@in6={0xa, 0x4e20, 0x0, @loopback}, @in={0x2, 0x4e20, @local}, @in={0x2, 0x4e20, @private=0xa010101}]}, &(0x7f00000002c0)=0x10) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.161' (ED25519) to the list of known hosts. 2024/05/28 05:22:57 fuzzer started 2024/05/28 05:22:57 dialing manager at 10.128.0.169:30016 [ 54.972937][ T5087] cgroup: Unknown subsys name 'net' [ 55.169959][ T5087] cgroup: Unknown subsys name 'rlimit' 2024/05/28 05:22:59 starting 5 executor processes [ 56.251851][ T5095] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 56.264639][ T5095] syz-executor (5095) used greatest stack depth: 18832 bytes left [ 57.078697][ T5116] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 57.087853][ T5116] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 57.097350][ T5116] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 57.105270][ T5116] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 57.108563][ T5119] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 57.112890][ T5116] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 57.120915][ T5119] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 57.127855][ T5116] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 57.135181][ T5119] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 57.142826][ T5116] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 57.148622][ T5119] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 57.158023][ T5116] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 57.162475][ T5119] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 57.170347][ T5116] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 57.182617][ T5119] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 57.194923][ T5112] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 57.217730][ T5112] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 57.225556][ T5112] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 57.232858][ T5119] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 57.239676][ T5112] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 57.250511][ T5119] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 57.250521][ T5112] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 57.265248][ T5112] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 57.271108][ T4487] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 57.277561][ T5112] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 57.280870][ T4487] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 57.316262][ T4487] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 57.326143][ T4487] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 57.334068][ T4487] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 57.341907][ T4487] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 57.748622][ T5109] chnl_net:caif_netlink_parms(): no params data found [ 57.907614][ T5111] chnl_net:caif_netlink_parms(): no params data found [ 58.003626][ T5107] chnl_net:caif_netlink_parms(): no params data found [ 58.047284][ T5109] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.054518][ T5109] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.062017][ T5109] bridge_slave_0: entered allmulticast mode [ 58.069350][ T5109] bridge_slave_0: entered promiscuous mode [ 58.103084][ T5122] chnl_net:caif_netlink_parms(): no params data found [ 58.119822][ T5109] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.127112][ T5109] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.134264][ T5109] bridge_slave_1: entered allmulticast mode [ 58.141353][ T5109] bridge_slave_1: entered promiscuous mode [ 58.221598][ T5108] chnl_net:caif_netlink_parms(): no params data found [ 58.241707][ T5111] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.249814][ T5111] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.257773][ T5111] bridge_slave_0: entered allmulticast mode [ 58.264528][ T5111] bridge_slave_0: entered promiscuous mode [ 58.274882][ T5111] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.282114][ T5111] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.289875][ T5111] bridge_slave_1: entered allmulticast mode [ 58.297528][ T5111] bridge_slave_1: entered promiscuous mode [ 58.307781][ T5109] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.324595][ T5109] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.435162][ T5107] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.442425][ T5107] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.449972][ T5107] bridge_slave_0: entered allmulticast mode [ 58.456923][ T5107] bridge_slave_0: entered promiscuous mode [ 58.473833][ T5111] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.485464][ T5111] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.499694][ T5109] team0: Port device team_slave_0 added [ 58.510778][ T5107] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.518198][ T5107] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.525375][ T5107] bridge_slave_1: entered allmulticast mode [ 58.532944][ T5107] bridge_slave_1: entered promiscuous mode [ 58.574353][ T5109] team0: Port device team_slave_1 added [ 58.610090][ T5122] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.617516][ T5122] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.624708][ T5122] bridge_slave_0: entered allmulticast mode [ 58.632217][ T5122] bridge_slave_0: entered promiscuous mode [ 58.641019][ T5122] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.648635][ T5122] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.655864][ T5122] bridge_slave_1: entered allmulticast mode [ 58.666370][ T5122] bridge_slave_1: entered promiscuous mode [ 58.717621][ T5107] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.742386][ T5111] team0: Port device team_slave_0 added [ 58.752300][ T5111] team0: Port device team_slave_1 added [ 58.759402][ T5109] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.766751][ T5109] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.793631][ T5109] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.827098][ T5107] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.866135][ T5109] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.873134][ T5109] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.905549][ T5109] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.924133][ T5108] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.931444][ T5108] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.939045][ T5108] bridge_slave_0: entered allmulticast mode [ 58.945842][ T5108] bridge_slave_0: entered promiscuous mode [ 58.967572][ T5122] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.980585][ T5122] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.004321][ T5108] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.011680][ T5108] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.019684][ T5108] bridge_slave_1: entered allmulticast mode [ 59.026991][ T5108] bridge_slave_1: entered promiscuous mode [ 59.038385][ T5107] team0: Port device team_slave_0 added [ 59.066738][ T5111] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.073765][ T5111] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.100547][ T5111] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.124654][ T5107] team0: Port device team_slave_1 added [ 59.145246][ T5122] team0: Port device team_slave_0 added [ 59.152352][ T5111] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.159951][ T5111] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.186237][ T5111] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.217071][ T5119] Bluetooth: hci2: command tx timeout [ 59.240972][ T5122] team0: Port device team_slave_1 added [ 59.280924][ T5108] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.290799][ T5107] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.297934][ T5119] Bluetooth: hci0: command tx timeout [ 59.303498][ T5107] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.329826][ T5107] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.346453][ T5109] hsr_slave_0: entered promiscuous mode [ 59.352841][ T5109] hsr_slave_1: entered promiscuous mode [ 59.375486][ T5122] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.382738][ T5122] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.386755][ T52] Bluetooth: hci1: command tx timeout [ 59.408935][ T4487] Bluetooth: hci3: command tx timeout [ 59.414672][ T5119] Bluetooth: hci4: command tx timeout [ 59.420965][ T5122] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.439008][ T5108] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.458805][ T5107] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.466163][ T5107] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.492164][ T5107] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.524699][ T5122] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.533208][ T5122] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.559555][ T5122] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.597130][ T5111] hsr_slave_0: entered promiscuous mode [ 59.603555][ T5111] hsr_slave_1: entered promiscuous mode [ 59.611261][ T5111] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 59.619579][ T5111] Cannot create hsr debugfs directory [ 59.635796][ T5108] team0: Port device team_slave_0 added [ 59.648679][ T5108] team0: Port device team_slave_1 added [ 59.737573][ T5108] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.744555][ T5108] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.771075][ T5108] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.823230][ T5108] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.830724][ T5108] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.857875][ T5108] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.879008][ T5107] hsr_slave_0: entered promiscuous mode [ 59.885913][ T5107] hsr_slave_1: entered promiscuous mode [ 59.893245][ T5107] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 59.901173][ T5107] Cannot create hsr debugfs directory [ 59.915394][ T5122] hsr_slave_0: entered promiscuous mode [ 59.922102][ T5122] hsr_slave_1: entered promiscuous mode [ 59.928480][ T5122] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 59.936223][ T5122] Cannot create hsr debugfs directory [ 60.052798][ T5108] hsr_slave_0: entered promiscuous mode [ 60.059511][ T5108] hsr_slave_1: entered promiscuous mode [ 60.065661][ T5108] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 60.073641][ T5108] Cannot create hsr debugfs directory [ 60.423550][ T5109] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 60.439799][ T5109] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 60.452722][ T5109] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 60.462821][ T5109] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 60.529096][ T5111] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 60.540923][ T5111] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 60.553919][ T5111] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 60.564167][ T5111] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 60.658805][ T5107] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 60.689156][ T5107] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 60.701740][ T5107] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 60.714991][ T5107] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 60.804575][ T5122] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 60.830932][ T5122] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 60.856511][ T5122] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 60.866986][ T5122] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 60.929343][ T5111] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.955912][ T5109] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.974479][ T5108] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 60.992415][ T5108] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 61.014452][ T5108] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 61.034363][ T5108] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 61.075663][ T5111] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.094648][ T5109] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.119781][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.127038][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.152464][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.159686][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.188929][ T5159] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.196130][ T5159] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.204880][ T5159] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.212053][ T5159] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.234833][ T5107] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.296897][ T52] Bluetooth: hci2: command tx timeout [ 61.377686][ T52] Bluetooth: hci0: command tx timeout [ 61.409983][ T5107] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.456567][ T5119] Bluetooth: hci3: command tx timeout [ 61.459385][ T4487] Bluetooth: hci4: command tx timeout [ 61.462069][ T52] Bluetooth: hci1: command tx timeout [ 61.474997][ T5122] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.522014][ T5111] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 61.538035][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.545210][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.594061][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.601359][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.644264][ T5108] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.664257][ T5122] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.694976][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.702204][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.760365][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.767565][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.795774][ T5109] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.822941][ T5108] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.872165][ T5159] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.879323][ T5159] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.908361][ T5111] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.924360][ T5159] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.931584][ T5159] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.075521][ T5122] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 62.173127][ T5111] veth0_vlan: entered promiscuous mode [ 62.208668][ T5109] veth0_vlan: entered promiscuous mode [ 62.225071][ T5107] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.264461][ T5111] veth1_vlan: entered promiscuous mode [ 62.311107][ T5109] veth1_vlan: entered promiscuous mode [ 62.388202][ T5111] veth0_macvtap: entered promiscuous mode [ 62.489953][ T5109] veth0_macvtap: entered promiscuous mode [ 62.509297][ T5111] veth1_macvtap: entered promiscuous mode [ 62.524336][ T5109] veth1_macvtap: entered promiscuous mode [ 62.580855][ T5122] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.615461][ T5111] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.651468][ T5108] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.662344][ T5109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.673571][ T5109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.685722][ T5109] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.701112][ T5109] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.710177][ T5111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.720903][ T5111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.732852][ T5111] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.760881][ T5111] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.770996][ T5111] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.780144][ T5111] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.789054][ T5111] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.807827][ T5109] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.818073][ T5109] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.827999][ T5109] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.837114][ T5109] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.953092][ T5107] veth0_vlan: entered promiscuous mode [ 63.021285][ T5107] veth1_vlan: entered promiscuous mode [ 63.031859][ T5108] veth0_vlan: entered promiscuous mode [ 63.053972][ T5122] veth0_vlan: entered promiscuous mode [ 63.075667][ T5108] veth1_vlan: entered promiscuous mode [ 63.077493][ T5169] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.105074][ T5169] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.153358][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.161324][ T5108] veth0_macvtap: entered promiscuous mode [ 63.165815][ T5108] veth1_macvtap: entered promiscuous mode [ 63.180765][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.195475][ T5122] veth1_vlan: entered promiscuous mode [ 63.232546][ T5107] veth0_macvtap: entered promiscuous mode [ 63.242246][ T5169] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.243509][ T5107] veth1_macvtap: entered promiscuous mode [ 63.257433][ T5169] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.324415][ T5108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.343224][ T5108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.358542][ T5108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.369123][ T5108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.381896][ T5108] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.386624][ T52] Bluetooth: hci2: command tx timeout [ 63.396231][ T1284] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.404500][ T1284] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.415109][ T5107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.432141][ T5107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.442502][ T5107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.458546][ T52] Bluetooth: hci0: command tx timeout [ 63.464545][ T5107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.475130][ T5107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.491606][ T5107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.504117][ T5107] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.531521][ T5107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.536869][ T52] Bluetooth: hci4: command tx timeout [ 63.547533][ T4487] Bluetooth: hci1: command tx timeout [ 63.550518][ T5119] Bluetooth: hci3: command tx timeout [ 63.560863][ T5107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.571534][ T5107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.582941][ T5107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.595308][ T5107] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.607713][ T5108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.639462][ T5108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.649834][ T5108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.660771][ T5108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.671011][ T5108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.687093][ T5108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.698228][ T5108] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.707363][ T5122] veth0_macvtap: entered promiscuous mode [ 63.722877][ T5107] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.733970][ T5107] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.744714][ T5107] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.753498][ T5107] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.815023][ T5108] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.831443][ T5108] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.857310][ T5108] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.869728][ T5108] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.883003][ T5194] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 63.902937][ T5122] veth1_macvtap: entered promiscuous mode [ 64.027676][ T1284] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.042209][ T1284] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.073444][ T5122] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.084181][ T5122] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.101750][ T5122] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.112516][ T5122] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.122708][ T5122] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.133859][ T5122] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.143815][ T5122] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.154464][ T5122] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.169025][ T5122] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.190915][ T5122] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.201629][ T5122] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.212727][ T5122] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.223524][ T5122] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.233597][ T5122] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.247356][ T5122] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.258154][ T5122] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.268898][ T5122] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.282103][ T5122] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.312422][ T5155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.332721][ T5155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.341352][ T5122] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.351878][ T5122] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.360891][ T5122] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.370208][ T5122] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.487492][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.517640][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.624106][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.641150][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.708896][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.744135][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.875220][ T5213] [ 64.877593][ T5213] ============================================ [ 64.883720][ T5213] WARNING: possible recursive locking detected [ 64.889860][ T5213] 6.9.0-syzkaller-12088-g52a2f0608366 #0 Not tainted [ 64.896514][ T5213] -------------------------------------------- [ 64.902643][ T5213] syz-executor.0/5213 is trying to acquire lock: [ 64.908942][ T5213] ffff8880115a4220 (&stab->lock){+.-.}-{2:2}, at: sock_map_delete_elem+0x175/0x250 [ 64.918262][ T5213] [ 64.918262][ T5213] but task is already holding lock: [ 64.925604][ T5213] ffff88807b5cca20 (&stab->lock){+.-.}-{2:2}, at: sock_map_delete_elem+0x175/0x250 [ 64.934914][ T5213] [ 64.934914][ T5213] other info that might help us debug this: [ 64.942976][ T5213] Possible unsafe locking scenario: [ 64.942976][ T5213] [ 64.950407][ T5213] CPU0 [ 64.953666][ T5213] ---- [ 64.956925][ T5213] lock(&stab->lock); [ 64.960979][ T5213] lock(&stab->lock); [ 64.965026][ T5213] [ 64.965026][ T5213] *** DEADLOCK *** [ 64.965026][ T5213] [ 64.973149][ T5213] May be due to missing lock nesting notation [ 64.973149][ T5213] [ 64.981537][ T5213] 4 locks held by syz-executor.0/5213: [ 64.986973][ T5213] #0: ffffffff8e333e60 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1fc/0x540 [ 64.996361][ T5213] #1: ffff88807b5cca20 (&stab->lock){+.-.}-{2:2}, at: sock_map_delete_elem+0x175/0x250 [ 65.006115][ T5213] #2: ffff88807f2a02b0 (&psock->link_lock){+...}-{2:2}, at: sock_map_unref+0xcc/0x5e0 [ 65.015766][ T5213] #3: ffffffff8e333e60 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1fc/0x540 [ 65.025160][ T5213] [ 65.025160][ T5213] stack backtrace: [ 65.031036][ T5213] CPU: 0 PID: 5213 Comm: syz-executor.0 Not tainted 6.9.0-syzkaller-12088-g52a2f0608366 #0 [ 65.040994][ T5213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 65.051134][ T5213] Call Trace: [ 65.054419][ T5213] [ 65.057352][ T5213] dump_stack_lvl+0x241/0x360 [ 65.062019][ T5213] ? __pfx_dump_stack_lvl+0x10/0x10 [ 65.067200][ T5213] ? print_deadlock_bug+0x479/0x620 [ 65.072383][ T5213] validate_chain+0x15d3/0x5900 [ 65.077302][ T5213] ? mark_lock+0x9a/0x350 [ 65.081616][ T5213] ? mark_lock+0x9a/0x350 [ 65.085930][ T5213] ? __pfx_validate_chain+0x10/0x10 [ 65.091125][ T5213] ? __lock_acquire+0x1346/0x1fd0 [ 65.096224][ T5213] ? validate_chain+0x11e/0x5900 [ 65.101171][ T5213] ? __pfx_validate_chain+0x10/0x10 [ 65.106358][ T5213] ? validate_chain+0x11e/0x5900 [ 65.111315][ T5213] ? mark_lock+0x9a/0x350 [ 65.115625][ T5213] __lock_acquire+0x1346/0x1fd0 [ 65.120479][ T5213] lock_acquire+0x1ed/0x550 [ 65.124963][ T5213] ? sock_map_delete_elem+0x175/0x250 [ 65.130319][ T5213] ? __lock_acquire+0x1346/0x1fd0 [ 65.135323][ T5213] ? __pfx_lock_acquire+0x10/0x10 [ 65.140343][ T5213] ? sock_map_delete_elem+0x175/0x250 [ 65.145698][ T5213] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 65.151485][ T5213] ? sock_map_delete_elem+0x175/0x250 [ 65.156842][ T5213] _raw_spin_lock_bh+0x35/0x50 [ 65.161591][ T5213] ? sock_map_delete_elem+0x175/0x250 [ 65.166950][ T5213] sock_map_delete_elem+0x175/0x250 [ 65.172236][ T5213] ? __pfx_sock_map_delete_elem+0x10/0x10 [ 65.177947][ T5213] ? bpf_trace_run2+0x1fc/0x540 [ 65.182808][ T5213] bpf_prog_2c29ac5cdc6b1842+0x42/0x46 [ 65.188277][ T5213] bpf_trace_run2+0x2ec/0x540 [ 65.192943][ T5213] ? __pfx_bpf_trace_run2+0x10/0x10 [ 65.198128][ T5213] ? do_raw_spin_lock+0x14f/0x370 [ 65.203136][ T5213] ? sock_map_unref+0x3ac/0x5e0 [ 65.207972][ T5213] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 65.213758][ T5213] ? sock_map_unref+0x3ac/0x5e0 [ 65.218592][ T5213] __traceiter_kfree+0x2b/0x50 [ 65.223341][ T5213] ? sock_map_unref+0x3ac/0x5e0 [ 65.228174][ T5213] kfree+0x2bb/0x360 [ 65.232061][ T5213] sock_map_unref+0x3ac/0x5e0 [ 65.236726][ T5213] sock_map_delete_elem+0x1a2/0x250 [ 65.241914][ T5213] ? __pfx_sock_map_delete_elem+0x10/0x10 [ 65.247621][ T5213] ? lockdep_hardirqs_on+0x99/0x150 [ 65.252802][ T5213] ? bpf_trace_run2+0x1fc/0x540 [ 65.257635][ T5213] bpf_prog_2c29ac5cdc6b1842+0x42/0x46 [ 65.263072][ T5213] bpf_trace_run2+0x2ec/0x540 [ 65.267734][ T5213] ? __pfx_bpf_trace_run2+0x10/0x10 [ 65.272920][ T5213] ? sock_map_update_elem_sys+0x674/0x910 [ 65.278621][ T5213] ? map_update_elem+0x5ca/0x6f0 [ 65.283543][ T5213] ? sock_map_update_elem_sys+0x1d8/0x910 [ 65.289249][ T5213] ? map_update_elem+0x5ca/0x6f0 [ 65.294170][ T5213] __traceiter_kfree+0x2b/0x50 [ 65.298916][ T5213] ? map_update_elem+0x5ca/0x6f0 [ 65.303836][ T5213] kfree+0x2bb/0x360 [ 65.307717][ T5213] map_update_elem+0x5ca/0x6f0 [ 65.312487][ T5213] __sys_bpf+0x76f/0x810 [ 65.316738][ T5213] ? __pfx___sys_bpf+0x10/0x10 [ 65.321523][ T5213] ? __rseq_handle_notify_resume+0x353/0x14e0 [ 65.327582][ T5213] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 65.333547][ T5213] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 65.339855][ T5213] ? do_syscall_64+0x100/0x230 [ 65.344603][ T5213] __x64_sys_bpf+0x7c/0x90 [ 65.349005][ T5213] do_syscall_64+0xf3/0x230 [ 65.353507][ T5213] ? clear_bhb_loop+0x35/0x90 [ 65.358171][ T5213] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.364060][ T5213] RIP: 0033:0x7f8424c7cee9 [ 65.368457][ T5213] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 65.388306][ T5213] RSP: 002b:00007f8425a3e0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 65.396705][ T5213] RAX: ffffffffffffffda RBX: 00007f8424db3f80 RCX: 00007f8424c7cee9 [ 65.404669][ T5213] RDX: 0000000000000020 RSI: 0000000020000500 RDI: 0000000000000002 [ 65.412646][ T5213] RBP: 00007f8424cc947f R08: 0000000000000000 R09: 0000000000000000 2024/05/28 05:23:08 SYZFATAL: failed to send *flatrpc.ExecutorMessageRawT: write tcp 10.128.0.161:43722->10.128.0.169:30016: write: broken pipe [ 65.420606][ T5213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 65.428558][ T5213] R13: 000000000000000b R14: 00007f8424db3f80 R15: 00007fff998eae08 [ 65.436524][ T5213] [ 65.454457][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.462617][ T5119] Bluetooth: hci2: command tx timeout [ 65.536313][ T5119] Bluetooth: hci0: command tx timeout [ 65.556068][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.619706][ T5119] Bluetooth: hci3: command tx timeout [ 65.624714][ T4487] Bluetooth: hci1: command tx timeout [ 65.631028][ T52] Bluetooth: hci4: command tx timeout