Warning: Permanently added '10.128.1.107' (ECDSA) to the list of known hosts. 2023/06/15 12:45:27 fuzzer started 2023/06/15 12:45:28 dialing manager at 10.128.0.169:30008 [ 57.339266][ T5001] cgroup: Unknown subsys name 'net' [ 57.480415][ T5001] cgroup: Unknown subsys name 'rlimit' 2023/06/15 12:45:29 syscalls: 1737 2023/06/15 12:45:29 code coverage: enabled 2023/06/15 12:45:29 comparison tracing: enabled 2023/06/15 12:45:29 extra coverage: enabled 2023/06/15 12:45:29 delay kcov mmap: enabled 2023/06/15 12:45:29 setuid sandbox: enabled 2023/06/15 12:45:29 namespace sandbox: enabled 2023/06/15 12:45:29 Android sandbox: /sys/fs/selinux/policy does not exist 2023/06/15 12:45:29 fault injection: enabled 2023/06/15 12:45:29 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2023/06/15 12:45:29 net packet injection: enabled 2023/06/15 12:45:29 net device setup: enabled 2023/06/15 12:45:29 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/06/15 12:45:29 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/06/15 12:45:29 NIC VF setup: PCI device 0000:00:11.0 is not available 2023/06/15 12:45:29 USB emulation: enabled 2023/06/15 12:45:29 hci packet injection: enabled 2023/06/15 12:45:29 wifi device emulation: enabled 2023/06/15 12:45:29 802.15.4 emulation: enabled 2023/06/15 12:45:29 swap file: enabled 2023/06/15 12:45:29 fetching corpus: 0, signal 0/2000 (executing program) [ 58.832064][ T5001] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS 2023/06/15 12:45:29 fetching corpus: 46, signal 38423/41857 (executing program) 2023/06/15 12:45:29 fetching corpus: 95, signal 50579/55475 (executing program) 2023/06/15 12:45:30 fetching corpus: 145, signal 64811/70953 (executing program) 2023/06/15 12:45:30 fetching corpus: 194, signal 71378/78786 (executing program) 2023/06/15 12:45:30 fetching corpus: 243, signal 76287/84952 (executing program) 2023/06/15 12:45:30 fetching corpus: 293, signal 84478/94131 (executing program) 2023/06/15 12:45:30 fetching corpus: 342, signal 88605/99383 (executing program) 2023/06/15 12:45:30 fetching corpus: 391, signal 91766/103681 (executing program) 2023/06/15 12:45:30 fetching corpus: 440, signal 95111/108088 (executing program) 2023/06/15 12:45:31 fetching corpus: 490, signal 98283/112275 (executing program) 2023/06/15 12:45:31 fetching corpus: 540, signal 101289/116284 (executing program) 2023/06/15 12:45:31 fetching corpus: 588, signal 105100/120951 (executing program) 2023/06/15 12:45:31 fetching corpus: 637, signal 108712/125359 (executing program) 2023/06/15 12:45:31 fetching corpus: 687, signal 112251/129706 (executing program) 2023/06/15 12:45:31 fetching corpus: 735, signal 115214/133473 (executing program) 2023/06/15 12:45:31 fetching corpus: 785, signal 118730/137676 (executing program) 2023/06/15 12:45:32 fetching corpus: 835, signal 121723/141368 (executing program) 2023/06/15 12:45:32 fetching corpus: 884, signal 123505/143978 (executing program) 2023/06/15 12:45:32 fetching corpus: 934, signal 125482/146732 (executing program) 2023/06/15 12:45:32 fetching corpus: 982, signal 128010/149950 (executing program) 2023/06/15 12:45:32 fetching corpus: 1031, signal 130430/153008 (executing program) 2023/06/15 12:45:32 fetching corpus: 1081, signal 134399/157332 (executing program) 2023/06/15 12:45:32 fetching corpus: 1131, signal 137216/160653 (executing program) 2023/06/15 12:45:33 fetching corpus: 1181, signal 139553/163558 (executing program) 2023/06/15 12:45:33 fetching corpus: 1231, signal 142005/166437 (executing program) 2023/06/15 12:45:33 fetching corpus: 1281, signal 143492/168544 (executing program) 2023/06/15 12:45:33 fetching corpus: 1329, signal 145736/171263 (executing program) 2023/06/15 12:45:33 fetching corpus: 1378, signal 147448/173490 (executing program) 2023/06/15 12:45:33 fetching corpus: 1427, signal 149216/175751 (executing program) 2023/06/15 12:45:34 fetching corpus: 1476, signal 150924/177925 (executing program) 2023/06/15 12:45:34 fetching corpus: 1526, signal 152866/180301 (executing program) 2023/06/15 12:45:34 fetching corpus: 1576, signal 154010/182054 (executing program) 2023/06/15 12:45:34 fetching corpus: 1626, signal 155647/184094 (executing program) 2023/06/15 12:45:34 fetching corpus: 1676, signal 156866/185814 (executing program) 2023/06/15 12:45:34 fetching corpus: 1725, signal 158462/187802 (executing program) 2023/06/15 12:45:34 fetching corpus: 1775, signal 160357/189979 (executing program) 2023/06/15 12:45:34 fetching corpus: 1825, signal 161428/191516 (executing program) 2023/06/15 12:45:35 fetching corpus: 1875, signal 162737/193249 (executing program) 2023/06/15 12:45:35 fetching corpus: 1924, signal 163609/194613 (executing program) 2023/06/15 12:45:35 fetching corpus: 1973, signal 164854/196279 (executing program) 2023/06/15 12:45:35 fetching corpus: 2023, signal 166088/197894 (executing program) 2023/06/15 12:45:35 fetching corpus: 2072, signal 167445/199599 (executing program) 2023/06/15 12:45:35 fetching corpus: 2122, signal 168530/201076 (executing program) 2023/06/15 12:45:36 fetching corpus: 2172, signal 169781/202695 (executing program) 2023/06/15 12:45:36 fetching corpus: 2222, signal 170929/204185 (executing program) 2023/06/15 12:45:36 fetching corpus: 2271, signal 171961/205579 (executing program) 2023/06/15 12:45:36 fetching corpus: 2320, signal 172826/206849 (executing program) 2023/06/15 12:45:36 fetching corpus: 2370, signal 173975/208316 (executing program) 2023/06/15 12:45:36 fetching corpus: 2418, signal 175131/209725 (executing program) 2023/06/15 12:45:36 fetching corpus: 2468, signal 176235/211067 (executing program) 2023/06/15 12:45:37 fetching corpus: 2518, signal 177766/212676 (executing program) 2023/06/15 12:45:37 fetching corpus: 2568, signal 179263/214232 (executing program) 2023/06/15 12:45:37 fetching corpus: 2618, signal 181229/216063 (executing program) 2023/06/15 12:45:37 fetching corpus: 2667, signal 182286/217342 (executing program) 2023/06/15 12:45:37 fetching corpus: 2715, signal 183566/218736 (executing program) 2023/06/15 12:45:37 fetching corpus: 2764, signal 184833/220080 (executing program) 2023/06/15 12:45:38 fetching corpus: 2814, signal 186028/221369 (executing program) 2023/06/15 12:45:38 fetching corpus: 2862, signal 186948/222497 (executing program) 2023/06/15 12:45:38 fetching corpus: 2912, signal 188136/223727 (executing program) 2023/06/15 12:45:38 fetching corpus: 2961, signal 189228/224956 (executing program) 2023/06/15 12:45:38 fetching corpus: 3010, signal 190152/226065 (executing program) 2023/06/15 12:45:38 fetching corpus: 3059, signal 191094/227125 (executing program) 2023/06/15 12:45:39 fetching corpus: 3106, signal 191882/228073 (executing program) 2023/06/15 12:45:39 fetching corpus: 3156, signal 192728/229081 (executing program) 2023/06/15 12:45:39 fetching corpus: 3205, signal 193273/229874 (executing program) 2023/06/15 12:45:39 fetching corpus: 3255, signal 194047/230850 (executing program) 2023/06/15 12:45:39 fetching corpus: 3305, signal 194698/231747 (executing program) 2023/06/15 12:45:39 fetching corpus: 3355, signal 195499/232713 (executing program) 2023/06/15 12:45:39 fetching corpus: 3403, signal 196082/233550 (executing program) 2023/06/15 12:45:40 fetching corpus: 3453, signal 196897/234475 (executing program) 2023/06/15 12:45:40 fetching corpus: 3503, signal 197523/235289 (executing program) 2023/06/15 12:45:40 fetching corpus: 3552, signal 198252/236142 (executing program) 2023/06/15 12:45:40 fetching corpus: 3601, signal 198908/236994 (executing program) 2023/06/15 12:45:40 fetching corpus: 3651, signal 199679/237837 (executing program) 2023/06/15 12:45:40 fetching corpus: 3701, signal 200286/238566 (executing program) 2023/06/15 12:45:40 fetching corpus: 3751, signal 201646/239655 (executing program) 2023/06/15 12:45:41 fetching corpus: 3801, signal 202592/240525 (executing program) 2023/06/15 12:45:41 fetching corpus: 3851, signal 203518/241368 (executing program) 2023/06/15 12:45:41 fetching corpus: 3901, signal 204112/242069 (executing program) 2023/06/15 12:45:41 fetching corpus: 3951, signal 204893/242866 (executing program) 2023/06/15 12:45:41 fetching corpus: 4001, signal 205527/243585 (executing program) 2023/06/15 12:45:41 fetching corpus: 4051, signal 206162/244275 (executing program) 2023/06/15 12:45:41 fetching corpus: 4101, signal 207043/245056 (executing program) 2023/06/15 12:45:41 fetching corpus: 4151, signal 207612/245684 (executing program) 2023/06/15 12:45:42 fetching corpus: 4201, signal 208270/246384 (executing program) 2023/06/15 12:45:42 fetching corpus: 4250, signal 208955/247065 (executing program) [ 71.496909][ T1212] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.503530][ T1212] ieee802154 phy1 wpan1: encryption failed: -22 2023/06/15 12:45:42 fetching corpus: 4298, signal 209788/247833 (executing program) 2023/06/15 12:45:42 fetching corpus: 4346, signal 210421/248478 (executing program) 2023/06/15 12:45:42 fetching corpus: 4393, signal 211062/249073 (executing program) 2023/06/15 12:45:42 fetching corpus: 4443, signal 211900/249761 (executing program) 2023/06/15 12:45:43 fetching corpus: 4490, signal 212661/250429 (executing program) 2023/06/15 12:45:43 fetching corpus: 4538, signal 213233/251013 (executing program) 2023/06/15 12:45:43 fetching corpus: 4586, signal 213822/251625 (executing program) 2023/06/15 12:45:43 fetching corpus: 4635, signal 214391/252162 (executing program) 2023/06/15 12:45:43 fetching corpus: 4685, signal 215219/252801 (executing program) 2023/06/15 12:45:43 fetching corpus: 4734, signal 216009/253402 (executing program) 2023/06/15 12:45:43 fetching corpus: 4784, signal 216550/253927 (executing program) 2023/06/15 12:45:44 fetching corpus: 4834, signal 217108/254497 (executing program) 2023/06/15 12:45:44 fetching corpus: 4884, signal 217799/255047 (executing program) 2023/06/15 12:45:44 fetching corpus: 4934, signal 218350/255532 (executing program) 2023/06/15 12:45:44 fetching corpus: 4983, signal 218832/255986 (executing program) 2023/06/15 12:45:44 fetching corpus: 5033, signal 219394/256440 (executing program) 2023/06/15 12:45:44 fetching corpus: 5081, signal 219778/256882 (executing program) 2023/06/15 12:45:44 fetching corpus: 5130, signal 220327/257391 (executing program) 2023/06/15 12:45:45 fetching corpus: 5180, signal 220801/257860 (executing program) 2023/06/15 12:45:45 fetching corpus: 5224, signal 221516/258368 (executing program) 2023/06/15 12:45:45 fetching corpus: 5274, signal 222096/258884 (executing program) 2023/06/15 12:45:45 fetching corpus: 5324, signal 222610/259301 (executing program) 2023/06/15 12:45:45 fetching corpus: 5372, signal 223446/259788 (executing program) 2023/06/15 12:45:45 fetching corpus: 5420, signal 224007/260221 (executing program) 2023/06/15 12:45:45 fetching corpus: 5470, signal 224639/260654 (executing program) 2023/06/15 12:45:46 fetching corpus: 5520, signal 225189/261059 (executing program) 2023/06/15 12:45:46 fetching corpus: 5568, signal 225968/261517 (executing program) 2023/06/15 12:45:46 fetching corpus: 5617, signal 226403/261901 (executing program) 2023/06/15 12:45:46 fetching corpus: 5667, signal 227145/262314 (executing program) 2023/06/15 12:45:46 fetching corpus: 5716, signal 227790/262740 (executing program) 2023/06/15 12:45:46 fetching corpus: 5766, signal 228382/263104 (executing program) 2023/06/15 12:45:46 fetching corpus: 5816, signal 228807/263446 (executing program) 2023/06/15 12:45:47 fetching corpus: 5866, signal 229163/263777 (executing program) 2023/06/15 12:45:47 fetching corpus: 5915, signal 229659/264097 (executing program) 2023/06/15 12:45:47 fetching corpus: 5965, signal 230554/264433 (executing program) [ 76.615626][ T7] cfg80211: failed to load regulatory.db 2023/06/15 12:45:47 fetching corpus: 6015, signal 230952/264750 (executing program) 2023/06/15 12:45:47 fetching corpus: 6063, signal 231444/265077 (executing program) 2023/06/15 12:45:47 fetching corpus: 6113, signal 231820/265394 (executing program) 2023/06/15 12:45:48 fetching corpus: 6160, signal 232229/265704 (executing program) 2023/06/15 12:45:48 fetching corpus: 6209, signal 232937/265983 (executing program) 2023/06/15 12:45:48 fetching corpus: 6259, signal 233516/266274 (executing program) 2023/06/15 12:45:48 fetching corpus: 6309, signal 234223/266563 (executing program) 2023/06/15 12:45:48 fetching corpus: 6359, signal 234784/266821 (executing program) 2023/06/15 12:45:48 fetching corpus: 6409, signal 235342/267066 (executing program) 2023/06/15 12:45:49 fetching corpus: 6457, signal 235773/267333 (executing program) 2023/06/15 12:45:49 fetching corpus: 6507, signal 236491/267571 (executing program) 2023/06/15 12:45:49 fetching corpus: 6555, signal 236987/267812 (executing program) 2023/06/15 12:45:49 fetching corpus: 6605, signal 237448/267821 (executing program) 2023/06/15 12:45:49 fetching corpus: 6654, signal 237881/267822 (executing program) 2023/06/15 12:45:49 fetching corpus: 6704, signal 238294/267822 (executing program) 2023/06/15 12:45:49 fetching corpus: 6751, signal 238654/267823 (executing program) 2023/06/15 12:45:49 fetching corpus: 6801, signal 239039/267824 (executing program) 2023/06/15 12:45:50 fetching corpus: 6849, signal 239401/267829 (executing program) 2023/06/15 12:45:50 fetching corpus: 6898, signal 239892/267830 (executing program) 2023/06/15 12:45:50 fetching corpus: 6948, signal 240327/267833 (executing program) 2023/06/15 12:45:50 fetching corpus: 6996, signal 240804/267836 (executing program) 2023/06/15 12:45:50 fetching corpus: 7045, signal 241231/267836 (executing program) 2023/06/15 12:45:50 fetching corpus: 7094, signal 241765/267875 (executing program) 2023/06/15 12:45:50 fetching corpus: 7144, signal 242442/267892 (executing program) 2023/06/15 12:45:50 fetching corpus: 7193, signal 242773/267892 (executing program) 2023/06/15 12:45:51 fetching corpus: 7242, signal 243287/267893 (executing program) 2023/06/15 12:45:51 fetching corpus: 7291, signal 243761/267898 (executing program) 2023/06/15 12:45:51 fetching corpus: 7341, signal 244210/267898 (executing program) 2023/06/15 12:45:51 fetching corpus: 7390, signal 244653/267898 (executing program) 2023/06/15 12:45:51 fetching corpus: 7440, signal 245119/267950 (executing program) 2023/06/15 12:45:51 fetching corpus: 7489, signal 245625/267952 (executing program) 2023/06/15 12:45:51 fetching corpus: 7538, signal 245895/267952 (executing program) 2023/06/15 12:45:52 fetching corpus: 7588, signal 246169/267952 (executing program) 2023/06/15 12:45:52 fetching corpus: 7638, signal 246623/267959 (executing program) 2023/06/15 12:45:52 fetching corpus: 7687, signal 247030/267959 (executing program) 2023/06/15 12:45:52 fetching corpus: 7737, signal 247366/267988 (executing program) 2023/06/15 12:45:52 fetching corpus: 7787, signal 247756/267989 (executing program) 2023/06/15 12:45:52 fetching corpus: 7836, signal 248124/267989 (executing program) 2023/06/15 12:45:52 fetching corpus: 7885, signal 248724/268001 (executing program) 2023/06/15 12:45:52 fetching corpus: 7935, signal 249535/268001 (executing program) 2023/06/15 12:45:53 fetching corpus: 7983, signal 250096/268002 (executing program) 2023/06/15 12:45:53 fetching corpus: 8033, signal 250400/268004 (executing program) 2023/06/15 12:45:53 fetching corpus: 8082, signal 250693/268011 (executing program) 2023/06/15 12:45:53 fetching corpus: 8132, signal 251145/268011 (executing program) 2023/06/15 12:45:53 fetching corpus: 8180, signal 251674/268108 (executing program) 2023/06/15 12:45:54 fetching corpus: 8230, signal 252183/268108 (executing program) 2023/06/15 12:45:54 fetching corpus: 8280, signal 252555/268108 (executing program) 2023/06/15 12:45:54 fetching corpus: 8329, signal 253102/268108 (executing program) 2023/06/15 12:45:54 fetching corpus: 8379, signal 253340/268108 (executing program) 2023/06/15 12:45:54 fetching corpus: 8429, signal 253718/268108 (executing program) 2023/06/15 12:45:54 fetching corpus: 8477, signal 254028/268121 (executing program) 2023/06/15 12:45:54 fetching corpus: 8527, signal 254396/268124 (executing program) 2023/06/15 12:45:55 fetching corpus: 8577, signal 254889/268124 (executing program) 2023/06/15 12:45:55 fetching corpus: 8627, signal 255141/268124 (executing program) 2023/06/15 12:45:55 fetching corpus: 8677, signal 255626/268124 (executing program) 2023/06/15 12:45:55 fetching corpus: 8727, signal 256040/268124 (executing program) 2023/06/15 12:45:55 fetching corpus: 8777, signal 256481/268124 (executing program) 2023/06/15 12:45:55 fetching corpus: 8827, signal 256914/268125 (executing program) 2023/06/15 12:45:56 fetching corpus: 8877, signal 257340/268154 (executing program) 2023/06/15 12:45:56 fetching corpus: 8926, signal 257638/268154 (executing program) 2023/06/15 12:45:56 fetching corpus: 8976, signal 257972/268154 (executing program) 2023/06/15 12:45:56 fetching corpus: 9026, signal 258312/268154 (executing program) 2023/06/15 12:45:56 fetching corpus: 9075, signal 258523/268155 (executing program) 2023/06/15 12:45:56 fetching corpus: 9125, signal 259005/268155 (executing program) 2023/06/15 12:45:56 fetching corpus: 9174, signal 259248/268173 (executing program) 2023/06/15 12:45:56 fetching corpus: 9223, signal 259540/268173 (executing program) 2023/06/15 12:45:57 fetching corpus: 9273, signal 259867/268185 (executing program) 2023/06/15 12:45:57 fetching corpus: 9322, signal 260291/268185 (executing program) 2023/06/15 12:45:57 fetching corpus: 9371, signal 260734/268185 (executing program) 2023/06/15 12:45:57 fetching corpus: 9420, signal 261119/268185 (executing program) 2023/06/15 12:45:57 fetching corpus: 9468, signal 261525/268197 (executing program) 2023/06/15 12:45:57 fetching corpus: 9514, signal 261869/268221 (executing program) 2023/06/15 12:45:57 fetching corpus: 9563, signal 262248/268221 (executing program) 2023/06/15 12:45:58 fetching corpus: 9612, signal 262510/268221 (executing program) 2023/06/15 12:45:58 fetching corpus: 9662, signal 262831/268227 (executing program) 2023/06/15 12:45:58 fetching corpus: 9711, signal 263231/268227 (executing program) 2023/06/15 12:45:58 fetching corpus: 9759, signal 263421/268228 (executing program) 2023/06/15 12:45:58 fetching corpus: 9809, signal 263753/268243 (executing program) 2023/06/15 12:45:58 fetching corpus: 9857, signal 263975/268279 (executing program) 2023/06/15 12:45:58 fetching corpus: 9907, signal 264319/268280 (executing program) 2023/06/15 12:45:58 fetching corpus: 9956, signal 264549/268287 (executing program) 2023/06/15 12:45:58 fetching corpus: 10006, signal 264953/268301 (executing program) 2023/06/15 12:45:59 fetching corpus: 10054, signal 265365/268301 (executing program) 2023/06/15 12:45:59 fetching corpus: 10104, signal 265711/268302 (executing program) 2023/06/15 12:45:59 fetching corpus: 10154, signal 266214/268377 (executing program) 2023/06/15 12:45:59 fetching corpus: 10202, signal 266680/268382 (executing program) 2023/06/15 12:45:59 fetching corpus: 10211, signal 266739/268439 (executing program) 2023/06/15 12:45:59 fetching corpus: 10211, signal 266739/268439 (executing program) 2023/06/15 12:46:01 starting 6 fuzzer processes 12:46:01 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_LBT_MODE(r0, &(0x7f0000000180)={0x0, 0x4c, &(0x7f0000000040)={&(0x7f0000000100)={0x20, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x21}]}, 0x20}}, 0x0) 12:46:01 executing program 3: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) write$cgroup_int(r2, &(0x7f00000001c0), 0xfffffdef) 12:46:01 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x4}}, 0x26) syz_emit_ethernet(0x4c, &(0x7f0000000080)={@broadcast, @random="00b48949391a", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0x0, @remote, @local, {[], {0x0, 0xe22, 0x16, 0x0, @gue={{0x8, 0x0, 0x0, 0x2, 0x0, @val=0x71f00000}, "2775a7399c79"}}}}}}}, 0x0) 12:46:01 executing program 2: syz_emit_ethernet(0x6e, &(0x7f0000000000)={@broadcast, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010104, @local}, @dest_unreach={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @loopback, @empty, {[@timestamp_prespec={0x44, 0x14, 0x0, 0x3, 0x0, [{@loopback=0x7f000005}, {@remote}]}, @timestamp_addr={0x44, 0x1c, 0x0, 0x1, 0x0, [{@initdev={0xac, 0x1e, 0x0, 0x0}}, {@multicast2}, {@multicast2}]}]}}}}}}}, 0x0) 12:46:01 executing program 5: bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x17, 0x2, 0x0, 0x2}, 0x48) 12:46:01 executing program 4: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) r1 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r0, 0x101) setsockopt(r1, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @dev}, 0x10) sendmmsg$inet(r1, &(0x7f0000002880)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)="afac", 0x2}], 0x1}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000003c0)="be", 0x1}], 0x1}}], 0x2, 0x0) [ 91.040694][ T5005] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5005 'syz-fuzzer' [ 91.551282][ T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 91.560178][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 91.569347][ T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 91.578392][ T48] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 91.586954][ T48] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 91.594532][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 91.603183][ T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 91.612387][ T5028] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 91.621985][ T5028] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 91.629386][ T5030] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 91.630183][ T5028] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 91.647276][ T5034] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 91.647304][ T5028] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 91.661875][ T4409] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 91.663367][ T5028] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 91.669827][ T4409] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 91.677394][ T5028] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 91.683894][ T4409] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 91.690579][ T5028] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 91.698123][ T4409] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 91.716501][ T4409] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 91.723542][ T5028] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 91.726685][ T5038] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 91.739697][ T5034] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 91.748516][ T5038] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 91.759426][ T5034] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 91.761967][ T5022] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 91.767465][ T5038] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 91.786209][ T5034] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 91.794593][ T5034] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 91.813738][ T5026] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 91.814980][ T5038] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 91.828344][ T5038] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 91.835623][ T5038] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 91.845549][ T5038] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 92.163191][ T5021] chnl_net:caif_netlink_parms(): no params data found [ 92.371082][ T5037] chnl_net:caif_netlink_parms(): no params data found [ 92.421450][ T5029] chnl_net:caif_netlink_parms(): no params data found [ 92.432129][ T5021] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.440803][ T5021] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.448556][ T5021] bridge_slave_0: entered allmulticast mode [ 92.456829][ T5021] bridge_slave_0: entered promiscuous mode [ 92.472423][ T5021] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.479593][ T5021] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.487215][ T5021] bridge_slave_1: entered allmulticast mode [ 92.493911][ T5021] bridge_slave_1: entered promiscuous mode [ 92.520681][ T5025] chnl_net:caif_netlink_parms(): no params data found [ 92.549786][ T5024] chnl_net:caif_netlink_parms(): no params data found [ 92.580356][ T5021] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.624906][ T5021] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.639505][ T5033] chnl_net:caif_netlink_parms(): no params data found [ 92.751004][ T5021] team0: Port device team_slave_0 added [ 92.769776][ T5029] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.777099][ T5029] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.784338][ T5029] bridge_slave_0: entered allmulticast mode [ 92.790858][ T5029] bridge_slave_0: entered promiscuous mode [ 92.805830][ T5037] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.812925][ T5037] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.823510][ T5037] bridge_slave_0: entered allmulticast mode [ 92.830049][ T5037] bridge_slave_0: entered promiscuous mode [ 92.843926][ T5021] team0: Port device team_slave_1 added [ 92.864303][ T5029] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.871404][ T5029] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.878905][ T5029] bridge_slave_1: entered allmulticast mode [ 92.886164][ T5029] bridge_slave_1: entered promiscuous mode [ 92.898804][ T5037] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.905936][ T5037] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.913139][ T5037] bridge_slave_1: entered allmulticast mode [ 92.920475][ T5037] bridge_slave_1: entered promiscuous mode [ 92.944051][ T5024] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.951117][ T5024] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.959585][ T5024] bridge_slave_0: entered allmulticast mode [ 92.966531][ T5024] bridge_slave_0: entered promiscuous mode [ 92.982244][ T5025] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.992920][ T5025] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.000349][ T5025] bridge_slave_0: entered allmulticast mode [ 93.010124][ T5025] bridge_slave_0: entered promiscuous mode [ 93.041492][ T5021] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.048528][ T5021] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.074569][ T5021] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.086858][ T5024] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.094078][ T5024] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.101296][ T5024] bridge_slave_1: entered allmulticast mode [ 93.108187][ T5024] bridge_slave_1: entered promiscuous mode [ 93.123412][ T5025] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.130525][ T5025] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.138208][ T5025] bridge_slave_1: entered allmulticast mode [ 93.144962][ T5025] bridge_slave_1: entered promiscuous mode [ 93.153121][ T5037] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.162602][ T5033] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.169859][ T5033] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.177296][ T5033] bridge_slave_0: entered allmulticast mode [ 93.184402][ T5033] bridge_slave_0: entered promiscuous mode [ 93.191858][ T5021] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.198899][ T5021] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.225377][ T5021] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.251441][ T5029] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.272649][ T5037] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.281916][ T5033] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.289070][ T5033] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.296651][ T5033] bridge_slave_1: entered allmulticast mode [ 93.303415][ T5033] bridge_slave_1: entered promiscuous mode [ 93.339093][ T5029] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.373139][ T5033] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.385215][ T5024] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.404860][ T5025] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.430974][ T5033] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.441703][ T5024] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.460821][ T5025] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.472410][ T5037] team0: Port device team_slave_0 added [ 93.481945][ T5021] hsr_slave_0: entered promiscuous mode [ 93.488534][ T5021] hsr_slave_1: entered promiscuous mode [ 93.515756][ T5029] team0: Port device team_slave_0 added [ 93.529439][ T5037] team0: Port device team_slave_1 added [ 93.560203][ T5029] team0: Port device team_slave_1 added [ 93.599776][ T5033] team0: Port device team_slave_0 added [ 93.609409][ T5024] team0: Port device team_slave_0 added [ 93.627600][ T5025] team0: Port device team_slave_0 added [ 93.640264][ T5037] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.647813][ T5037] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.674100][ T5037] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.688355][ T5033] team0: Port device team_slave_1 added [ 93.695751][ T5024] team0: Port device team_slave_1 added [ 93.711145][ T5025] team0: Port device team_slave_1 added [ 93.730563][ T5037] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.738294][ T5037] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.738414][ T5036] Bluetooth: hci0: command 0x0409 tx timeout [ 93.770654][ T5037] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.800000][ T5029] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.807187][ T5029] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.833669][ T5041] Bluetooth: hci2: command 0x0409 tx timeout [ 93.834572][ T5036] Bluetooth: hci1: command 0x0409 tx timeout [ 93.840014][ T5041] Bluetooth: hci3: command 0x0409 tx timeout [ 93.852971][ T5029] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.867110][ T5029] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.874551][ T5029] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.899700][ T5036] Bluetooth: hci4: command 0x0409 tx timeout [ 93.901640][ T5029] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.907248][ T5041] Bluetooth: hci5: command 0x0409 tx timeout [ 93.951616][ T5024] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.958711][ T5024] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.985471][ T5024] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.999164][ T5025] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.006631][ T5025] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.032861][ T5025] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.046515][ T5025] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.053698][ T5025] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.079791][ T5025] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.106806][ T5033] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.114288][ T5033] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.141202][ T5033] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.168734][ T5024] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.176181][ T5024] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.202481][ T5024] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.227718][ T5033] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.234792][ T5033] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.261017][ T5033] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.292938][ T5029] hsr_slave_0: entered promiscuous mode [ 94.300329][ T5029] hsr_slave_1: entered promiscuous mode [ 94.307141][ T5029] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.315172][ T5029] Cannot create hsr debugfs directory [ 94.322729][ T5037] hsr_slave_0: entered promiscuous mode [ 94.329550][ T5037] hsr_slave_1: entered promiscuous mode [ 94.335895][ T5037] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.343838][ T5037] Cannot create hsr debugfs directory [ 94.422770][ T5033] hsr_slave_0: entered promiscuous mode [ 94.429110][ T5033] hsr_slave_1: entered promiscuous mode [ 94.438908][ T5033] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.446530][ T5033] Cannot create hsr debugfs directory [ 94.502891][ T5024] hsr_slave_0: entered promiscuous mode [ 94.509251][ T5024] hsr_slave_1: entered promiscuous mode [ 94.515761][ T5024] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.523396][ T5024] Cannot create hsr debugfs directory [ 94.531233][ T5025] hsr_slave_0: entered promiscuous mode [ 94.537808][ T5025] hsr_slave_1: entered promiscuous mode [ 94.543961][ T5025] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.551517][ T5025] Cannot create hsr debugfs directory [ 94.810777][ T5021] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.855611][ T5021] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.870061][ T5021] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.882015][ T5021] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.997742][ T5037] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 95.007955][ T5037] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 95.030659][ T5037] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 95.051413][ T5037] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 95.103138][ T5029] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 95.121539][ T5029] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 95.141691][ T5029] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 95.151228][ T5029] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 95.206309][ T5025] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 95.232393][ T5021] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.239343][ T5025] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 95.249699][ T5025] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 95.279687][ T5021] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.295312][ T5025] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 95.365092][ T5033] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 95.380935][ T5033] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 95.412202][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.419567][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.432684][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.439799][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.468870][ T5033] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 95.539597][ T5033] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 95.559741][ T5037] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.571875][ T5024] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 95.608241][ T5024] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 95.618221][ T5024] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 95.630219][ T5024] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 95.658583][ T5029] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.672132][ T5037] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.753611][ T5082] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.760757][ T5082] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.770963][ T5082] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.778264][ T5082] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.798180][ T5029] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.813732][ T5041] Bluetooth: hci0: command 0x041b tx timeout [ 95.837163][ T5025] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.853207][ T5087] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.860424][ T5087] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.877956][ T5087] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.885684][ T5087] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.893529][ T5036] Bluetooth: hci1: command 0x041b tx timeout [ 95.893604][ T5041] Bluetooth: hci2: command 0x041b tx timeout [ 95.903738][ T5036] Bluetooth: hci3: command 0x041b tx timeout [ 95.974228][ T5036] Bluetooth: hci5: command 0x041b tx timeout [ 95.979144][ T5041] Bluetooth: hci4: command 0x041b tx timeout [ 96.004905][ T5025] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.038681][ T5085] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.045826][ T5085] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.055515][ T5085] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.062605][ T5085] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.086604][ T5021] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.138408][ T5033] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.176475][ T5024] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.212935][ T5025] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 96.279477][ T5033] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.292312][ T5024] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.327220][ T4418] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.334405][ T4418] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.364899][ T4418] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.372046][ T4418] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.419944][ T5021] veth0_vlan: entered promiscuous mode [ 96.465088][ T4744] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.472244][ T4744] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.483779][ T4744] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.490904][ T4744] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.507721][ T5021] veth1_vlan: entered promiscuous mode [ 96.621952][ T5037] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.661809][ T5024] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 96.714135][ T5024] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 96.776189][ T5025] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.817542][ T5021] veth0_macvtap: entered promiscuous mode [ 96.837888][ T5021] veth1_macvtap: entered promiscuous mode [ 96.860839][ T5029] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.945046][ T5021] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.978569][ T5037] veth0_vlan: entered promiscuous mode [ 97.006478][ T5021] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.038019][ T5037] veth1_vlan: entered promiscuous mode [ 97.057948][ T5021] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.099033][ T5021] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.123346][ T5021] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.132251][ T5021] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.270037][ T5037] veth0_macvtap: entered promiscuous mode [ 97.308404][ T5033] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.339303][ T5037] veth1_macvtap: entered promiscuous mode [ 97.370900][ T5024] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.422482][ T5037] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.440559][ T5037] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.454659][ T5037] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.505245][ T5037] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.528921][ T5037] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.548270][ T5037] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.584316][ T5089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.592397][ T5089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.622388][ T5024] veth0_vlan: entered promiscuous mode [ 97.664737][ T5037] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.687197][ T5037] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.697489][ T5037] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.706557][ T5037] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.739848][ T5033] veth0_vlan: entered promiscuous mode [ 97.760910][ T5024] veth1_vlan: entered promiscuous mode [ 97.767757][ T5082] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.776681][ T5082] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.781421][ T5033] veth1_vlan: entered promiscuous mode [ 97.893878][ T5041] Bluetooth: hci0: command 0x040f tx timeout [ 97.916567][ T5024] veth0_macvtap: entered promiscuous mode [ 97.961912][ T5025] veth0_vlan: entered promiscuous mode [ 97.974218][ T5041] Bluetooth: hci2: command 0x040f tx timeout [ 97.974323][ T5036] Bluetooth: hci3: command 0x040f tx timeout [ 97.980242][ T5041] Bluetooth: hci1: command 0x040f tx timeout [ 97.988731][ T5024] veth1_macvtap: entered promiscuous mode [ 98.009443][ T5029] veth0_vlan: entered promiscuous mode [ 98.019189][ T5033] veth0_macvtap: entered promiscuous mode [ 98.049473][ T5133] netlink: 'syz-executor.0': attribute type 33 has an invalid length. 12:46:08 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_LBT_MODE(r0, &(0x7f0000000180)={0x0, 0x4c, &(0x7f0000000040)={&(0x7f0000000100)={0x20, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x21}]}, 0x20}}, 0x0) [ 98.050547][ T5033] veth1_macvtap: entered promiscuous mode [ 98.059142][ T5036] Bluetooth: hci5: command 0x040f tx timeout [ 98.064354][ T5041] Bluetooth: hci4: command 0x040f tx timeout [ 98.077661][ T5082] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.090849][ T5029] veth1_vlan: entered promiscuous mode [ 98.096490][ T5082] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.130453][ T5025] veth1_vlan: entered promiscuous mode [ 98.156993][ T5024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.169389][ T5024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.181448][ T5024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.192221][ T5024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.205503][ T5024] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.222929][ T5033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.234052][ T5033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.247465][ T5033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.258221][ T5033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.269085][ T5033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 12:46:09 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_LBT_MODE(r0, &(0x7f0000000180)={0x0, 0x4c, &(0x7f0000000040)={&(0x7f0000000100)={0x20, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x21}]}, 0x20}}, 0x0) [ 98.280123][ T5033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.291693][ T5033] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.328646][ T5024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.351539][ T5138] netlink: 'syz-executor.0': attribute type 33 has an invalid length. [ 98.360157][ T5024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.375103][ T5024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.386227][ T5024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.397379][ T5024] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.407430][ T5033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.419566][ T5033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.429791][ T5033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.440438][ T5033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.452946][ T5033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.471113][ T5033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.482679][ T5033] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.500225][ T5092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.513172][ T5092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:46:09 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_LBT_MODE(r0, &(0x7f0000000180)={0x0, 0x4c, &(0x7f0000000040)={&(0x7f0000000100)={0x20, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x21}]}, 0x20}}, 0x0) [ 98.536040][ T5024] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.576687][ T5024] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.579536][ T5140] netlink: 'syz-executor.0': attribute type 33 has an invalid length. [ 98.592279][ T5024] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.603766][ T5024] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.623357][ T5033] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.632092][ T5033] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.645582][ T5033] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.656251][ T5033] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.677726][ T5029] veth0_macvtap: entered promiscuous mode [ 98.690391][ T5025] veth0_macvtap: entered promiscuous mode 12:46:09 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f459b269eff56b3d128aae0d6dcf872844d1f14"], 0x78) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r0, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8b26, &(0x7f0000000000)={'wlan0\x00'}) [ 98.722611][ T5029] veth1_macvtap: entered promiscuous mode [ 98.766298][ T5025] veth1_macvtap: entered promiscuous mode [ 98.875654][ T5029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.887828][ T5029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.901411][ T5029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.912201][ T5029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 12:46:09 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x4}}, 0x26) syz_emit_ethernet(0x4c, &(0x7f0000000080)={@broadcast, @random="00b48949391a", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0x0, @remote, @local, {[], {0x0, 0xe22, 0x16, 0x0, @gue={{0x8, 0x0, 0x0, 0x2, 0x0, @val=0x71f00000}, "2775a7399c79"}}}}}}}, 0x0) [ 98.924662][ T5029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.935632][ T5029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.945792][ T5029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.956329][ T5029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.968725][ T5029] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.984615][ T5143] warning: `syz-executor.0' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 12:46:09 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f459b269eff56b3d128aae0d6dcf872844d1f14"], 0x78) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r0, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8b26, &(0x7f0000000000)={'wlan0\x00'}) [ 99.049829][ T5025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.084562][ T5025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.097524][ T5025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.113815][ T5025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.123913][ T5025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.136158][ T5025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.146518][ T5025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.157409][ T5025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.167434][ T5025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.178958][ T5025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 12:46:10 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x4}}, 0x26) syz_emit_ethernet(0x4c, &(0x7f0000000080)={@broadcast, @random="00b48949391a", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0x0, @remote, @local, {[], {0x0, 0xe22, 0x16, 0x0, @gue={{0x8, 0x0, 0x0, 0x2, 0x0, @val=0x71f00000}, "2775a7399c79"}}}}}}}, 0x0) [ 99.200635][ T5025] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.250592][ T5029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.281018][ T5029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.291631][ T5029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.302632][ T5029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.312711][ T5029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.323862][ T5029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.334038][ T5029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.345033][ T5029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.361688][ T5029] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.385579][ T5025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.397984][ T5025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.408980][ T5025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.420601][ T5025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.430607][ T5025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.443714][ T5025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.453791][ T5025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.466616][ T5025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.477939][ T5025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.488602][ T5025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.500343][ T5025] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.545428][ T5025] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.554637][ T5025] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.563726][ T5025] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.572445][ T5025] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.588176][ T5029] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.597738][ T4744] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.604447][ T5029] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.607136][ T4744] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.616054][ T5029] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.630443][ T5029] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.710012][ T5087] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.718186][ T5087] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.764577][ T22] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.782592][ T22] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.847788][ T901] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.871023][ T901] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.901398][ T5092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.932154][ T5092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:46:10 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f459b269eff56b3d128aae0d6dcf872844d1f14"], 0x78) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r0, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8b26, &(0x7f0000000000)={'wlan0\x00'}) 12:46:10 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f459b269eff56b3d128aae0d6dcf872844d1f14"], 0x78) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r0, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8b26, &(0x7f0000000000)={'wlan0\x00'}) [ 99.953742][ T5082] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.961620][ T5082] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.974290][ T5041] Bluetooth: hci0: command 0x0419 tx timeout [ 100.035595][ T5089] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.054319][ T5041] Bluetooth: hci3: command 0x0419 tx timeout [ 100.058015][ T5089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.060361][ T5041] Bluetooth: hci2: command 0x0419 tx timeout [ 100.068249][ T5036] Bluetooth: hci1: command 0x0419 tx timeout 12:46:10 executing program 2: syz_emit_ethernet(0x6e, &(0x7f0000000000)={@broadcast, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010104, @local}, @dest_unreach={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @loopback, @empty, {[@timestamp_prespec={0x44, 0x14, 0x0, 0x3, 0x0, [{@loopback=0x7f000005}, {@remote}]}, @timestamp_addr={0x44, 0x1c, 0x0, 0x1, 0x0, [{@initdev={0xac, 0x1e, 0x0, 0x0}}, {@multicast2}, {@multicast2}]}]}}}}}}}, 0x0) [ 100.133628][ T5041] Bluetooth: hci5: command 0x0419 tx timeout [ 100.139711][ T5041] Bluetooth: hci4: command 0x0419 tx timeout [ 100.198520][ T5089] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.233211][ T5089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:46:11 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000002c80)={0x0, 0x0, &(0x7f0000002c40)={&(0x7f0000003180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01080000e0030000000e02000000090001007300803000000000080002400000000214000000110001"], 0x50}}, 0x0) sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x20, 0x7, 0xa, 0x301, 0x0, 0x0, {}, [@NFTA_RULE_TABLE={0x5, 0x1, 'syz1\x00'}]}, 0x20}}, 0x0) 12:46:11 executing program 4: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) r1 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r0, 0x101) setsockopt(r1, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @dev}, 0x10) sendmmsg$inet(r1, &(0x7f0000002880)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)="afac", 0x2}], 0x1}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000003c0)="be", 0x1}], 0x1}}], 0x2, 0x0) 12:46:11 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x4}}, 0x26) syz_emit_ethernet(0x4c, &(0x7f0000000080)={@broadcast, @random="00b48949391a", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0x0, @remote, @local, {[], {0x0, 0xe22, 0x16, 0x0, @gue={{0x8, 0x0, 0x0, 0x2, 0x0, @val=0x71f00000}, "2775a7399c79"}}}}}}}, 0x0) 12:46:11 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f459b269eff56b3d128aae0d6dcf872844d1f14"], 0x78) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r0, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8b26, &(0x7f0000000000)={'wlan0\x00'}) 12:46:11 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f459b269eff56b3d128aae0d6dcf872844d1f14"], 0x78) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r0, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8b26, &(0x7f0000000000)={'wlan0\x00'}) 12:46:11 executing program 2: syz_emit_ethernet(0x6e, &(0x7f0000000000)={@broadcast, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010104, @local}, @dest_unreach={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @loopback, @empty, {[@timestamp_prespec={0x44, 0x14, 0x0, 0x3, 0x0, [{@loopback=0x7f000005}, {@remote}]}, @timestamp_addr={0x44, 0x1c, 0x0, 0x1, 0x0, [{@initdev={0xac, 0x1e, 0x0, 0x0}}, {@multicast2}, {@multicast2}]}]}}}}}}}, 0x0) [ 100.445574][ T5168] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. 12:46:11 executing program 2: syz_emit_ethernet(0x6e, &(0x7f0000000000)={@broadcast, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010104, @local}, @dest_unreach={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @loopback, @empty, {[@timestamp_prespec={0x44, 0x14, 0x0, 0x3, 0x0, [{@loopback=0x7f000005}, {@remote}]}, @timestamp_addr={0x44, 0x1c, 0x0, 0x1, 0x0, [{@initdev={0xac, 0x1e, 0x0, 0x0}}, {@multicast2}, {@multicast2}]}]}}}}}}}, 0x0) 12:46:11 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) r1 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r0, 0x101) setsockopt(r1, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @dev}, 0x10) sendmmsg$inet(r1, &(0x7f0000002880)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)="afac", 0x2}], 0x1}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000003c0)="be", 0x1}], 0x1}}], 0x2, 0x0) 12:46:11 executing program 2: bpf$MAP_CREATE(0x15, &(0x7f0000000340), 0x48) 12:46:11 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000002c80)={0x0, 0x0, &(0x7f0000002c40)={&(0x7f0000003180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01080000e0030000000e02000000090001007300803000000000080002400000000214000000110001"], 0x50}}, 0x0) sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x20, 0x7, 0xa, 0x301, 0x0, 0x0, {}, [@NFTA_RULE_TABLE={0x5, 0x1, 'syz1\x00'}]}, 0x20}}, 0x0) 12:46:11 executing program 0: r0 = socket$igmp6(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r0, 0x29, 0x22, &(0x7f0000000080)={{0xa, 0x0, 0x101, @empty}, {0xa, 0x0, 0x0, @dev}, 0x0, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}}, 0x5c) 12:46:11 executing program 4: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) r1 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r0, 0x101) setsockopt(r1, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @dev}, 0x10) sendmmsg$inet(r1, &(0x7f0000002880)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)="afac", 0x2}], 0x1}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000003c0)="be", 0x1}], 0x1}}], 0x2, 0x0) 12:46:11 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f459b269eff56b3d128aae0d6dcf872844d1f14"], 0x78) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r0, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8b26, &(0x7f0000000000)={'wlan0\x00'}) 12:46:11 executing program 2: bpf$MAP_CREATE(0x15, &(0x7f0000000340), 0x48) [ 100.736987][ T5185] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. 12:46:11 executing program 4: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) r1 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r0, 0x101) setsockopt(r1, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @dev}, 0x10) sendmmsg$inet(r1, &(0x7f0000002880)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)="afac", 0x2}], 0x1}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000003c0)="be", 0x1}], 0x1}}], 0x2, 0x0) 12:46:11 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000002c80)={0x0, 0x0, &(0x7f0000002c40)={&(0x7f0000003180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01080000e0030000000e02000000090001007300803000000000080002400000000214000000110001"], 0x50}}, 0x0) sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x20, 0x7, 0xa, 0x301, 0x0, 0x0, {}, [@NFTA_RULE_TABLE={0x5, 0x1, 'syz1\x00'}]}, 0x20}}, 0x0) 12:46:11 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) r1 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r0, 0x101) setsockopt(r1, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @dev}, 0x10) sendmmsg$inet(r1, &(0x7f0000002880)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)="afac", 0x2}], 0x1}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000003c0)="be", 0x1}], 0x1}}], 0x2, 0x0) 12:46:11 executing program 0: r0 = socket$igmp6(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r0, 0x29, 0x22, &(0x7f0000000080)={{0xa, 0x0, 0x101, @empty}, {0xa, 0x0, 0x0, @dev}, 0x0, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}}, 0x5c) 12:46:11 executing program 2: bpf$MAP_CREATE(0x15, &(0x7f0000000340), 0x48) 12:46:11 executing program 3: syz_emit_ethernet(0xe, &(0x7f00000000c0)={@local, @empty, @val, {@generic={0x8035}}}, 0x0) 12:46:11 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000300)=ANY=[], 0x7b9c0b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001800010500000000000000000a000000fe020000000000001400050000000000000000000000000000000001"], 0x30}}, 0x0) sendfile(r2, r1, 0x0, 0x800000017fc) [ 100.940400][ T5199] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. 12:46:11 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000180)=[{&(0x7f0000000000)="4e19a78a41db", 0x6}], 0x1, 0x0) preadv(r2, &(0x7f0000000a80)=[{&(0x7f0000000340)=""/100, 0x64}, {&(0x7f0000001600)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/14, 0xe}, {&(0x7f00000004c0)=""/185, 0xb9}, {&(0x7f0000000580)=""/6, 0x6}, {&(0x7f00000005c0)=""/44, 0x2c}, {&(0x7f0000000600)=""/152, 0x98}, {&(0x7f00000006c0)=""/80, 0x50}, {&(0x7f0000000a00)=""/69, 0x45}], 0x9, 0x0, 0x7f) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0) write$binfmt_script(r1, &(0x7f0000000000)=ANY=[], 0x208e24b) r3 = openat$cgroup_ro(r0, &(0x7f0000000180)='memory.numa_stat\x00', 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000800000000000000000080eff95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000480)='rcu_utilization\x00', r5}, 0x10) sendmsg$TIPC_CMD_GET_NODES(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)={0x1c, r4, 0xf}, 0x1c}}, 0x0) preadv(r1, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffffff000}], 0x5, 0x0, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={0x0, &(0x7f0000000400)=""/36, 0x0, 0x24}, 0x20) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r9, &(0x7f0000000000)=ANY=[], 0x208e24b) preadv(r9, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x5, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, '\x00', r8, 0x23, 0xffffffffffffffff, 0x8, &(0x7f0000000300)={0x7, 0x1}, 0x8, 0x10, &(0x7f0000000900)={0x5, 0x0, 0x7}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000940)=[0xffffffffffffffff, r9]}, 0x80) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) sendfile(r7, r6, 0x0, 0x10000a006) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x2, &(0x7f0000000780)=ANY=[@ANYBLOB="1800080000ffffff00e0ffffff00"], &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000840)={0x5, 0x9, 0x7524, 0x6}, 0x10}, 0x80) 12:46:11 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) r1 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r0, 0x101) setsockopt(r1, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @dev}, 0x10) sendmmsg$inet(r1, &(0x7f0000002880)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)="afac", 0x2}], 0x1}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000003c0)="be", 0x1}], 0x1}}], 0x2, 0x0) 12:46:11 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000002c80)={0x0, 0x0, &(0x7f0000002c40)={&(0x7f0000003180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01080000e0030000000e02000000090001007300803000000000080002400000000214000000110001"], 0x50}}, 0x0) sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x20, 0x7, 0xa, 0x301, 0x0, 0x0, {}, [@NFTA_RULE_TABLE={0x5, 0x1, 'syz1\x00'}]}, 0x20}}, 0x0) 12:46:11 executing program 2: bpf$MAP_CREATE(0x15, &(0x7f0000000340), 0x48) 12:46:11 executing program 0: r0 = socket$igmp6(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r0, 0x29, 0x22, &(0x7f0000000080)={{0xa, 0x0, 0x101, @empty}, {0xa, 0x0, 0x0, @dev}, 0x0, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}}, 0x5c) [ 101.132340][ T5217] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. 12:46:12 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DEL(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000580)={0x20, 0x8, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x4}]}, 0x20}}, 0x0) 12:46:12 executing program 0: r0 = socket$igmp6(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r0, 0x29, 0x22, &(0x7f0000000080)={{0xa, 0x0, 0x101, @empty}, {0xa, 0x0, 0x0, @dev}, 0x0, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}}, 0x5c) 12:46:12 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000140)={'vxcan1\x00', 0x0}) connect$can_j1939(r0, &(0x7f0000000080)={0x1d, r1, 0x0, {0x1}}, 0x18) 12:46:12 executing program 1: syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) [ 101.216192][ T27] audit: type=1804 audit(1686833172.033:2): pid=5208 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir1727441119/syzkaller.nrXtRN/4/cgroup.controllers" dev="sda1" ino=1951 res=1 errno=0 [ 101.284825][ T5208] ------------[ cut here ]------------ [ 101.290402][ T5208] refcount_t: decrement hit 0; leaking memory. [ 101.341646][ T27] audit: type=1804 audit(1686833172.153:3): pid=5220 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir971822495/syzkaller.OlqAR9/5/cgroup.controllers" dev="sda1" ino=1965 res=1 errno=0 [ 101.367143][ T5208] WARNING: CPU: 1 PID: 5208 at lib/refcount.c:31 refcount_warn_saturate+0x1d7/0x1f0 [ 101.377546][ T5208] Modules linked in: [ 101.381478][ T5208] CPU: 1 PID: 5208 Comm: syz-executor.4 Not tainted 6.4.0-rc5-syzkaller-01229-g97c5209b3d37 #0 [ 101.392028][ T5208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 101.402194][ T5208] RIP: 0010:refcount_warn_saturate+0x1d7/0x1f0 [ 101.408525][ T5208] Code: 05 fb 8e 51 0a 01 e8 98 95 38 fd 0f 0b e9 d3 fe ff ff e8 ac d9 70 fd 48 c7 c7 00 d3 a6 8a c6 05 d8 8e 51 0a 01 e8 79 95 38 fd <0f> 0b e9 b4 fe ff ff 48 89 ef e8 1a d7 c3 fd e9 5c fe ff ff 0f 1f [ 101.429410][ T5208] RSP: 0018:ffffc90004ebeef8 EFLAGS: 00010286 12:46:12 executing program 1: syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 12:46:12 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DEL(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000580)={0x20, 0x8, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x4}]}, 0x20}}, 0x0) [ 101.435604][ T5208] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc9000c184000 [ 101.443679][ T5208] RDX: 0000000000040000 RSI: ffffffff814c03b7 RDI: 0000000000000001 [ 101.451704][ T5208] RBP: ffff888078b825fc R08: 0000000000000001 R09: 0000000000000000 [ 101.459810][ T5208] R10: 0000000000000001 R11: 0000000000000001 R12: 1ffff920009d7de4 [ 101.467876][ T5208] R13: 00000000ffffffef R14: ffff888078b825fc R15: ffff88807b7c45a8 [ 101.475950][ T5208] FS: 00007f85c8618700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 101.484983][ T5208] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 101.491604][ T5208] CR2: 0000000020000140 CR3: 0000000026f31000 CR4: 00000000003506e0 [ 101.499683][ T5208] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 101.507733][ T5208] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 101.515802][ T5208] Call Trace: [ 101.519109][ T5208] [ 101.522083][ T5208] ? __warn+0xe6/0x390 [ 101.526265][ T5208] ? preempt_schedule_notrace+0x5f/0xd0 [ 101.531878][ T5208] ? refcount_warn_saturate+0x1d7/0x1f0 [ 101.537538][ T5208] ? report_bug+0x2da/0x500 [ 101.542091][ T5208] ? handle_bug+0x3c/0x70 [ 101.546527][ T5208] ? exc_invalid_op+0x18/0x50 [ 101.551245][ T5208] ? asm_exc_invalid_op+0x1a/0x20 [ 101.556391][ T5208] ? __warn_printk+0x187/0x310 [ 101.561228][ T5208] ? refcount_warn_saturate+0x1d7/0x1f0 [ 101.566890][ T5208] ? refcount_warn_saturate+0x1d7/0x1f0 [ 101.572487][ T5208] ref_tracker_free+0x539/0x820 [ 101.577451][ T5208] ? ref_tracker_dir_exit+0x6a0/0x6a0 [ 101.582885][ T5208] ? __ipv6_chk_addr_and_flags+0x519/0x7c0 [ 101.588831][ T5208] fib6_nh_init+0xb96/0x1bd0 [ 101.593523][ T5208] ? icmp6_dst_alloc+0x670/0x670 [ 101.598521][ T5208] ? ip_fib_metrics_init+0x3ce/0x7f0 [ 101.603913][ T5208] ? gre_gso_segment+0x1750/0x1750 [ 101.609081][ T5208] ? kasan_set_track+0x25/0x30 [ 101.613955][ T5208] ? __kasan_kmalloc+0xa2/0xb0 [ 101.618782][ T5208] ip6_route_info_create+0x10f3/0x1980 [ 101.624362][ T5208] ? fib6_nh_init+0x1bd0/0x1bd0 [ 101.629272][ T5208] ip6_route_add+0x28/0x150 [ 101.633885][ T5208] inet6_rtm_newroute+0x156/0x160 [ 101.638961][ T5208] ? ip6_route_multipath_add+0x2070/0x2070 [ 101.644884][ T5208] ? ip6_route_multipath_add+0x2070/0x2070 [ 101.650742][ T5208] rtnetlink_rcv_msg+0x43d/0xd50 [ 101.655785][ T5208] ? rtnl_getlink+0xb00/0xb00 [ 101.660516][ T5208] ? find_held_lock+0x2d/0x110 [ 101.665381][ T5208] ? rcu_preempt_deferred_qs_irqrestore+0x57b/0xd60 [ 101.672016][ T5208] ? lock_downgrade+0x690/0x690 [ 101.676978][ T5208] netlink_rcv_skb+0x165/0x440 [ 101.681813][ T5208] ? rtnl_getlink+0xb00/0xb00 [ 101.686582][ T5208] ? netlink_ack+0x1360/0x1360 [ 101.691386][ T5208] ? _raw_spin_unlock_irqrestore+0x41/0x70 [ 101.697323][ T5208] ? __rcu_read_unlock+0x2a0/0x570 [ 101.702485][ T5208] ? netlink_deliver_tap+0x1b1/0xcf0 [ 101.707868][ T5208] netlink_unicast+0x547/0x7f0 [ 101.712679][ T5208] ? netlink_attachskb+0x890/0x890 [ 101.717898][ T5208] ? find_vmap_area+0xf8/0x130 [ 101.722708][ T5208] ? __phys_addr_symbol+0x30/0x70 [ 101.727851][ T5208] ? __check_object_size+0x323/0x730 [ 101.733183][ T5208] netlink_sendmsg+0x925/0xe30 [ 101.738069][ T5208] ? netlink_unicast+0x7f0/0x7f0 [ 101.743063][ T5208] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 101.748777][ T5208] ? netlink_unicast+0x7f0/0x7f0 [ 101.753802][ T5208] sock_sendmsg+0xde/0x190 [ 101.758266][ T5208] splice_to_socket+0x954/0xe30 [ 101.763170][ T5208] ? splice_from_pipe+0x140/0x140 [ 101.768340][ T5208] ? security_file_permission+0xaf/0xd0 [ 101.773975][ T5208] ? splice_from_pipe+0x140/0x140 [ 101.779052][ T5208] direct_splice_actor+0x114/0x180 [ 101.784283][ T5208] splice_direct_to_actor+0x34a/0x9c0 [ 101.789716][ T5208] ? folio_flags.constprop.0+0x150/0x150 [ 101.795476][ T5208] ? direct_splice_actor+0x180/0x180 [ 101.800815][ T5208] ? bpf_lsm_file_permission+0x9/0x10 [ 101.806282][ T5208] ? security_file_permission+0xaf/0xd0 [ 101.811873][ T5208] do_splice_direct+0x1ad/0x280 [ 101.816942][ T5208] ? splice_direct_to_actor+0x9c0/0x9c0 [ 101.822578][ T5208] ? propagate_umount+0x19f0/0x19f0 [ 101.827899][ T5208] ? bpf_lsm_file_permission+0x9/0x10 [ 101.833363][ T5208] ? security_file_permission+0xaf/0xd0 [ 101.838964][ T5208] do_sendfile+0xb19/0x12c0 [ 101.843574][ T5208] ? vfs_iocb_iter_write+0x480/0x480 [ 101.848912][ T5208] ? xfd_validate_state+0x5d/0x180 [ 101.854106][ T5208] ? restore_fpregs_from_fpstate+0xc1/0x1c0 [ 101.860069][ T5208] __x64_sys_sendfile64+0x1d0/0x210 [ 101.865359][ T5208] ? __ia32_sys_sendfile+0x220/0x220 [ 101.870695][ T5208] ? syscall_enter_from_user_mode+0x26/0x80 [ 101.876696][ T5208] do_syscall_64+0x39/0xb0 [ 101.881158][ T5208] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 101.887147][ T5208] RIP: 0033:0x7f85c788c389 [ 101.891597][ T5208] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 101.911278][ T5208] RSP: 002b:00007f85c8618168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 101.919777][ T5208] RAX: ffffffffffffffda RBX: 00007f85c79abf80 RCX: 00007f85c788c389 [ 101.927836][ T5208] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005 [ 101.935975][ T5208] RBP: 00007f85c78d7493 R08: 0000000000000000 R09: 0000000000000000 [ 101.944033][ T5208] R10: 00000800000017fc R11: 0000000000000246 R12: 0000000000000000 [ 101.952045][ T5208] R13: 00007ffe00c2cc1f R14: 00007f85c8618300 R15: 0000000000022000 [ 101.960119][ T5208] [ 101.963176][ T5208] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 101.970479][ T5208] CPU: 1 PID: 5208 Comm: syz-executor.4 Not tainted 6.4.0-rc5-syzkaller-01229-g97c5209b3d37 #0 [ 101.980834][ T5208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 101.990916][ T5208] Call Trace: [ 101.994203][ T5208] [ 101.997140][ T5208] dump_stack_lvl+0xd9/0x150 [ 102.001745][ T5208] panic+0x686/0x730 [ 102.005656][ T5208] ? panic_smp_self_stop+0xa0/0xa0 [ 102.010780][ T5208] ? show_trace_log_lvl+0x284/0x390 [ 102.016013][ T5208] ? refcount_warn_saturate+0x1d7/0x1f0 [ 102.021571][ T5208] check_panic_on_warn+0xb1/0xc0 [ 102.026526][ T5208] __warn+0xf2/0x390 [ 102.030436][ T5208] ? preempt_schedule_notrace+0x5f/0xd0 [ 102.036001][ T5208] ? refcount_warn_saturate+0x1d7/0x1f0 [ 102.041563][ T5208] report_bug+0x2da/0x500 [ 102.045904][ T5208] handle_bug+0x3c/0x70 [ 102.050075][ T5208] exc_invalid_op+0x18/0x50 [ 102.054600][ T5208] asm_exc_invalid_op+0x1a/0x20 [ 102.059457][ T5208] RIP: 0010:refcount_warn_saturate+0x1d7/0x1f0 [ 102.065625][ T5208] Code: 05 fb 8e 51 0a 01 e8 98 95 38 fd 0f 0b e9 d3 fe ff ff e8 ac d9 70 fd 48 c7 c7 00 d3 a6 8a c6 05 d8 8e 51 0a 01 e8 79 95 38 fd <0f> 0b e9 b4 fe ff ff 48 89 ef e8 1a d7 c3 fd e9 5c fe ff ff 0f 1f [ 102.085240][ T5208] RSP: 0018:ffffc90004ebeef8 EFLAGS: 00010286 [ 102.091315][ T5208] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc9000c184000 [ 102.099286][ T5208] RDX: 0000000000040000 RSI: ffffffff814c03b7 RDI: 0000000000000001 [ 102.107261][ T5208] RBP: ffff888078b825fc R08: 0000000000000001 R09: 0000000000000000 [ 102.115235][ T5208] R10: 0000000000000001 R11: 0000000000000001 R12: 1ffff920009d7de4 [ 102.123224][ T5208] R13: 00000000ffffffef R14: ffff888078b825fc R15: ffff88807b7c45a8 [ 102.131245][ T5208] ? __warn_printk+0x187/0x310 [ 102.136043][ T5208] ? refcount_warn_saturate+0x1d7/0x1f0 [ 102.141608][ T5208] ref_tracker_free+0x539/0x820 [ 102.146482][ T5208] ? ref_tracker_dir_exit+0x6a0/0x6a0 [ 102.151870][ T5208] ? __ipv6_chk_addr_and_flags+0x519/0x7c0 [ 102.157710][ T5208] fib6_nh_init+0xb96/0x1bd0 [ 102.162351][ T5208] ? icmp6_dst_alloc+0x670/0x670 [ 102.167321][ T5208] ? ip_fib_metrics_init+0x3ce/0x7f0 [ 102.172647][ T5208] ? gre_gso_segment+0x1750/0x1750 [ 102.177780][ T5208] ? kasan_set_track+0x25/0x30 [ 102.182564][ T5208] ? __kasan_kmalloc+0xa2/0xb0 [ 102.187354][ T5208] ip6_route_info_create+0x10f3/0x1980 [ 102.192843][ T5208] ? fib6_nh_init+0x1bd0/0x1bd0 [ 102.197718][ T5208] ip6_route_add+0x28/0x150 [ 102.202238][ T5208] inet6_rtm_newroute+0x156/0x160 [ 102.207285][ T5208] ? ip6_route_multipath_add+0x2070/0x2070 [ 102.213156][ T5208] ? ip6_route_multipath_add+0x2070/0x2070 [ 102.219001][ T5208] rtnetlink_rcv_msg+0x43d/0xd50 [ 102.223962][ T5208] ? rtnl_getlink+0xb00/0xb00 [ 102.228653][ T5208] ? find_held_lock+0x2d/0x110 [ 102.233435][ T5208] ? rcu_preempt_deferred_qs_irqrestore+0x57b/0xd60 [ 102.240034][ T5208] ? lock_downgrade+0x690/0x690 [ 102.244902][ T5208] netlink_rcv_skb+0x165/0x440 [ 102.249679][ T5208] ? rtnl_getlink+0xb00/0xb00 [ 102.254384][ T5208] ? netlink_ack+0x1360/0x1360 [ 102.259178][ T5208] ? _raw_spin_unlock_irqrestore+0x41/0x70 [ 102.265030][ T5208] ? __rcu_read_unlock+0x2a0/0x570 [ 102.270158][ T5208] ? netlink_deliver_tap+0x1b1/0xcf0 [ 102.275548][ T5208] netlink_unicast+0x547/0x7f0 [ 102.280327][ T5208] ? netlink_attachskb+0x890/0x890 [ 102.285447][ T5208] ? find_vmap_area+0xf8/0x130 [ 102.290226][ T5208] ? __phys_addr_symbol+0x30/0x70 [ 102.295265][ T5208] ? __check_object_size+0x323/0x730 [ 102.300565][ T5208] netlink_sendmsg+0x925/0xe30 [ 102.305372][ T5208] ? netlink_unicast+0x7f0/0x7f0 [ 102.310352][ T5208] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 102.315658][ T5208] ? netlink_unicast+0x7f0/0x7f0 [ 102.320612][ T5208] sock_sendmsg+0xde/0x190 [ 102.325045][ T5208] splice_to_socket+0x954/0xe30 [ 102.329916][ T5208] ? splice_from_pipe+0x140/0x140 [ 102.334983][ T5208] ? security_file_permission+0xaf/0xd0 [ 102.340569][ T5208] ? splice_from_pipe+0x140/0x140 [ 102.345627][ T5208] direct_splice_actor+0x114/0x180 [ 102.350771][ T5208] splice_direct_to_actor+0x34a/0x9c0 [ 102.356193][ T5208] ? folio_flags.constprop.0+0x150/0x150 [ 102.361868][ T5208] ? direct_splice_actor+0x180/0x180 [ 102.367179][ T5208] ? bpf_lsm_file_permission+0x9/0x10 [ 102.372571][ T5208] ? security_file_permission+0xaf/0xd0 [ 102.378135][ T5208] do_splice_direct+0x1ad/0x280 [ 102.383010][ T5208] ? splice_direct_to_actor+0x9c0/0x9c0 [ 102.388577][ T5208] ? propagate_umount+0x19f0/0x19f0 [ 102.393797][ T5208] ? bpf_lsm_file_permission+0x9/0x10 [ 102.399183][ T5208] ? security_file_permission+0xaf/0xd0 [ 102.404755][ T5208] do_sendfile+0xb19/0x12c0 [ 102.409297][ T5208] ? vfs_iocb_iter_write+0x480/0x480 [ 102.414603][ T5208] ? xfd_validate_state+0x5d/0x180 [ 102.419726][ T5208] ? restore_fpregs_from_fpstate+0xc1/0x1c0 [ 102.425645][ T5208] __x64_sys_sendfile64+0x1d0/0x210 [ 102.430853][ T5208] ? __ia32_sys_sendfile+0x220/0x220 [ 102.436149][ T5208] ? syscall_enter_from_user_mode+0x26/0x80 [ 102.442065][ T5208] do_syscall_64+0x39/0xb0 [ 102.446517][ T5208] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 102.452437][ T5208] RIP: 0033:0x7f85c788c389 [ 102.456856][ T5208] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 102.476468][ T5208] RSP: 002b:00007f85c8618168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 102.484891][ T5208] RAX: ffffffffffffffda RBX: 00007f85c79abf80 RCX: 00007f85c788c389 [ 102.492866][ T5208] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005 [ 102.500838][ T5208] RBP: 00007f85c78d7493 R08: 0000000000000000 R09: 0000000000000000 [ 102.508811][ T5208] R10: 00000800000017fc R11: 0000000000000246 R12: 0000000000000000 [ 102.516783][ T5208] R13: 00007ffe00c2cc1f R14: 00007f85c8618300 R15: 0000000000022000 [ 102.524773][ T5208] [ 102.527954][ T5208] Kernel Offset: disabled [ 102.532278][ T5208] Rebooting in 86400 seconds..