last executing test programs: 20.547471772s ago: executing program 4: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f00000004c0)={0xa, 0x4e1d, 0x0, @mcast1={0xff, 0x5}}, 0x1c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x1c) shutdown(r0, 0x0) 20.408570668s ago: executing program 4: r0 = socket$inet6(0xa, 0x2, 0x3a) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_SET_MPATH(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x50}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmmsg$inet6(r0, &(0x7f0000000040)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x94}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000000100)="8000102e7577d401", 0x8}], 0x1, &(0x7f00000001c0)=[@pktinfo={{0x24, 0x29, 0x32, {@mcast2, r2}}}], 0x28}}], 0x1, 0x0) 20.262676469s ago: executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000780)={'vcan0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240000001800210200000000000000001d01000008000900", @ANYRES32=r3, @ANYBLOB="08000a00251c"], 0x24}}, 0x0) setsockopt$packet_drop_memb(r1, 0x107, 0x2, &(0x7f0000000040)={r3, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x10) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r4, 0x0) setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000000000)=0x5, 0x4) bind$inet6(r5, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4}, 0x1c) shutdown(r4, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000000)={0x1d}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000001c0), 0x4) 20.08876117s ago: executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'syzkaller0\x00', 0x5002}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) close(r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000140)={'syzkaller0\x00', @random="371692e7f7ef"}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETCARRIER(r0, 0x400454e2, &(0x7f00000002c0)) close(r4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random='\x00\a\x00'}) 19.854719538s ago: executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00'}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2, 0x2}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00'}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r2, r3, 0x2}, 0x10) 19.705267965s ago: executing program 4: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140)) ioctl$PPPIOCSNPMODE(r0, 0x4008744b, &(0x7f00000001c0)={0x283}) 13.782673084s ago: executing program 0: r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280140010", @ANYRES8=0x0, @ANYBLOB="fe"], 0x48}}, 0x0) sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0) 11.889741679s ago: executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)={0x3c, r1, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}}, 0x0) 11.773743783s ago: executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62) recvmmsg(r0, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000001b00)=""/4106, 0x100a}, {0x0}], 0x2}}], 0x1, 0x0, 0x0) 11.550060163s ago: executing program 0: socket$netlink(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_SURVEY(0xffffffffffffffff, 0x0, 0x4880) sendmsg$nl_route(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x1c}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000500)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_XFRM_IF_ID={0x8, 0x2, 0x2}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x44}, 0x1, 0x8100}, 0x0) 11.193437741s ago: executing program 0: bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xd, 0x0, &(0x7f0000000000)="e02742e8680d85ff9782762f86", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000002c0)=ANY=[], 0x90}}, 0x0) r1 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req={0x8000, 0xb4f, 0x300, 0x1daf6}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) unshare(0x22020400) r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)) preadv(r3, &(0x7f00000003c0)=[{0x0}], 0x1, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(0xffffffffffffffff) sendmsg$nl_route_sched(r2, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000580)=@newtaction={0x70, 0x30, 0x9, 0xfffffffd, 0x0, {}, [{0x5c, 0x1, [@m_skbedit={0x58, 0x1, 0x0, 0x0, {{0xc}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x8}, @TCA_SKBEDIT_PARMS={0x18}, @TCA_SKBEDIT_PTYPE={0x6}]}, {0x4}, {0xc, 0xa}, {0xc, 0x9}}}]}]}, 0x70}}, 0x0) 11.005661929s ago: executing program 0: r0 = socket(0x1d, 0x2, 0x6) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000002c0)=@ipv6_getnexthop={0x20, 0x6a, 0x1, 0x0, 0x0, {}, [@NHA_ID={0x8, 0x1, 0x1}]}, 0x20}}, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r2, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x30, 0x10, 0x4, 0x1, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4100}, [@IFLA_TARGET_NETNSID={0x8}, @IFLA_LINK={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x80}, 0x0) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x6a, 0x5, 0x20000002, 0x3) bind$netlink(0xffffffffffffffff, &(0x7f0000000540)={0x10, 0x0, 0x25dfdbfe, 0x10}, 0xc) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) syz_genetlink_get_family_id$ethtool(&(0x7f0000000800), r0) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000a40)={'wlan0\x00', 0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x12, 0x9, &(0x7f0000000700)=ANY=[@ANYBLOB="1808000000000000000000000000000085100000050000008500000031000000a7000000000000f8180000000000000000000100000000009500000000000000950000000000000000c8b2d6af656dc63246ebeaa2bb567b9b921b458991ff8bb40da283f342f43ed12354c01c9a6a3f075a8952a1abb6a3db448171d8eb2266fb045e1db313c4568a7a994faa2dea4956ae26038655d4b80192a2cf05a78d2322e95b21b72b8d39c75ddff917c14dc101be915924dab1fe804ae1b423ed030231f3db"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1d}, 0x90) sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x3c, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "e59e75e84c"}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac0d}]}]}, 0x3c}}, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x48, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000001bc0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000900007b8af8ff00000000bfa200000000000007020000faffffffb703000008000000b7040000000000008500000003000000850000005000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_RX_RING(r1, 0x10e, 0x6, &(0x7f0000000280)={0xfffffffc, 0xf5, 0x0, 0x7fff}, 0x10) r9 = syz_genetlink_get_family_id$tipc(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r8, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000600)={0x68, r9, 0x1, 0x0, 0x0, {{}, {}, {0x4c, 0x18, {0x0, @link='broadcast-link\x00'}}}}, 0x68}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r7}, 0x10) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) r11 = socket(0xa, 0x40000000002, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r11, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x11, 0x2, 0x208, [0x20000600, 0x0, 0x0, 0x0, 0x20000660], 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000040000000000000000000000feffffff0000000000000000000000000000000000000000000000000008000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000fcffffffffffffff00000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0200000005000000000000000000766574683098c76f5f7465616d00000064756d6d79300000000000000000000064756d0004300000000000000000000073797a6b616c6c8279a7e00000000000ffffffffffff000000000000ffffffff7fff00000000000000087000000070000000a000000072656469726563740000000000000000000000000000000000000000000000000800000000000000000000ff000000000b00000000000000000073797a6b616c6c65723100000000000067726574617030000000000000000000766c616e30000000000000000000000064756d6d7930000000000000000000000180c2000000000000000000aaaaaaaaaabb00000000000000007000000070000000a8000000736e6174000000000000000000000000000000000000000001b700000000000010000000000000000000000000000000ffffffff00000000"]}, 0x280) sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000012000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000058000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0c00098008000140ff"], 0xa0}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0xa, &(0x7f0000000840)=ANY=[@ANYBLOB="8b63feff100000004096ff010400000018150000", @ANYRES32=r6, @ANYBLOB="000000000000000018650000060000000000000000000100184b000006000000000000000000000018180000", @ANYRESHEX=r6, @ANYBLOB="0000000000392586bc211dd5a48894dc4451796281e0bbf03c28a82b3db89761330b005260a8c59489583473fd5089c49415e9bbee52a36d66950374619d0b5edb274a2d7981702ae9167357a41c4ee3bc170b0a28233d86937216ceacb4f9d973fa85d3c41368246e6f6aead11aa5ea6edd5744f0bbc3ce98802ac14ff6f3fabb447c5fba6c8782d93ab3c2c3cd657d99e78f6433ae907267e1dcdd087446cc9043bc63eeaf8c6ac6dbc4f33dbec962ff918170856f6d6bad60378bc74f30dcc0d4d82b"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x57, &(0x7f0000000300)=""/87, 0x41100, 0x56, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x8, 0x1}, 0x8, 0x10, &(0x7f00000003c0)={0x0, 0xa, 0xc2b, 0xbe60}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000400)=[r6, 0x1, r6], &(0x7f0000000440)=[{0x4, 0x1, 0x6, 0xa}], 0x10, 0x9}, 0x90) r12 = socket$nl_generic(0x10, 0x3, 0x10) r13 = syz_genetlink_get_family_id$devlink(&(0x7f00000016c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r12, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001700)={0x14, r13, 0xf1aad47e89fb43b5, 0x0, 0x0, {0x5}}, 0x14}}, 0x0) 1.221175213s ago: executing program 2: bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610408000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)) bpf$ENABLE_STATS(0x20, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@random="5b37182347bc", @random="130c937beae8", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "9d0080", 0x14, 0x3a, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast2, {[], @ndisc_ns={0x87, 0x0, 0x0, @local}}}}}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) socketpair(0x1, 0x2, 0x0, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x6, 0x101, 0x82}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000300)={0x6, 0x4, 0x4001}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1206"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x90) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 1.00956312s ago: executing program 3: bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000010850000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 938.372728ms ago: executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000b2f8f8000000007f"], 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1503"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x90) unshare(0x400) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 907.785852ms ago: executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_pid(r0, &(0x7f0000000400), 0xffc00) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x100008, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x7a05, 0x1700) 893.38574ms ago: executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000b80)=@newtaction={0x44, 0x30, 0x109, 0x0, 0x0, {}, [{0x30, 0x1, [@m_nat={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x9}, {0x4}, {0xc}, {0xc}}}]}]}, 0x44}}, 0x0) 725.039318ms ago: executing program 3: r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr, @restrict={0x0, 0x0, 0x0, 0x4}]}}, 0x0, 0x32}, 0x20) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000017c0)={0x5, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, r0, 0x0, 0x1}, 0x48) 607.396959ms ago: executing program 2: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030023000b63d25a80648c2594f90124fc600400214002000003053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) recvmsg$kcm(r0, &(0x7f0000001580)={0x0, 0xe, 0x0}, 0x0) 553.96788ms ago: executing program 1: syz_emit_ethernet(0x7e, &(0x7f0000000080)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd602e5cea000b3c0020010000000000000000000000000002ff0200000000000000000000000000010004"], 0x0) 543.843826ms ago: executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000740)=ANY=[@ANYBLOB="540100001a001307000000000000001cac141400"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffffff0000000000000000000000000000000032000000ac141417000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001c"], 0x154}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000680)={'batadv0\x00', 0x0}) sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f00000006c0)={0x40, r2, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0x20, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x1c, 0x3, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'ethtool\x00'}]}]}]}, @ETHTOOL_A_FEATURES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x40}}, 0x0) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_SET(r1, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0xcc, r4, 0x100, 0x70bd2d, 0x25dfdbff, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x6}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x6, 0x4, 0x3}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x6, 0x4, 0x3}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x6, 0x4, 0x2}}]}, 0xcc}, 0x1, 0x0, 0x0, 0x40000}, 0x40) 452.527651ms ago: executing program 1: 415.23268ms ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007b119800000000008510000002000000850000000800000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x9, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) 377.01687ms ago: executing program 3: bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$TIPC_NL_NET_SET(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)=ANY=[@ANYBLOB="54010000", @ANYRES16=r1, @ANYBLOB="01002bbd7000fbdbdf250f000000e40001800f000100000001000000000063300000380004001400010002004e21ac1414bb0000000000000000200002000a004e2400000006fc0100000000000000000000000000000100000014000280080004000700000008000300060000002c0004001400010002004e20ac14143300000000000000001400020002004e24e000000100000000000000000d0001007564703a73797a30000000001c0400000000000000000080080001001e000000080002000200000008000300010000802400028008000300ff7f00000800187902000000080003000600000008000200ffffff7f2c000380080003008000000008000300e17f0000080001000008000008000200790f000008000100ff0000003000078008000100080000000c0004006e000000000000000c0003"], 0x154}}, 0x0) 319.267987ms ago: executing program 1: sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x50, 0x0, 0x0, 0x0, 0x0, {}, [{{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x4}, {0x6}, {0x5}}]}, 0x50}}, 0x0) r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a806c8c6394f90224fc60100005000a000200053582c137153e37000c0180fc0b10000c00", 0x33fe0}], 0x1}, 0x0) 289.586874ms ago: executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000005c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000080)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT={0x6}]}]}, 0x28}}, 0x0) 184.822625ms ago: executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0) close(r6) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 155.261141ms ago: executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_pid(r0, &(0x7f0000000400), 0xffc00) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x100008, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x7a05, 0x1700) 153.061333ms ago: executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000b2f8f8000000007f"], 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1503"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x90) unshare(0x400) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 0s ago: executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000b2f8f8000000007f"], 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1503"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x90) unshare(0x400) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) kernel console output (not intermixed with test programs): [ 115.066230][ T5643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.112126][ T5643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.151178][ T5643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.182367][ T5643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.193197][ T5643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.212217][ T5643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.236754][ T5643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.268007][ T5643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.301727][ T5643] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 115.374148][ T5643] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.436798][ T5643] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.466740][ T5643] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.498414][ T5643] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.542877][ T5167] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.562880][ T5167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.801436][ T6243] Bluetooth: MGMT ver 1.22 [ 115.968821][ T5170] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.017092][ T5170] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.198416][ T5170] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.211306][ T5170] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.353780][ T29] audit: type=1804 audit(1717184280.333:2): pid=6260 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir689030530/syzkaller.DaNSi8/93/cgroup.controllers" dev="sda1" ino=1953 res=1 errno=0 [ 116.896306][ T6285] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 116.906069][ T6285] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 116.915309][ T6285] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 116.924145][ T6285] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 117.129613][ T6291] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 117.219395][ T6291] macvtap1: entered promiscuous mode [ 117.239793][ T6291] vlan0: entered promiscuous mode [ 117.253358][ T6299] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 118.606349][ T6365] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 119.016257][ T6375] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 119.092505][ T29] audit: type=1804 audit(1717184283.083:3): pid=6385 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3260882019/syzkaller.BUvSes/122/cgroup.controllers" dev="sda1" ino=1963 res=1 errno=0 [ 119.467696][ T6400] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 119.744580][ T6414] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 120.613708][ T6453] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 120.750791][ T29] audit: type=1804 audit(1717184284.743:4): pid=6461 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1856315393/syzkaller.9dWxnG/109/cgroup.controllers" dev="sda1" ino=1961 res=1 errno=0 [ 121.132996][ T6478] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 121.229275][ T6478] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 121.359947][ T6489] netlink: 'syz-executor.3': attribute type 7 has an invalid length. [ 121.393189][ T6489] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'. [ 121.426047][ T6489] (unnamed net_device) (uninitialized): Removing last ns target with arp_interval on [ 121.516663][ T6492] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 122.054983][ T6513] syzkaller0: entered promiscuous mode [ 122.062516][ T6513] syzkaller0: entered allmulticast mode [ 122.232235][ T6530] netlink: 1212 bytes leftover after parsing attributes in process `syz-executor.0'. [ 122.438069][ T6539] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 123.891161][ T6538] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 124.094174][ T6559] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 124.361796][ T29] audit: type=1804 audit(1717184288.353:5): pid=6565 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1856315393/syzkaller.9dWxnG/118/cgroup.controllers" dev="sda1" ino=1954 res=1 errno=0 [ 124.438903][ T6575] netlink: 'syz-executor.3': attribute type 16 has an invalid length. [ 124.448306][ T6575] netlink: 'syz-executor.3': attribute type 3 has an invalid length. [ 124.456639][ T6575] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.3'. [ 124.468106][ T6572] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 124.563219][ T6579] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 124.840171][ T6589] netlink: 165 bytes leftover after parsing attributes in process `syz-executor.4'. [ 125.087910][ T6601] netlink: 'syz-executor.1': attribute type 10 has an invalid length. [ 125.113289][ T6601] netlink: 212848 bytes leftover after parsing attributes in process `syz-executor.1'. [ 125.195088][ T6601] xt_hashlimit: invalid rate [ 125.438373][ T6611] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 125.767266][ T29] audit: type=1804 audit(1717184289.753:6): pid=6620 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir689030530/syzkaller.DaNSi8/116/cgroup.controllers" dev="sda1" ino=1950 res=1 errno=0 [ 126.265685][ T6665] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 126.380089][ T6665] netlink: 212848 bytes leftover after parsing attributes in process `syz-executor.3'. [ 126.631780][ T6665] xt_hashlimit: invalid rate [ 126.631959][ T6689] netlink: 165 bytes leftover after parsing attributes in process `syz-executor.0'. [ 127.033432][ T6698] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 127.415702][ T6709] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 127.577204][ T29] audit: type=1804 audit(1717184291.573:7): pid=6711 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1856315393/syzkaller.9dWxnG/126/cgroup.controllers" dev="sda1" ino=1950 res=1 errno=0 [ 127.823418][ T6718] netlink: 165 bytes leftover after parsing attributes in process `syz-executor.1'. [ 127.988622][ T6720] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 128.051781][ T6720] netlink: 212848 bytes leftover after parsing attributes in process `syz-executor.3'. [ 128.062843][ T6722] xt_hashlimit: invalid rate [ 128.283458][ T6730] netlink: 165 bytes leftover after parsing attributes in process `syz-executor.2'. [ 128.917705][ T6757] netlink: 165 bytes leftover after parsing attributes in process `syz-executor.2'. [ 130.024936][ T6794] SET target dimension over the limit! [ 131.977648][ T6866] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 132.291719][ T6879] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.2'. [ 133.060297][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.070286][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.877380][ T6963] (unnamed net_device) (uninitialized): option lacp_active: invalid value (127) [ 134.953336][ T6967] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.0'. [ 135.346628][ T6980] ieee802154 phy0 wpan0: encryption failed: -90 [ 135.783444][ T6996] (unnamed net_device) (uninitialized): option lacp_active: invalid value (127) [ 136.138230][ T7011] dummy0: entered promiscuous mode [ 136.297178][ T7014] dummy0: entered promiscuous mode [ 136.344468][ T7015] dummy0: entered promiscuous mode [ 136.374596][ T7017] netlink: 'syz-executor.1': attribute type 10 has an invalid length. [ 136.458249][ T7017] team0: Device dummy0 failed to register rx_handler [ 136.498070][ T7005] netlink: 'syz-executor.0': attribute type 10 has an invalid length. [ 136.538441][ T7005] team0: Device dummy0 failed to register rx_handler [ 136.558308][ T7018] netlink: 'syz-executor.2': attribute type 10 has an invalid length. [ 136.567321][ T7017] syz-executor.1 (7017) used greatest stack depth: 18416 bytes left [ 136.610509][ T7018] team0: Device dummy0 failed to register rx_handler [ 137.184694][ T7047] openvswitch: netlink: Key type 6417 is out of range max 32 [ 137.507332][ T7063] (unnamed net_device) (uninitialized): option updelay: invalid value (18446744071562067969) [ 137.534032][ T7063] (unnamed net_device) (uninitialized): option updelay: allowed values 0 - 2147483647 [ 137.690066][ T7070] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 138.424777][ T7107] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 138.565684][ T7110] team1: Mode changed to "loadbalance" [ 138.607403][ T7112] netlink: 724 bytes leftover after parsing attributes in process `syz-executor.0'. [ 139.118177][ T7133] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.2'. [ 139.230562][ T7137] netlink: 'syz-executor.3': attribute type 5 has an invalid length. [ 139.419552][ T7148] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 139.498753][ T7150] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 139.582409][ T7153] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 139.664520][ T7146] team2: Mode changed to "loadbalance" [ 140.170637][ T7177] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.4'. [ 140.188360][ T7179] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 140.208249][ T7179] netlink: 'syz-executor.3': attribute type 18 has an invalid length. [ 140.247368][ T7177] debugfs: Directory 'ü !' with parent 'ieee80211' already present! [ 140.295058][ T7181] netlink: 209840 bytes leftover after parsing attributes in process `syz-executor.1'. [ 140.873890][ T7201] dummy0: Device is already in use. [ 141.110834][ T7212] netlink: 724 bytes leftover after parsing attributes in process `syz-executor.2'. [ 141.256893][ T7219] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 1 (only 8 groups) [ 141.707703][ T7224] TCP segment has incorrect auth options set for [fe80::bb].0->[ff02::1].20002 [FR] [ 142.035367][ T7236] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 142.073336][ T7236] netlink: 'syz-executor.1': attribute type 18 has an invalid length. [ 142.367138][ T7252] bond0: option use_carrier: invalid value (3) [ 142.407633][ T7254] netlink: 724 bytes leftover after parsing attributes in process `syz-executor.2'. [ 143.033875][ T7277] dvmrp1: entered allmulticast mode [ 143.145855][ T7281] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 1 (only 8 groups) [ 143.597414][ T7299] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 143.624801][ T7299] netlink: 'syz-executor.3': attribute type 18 has an invalid length. [ 144.220618][ T7311] netlink: 'syz-executor.2': attribute type 10 has an invalid length. [ 144.439756][ T7311] bond0: (slave bond_slave_0): Releasing backup interface [ 144.757960][ T7323] vlan3: entered allmulticast mode [ 144.776616][ T7323] mac80211_hwsim hwsim12 wlan1: entered allmulticast mode [ 144.825378][ T7323] mac80211_hwsim hwsim12 wlan1: left allmulticast mode [ 145.436763][ T7340] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 145.465112][ T7340] netlink: 'syz-executor.4': attribute type 18 has an invalid length. [ 146.051730][ T7361] TCP segment has incorrect auth options set for [fe80::bb].0->[ff02::1].20002 [FR] [ 146.715455][ T7386] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 146.858443][ T7386] bond0: (slave bond_slave_0): Releasing backup interface [ 146.956651][ T7392] netlink: 'syz-executor.2': attribute type 10 has an invalid length. [ 147.125494][ T7405] TCP segment has incorrect auth options set for [fe80::bb].0->[ff02::1].20002 [FR] [ 147.184243][ T7408] tun0: tun_chr_ioctl cmd 1074025678 [ 147.194019][ T7408] tun0: group set to 0 [ 147.317980][ T7411] TCP segment has incorrect auth options set for [fe80::bb].0->[ff02::1].20002 [FR] [ 147.507304][ T7422] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 147.743142][ T7438] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 147.959143][ T7448] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 148.160277][ T7452] vlan2: entered allmulticast mode [ 148.165464][ T7452] mac80211_hwsim hwsim16 wlan1: entered allmulticast mode [ 148.220739][ T7452] mac80211_hwsim hwsim16 wlan1: left allmulticast mode [ 148.570959][ T7470] netlink: 'syz-executor.4': attribute type 10 has an invalid length. [ 148.748285][ T7470] bond0: (slave bond_slave_0): Releasing backup interface [ 149.026828][ T7489] netlink: 'syz-executor.0': attribute type 10 has an invalid length. [ 149.264821][ T7489] bond0: (slave bond_slave_0): Releasing backup interface [ 149.435604][ T7506] Bluetooth: MGMT ver 1.22 [ 149.448715][ T7506] Bluetooth: hci3: expected 2 bytes, got 7 bytes [ 149.745300][ T7520] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 150.595622][ T7550] bridge0: port 3(macvlan2) entered blocking state [ 150.617652][ T7550] bridge0: port 3(macvlan2) entered disabled state [ 150.635809][ T7550] macvlan2: entered allmulticast mode [ 150.667493][ T7550] macvlan2: entered promiscuous mode [ 151.723834][ T7587] bridge0: port 3(macvlan3) entered blocking state [ 151.742193][ T7587] bridge0: port 3(macvlan3) entered disabled state [ 151.754239][ T7587] macvlan3: entered allmulticast mode [ 151.764271][ T7587] macvlan3: entered promiscuous mode [ 152.125670][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 153.485017][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 153.800759][ T7681] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 153.809938][ T7681] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.0'. [ 154.383461][ T7701] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'. [ 154.603993][ T7712] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 155.203539][ T7737] netlink: 'syz-executor.3': attribute type 15 has an invalid length. [ 155.235508][ T7737] netlink: 46 bytes leftover after parsing attributes in process `syz-executor.3'. [ 155.394547][ T7746] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 155.649450][ T7757] netlink: 'syz-executor.1': attribute type 11 has an invalid length. [ 155.997933][ T7774] syz-executor.3 uses old SIOCAX25GETINFO [ 156.015585][ T7772] netlink: 'syz-executor.0': attribute type 15 has an invalid length. [ 156.040526][ T7772] netlink: 46 bytes leftover after parsing attributes in process `syz-executor.0'. [ 156.059842][ T7777] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 156.201267][ T7787] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 156.502242][ T7801] sch_fq: defrate 0 ignored. [ 156.693581][ T7807] netlink: 'syz-executor.2': attribute type 15 has an invalid length. [ 156.725070][ T7807] netlink: 46 bytes leftover after parsing attributes in process `syz-executor.2'. [ 156.742272][ T7816] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 157.019262][ T7829] sch_fq: defrate 0 ignored. [ 157.824913][ T7861] sch_fq: defrate 0 ignored. [ 157.948029][ T53] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 157.957866][ T53] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 157.967155][ T53] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 157.992241][ T53] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 158.007189][ T53] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 158.015586][ T53] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 158.041243][ T6659] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.239117][ T6659] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.351072][ T6659] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.387455][ T7887] netlink: zone id is out of range [ 158.538230][ T6659] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.915584][ T7866] chnl_net:caif_netlink_parms(): no params data found [ 158.993932][ T6659] macvlan2: left allmulticast mode [ 159.013924][ T6659] macvlan2: left promiscuous mode [ 159.029443][ T6659] bridge0: port 3(macvlan2) entered disabled state [ 159.051138][ T6659] bridge_slave_1: left allmulticast mode [ 159.063132][ T6659] bridge_slave_1: left promiscuous mode [ 159.076901][ T6659] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.093152][ T6659] bridge_slave_0: left allmulticast mode [ 159.100751][ T6659] bridge_slave_0: left promiscuous mode [ 159.107245][ T6659] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.766855][ T6659] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 159.779263][ T6659] bond0 (unregistering): Released all slaves [ 159.796343][ T6659] bond1 (unregistering): Released all slaves [ 159.833790][ T7920] sch_fq: defrate 0 ignored. [ 160.096138][ T7952] __nla_validate_parse: 6 callbacks suppressed [ 160.096158][ T7952] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.1'. [ 160.113094][ T53] Bluetooth: hci4: command tx timeout [ 160.138976][ T7952] openvswitch: netlink: Geneve option length err (len 3060, max 255). [ 160.283162][ T7961] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 160.343719][ T7866] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.390113][ T7866] bridge0: port 1(bridge_slave_0) entered disabled state [ 160.397845][ T7866] bridge_slave_0: entered allmulticast mode [ 160.405744][ T7866] bridge_slave_0: entered promiscuous mode [ 160.428838][ T7967] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 160.446882][ T7967] (unnamed net_device) (uninitialized): peer notification delay (12) is not a multiple of miimon (100), value rounded to 0 ms [ 160.506728][ T7866] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.522812][ T7866] bridge0: port 2(bridge_slave_1) entered disabled state [ 160.536355][ T7866] bridge_slave_1: entered allmulticast mode [ 160.544563][ T7866] bridge_slave_1: entered promiscuous mode [ 160.552538][ T7968] sch_fq: defrate 0 ignored. [ 160.623561][ T6659] hsr_slave_0: left promiscuous mode [ 160.645026][ T6659] hsr_slave_1: left promiscuous mode [ 160.663734][ T6659] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 160.684326][ T6659] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 160.699487][ T6659] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 160.716006][ T6659] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 160.756032][ T6659] veth1_macvtap: left promiscuous mode [ 160.762238][ T6659] veth0_macvtap: left promiscuous mode [ 160.769759][ T6659] veth1_vlan: left promiscuous mode [ 160.775260][ T6659] veth0_vlan: left promiscuous mode [ 161.006388][ T7986] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.0'. [ 161.022495][ T7986] openvswitch: netlink: Geneve option length err (len 3060, max 255). [ 161.436994][ T6659] team0 (unregistering): Port device team_slave_1 removed [ 161.483329][ T6659] team0 (unregistering): Port device team_slave_0 removed [ 161.932437][ T7994] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 161.951501][ T7994] (unnamed net_device) (uninitialized): peer notification delay (12) is not a multiple of miimon (100), value rounded to 0 ms [ 162.072225][ T7866] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 162.087260][ T7866] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 162.177124][ T53] Bluetooth: hci4: command tx timeout [ 162.329996][ T7866] team0: Port device team_slave_0 added [ 162.372484][ T7866] team0: Port device team_slave_1 added [ 162.503096][ T7866] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 162.523042][ T7866] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 162.570953][ T7866] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 162.602975][ T7866] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 162.623324][ T7866] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 162.656906][ T7866] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 162.808485][ T7866] hsr_slave_0: entered promiscuous mode [ 162.831067][ T7866] hsr_slave_1: entered promiscuous mode [ 163.045739][ T8030] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 163.056594][ T8030] (unnamed net_device) (uninitialized): peer notification delay (12) is not a multiple of miimon (100), value rounded to 0 ms [ 163.271880][ T8044] x_tables: ip_tables: icmp match: only valid for protocol 1 [ 163.740775][ T8061] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 163.855510][ T8066] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.0'. [ 164.036286][ T8070] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 164.070344][ T8070] (unnamed net_device) (uninitialized): peer notification delay (12) is not a multiple of miimon (100), value rounded to 0 ms [ 164.257667][ T53] Bluetooth: hci4: command tx timeout [ 164.329715][ T8080] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 164.369037][ T7866] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 164.425144][ T7866] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 164.454683][ T7866] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 164.515842][ T7866] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 164.976409][ T7866] 8021q: adding VLAN 0 to HW filter on device bond0 [ 165.041893][ T7866] 8021q: adding VLAN 0 to HW filter on device team0 [ 165.087849][ T784] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.095041][ T784] bridge0: port 1(bridge_slave_0) entered forwarding state [ 165.128871][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.136042][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 165.270647][ T8104] veth0_vlan: entered allmulticast mode [ 165.369145][ T8109] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 165.403013][ T8104] veth0_vlan: left promiscuous mode [ 165.439617][ T8104] veth0_vlan: entered promiscuous mode [ 165.954445][ T7866] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 165.970146][ T8128] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 165.985425][ T8128] tipc: Started in network mode [ 165.992467][ T8128] tipc: Node identity cgroup.pn, cluster identity 8 [ 166.036445][ T8130] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 166.123672][ T7866] veth0_vlan: entered promiscuous mode [ 166.169349][ T7866] veth1_vlan: entered promiscuous mode [ 166.279802][ T8137] veth0_vlan: left promiscuous mode [ 166.296984][ T8137] veth0_vlan: entered promiscuous mode [ 166.337318][ T53] Bluetooth: hci4: command tx timeout [ 166.345315][ T7866] veth0_macvtap: entered promiscuous mode [ 166.430519][ T7866] veth1_macvtap: entered promiscuous mode [ 166.511436][ T7866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 166.542778][ T7866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.562578][ T7866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 166.586577][ T7866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.605479][ T7866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 166.622169][ T7866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.632988][ T7866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 166.643969][ T7866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.654245][ T8153] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 166.672006][ T7866] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 166.741234][ T7866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 166.778778][ T7866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.805621][ T7866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 166.827004][ T7866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.841549][ T7866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 166.853727][ T7866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.864079][ T7866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 166.875369][ T7866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.902565][ T7866] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 166.964195][ T7866] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.003654][ T7866] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.026568][ T7866] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.044703][ T7866] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.169419][ T8170] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 167.369217][ T2850] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 167.385395][ T2850] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 167.481553][ T5168] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 167.500937][ T5168] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 167.583790][ T8186] xt_CT: You must specify a L4 protocol and not use inversions on it [ 168.202060][ T8213] veth0_vlan: entered allmulticast mode [ 168.293781][ T8219] veth0_vlan: left promiscuous mode [ 168.322028][ T8219] veth0_vlan: entered promiscuous mode [ 168.352350][ T8218] xt_CT: You must specify a L4 protocol and not use inversions on it [ 168.389181][ T8224] veth0_vlan: entered allmulticast mode [ 168.457022][ T8225] veth0_vlan: left promiscuous mode [ 168.464127][ T8225] veth0_vlan: entered promiscuous mode [ 168.757297][ T8242] sctp: [Deprecated]: syz-executor.0 (pid 8242) Use of int in maxseg socket option. [ 168.757297][ T8242] Use struct sctp_assoc_value instead [ 168.921213][ T8248] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 169.165910][ T8255] Cannot find add_set index 0 as target [ 169.476158][ T8268] Cannot find add_set index 0 as target [ 169.515707][ T8275] sctp: [Deprecated]: syz-executor.1 (pid 8275) Use of int in maxseg socket option. [ 169.515707][ T8275] Use struct sctp_assoc_value instead [ 169.781976][ T6659] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.815401][ T8286] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 170.057165][ T8293] Cannot find add_set index 0 as target [ 170.361162][ T8310] xt_CT: You must specify a L4 protocol and not use inversions on it [ 170.431468][ T8309] xt_CT: You must specify a L4 protocol and not use inversions on it [ 170.990372][ T8335] Cannot find add_set index 0 as target [ 171.026677][ T6659] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.174602][ T29] audit: type=1804 audit(1717184335.163:8): pid=8347 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2687536013/syzkaller.kAKaCz/165/cgroup.controllers" dev="sda1" ino=1957 res=1 errno=0 [ 171.219125][ T6659] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.353562][ T5133] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 171.364829][ T5133] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 171.392851][ T6659] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.406911][ T5133] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 171.439992][ T5133] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 171.447841][ T5133] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 171.461980][ T5133] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 172.130079][ T6659] bridge_slave_1: left allmulticast mode [ 172.141732][ T6659] bridge_slave_1: left promiscuous mode [ 172.156872][ T6659] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.204540][ T6659] bridge_slave_0: left allmulticast mode [ 172.213935][ T6659] bridge_slave_0: left promiscuous mode [ 172.235955][ T6659] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.394614][ T5133] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 172.405330][ T5133] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 172.416176][ T5133] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 172.431590][ T5133] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 172.449774][ T5133] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 172.457688][ T5133] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 172.833745][ T6659] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 172.848184][ T6659] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 172.860436][ T6659] bond0 (unregistering): Released all slaves [ 172.900284][ T8398] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.1'. [ 172.916803][ T8353] chnl_net:caif_netlink_parms(): no params data found [ 173.051207][ T8400] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 173.492382][ T8353] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.511968][ T8353] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.527042][ T8353] bridge_slave_0: entered allmulticast mode [ 173.536997][ T53] Bluetooth: hci4: command tx timeout [ 173.551289][ T8353] bridge_slave_0: entered promiscuous mode [ 173.596716][ T8353] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.611595][ T8353] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.623658][ T8353] bridge_slave_1: entered allmulticast mode [ 173.639225][ T8353] bridge_slave_1: entered promiscuous mode [ 173.693872][ T29] audit: type=1804 audit(1717184337.683:9): pid=8429 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1856315393/syzkaller.9dWxnG/275/cgroup.controllers" dev="sda1" ino=1954 res=1 errno=0 [ 173.759758][ T6659] hsr_slave_0: left promiscuous mode [ 173.779992][ T6659] hsr_slave_1: left promiscuous mode [ 173.791502][ T6659] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 173.809147][ T6659] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 173.832929][ T6659] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 173.844215][ T6659] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 173.927829][ T6659] veth1_macvtap: left promiscuous mode [ 173.940398][ T6659] veth0_macvtap: left promiscuous mode [ 173.958893][ T6659] veth1_vlan: left promiscuous mode [ 173.978924][ T6659] veth0_vlan: left promiscuous mode [ 174.358183][ T8451] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.4'. [ 174.382313][ T8450] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 174.498368][ T53] Bluetooth: hci3: command tx timeout [ 174.569378][ T8455] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 174.776420][ T29] audit: type=1804 audit(1717184338.763:10): pid=8460 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3145620998/syzkaller.pWIx4Z/182/cgroup.controllers" dev="sda1" ino=1954 res=1 errno=0 [ 175.054330][ T6659] team0 (unregistering): Port device team_slave_1 removed [ 175.086165][ T8463] xt_connbytes: Forcing CT accounting to be enabled [ 175.094447][ T8463] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 175.132736][ T6659] team0 (unregistering): Port device team_slave_0 removed [ 175.616894][ T53] Bluetooth: hci4: command tx timeout [ 175.653784][ T8470] netlink: 576 bytes leftover after parsing attributes in process `syz-executor.1'. [ 175.700272][ T8353] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 175.721493][ T8353] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 175.874479][ T8477] batadv_slave_1: default FDB implementation only supports local addresses [ 175.935146][ T8353] team0: Port device team_slave_0 added [ 175.974375][ T8481] macsec1: entered promiscuous mode [ 175.980041][ T8481] macvlan1: entered promiscuous mode [ 175.985789][ T8481] macsec1: entered allmulticast mode [ 175.991453][ T8481] macvlan1: entered allmulticast mode [ 176.002965][ T8481] veth1_vlan: entered allmulticast mode [ 176.038033][ T8481] macvlan1: left allmulticast mode [ 176.046050][ T8481] veth1_vlan: left allmulticast mode [ 176.055400][ T8481] macvlan1: left promiscuous mode [ 176.118763][ T8353] team0: Port device team_slave_1 added [ 176.313634][ T8353] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 176.321138][ T8353] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.349161][ T8353] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 176.372175][ T8353] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 176.380372][ T8353] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.406587][ T8353] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 176.432566][ T8387] chnl_net:caif_netlink_parms(): no params data found [ 176.541520][ T8353] hsr_slave_0: entered promiscuous mode [ 176.551112][ T8353] hsr_slave_1: entered promiscuous mode [ 176.577121][ T53] Bluetooth: hci3: command tx timeout [ 176.634719][ T6659] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.796289][ T6659] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.918892][ T29] audit: type=1804 audit(1717184340.913:11): pid=8506 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3145620998/syzkaller.pWIx4Z/185/cgroup.controllers" dev="sda1" ino=1949 res=1 errno=0 [ 176.982120][ T6659] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.007522][ T8387] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.023943][ T8387] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.033844][ T8387] bridge_slave_0: entered allmulticast mode [ 177.043376][ T8387] bridge_slave_0: entered promiscuous mode [ 177.054004][ T8387] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.062976][ T8387] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.072939][ T8387] bridge_slave_1: entered allmulticast mode [ 177.096958][ T8387] bridge_slave_1: entered promiscuous mode [ 177.135916][ T6659] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.314335][ T8522] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 177.347859][ T8387] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 177.371753][ T8387] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 177.627343][ T8537] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 177.635759][ T8537] netlink: 9372 bytes leftover after parsing attributes in process `syz-executor.4'. [ 177.646155][ T8537] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 177.655888][ T8537] netlink: 11 bytes leftover after parsing attributes in process `syz-executor.4'. [ 177.689050][ T8387] team0: Port device team_slave_0 added [ 177.696930][ T53] Bluetooth: hci4: command tx timeout [ 177.739724][ T8387] team0: Port device team_slave_1 added [ 177.853006][ T6659] macvlan3: left allmulticast mode [ 177.863839][ T6659] macvlan3: left promiscuous mode [ 177.869442][ T6659] bridge0: port 3(macvlan3) entered disabled state [ 177.879098][ T6659] bridge_slave_1: left allmulticast mode [ 177.886592][ T6659] bridge_slave_1: left promiscuous mode [ 177.892516][ T6659] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.903252][ T6659] bridge_slave_0: left allmulticast mode [ 177.909484][ T6659] bridge_slave_0: left promiscuous mode [ 177.915375][ T6659] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.932422][ T29] audit: type=1804 audit(1717184341.923:12): pid=8544 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1856315393/syzkaller.9dWxnG/296/cgroup.controllers" dev="sda1" ino=1954 res=1 errno=0 [ 178.200280][ T6659] dvmrp1 (unregistering): left allmulticast mode [ 178.494622][ T6659] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 178.506381][ T6659] bond0 (unregistering): Released all slaves [ 178.521897][ T6659] bond1 (unregistering): Released all slaves [ 178.565981][ T8387] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 178.588441][ T8387] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 178.622759][ T8387] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 178.641802][ T8543] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'. [ 178.652392][ T8543] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'. [ 178.661872][ T53] Bluetooth: hci3: command tx timeout [ 178.669986][ T8543] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 178.709093][ T8387] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 178.716166][ T8387] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 178.788621][ T8387] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 179.010584][ T8387] hsr_slave_0: entered promiscuous mode [ 179.025682][ T8387] hsr_slave_1: entered promiscuous mode [ 179.032576][ T8387] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 179.043497][ T8563] sctp: [Deprecated]: syz-executor.4 (pid 8563) Use of struct sctp_assoc_value in delayed_ack socket option. [ 179.043497][ T8563] Use struct sctp_sack_info instead [ 179.046951][ T8387] Cannot create hsr debugfs directory [ 179.342370][ T6659] hsr_slave_0: left promiscuous mode [ 179.351374][ T6659] hsr_slave_1: left promiscuous mode [ 179.373574][ T6659] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 179.383203][ T6659] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 179.397847][ T6659] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 179.405323][ T6659] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 179.440534][ T6659] dummy0: left promiscuous mode [ 179.445661][ T6659] veth1_macvtap: left promiscuous mode [ 179.453115][ T6659] veth0_macvtap: left promiscuous mode [ 179.459157][ T6659] veth1_vlan: left promiscuous mode [ 179.464692][ T6659] veth0_vlan: left promiscuous mode [ 179.779577][ T53] Bluetooth: hci4: command tx timeout [ 180.276152][ T6659] team0 (unregistering): Port device team_slave_1 removed [ 180.317850][ T6659] team0 (unregistering): Port device team_slave_0 removed [ 180.738725][ T53] Bluetooth: hci3: command tx timeout [ 180.900648][ T8588] syzkaller0: entered promiscuous mode [ 180.916079][ T8588] syzkaller0: entered allmulticast mode [ 182.375637][ T8353] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 182.475138][ T8353] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 182.508296][ T8353] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 182.549318][ T8353] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 182.890125][ T8634] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 182.926251][ T8634] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.4'. [ 182.936088][ T8634] A link change request failed with some changes committed already. Interface veth1_macvtap may have been left with an inconsistent configuration, please check. [ 183.206869][ T8353] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.268862][ T8353] 8021q: adding VLAN 0 to HW filter on device team0 [ 183.307921][ T785] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.315117][ T785] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.388195][ T5167] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.395358][ T5167] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.562138][ T8387] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 183.602943][ T8387] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 183.640507][ T8387] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 183.647611][ T4835] IPVS: starting estimator thread 0... [ 183.700771][ T8387] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 183.717859][ T8657] netlink: 184 bytes leftover after parsing attributes in process `syz-executor.4'. [ 183.757071][ T8655] IPVS: using max 19 ests per chain, 45600 per kthread [ 184.151219][ T8387] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.241045][ T8387] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.295304][ T5168] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.302555][ T5168] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.350092][ T5168] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.357282][ T5168] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.411548][ T8353] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 184.646422][ T8353] veth0_vlan: entered promiscuous mode [ 184.685310][ T8353] veth1_vlan: entered promiscuous mode [ 184.775042][ T8353] veth0_macvtap: entered promiscuous mode [ 184.806027][ T8353] veth1_macvtap: entered promiscuous mode [ 184.869144][ T8353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 184.899018][ T8353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.919572][ T8353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 184.934926][ T8353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.954737][ T8353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 184.980649][ T8353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.019477][ T8353] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 185.050636][ T8353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 185.081434][ T8353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.114131][ T8353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 185.148667][ T8353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.162481][ T8353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 185.173388][ T8353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.204639][ T8353] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 185.234467][ T8353] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.263064][ T8353] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.272474][ T8353] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.292848][ T8353] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.408227][ T8387] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 185.555862][ T6673] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 185.574734][ T6673] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 185.664953][ T5167] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 185.680606][ T5167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 185.723512][ T8387] veth0_vlan: entered promiscuous mode [ 185.789942][ T8387] veth1_vlan: entered promiscuous mode [ 185.926913][ T8387] veth0_macvtap: entered promiscuous mode [ 185.971505][ T8387] veth1_macvtap: entered promiscuous mode [ 186.023034][ T8387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 186.040618][ T8387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.053262][ T8387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 186.083689][ T8387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.133201][ T8387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 186.157796][ T8387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.192408][ T8387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 186.225854][ T8387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.266055][ T8387] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 186.331926][ T8387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 186.357655][ T8387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.385876][ T8387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 186.411697][ T8387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.433804][ T8387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 186.451959][ T8387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.472317][ T8387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 186.505407][ T8387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.536107][ T8387] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 186.635604][ T8387] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.659276][ T8387] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.682101][ T8387] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.701439][ T8387] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.918879][ T5164] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 186.932061][ T5164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 187.011172][ T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 187.033305][ T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 187.184147][ T8769] netlink: 'syz-executor.0': attribute type 21 has an invalid length. [ 187.410954][ T8] IPVS: starting estimator thread 0... [ 187.519775][ T8784] IPVS: using max 16 ests per chain, 38400 per kthread [ 187.693722][ T8801] netlink: 'syz-executor.2': attribute type 21 has an invalid length. [ 187.968039][ T8815] x_tables: unsorted entry at hook 1 [ 188.270477][ T8830] netlink: 'syz-executor.0': attribute type 21 has an invalid length. [ 188.271515][ T8821] syz-executor.1[8821] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 188.289842][ T8821] syz-executor.1[8821] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 189.054099][ T8857] syz-executor.0[8857] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 189.097130][ T8857] syz-executor.0[8857] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 189.178518][ T8863] syz-executor.2[8863] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 189.211018][ T8863] syz-executor.2[8863] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 189.491890][ T8887] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 189.520343][ T8887] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 190.351029][ T8914] syz-executor.4[8914] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 190.351191][ T8914] syz-executor.4[8914] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 190.544226][ T8931] virt_wifi0: mtu less than device minimum [ 190.702845][ T8935] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 190.733880][ T8935] bridge_slave_1: left allmulticast mode [ 190.760939][ T8935] bridge_slave_1: left promiscuous mode [ 190.789872][ T8935] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.841690][ T8935] bridge_slave_0: left allmulticast mode [ 190.850191][ T8935] bridge_slave_0: left promiscuous mode [ 190.856909][ T8935] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.358211][ T8958] syz-executor.3[8958] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 191.358549][ T8958] syz-executor.3[8958] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 191.392347][ T8972] netlink: 'syz-executor.2': attribute type 10 has an invalid length. [ 191.472609][ T8972] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 191.764601][ T8987] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 191.783203][ T8987] bridge_slave_1: left allmulticast mode [ 191.790672][ T8987] bridge_slave_1: left promiscuous mode [ 191.807233][ T8987] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.854875][ T8987] bridge_slave_0: left allmulticast mode [ 191.869005][ T8987] bridge_slave_0: left promiscuous mode [ 191.874935][ T8987] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.233559][ T9011] netlink: 224 bytes leftover after parsing attributes in process `syz-executor.2'. [ 192.262156][ T9010] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check. [ 192.511528][ T29] audit: type=1804 audit(1717184356.503:13): pid=9015 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir689030530/syzkaller.DaNSi8/341/cgroup.controllers" dev="sda1" ino=1946 res=1 errno=0 [ 192.753007][ T9034] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 0 (only 8 groups) [ 192.846042][ T9041] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 193.093984][ T9044] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 193.120800][ T9046] netlink: 224 bytes leftover after parsing attributes in process `syz-executor.1'. [ 193.140185][ T9044] bridge_slave_1: left allmulticast mode [ 193.149743][ T9044] bridge_slave_1: left promiscuous mode [ 193.156210][ T9044] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.167532][ T9044] bridge_slave_0: left allmulticast mode [ 193.174806][ T9044] bridge_slave_0: left promiscuous mode [ 193.181274][ T9044] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.292196][ T9050] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 193.332314][ T9050] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 193.661406][ T29] audit: type=1804 audit(1717184357.643:14): pid=9062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3473356168/syzkaller.bdctFY/33/cgroup.controllers" dev="sda1" ino=1964 res=1 errno=0 [ 193.717850][ T9071] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 0 (only 8 groups) [ 193.793196][ T9071] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 193.831715][ T9079] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 193.873483][ T9079] netlink: 'syz-executor.2': attribute type 11 has an invalid length. [ 193.898281][ T9079] netlink: 'syz-executor.2': attribute type 13 has an invalid length. [ 193.940787][ T9079] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 193.949693][ T9079] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 193.958766][ T9079] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 193.967589][ T9079] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 194.023994][ T9079] vxlan0: entered promiscuous mode [ 194.061484][ T9092] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 194.082509][ T9090] netlink: 'syz-executor.1': attribute type 10 has an invalid length. [ 194.138351][ T9090] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 194.467418][ T9109] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 194.500219][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.515093][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.592758][ T9116] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 194.652700][ T9117] tipc: Failed to remove unknown binding: 66,1,1/0:2650694028/2650694030 [ 194.681806][ T9121] tipc: Failed to remove unknown binding: 66,1,1/0:2589544643/2589544645 [ 194.686811][ T9117] tipc: Failed to remove unknown binding: 66,1,1/0:2650694028/2650694030 [ 194.706402][ T9121] tipc: Failed to remove unknown binding: 66,1,1/0:2589544643/2589544645 [ 194.791474][ T9123] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 194.802819][ T9123] bridge_slave_1: left allmulticast mode [ 194.809116][ T9123] bridge_slave_1: left promiscuous mode [ 194.817726][ T9123] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.844835][ T9123] bridge_slave_0: left allmulticast mode [ 194.851150][ T9123] bridge_slave_0: left promiscuous mode [ 194.868027][ T9123] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.036064][ T9126] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 195.206145][ T9137] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 195.389939][ T9145] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 195.491826][ T9149] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.0'. [ 195.688958][ T9155] tipc: Failed to remove unknown binding: 66,1,1/0:1326112430/1326112432 [ 195.716663][ T9155] tipc: Failed to remove unknown binding: 66,1,1/0:1326112430/1326112432 [ 195.880329][ T9162] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 195.946226][ T9162] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.3'. [ 195.965987][ T29] audit: type=1804 audit(1717184359.953:15): pid=9160 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir689030530/syzkaller.DaNSi8/351/cgroup.controllers" dev="sda1" ino=1955 res=1 errno=0 [ 196.037413][ T9162] A link change request failed with some changes committed already. Interface veth1_macvtap may have been left with an inconsistent configuration, please check. [ 196.579156][ T5127] Bluetooth: hci0: command 0x0406 tx timeout [ 196.580031][ T5120] Bluetooth: hci1: command 0x0406 tx timeout [ 196.692962][ T9192] netlink: 'syz-executor.4': attribute type 2 has an invalid length. [ 197.880730][ T9228] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 198.694500][ T9246] tipc: Failed to remove unknown binding: 66,1,1/0:2517944044/2517944046 [ 198.732218][ T9246] tipc: Failed to remove unknown binding: 66,1,1/0:2517944044/2517944046 [ 199.192645][ T9254] ax25_connect(): syz-executor.1 uses autobind, please contact jreuter@yaina.de [ 199.371055][ T9259] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 199.982358][ T9286] ax25_connect(): syz-executor.4 uses autobind, please contact jreuter@yaina.de [ 200.311666][ T9292] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 200.424766][ T9294] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 201.530275][ T9341] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.0'. [ 202.487065][ T9398] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'. [ 202.551025][ T9403] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.0'. [ 203.184447][ T9445] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 203.202521][ T9445] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 203.912390][ T9484] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 203.934299][ T9484] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 204.097372][ T29] audit: type=1804 audit(1717184368.073:16): pid=9492 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir689030530/syzkaller.DaNSi8/382/cgroup.controllers" dev="sda1" ino=1964 res=1 errno=0 [ 204.312739][ T29] audit: type=1800 audit(1717184368.303:17): pid=9508 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="memory.events" dev="sda1" ino=1946 res=0 errno=0 [ 204.402926][ T29] audit: type=1804 audit(1717184368.343:18): pid=9508 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir1663415902/syzkaller.6ogjML/61/memory.events" dev="sda1" ino=1946 res=1 errno=0 [ 204.476626][ T29] audit: type=1804 audit(1717184368.353:19): pid=9508 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir1663415902/syzkaller.6ogjML/61/memory.events" dev="sda1" ino=1946 res=1 errno=0 [ 204.532740][ T29] audit: type=1800 audit(1717184368.373:20): pid=9512 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="memory.events" dev="sda1" ino=1961 res=0 errno=0 [ 204.639139][ T29] audit: type=1804 audit(1717184368.393:21): pid=9512 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir1856315393/syzkaller.9dWxnG/399/memory.events" dev="sda1" ino=1961 res=1 errno=0 [ 204.755718][ T29] audit: type=1804 audit(1717184368.423:22): pid=9512 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir1856315393/syzkaller.9dWxnG/399/memory.events" dev="sda1" ino=1961 res=1 errno=0 [ 204.827502][ T29] audit: type=1804 audit(1717184368.463:23): pid=9516 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir1663415902/syzkaller.6ogjML/61/memory.events" dev="sda1" ino=1946 res=1 errno=0 [ 204.925676][ T29] audit: type=1804 audit(1717184368.653:24): pid=9521 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir1856315393/syzkaller.9dWxnG/399/memory.events" dev="sda1" ino=1961 res=1 errno=0 [ 205.059260][ T29] audit: type=1804 audit(1717184369.053:25): pid=9532 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1856315393/syzkaller.9dWxnG/400/cgroup.controllers" dev="sda1" ino=1950 res=1 errno=0 [ 205.438667][ T9557] netlink: 168 bytes leftover after parsing attributes in process `syz-executor.0'. [ 206.076813][ T9584] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 206.125822][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 206.303004][ T9594] netlink: 168 bytes leftover after parsing attributes in process `syz-executor.2'. [ 206.567758][ T9602] netlink: 224 bytes leftover after parsing attributes in process `syz-executor.1'. [ 206.721907][ T9617] netlink: 168 bytes leftover after parsing attributes in process `syz-executor.4'. [ 207.489850][ T9640] netlink: 168 bytes leftover after parsing attributes in process `syz-executor.2'. [ 208.764562][ T9678] No such timeout policy "syz0" [ 209.030178][ T9657] infiniband syz2: set active [ 209.043531][ T9657] infiniband syz2: added veth1_to_bridge [ 209.064427][ T9657] syz2: rxe_create_cq: returned err = -12 [ 209.073392][ T9657] infiniband syz2: Couldn't create ib_mad CQ [ 209.095699][ T9657] infiniband syz2: Couldn't open port 1 [ 209.424876][ T9657] RDS/IB: syz2: added [ 209.481370][ T9657] smc: adding ib device syz2 with port count 1 [ 209.517364][ T9657] smc: ib device syz2 port 1 has pnetid [ 209.889438][ T9711] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check. [ 209.937050][ T9712] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 210.472538][ T9738] tipc: Can't bind to reserved service type 0 [ 210.575327][ T9743] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 211.047561][ T9759] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.0'. [ 211.065030][ T9764] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.1'. [ 211.296151][ T9773] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 211.382738][ T9776] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 212.199730][ T9794] sch_tbf: burst 0 is lower than device ip6tnl0 mtu (1620) ! [ 212.401983][ T9803] x_tables: duplicate underflow at hook 3 [ 212.512821][ T9807] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 212.585166][ T9810] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 212.850341][ T9821] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.3'. [ 212.917546][ T9823] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.0'. [ 213.368541][ T9850] rdma_rxe: rxe_newlink: failed to add veth1_to_bridge [ 213.384770][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 213.384788][ T29] audit: type=1804 audit(1717184377.373:27): pid=9855 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1663415902/syzkaller.6ogjML/74/cgroup.controllers" dev="sda1" ino=1957 res=1 errno=0 [ 213.419969][ T9852] rdma_rxe: rxe_newlink: failed to add veth1_to_bridge [ 213.435745][ T9855] syz-executor.2[9855] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 213.435907][ T9855] syz-executor.2[9855] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 213.469463][ T9856] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 213.917033][ T9871] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 214.329864][ T29] audit: type=1804 audit(1717184378.323:28): pid=9897 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3473356168/syzkaller.bdctFY/105/cgroup.controllers" dev="sda1" ino=1956 res=1 errno=0 [ 214.363487][ T9894] rdma_rxe: rxe_newlink: failed to add veth1_to_bridge [ 214.372858][ T9897] syz-executor.3[9897] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 214.373019][ T9897] syz-executor.3[9897] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 214.385678][ T29] audit: type=1804 audit(1717184378.353:29): pid=9898 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1663415902/syzkaller.6ogjML/78/cgroup.controllers" dev="sda1" ino=1957 res=1 errno=0 [ 214.426011][ T9901] syz-executor.2[9901] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 214.426188][ T9901] syz-executor.2[9901] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 214.871498][ T9913] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 214.973649][ T9929] x_tables: duplicate entry at hook 2 [ 215.095020][ T9936] syz-executor.4[9936] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 215.095210][ T9936] syz-executor.4[9936] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 215.098932][ T29] audit: type=1804 audit(1717184379.073:30): pid=9936 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3145620998/syzkaller.pWIx4Z/305/cgroup.controllers" dev="sda1" ino=1947 res=1 errno=0 [ 215.298089][ T9945] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 215.362969][ T9948] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 215.838923][ T9973] raw_sendmsg: syz-executor.1 forgot to set AF_INET. Fix it! [ 215.938832][ T9979] netlink: 'syz-executor.3': attribute type 30 has an invalid length. [ 215.981501][ T9979] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.3'. [ 215.998370][ T9979] openvswitch: netlink: IP tunnel attribute has 3040 unknown bytes. [ 217.545716][T10087] netlink: 'syz-executor.4': attribute type 10 has an invalid length. [ 217.700150][T10087] team0: Device veth1_vlan failed to register rx_handler [ 217.775092][T10091] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 218.083433][T10103] netlink: 92 bytes leftover after parsing attributes in process `syz-executor.3'. [ 219.776670][T10176] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 220.355332][T10203] netlink: 428 bytes leftover after parsing attributes in process `syz-executor.3'. [ 220.385778][T10203] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 220.389411][T10209] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 220.441560][T10209] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 220.470374][T10209] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 220.488954][T10209] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 221.288351][T10242] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 222.186653][ T5133] Bluetooth: hci2: command 0x0406 tx timeout [ 222.641164][T10277] netlink: 'syz-executor.4': attribute type 5 has an invalid length. [ 222.895887][T10286] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.0'. [ 223.391869][T10315] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 223.907637][T10349] netlink: 'syz-executor.1': attribute type 21 has an invalid length. [ 223.915957][T10349] netlink: 14581 bytes leftover after parsing attributes in process `syz-executor.1'. [ 224.033183][T10355] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 224.966101][T10377] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 225.006105][T10377] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 225.402026][T10401] xt_CT: You must specify a L4 protocol and not use inversions on it [ 225.491475][T10406] bond0: option arp_all_targets: invalid value (18446744073709551615) [ 225.988661][T10433] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 226.003100][T10433] netlink: 160 bytes leftover after parsing attributes in process `syz-executor.4'. [ 226.352732][T10451] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 226.393502][T10461] veth1: mtu less than device minimum [ 226.510346][T10458] ip6t_rpfilter: unknown options [ 226.947491][T10488] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 227.023587][T10494] veth1: mtu less than device minimum [ 227.089538][T10496] pimreg: entered allmulticast mode [ 227.113248][T10495] pimreg: left allmulticast mode [ 227.528209][T10515] syzkaller0: entered promiscuous mode [ 227.537429][T10515] syzkaller0: entered allmulticast mode [ 227.550086][T10518] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 227.632695][T10529] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 227.651508][T10529] netlink: 112860 bytes leftover after parsing attributes in process `syz-executor.0'. [ 227.683941][T10529] netlink: 1 bytes leftover after parsing attributes in process `syz-executor.0'. [ 227.732667][T10519] syzkaller0: entered promiscuous mode [ 227.743396][T10519] syzkaller0: entered allmulticast mode [ 231.279399][T10560] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 231.703404][T10584] Bluetooth: MGMT ver 1.22 [ 231.719760][T10584] Bluetooth: hci3: invalid length 0, exp 2 for type 25 [ 231.858293][T10596] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 232.323186][T10618] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 232.512116][T10628] syz_tun: entered promiscuous mode [ 232.519358][T10628] macsec1: entered promiscuous mode [ 232.528710][T10628] syz_tun: left promiscuous mode [ 232.600643][T10627] syzkaller0: entered promiscuous mode [ 232.606962][T10627] syzkaller0: entered allmulticast mode [ 233.116502][ T29] audit: type=1804 audit(1717184397.103:31): pid=10657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1663415902/syzkaller.6ogjML/145/cgroup.controllers" dev="sda1" ino=1964 res=1 errno=0 [ 233.282165][T10665] syzkaller0: entered promiscuous mode [ 233.290519][T10665] syzkaller0: entered allmulticast mode [ 233.770509][T10686] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 233.960529][T10694] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 234.644504][T10723] syzkaller0: entered promiscuous mode [ 234.655261][T10723] syzkaller0: entered allmulticast mode [ 234.731605][T10736] openvswitch: netlink: Unknown key attributes 1 [ 237.212665][T10785] macvlan2: entered allmulticast mode [ 237.236000][T10785] veth1_vlan: entered allmulticast mode [ 237.298880][T10785] team0: Port device macvlan2 added [ 237.665662][T10807] netlink: 'syz-executor.4': attribute type 10 has an invalid length. [ 237.807032][T10814] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.981469][T10823] macvlan2: entered allmulticast mode [ 238.010111][T10823] veth1_vlan: entered allmulticast mode [ 238.044818][T10823] team0: Port device macvlan2 added [ 238.243620][T10837] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 238.265567][T10840] netlink: 'syz-executor.3': attribute type 12 has an invalid length. [ 238.821674][T10864] macvlan2: entered allmulticast mode [ 238.830624][ T29] audit: type=1804 audit(1717184402.823:32): pid=10866 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3473356168/syzkaller.bdctFY/187/cgroup.controllers" dev="sda1" ino=1964 res=1 errno=0 [ 238.877123][T10864] veth1_vlan: entered allmulticast mode [ 238.903441][T10864] team0: Port device macvlan2 added [ 238.912105][ T29] audit: type=1800 audit(1717184402.853:33): pid=10866 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="cgroup.controllers" dev="sda1" ino=1964 res=0 errno=0 [ 240.409839][T10930] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_bridge, syncid = 0, id = 0 [ 240.887893][T10953] syz-executor.2[10953] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 240.888058][T10953] syz-executor.2[10953] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 241.026144][T10962] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_bridge, syncid = 0, id = 0 [ 243.135611][T11025] netlink: 'syz-executor.0': attribute type 10 has an invalid length. [ 243.205328][T11025] team0: Device veth1_vlan failed to register rx_handler [ 243.273202][T11026] netlink: 'syz-executor.1': attribute type 10 has an invalid length. [ 243.384085][T11026] team0: Device veth1_vlan failed to register rx_handler [ 246.515245][ T53] Bluetooth: hci3: command 0x0405 tx timeout [ 246.778644][T11133] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 247.067827][T11143] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.2'. [ 247.482589][T11163] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'. [ 248.098574][T11181] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. [ 248.621335][T11201] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 248.646738][T11201] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 248.674801][T11202] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 248.813865][ T5133] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 248.823012][ T5133] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 248.858260][ T5133] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 248.866763][ T5133] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 248.877138][ T5133] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 248.885069][ T5133] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 249.390151][T11229] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 249.544314][T11237] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 249.683629][T11239] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.2'. [ 250.110502][T11257] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 250.138535][T11208] chnl_net:caif_netlink_parms(): no params data found [ 250.345374][T11265] batadv_slave_1: entered allmulticast mode [ 250.367900][T11265] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 250.375374][T11265] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 250.401747][T11265] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 250.535783][T11208] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.576916][T11208] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.599346][T11208] bridge_slave_0: entered allmulticast mode [ 250.613946][T11208] bridge_slave_0: entered promiscuous mode [ 250.644635][T11208] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.686968][T11208] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.705749][T11208] bridge_slave_1: entered allmulticast mode [ 250.713912][T11208] bridge_slave_1: entered promiscuous mode [ 250.862894][T11208] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 250.919676][T11208] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 250.986724][ T5133] Bluetooth: hci1: command tx timeout [ 251.011443][T11299] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 251.064796][T11208] team0: Port device team_slave_0 added [ 251.067990][ T5167] IPVS: starting estimator thread 0... [ 251.077763][T11299] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 251.169286][T11306] IPVS: using max 16 ests per chain, 38400 per kthread [ 251.238886][T11208] team0: Port device team_slave_1 added [ 251.245005][T11299] tipc: Invalid UDP bearer configuration [ 251.245056][T11299] tipc: Enabling of bearer rejected, failed to enable media [ 251.423479][T11317] IPv6: NLM_F_REPLACE set, but no existing node found! [ 251.437925][T11208] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 251.445327][T11208] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 251.485117][T11208] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 251.499096][T11208] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 251.506223][T11208] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 251.533071][T11208] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 251.718801][T11323] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 251.758749][T11323] bond2: entered promiscuous mode [ 251.775054][T11329] bond2: (slave ip6gretap1): making interface the new active one [ 251.783295][T11329] ip6gretap1: entered promiscuous mode [ 251.791032][T11329] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link [ 251.805929][T11208] hsr_slave_0: entered promiscuous mode [ 251.821954][T11208] hsr_slave_1: entered promiscuous mode [ 251.831527][T11208] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 251.839370][T11208] Cannot create hsr debugfs directory [ 252.201757][T11208] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 252.219014][T11208] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.341510][T11208] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 252.368195][T11347] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 252.376394][T11347] __nla_validate_parse: 9 callbacks suppressed [ 252.383105][T11208] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.414535][T11347] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 252.437097][T11347] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 252.445301][T11347] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 252.597659][T11355] netlink: 'syz-executor.2': attribute type 3 has an invalid length. [ 252.605792][T11355] netlink: 130984 bytes leftover after parsing attributes in process `syz-executor.2'. [ 252.620651][T11208] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 252.641776][T11208] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.822041][T11208] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 252.855528][T11208] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.056793][ T5133] Bluetooth: hci1: command tx timeout [ 253.212550][T11208] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 253.244938][T11208] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 253.286977][T11208] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 253.337064][T11208] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 253.544245][T11397] netlink: 108 bytes leftover after parsing attributes in process `syz-executor.2'. [ 253.595017][T11397] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 253.662409][T11208] 8021q: adding VLAN 0 to HW filter on device bond0 [ 253.720457][T11208] 8021q: adding VLAN 0 to HW filter on device team0 [ 253.756347][ T5167] bridge0: port 1(bridge_slave_0) entered blocking state [ 253.763584][ T5167] bridge0: port 1(bridge_slave_0) entered forwarding state [ 253.798394][ T5167] bridge0: port 2(bridge_slave_1) entered blocking state [ 253.805558][ T5167] bridge0: port 2(bridge_slave_1) entered forwarding state [ 254.276385][T11416] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 254.341623][T11208] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 254.548266][T11208] veth0_vlan: entered promiscuous mode [ 254.600653][T11208] veth1_vlan: entered promiscuous mode [ 254.685221][T11208] veth0_macvtap: entered promiscuous mode [ 254.703314][T11208] veth1_macvtap: entered promiscuous mode [ 254.731794][T11208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 254.751793][T11208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 254.765386][T11208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 254.806706][T11208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 254.829562][T11208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 254.856398][T11208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 254.872043][T11208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 254.884100][T11208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 254.894560][T11208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 254.913985][T11208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 254.926398][T11208] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 254.941645][T11208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 254.962810][T11208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 254.984777][T11433] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 254.995689][T11208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.010364][T11433] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 255.019905][T11208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.030632][T11208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.052969][T11208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.080850][T11208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.096087][T11208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.111172][T11208] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 255.137743][ T5133] Bluetooth: hci1: command tx timeout [ 255.158304][T11433] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 255.169345][T11433] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 255.189119][T11434] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 255.243700][T11434] tipc: Invalid UDP bearer configuration [ 255.243872][T11434] tipc: Enabling of bearer rejected, failed to enable media [ 255.303655][T11208] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.338360][T11208] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.367227][T11208] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.383491][T11208] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.606825][T11444] xt_cgroup: invalid path, errno=-2 [ 255.940659][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.950303][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.020204][ T5168] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 256.040084][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 256.050744][ T5168] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 256.052866][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 256.080740][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 256.092211][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 256.107508][ T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 256.114986][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 256.151373][ T58] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 256.162500][ T58] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.274261][ T58] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 256.300666][ T58] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.635585][T11461] team0 (unregistering): Port device team_slave_0 removed [ 256.654245][T11461] team0 (unregistering): Port device team_slave_1 removed [ 256.665920][T11461] veth1_vlan: left allmulticast mode [ 256.688055][T11461] team0 (unregistering): Port device macvlan2 removed [ 256.738529][ T58] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 256.750058][ T58] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.812944][ T6659] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 256.839712][ T6659] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 256.925056][ T58] bond0: (slave netdevsim0): Releasing backup interface [ 256.944456][ T58] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 256.971984][ T58] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.216791][ T53] Bluetooth: hci1: command tx timeout [ 257.248629][ T58] bridge_slave_1: left allmulticast mode [ 257.256297][ T58] bridge_slave_1: left promiscuous mode [ 257.286183][ T58] bridge0: port 2(bridge_slave_1) entered disabled state [ 257.301230][T11473] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 257.333320][T11473] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 257.365489][ T58] bridge_slave_0: left allmulticast mode [ 257.375507][ T58] bridge_slave_0: left promiscuous mode [ 257.396835][ T58] bridge0: port 1(bridge_slave_0) entered disabled state [ 258.187269][ T53] Bluetooth: hci0: command tx timeout [ 258.365851][ T58] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 258.389227][ T58] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 258.410645][ T58] bond0 (unregistering): Released all slaves [ 258.431253][ T58] bond1 (unregistering): Released all slaves [ 258.456191][T11473] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 258.464855][T11473] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 258.487639][T11477] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 258.513115][T11477] tipc: Invalid UDP bearer configuration [ 258.513169][T11477] tipc: Enabling of bearer rejected, failed to enable media [ 258.560000][T11495] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 258.567429][T11495] IPv6: NLM_F_CREATE should be set when creating new route [ 258.574737][T11495] IPv6: NLM_F_CREATE should be set when creating new route [ 259.375224][T11527] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 259.408254][T11527] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 259.470932][ T5164] IPVS: starting estimator thread 0... [ 259.565423][T11452] chnl_net:caif_netlink_parms(): no params data found [ 259.589113][T11533] IPVS: using max 15 ests per chain, 36000 per kthread [ 259.641589][T11527] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 259.672926][T11527] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 259.702231][T11530] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'. [ 259.743057][T11530] tipc: Invalid UDP bearer configuration [ 259.743121][T11530] tipc: Enabling of bearer rejected, failed to enable media [ 259.918146][T11536] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.4'. [ 259.977194][T11539] bridge_slave_1: entered promiscuous mode [ 260.258688][ T53] Bluetooth: hci0: command tx timeout [ 260.303682][T11528] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 260.477472][T11452] bridge0: port 1(bridge_slave_0) entered blocking state [ 260.493519][T11452] bridge0: port 1(bridge_slave_0) entered disabled state [ 260.510418][T11452] bridge_slave_0: entered allmulticast mode [ 260.528859][T11452] bridge_slave_0: entered promiscuous mode [ 260.550061][T11452] bridge0: port 2(bridge_slave_1) entered blocking state [ 260.568010][T11452] bridge0: port 2(bridge_slave_1) entered disabled state [ 260.575429][T11452] bridge_slave_1: entered allmulticast mode [ 260.597444][T11452] bridge_slave_1: entered promiscuous mode [ 260.887360][T11452] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 260.948515][T11452] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 261.107895][T11572] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 261.218694][ T58] hsr_slave_0: left promiscuous mode [ 261.226128][ T58] hsr_slave_1: left promiscuous mode [ 261.240955][ T58] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 261.253278][ T58] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 261.270554][ T58] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 261.278308][ T58] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 261.322292][ T58] dummy0: left promiscuous mode [ 261.327906][ T58] veth1_macvtap: left promiscuous mode [ 261.333562][ T58] veth0_macvtap: left promiscuous mode [ 261.339670][ T58] veth0_vlan: left promiscuous mode [ 262.006361][ T58] team0 (unregistering): Port device team_slave_1 removed [ 262.052675][ T58] team0 (unregistering): Port device team_slave_0 removed [ 262.346818][ T53] Bluetooth: hci0: command tx timeout [ 262.551617][T11452] team0: Port device team_slave_0 added [ 262.599356][T11452] team0: Port device team_slave_1 added [ 262.700334][T11452] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 262.708838][T11452] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 262.743971][T11452] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 262.758303][T11452] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 262.765369][T11452] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 262.810988][T11452] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 263.071592][T11452] hsr_slave_0: entered promiscuous mode [ 263.112802][T11452] hsr_slave_1: entered promiscuous mode [ 263.120885][T11452] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 263.135053][T11452] Cannot create hsr debugfs directory [ 264.340540][T11452] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 264.385849][T11452] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 264.416844][ T5133] Bluetooth: hci0: command tx timeout [ 264.426082][T11452] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 264.440938][T11631] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 264.463695][T11452] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 264.517756][T11631] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 264.535727][T11631] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 264.778762][T11452] 8021q: adding VLAN 0 to HW filter on device bond0 [ 264.850868][T11452] 8021q: adding VLAN 0 to HW filter on device team0 [ 264.910101][ T5164] bridge0: port 1(bridge_slave_0) entered blocking state [ 264.917454][ T5164] bridge0: port 1(bridge_slave_0) entered forwarding state [ 264.950393][ T5170] bridge0: port 2(bridge_slave_1) entered blocking state [ 264.957621][ T5170] bridge0: port 2(bridge_slave_1) entered forwarding state [ 265.035981][T11644] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 265.701964][T11452] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 265.843847][T11452] veth0_vlan: entered promiscuous mode [ 265.969790][T11663] netlink: 766 bytes leftover after parsing attributes in process `syz-executor.0'. [ 266.029286][T11452] veth1_vlan: entered promiscuous mode [ 266.208151][T11452] veth0_macvtap: entered promiscuous mode [ 266.259430][T11452] veth1_macvtap: entered promiscuous mode [ 266.279027][T11674] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 266.330799][T11639] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 266.374053][T11452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 266.428819][T11452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 266.467767][T11452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 266.509065][T11452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 266.540457][T11452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 266.563297][T11452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 266.585885][T11452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 266.609563][T11452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 266.638532][T11452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 266.674340][T11452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 266.705229][T11452] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 266.797075][T11452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 266.830980][T11452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 266.862272][T11452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 266.902617][T11452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 266.933664][T11452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 266.966450][T11452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.004468][T11452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 267.026729][T11452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.068740][T11452] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 267.131128][T11452] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 267.166570][T11452] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 267.188911][T11452] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 267.216752][T11452] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 267.440442][T11691] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 267.744103][T11696] netlink: 766 bytes leftover after parsing attributes in process `syz-executor.0'. [ 268.056745][ T5167] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 268.116116][ T5167] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 268.259878][ T2850] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 268.270798][ T2850] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 268.657586][T11723] netlink: 168 bytes leftover after parsing attributes in process `syz-executor.1'. [ 269.089720][T11733] netlink: 766 bytes leftover after parsing attributes in process `syz-executor.0'. [ 269.207064][T11737] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 269.237551][T11737] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 269.268214][T11737] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 269.479506][T11743] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 269.683907][T11746] pim6reg: entered allmulticast mode [ 269.702775][T11746] vxcan1: entered allmulticast mode [ 269.715555][T11746] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 269.986900][T11754] bridge0: port 3(geneve1) entered blocking state [ 270.011726][T11754] bridge0: port 3(geneve1) entered disabled state [ 270.058506][T11754] geneve1: entered allmulticast mode [ 270.098801][T11754] geneve1: entered promiscuous mode [ 270.115055][T11754] bridge0: port 3(geneve1) entered blocking state [ 270.122186][T11754] bridge0: port 3(geneve1) entered forwarding state [ 270.164531][T11756] netlink: 'syz-executor.3': attribute type 19 has an invalid length. [ 270.568442][T11774] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 271.025714][T11793] netlink: 'syz-executor.2': attribute type 19 has an invalid length. [ 271.603300][T11813] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 272.598031][T11843] netlink: 224 bytes leftover after parsing attributes in process `syz-executor.1'. [ 273.564137][T11875] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.1'. [ 273.596313][T11875] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 273.983966][T11894] hsr_slave_0: left promiscuous mode [ 274.003578][T11894] hsr_slave_1: left promiscuous mode [ 274.702971][T11936] hsr_slave_0: left promiscuous mode [ 274.752404][T11936] hsr_slave_1: left promiscuous mode [ 275.019486][T11950] netlink: 'syz-executor.4': attribute type 16 has an invalid length. [ 275.214732][T11957] bridge0: port 1(team0) entered blocking state [ 275.256823][T11957] bridge0: port 1(team0) entered disabled state [ 275.263315][T11957] team0: entered allmulticast mode [ 275.284982][T11957] team_slave_0: entered allmulticast mode [ 275.317880][T11957] team_slave_1: entered allmulticast mode [ 275.345454][T11957] team_slave_0: entered promiscuous mode [ 275.351500][T11957] team_slave_1: entered promiscuous mode [ 275.386681][T11957] bridge0: port 1(team0) entered blocking state [ 275.393112][T11957] bridge0: port 1(team0) entered listening state [ 275.574671][T11979] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.0'. [ 275.584683][T11979] openvswitch: netlink: IP tunnel attribute has 3060 unknown bytes. [ 275.774983][T11984] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.0'. [ 275.829705][T11984] tipc: Started in network mode [ 275.851505][T11984] tipc: Node identity 6, cluster identity 4711 [ 275.865049][T11984] tipc: Node number set to 6 [ 275.955381][T11996] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 275.971593][T11996] netlink: 'syz-executor.3': attribute type 13 has an invalid length. [ 276.025755][T11999] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 276.087246][T12001] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 276.088204][ T29] audit: type=1804 audit(1717184440.073:34): pid=11995 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3145620998/syzkaller.pWIx4Z/456/cgroup.controllers" dev="sda1" ino=1964 res=1 errno=0 [ 277.722626][T12077] geneve2: entered promiscuous mode [ 277.748835][T12077] geneve2: entered allmulticast mode [ 279.258872][T12143] netlink: 'syz-executor.4': attribute type 21 has an invalid length. [ 279.284293][T12143] netlink: 'syz-executor.4': attribute type 2 has an invalid length. [ 279.322900][T12143] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.4'. [ 279.856818][T12162] netlink: 'syz-executor.3': attribute type 6 has an invalid length. [ 279.955849][T12166] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 280.002989][T12170] ɶƣ0GC¦: entered promiscuous mode [ 280.134745][T12177] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 280.339392][T12188] Bluetooth: MGMT ver 1.22 [ 280.583124][T12202] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 280.620710][T12202] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 280.644324][T12202] netlink: 9196 bytes leftover after parsing attributes in process `syz-executor.3'. [ 280.664357][T12202] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 280.689064][T12202] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.3'. [ 280.925780][T12217] netlink: 'syz-executor.3': attribute type 21 has an invalid length. [ 281.185572][T12237] tap0: tun_chr_ioctl cmd 1074025675 [ 281.198300][T12237] tap0: persist disabled [ 281.455626][T12251] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 281.586236][T12259] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 283.247160][T12311] dccp_close: ABORT with 72 bytes unread [ 283.538926][T12327] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 283.697753][T12330] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 283.745047][T12334] openvswitch: netlink: IP tunnel attribute has 2 unknown bytes. [ 283.851300][T12337] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 283.954278][T12343] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 284.579703][T12373] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 284.638422][T12378] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 284.676335][T12377] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 284.763732][T12381] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 284.765393][T12377] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 284.997964][T12393] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 285.021051][T12393] netlink: 21 bytes leftover after parsing attributes in process `syz-executor.1'. [ 285.038788][T12393] netlink: 21 bytes leftover after parsing attributes in process `syz-executor.1'. [ 285.089468][T12397] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.1'. [ 285.328148][T12409] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 285.459008][T12419] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 285.834352][T12440] syzkaller0: entered allmulticast mode [ 286.644739][T12469] syzkaller0: entered allmulticast mode [ 286.880286][T12476] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 287.507705][ T53] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 287.522376][ T53] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 287.530749][ T53] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 287.551888][ T53] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 287.561730][ T53] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 287.570318][ T53] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 287.698091][T12517] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 287.779239][T12525] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 288.037162][T12535] TCP: MD5 Hash not found for 172.20.20.187.0->172.20.20.170.20002 [RP.] L3 index 0 [ 288.357691][T12554] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 288.419021][T12549] syzkaller0: entered promiscuous mode [ 288.424984][T12549] syzkaller0: entered allmulticast mode [ 288.531005][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 288.556328][ T29] audit: type=1804 audit(1717184452.543:35): pid=12561 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3473356168/syzkaller.bdctFY/312/cgroup.controllers" dev="sda1" ino=1948 res=1 errno=0 [ 289.630752][ T53] Bluetooth: hci2: command tx timeout [ 290.502228][ C1] bridge0: port 1(team0) entered learning state [ 290.570416][T12570] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 290.745757][ T58] tipc: Subscription rejected, illegal request [ 290.867905][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 290.906267][T12594] netlink: 100 bytes leftover after parsing attributes in process `syz-executor.1'. [ 290.951634][T12594] rdma_rxe: rxe_newlink: rxe creation allowed on top of a real device only [ 291.033693][T12512] chnl_net:caif_netlink_parms(): no params data found [ 291.095126][T12606] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 291.114482][T12608] validate_nla: 3 callbacks suppressed [ 291.114502][T12608] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 291.152763][ T29] audit: type=1804 audit(1717184455.143:36): pid=12603 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3422460423/syzkaller.dpaEey/119/cgroup.controllers" dev="sda1" ino=1949 res=1 errno=0 [ 291.168983][T12608] netlink: 9384 bytes leftover after parsing attributes in process `syz-executor.1'. [ 291.413752][T12512] bridge0: port 1(bridge_slave_0) entered blocking state [ 291.423586][T12512] bridge0: port 1(bridge_slave_0) entered disabled state [ 291.432249][T12512] bridge_slave_0: entered allmulticast mode [ 291.446618][T12512] bridge_slave_0: entered promiscuous mode [ 291.468615][T12512] bridge0: port 2(bridge_slave_1) entered blocking state [ 291.476164][T12512] bridge0: port 2(bridge_slave_1) entered disabled state [ 291.484582][T12512] bridge_slave_1: entered allmulticast mode [ 291.492671][T12512] bridge_slave_1: entered promiscuous mode [ 291.519791][T12615] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 291.634993][T12616] syzkaller0: entered promiscuous mode [ 291.641050][T12616] syzkaller0: entered allmulticast mode [ 291.660518][T12512] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 291.694699][T12512] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 291.706984][ T53] Bluetooth: hci2: command tx timeout [ 292.355883][T12634] netlink: 100 bytes leftover after parsing attributes in process `syz-executor.1'. [ 292.365961][T12634] rdma_rxe: rxe_newlink: rxe creation allowed on top of a real device only [ 292.783796][T12641] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 293.776948][ T5133] Bluetooth: hci2: command tx timeout [ 293.799161][T12627] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 293.808296][T12627] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 293.817691][T12627] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 293.826546][T12627] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 293.856649][ T5133] Bluetooth: hci4: command 0x0406 tx timeout [ 293.985512][T12512] team0: Port device team_slave_0 added [ 294.054422][T12512] team0: Port device team_slave_1 added [ 294.169217][T12644] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 294.197771][T12512] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 294.213051][T12512] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 294.252281][T12512] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 294.313465][T12512] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 294.334680][T12512] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 294.429914][T12512] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 294.638616][T12676] xt_CT: You must specify a L4 protocol and not use inversions on it [ 294.662886][T12512] hsr_slave_0: entered promiscuous mode [ 294.677861][T12512] hsr_slave_1: entered promiscuous mode [ 294.695973][T12512] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 294.708684][T12512] Cannot create hsr debugfs directory [ 294.825703][ T29] audit: type=1804 audit(1717184458.813:37): pid=12684 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir3734564304/syzkaller.5C5cPt/112/cgroup.controllers" dev="sda1" ino=1959 res=1 errno=0 [ 294.930425][T12679] syzkaller0: entered promiscuous mode [ 294.935961][T12679] syzkaller0: entered allmulticast mode [ 295.105359][T12688] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 295.860560][ T53] Bluetooth: hci2: command tx timeout [ 297.540737][T12512] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.811513][T12512] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.822784][ T5133] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 297.833646][ T5133] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 297.842548][ T5133] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 297.851248][ T5133] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 297.860619][ T5133] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 297.869026][ T5133] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 298.039476][ T2850] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 298.068838][ T2850] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 298.188703][T12512] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 298.297267][ T2850] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 298.324414][ T2850] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 298.519247][ T2850] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 298.540956][ T2850] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 298.745129][ T2850] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 298.773240][ T2850] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 299.203683][T12512] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 299.225094][T12758] netlink: 'syz-executor.1': attribute type 5 has an invalid length. [ 299.261533][T12512] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 299.325393][ T2850] geneve1: left allmulticast mode [ 299.336681][ T2850] geneve1: left promiscuous mode [ 299.342349][ T2850] bridge0: port 3(geneve1) entered disabled state [ 299.371858][ T2850] bridge_slave_1: left allmulticast mode [ 299.380098][ T2850] bridge_slave_1: left promiscuous mode [ 299.386152][ T2850] bridge0: port 2(bridge_slave_1) entered disabled state [ 299.399411][ T2850] bridge_slave_0: left allmulticast mode [ 299.405347][ T2850] bridge_slave_0: left promiscuous mode [ 299.415126][ T2850] bridge0: port 1(bridge_slave_0) entered disabled state [ 299.936829][ T5133] Bluetooth: hci1: command tx timeout [ 300.269229][ T2850] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 300.282361][ T2850] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 300.298556][ T2850] bond0 (unregistering): Released all slaves [ 300.312770][T12512] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 300.324504][T12758] team0: entered promiscuous mode [ 300.331685][T12758] team_slave_0: entered promiscuous mode [ 300.338085][T12758] team_slave_1: entered promiscuous mode [ 300.344285][T12758] team0: left promiscuous mode [ 300.349402][T12758] team_slave_0: left promiscuous mode [ 300.357494][T12758] team_slave_1: left promiscuous mode [ 300.386939][T12512] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 300.408276][ T2850] ɶƣ0GC¦: left promiscuous mode [ 300.520323][T12721] chnl_net:caif_netlink_parms(): no params data found [ 300.536285][ T2850] tipc: Left network mode [ 300.646007][T12776] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa [ 300.864617][T12721] bridge0: port 1(bridge_slave_0) entered blocking state [ 300.872725][T12721] bridge0: port 1(bridge_slave_0) entered disabled state [ 300.887272][T12721] bridge_slave_0: entered allmulticast mode [ 300.894641][T12721] bridge_slave_0: entered promiscuous mode [ 300.903414][T12779] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa [ 300.911142][T12721] bridge0: port 2(bridge_slave_1) entered blocking state [ 300.930957][T12721] bridge0: port 2(bridge_slave_1) entered disabled state [ 300.968844][T12721] bridge_slave_1: entered allmulticast mode [ 300.997512][T12721] bridge_slave_1: entered promiscuous mode [ 301.051417][ T29] audit: type=1804 audit(1717184465.043:38): pid=12803 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1663415902/syzkaller.6ogjML/321/memory.events" dev="sda1" ino=1955 res=1 errno=0 [ 301.144694][ T29] audit: type=1804 audit(1717184465.113:39): pid=12807 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir1663415902/syzkaller.6ogjML/321/memory.events" dev="sda1" ino=1955 res=1 errno=0 [ 301.171656][ T29] audit: type=1800 audit(1717184465.113:40): pid=12803 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.2" name="memory.events" dev="sda1" ino=1955 res=0 errno=0 [ 301.243283][T12805] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 301.262096][T12805] netlink: 'syz-executor.3': attribute type 25 has an invalid length. [ 301.292547][T12805] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 301.301829][T12805] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 301.310746][T12805] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 301.319558][T12805] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 301.417700][T12721] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 301.465074][T12721] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 301.551412][T12812] netlink: 'syz-executor.2': attribute type 5 has an invalid length. [ 301.661776][T12813] team0: entered promiscuous mode [ 301.667179][T12813] team_slave_0: entered promiscuous mode [ 301.673044][T12813] team_slave_1: entered promiscuous mode [ 301.695063][T12813] macvlan2: entered promiscuous mode [ 301.743559][ T2850] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 301.756604][ T2850] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 301.768616][ T2850] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 301.776123][ T2850] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 301.835975][ T2850] veth1_macvtap: left promiscuous mode [ 301.856679][ T2850] veth0_macvtap: left promiscuous mode [ 301.868422][ T2850] veth1_vlan: left promiscuous mode [ 301.880785][ T2850] veth0_vlan: left promiscuous mode [ 302.019326][ T5133] Bluetooth: hci1: command tx timeout [ 302.680246][ T2850] team0 (unregistering): Port device team_slave_1 removed [ 302.727127][ T2850] team0 (unregistering): Port device team_slave_0 removed [ 303.742253][T12721] team0: Port device team_slave_0 added [ 303.763292][T12811] team0: left promiscuous mode [ 303.772532][T12811] team_slave_0: left promiscuous mode [ 303.787039][T12811] team_slave_1: left promiscuous mode [ 303.794484][T12811] macvlan2: left promiscuous mode [ 303.859070][T12512] 8021q: adding VLAN 0 to HW filter on device bond0 [ 303.898807][T12721] team0: Port device team_slave_1 added [ 303.911595][T12823] team_slave_0: entered promiscuous mode [ 303.917713][T12823] team_slave_1: entered promiscuous mode [ 303.930629][T12823] macvlan2: entered allmulticast mode [ 303.936230][T12823] team0: entered allmulticast mode [ 303.946522][T12823] team_slave_0: entered allmulticast mode [ 303.953751][T12823] team_slave_1: entered allmulticast mode [ 303.960722][T12823] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 304.097881][ T5133] Bluetooth: hci1: command tx timeout [ 304.119017][T12512] 8021q: adding VLAN 0 to HW filter on device team0 [ 304.138951][ T29] audit: type=1804 audit(1717184468.133:41): pid=12832 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3473356168/syzkaller.bdctFY/341/memory.events" dev="sda1" ino=1946 res=1 errno=0 [ 304.151976][T12721] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 304.175092][T12721] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 304.233324][ T29] audit: type=1804 audit(1717184468.223:42): pid=12829 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir3473356168/syzkaller.bdctFY/341/memory.events" dev="sda1" ino=1946 res=1 errno=0 [ 304.261618][T12721] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 304.263829][ T29] audit: type=1800 audit(1717184468.243:43): pid=12832 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.3" name="memory.events" dev="sda1" ino=1946 res=0 errno=0 [ 304.300680][T12721] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 304.315057][T12721] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 304.406472][T12721] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 304.448718][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.455879][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 304.513928][ T4835] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.521108][ T4835] bridge0: port 2(bridge_slave_1) entered forwarding state [ 304.562228][T12842] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 304.703084][T12721] hsr_slave_0: entered promiscuous mode [ 304.710588][T12721] hsr_slave_1: entered promiscuous mode [ 304.717460][T12721] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 304.725040][T12721] Cannot create hsr debugfs directory [ 304.779717][ T2850] IPVS: stop unused estimator thread 0... [ 304.779863][T12852] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 304.805736][T12852] tipc: Started in network mode [ 304.823326][T12852] tipc: Node identity , cluster identity 8 [ 305.005875][T12858] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 305.015895][T12858] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 305.028941][T12858] netlink: 1 bytes leftover after parsing attributes in process `syz-executor.3'. [ 305.049699][ T29] audit: type=1804 audit(1717184469.043:44): pid=12861 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1663415902/syzkaller.6ogjML/329/memory.events" dev="sda1" ino=1955 res=1 errno=0 [ 305.133465][ T29] audit: type=1804 audit(1717184469.093:45): pid=12860 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir1663415902/syzkaller.6ogjML/329/memory.events" dev="sda1" ino=1955 res=1 errno=0 [ 305.227079][ T29] audit: type=1800 audit(1717184469.123:46): pid=12861 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.2" name="memory.events" dev="sda1" ino=1955 res=0 errno=0 [ 305.328257][T12872] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 305.554418][T12878] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 305.566473][T12878] tipc: Started in network mode [ 305.572856][T12878] tipc: Node identity , cluster identity 8 [ 305.572868][T12881] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.1'. [ 305.599734][T12881] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 305.662808][T12512] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 305.750952][ T29] audit: type=1804 audit(1717184469.743:47): pid=12888 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3473356168/syzkaller.bdctFY/350/memory.events" dev="sda1" ino=1949 res=1 errno=0 [ 305.856509][ C1] [ 305.859282][ C1] ============================= [ 305.864246][ C1] WARNING: suspicious RCU usage [ 305.869152][ C1] 6.9.0-syzkaller-12147-g13c7c941e729 #0 Not tainted [ 305.875850][ C1] ----------------------------- [ 305.880750][ C1] net/bridge/br_private.h:1599 suspicious rcu_dereference_protected() usage! [ 305.889566][ C1] [ 305.889566][ C1] other info that might help us debug this: [ 305.889566][ C1] [ 305.899868][ C1] [ 305.899868][ C1] rcu_scheduler_active = 2, debug_locks = 1 [ 305.907991][ C1] 3 locks held by syz-executor.3/8353: [ 305.913471][ C1] #0: ffffc90000a18c00 ((&p->forward_delay_timer)){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 305.923884][ C1] #1: ffff888063388cb8 (&br->lock){+.-.}-{2:2}, at: br_forward_delay_timer_expired+0x50/0x440 [ 305.934349][ C1] #2: ffffffff8e333e60 (rcu_read_lock){....}-{1:2}, at: br_mst_set_state+0x171/0x7a0 [ 305.944043][ C1] [ 305.944043][ C1] stack backtrace: 2024/05/31 19:41:09 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 305.950018][ C1] CPU: 1 PID: 8353 Comm: syz-executor.3 Not tainted 6.9.0-syzkaller-12147-g13c7c941e729 #0 [ 305.960023][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 305.970113][ C1] Call Trace: [ 305.973422][ C1] [ 305.976296][ C1] dump_stack_lvl+0x241/0x360 [ 305.981012][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 305.986242][ C1] ? __pfx__printk+0x10/0x10 [ 305.990890][ C1] lockdep_rcu_suspicious+0x221/0x340 [ 305.996321][ C1] br_mst_set_state+0x29e/0x7a0 [ 306.001223][ C1] ? br_mst_set_state+0x171/0x7a0 [ 306.006292][ C1] ? __pfx_br_mst_set_state+0x10/0x10 [ 306.011729][ C1] br_set_state+0x28a/0x7b0 [ 306.016276][ C1] ? do_raw_spin_lock+0x14f/0x370 [ 306.021345][ C1] ? __pfx_br_set_state+0x10/0x10 [ 306.026394][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 306.031806][ C1] br_forward_delay_timer_expired+0x9a/0x440 [ 306.037795][ C1] ? call_timer_fn+0x161/0x650 [ 306.042568][ C1] call_timer_fn+0x18e/0x650 [ 306.047165][ C1] ? __pfx_br_forward_delay_timer_expired+0x10/0x10 [ 306.053756][ C1] ? call_timer_fn+0xc0/0x650 [ 306.058438][ C1] ? __pfx_br_forward_delay_timer_expired+0x10/0x10 [ 306.065031][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 306.070151][ C1] ? __pfx_br_forward_delay_timer_expired+0x10/0x10 [ 306.076743][ C1] ? __pfx_br_forward_delay_timer_expired+0x10/0x10 [ 306.083334][ C1] ? __pfx_br_forward_delay_timer_expired+0x10/0x10 [ 306.089935][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 306.095145][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 306.100354][ C1] ? __pfx_br_forward_delay_timer_expired+0x10/0x10 [ 306.106952][ C1] __run_timer_base+0x66a/0x8e0 [ 306.111816][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 306.117196][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 306.123528][ C1] run_timer_softirq+0xb7/0x170 [ 306.128375][ C1] handle_softirqs+0x2c4/0x970 [ 306.133140][ C1] ? __irq_exit_rcu+0xf4/0x1c0 [ 306.137906][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 306.143200][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 306.148412][ C1] __irq_exit_rcu+0xf4/0x1c0 [ 306.153003][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 306.158213][ C1] irq_exit_rcu+0x9/0x30 [ 306.162452][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 306.168102][ C1] [ 306.171036][ C1] [ 306.173969][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 306.179969][ C1] RIP: 0010:finish_task_switch+0x1ea/0x870 [ 306.185785][ C1] Code: c9 50 e8 99 c9 0b 00 48 83 c4 08 4c 89 f7 e8 cd 38 00 00 0f 1f 44 00 00 4c 89 f7 e8 f0 26 2a 0a e8 bb f6 36 00 fb 48 8b 5d c0 <48> 8d bb f8 15 00 00 48 89 f8 48 c1 e8 03 49 be 00 00 00 00 00 fc [ 306.205399][ C1] RSP: 0018:ffffc90012837988 EFLAGS: 00000282 [ 306.211474][ C1] RAX: 7fb4cb76cd99dc00 RBX: ffff88802e76bc00 RCX: ffffffff9479d603 [ 306.219448][ C1] RDX: dffffc0000000000 RSI: ffffffff8bcab880 RDI: ffffffff8c1fe200 [ 306.227424][ C1] RBP: ffffc900128379d0 R08: ffffffff8fad34ef R09: 1ffffffff1f5a69d [ 306.235399][ C1] R10: dffffc0000000000 R11: fffffbfff1f5a69e R12: 1ffff110172a7ea7 [ 306.243375][ C1] R13: dffffc0000000000 R14: ffff8880b953e7c0 R15: ffff8880b953f538 [ 306.251370][ C1] ? finish_task_switch+0x1e5/0x870 [ 306.256589][ C1] __schedule+0x17f0/0x4a20 [ 306.261121][ C1] ? __pfx___schedule+0x10/0x10 [ 306.265982][ C1] ? __pfx_lock_release+0x10/0x10 [ 306.271011][ C1] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 306.276952][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 306.282863][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 306.289210][ C1] ? schedule+0x90/0x320 [ 306.293481][ C1] schedule+0x14b/0x320 [ 306.297648][ C1] do_nanosleep+0x197/0x600 [ 306.302159][ C1] ? do_nanosleep+0x80/0x600 [ 306.306758][ C1] ? __pfx_do_nanosleep+0x10/0x10 [ 306.311802][ C1] ? __asan_memset+0x23/0x50 [ 306.316400][ C1] ? __hrtimer_init+0x170/0x250 [ 306.321265][ C1] hrtimer_nanosleep+0x227/0x470 [ 306.326215][ C1] ? __pfx_hrtimer_nanosleep+0x10/0x10 [ 306.331684][ C1] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 306.336896][ C1] ? __pfx_get_timespec64+0x10/0x10 [ 306.342118][ C1] __se_sys_clock_nanosleep+0x32b/0x3c0 [ 306.347677][ C1] ? __pfx___se_sys_clock_nanosleep+0x10/0x10 [ 306.353748][ C1] ? do_syscall_64+0x100/0x230 [ 306.358514][ C1] ? do_syscall_64+0xb6/0x230 [ 306.363196][ C1] do_syscall_64+0xf3/0x230 [ 306.367705][ C1] ? clear_bhb_loop+0x35/0x90 [ 306.372392][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.378287][ C1] RIP: 0033:0x7fb7a6aa82f5 [ 306.382712][ C1] Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 b9 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 4f ba ff ff 48 8b 04 24 48 83 c4 28 f7 d8 [ 306.402316][ C1] RSP: 002b:00007fff198c0780 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 306.410740][ C1] RAX: ffffffffffffffda RBX: 0000000000000310 RCX: 00007fb7a6aa82f5 [ 306.418718][ C1] RDX: 00007fff198c07c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 306.426712][ C1] RBP: 00007fff198c084c R08: 0000000000000000 R09: 7fffffffffffffff [ 306.434683][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 306.442652][ C1] R13: 000000000004aa90 R14: 000000000004aa02 R15: 0000000000000004 [ 306.450640][ C1] [ 306.453859][ C1] bridge0: port 1(team0) entered forwarding state [ 306.460348][ C1] bridge0: topology change detected, propagating [ 306.474638][ T5133] Bluetooth: hci1: command tx timeout [ 306.951382][T12721] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 307.037183][T12721] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 307.084863][T12721] netdevsim netdevsim0 netdevsim2: renamed from eth2