last executing test programs: 4m56.529416781s ago: executing program 2 (id=19752): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$kcm(0x2, 0x2, 0x0) recvmsg$kcm(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0) 4m56.16329747s ago: executing program 2 (id=19759): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x3, 0x10004, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000002d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r1}, 0x10) 4m55.991332999s ago: executing program 2 (id=19762): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000680)={0x2, &(0x7f0000000040)=[{0x45, 0x0, 0x1, 0xfffffffd}, {}]}) 4m54.972608755s ago: executing program 2 (id=19770): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 4m54.812683294s ago: executing program 2 (id=19776): perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x5, 0x8, 0x40, 0x42, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000, r0}, 0x38) 4m54.653623624s ago: executing program 2 (id=19781): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000ff0100007b8af8ff00000000bfa200000000000007020000f8ffffffb703000004000000b704000000000000850000001500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0857f9f582f0300000000000500", 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 4m54.450265913s ago: executing program 32 (id=19781): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000ff0100007b8af8ff00000000bfa200000000000007020000f8ffffffb703000004000000b704000000000000850000001500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0857f9f582f0300000000000500", 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 4m6.133834475s ago: executing program 3 (id=20625): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000f51f20207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b70300000000000085000000720000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 4m5.911538545s ago: executing program 3 (id=20634): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='-4'], 0xc) 4m5.820128184s ago: executing program 0 (id=20635): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af3653c000cc00800030004000200060000000364bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 4m5.584169373s ago: executing program 3 (id=20638): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="050000007f000000f00e000009"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)="b9c83d5f40f72ab587497cc0872c73260d0a12cb6127da9203656dbae73405c71927ff9b42c4c3e227e1ce6c331e5b88ba97c994f941d38c65d0a5de3b42dd28a2b7c018333a7ba93bf2434dd949260eb6f798c49d50c80bfd7e6cdd9d54a88e3b51d02649a9495c38d4da94b3f314ab4956ad36af7fa1b6ac2d5f0dd7479536", &(0x7f0000000ec0)="bbb891a57b9a7bb1d8cb60b24f000000006167c04807f35551eeeb262cb0f003b4f353fcc3c08ddf2a0c3b2b1f8b9fa4ece5fe86195d5795332b65a6baeb06d8004d06b98cf649ae47f770522b75493af1dc239cede58ee580077404fffdfe47348caf86127b95510a790eab26e6f71285be39f9085ba8ea3824d2d36507524e8824bcdb6ad7aa4fd9aab379a40ccab4997569b90b3f6ed770f079728d5828eac13acad4b7ade2bbef64ab6430934206c171f6afedeac76b642b2ef1255043411b548fa7bddacafe6bd0a4ee4e45175819862ec7f84fd332c244ce6d5b05544e268bb21fb8484a46b90e08597141959373cd0ef64a9555da3e700102d44cbcc1eb23c0624d515cb4a1ff1b1291c8d257d3ffc5b36a7d9a917efca72cf96678e6a5254ab9b3b4e320faaee04383612e2fc6057f06ec2a088d", 0x402, r0}, 0x38) bpf$MAP_DELETE_BATCH(0x18, &(0x7f0000000000)={0x0, &(0x7f00000004c0)=""/233, &(0x7f00000001c0), &(0x7f0000000240), 0x6, r0}, 0x38) 4m5.463121893s ago: executing program 0 (id=20639): socket$kcm(0x11, 0x200000000000002, 0x300) socket$kcm(0x11, 0x200000000000002, 0x300) r0 = socket$kcm(0x11, 0x200000000000003, 0x300) sendmsg$kcm(r0, &(0x7f0000000180)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x4}, 0x80, &(0x7f00000000c0)=[{&(0x7f00000001c0)="43371a14489136e3d3637e2d0800", 0xe}], 0x1}, 0x0) 4m5.285311842s ago: executing program 0 (id=20642): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.mems\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB='8-N:2/2N'], 0x6a) 4m5.061179012s ago: executing program 0 (id=20644): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801}) write$cgroup_devices(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="1b2968150001", @ANYRES16=r0, @ANYBLOB="33f38ed0a8"], 0xffdd) 4m5.039185252s ago: executing program 3 (id=20645): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xa, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c250000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 4m4.872950541s ago: executing program 3 (id=20649): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af3653c000cc00800030004000200060000000364bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 4m4.844860901s ago: executing program 0 (id=20651): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r0, 0x1, 0x23, &(0x7f0000000000), 0x4) sendmsg$inet(r1, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0) recvmsg(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002940)=""/4095, 0xfff}, 0x0) 4m4.74860669s ago: executing program 3 (id=20653): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000300000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 4m4.436813589s ago: executing program 33 (id=20653): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000300000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 4m4.429667299s ago: executing program 0 (id=20656): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB="61122800000000006113140000000000bf1000000000000025000200091b00003d030000000000008701000000000000bc26000000000000bf67000000000000150300000ee600f0670200001400000015030000ffffffffbf050000000000000f650000000000006507f4ff02000400070700006b3128fe1f75000000000000bf540000000000000705000003001500ae430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305863f970eac3590ac99b798f8125f1c322c2a154a8a8d"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 4m4.238644029s ago: executing program 34 (id=20656): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB="61122800000000006113140000000000bf1000000000000025000200091b00003d030000000000008701000000000000bc26000000000000bf67000000000000150300000ee600f0670200001400000015030000ffffffffbf050000000000000f650000000000006507f4ff02000400070700006b3128fe1f75000000000000bf540000000000000705000003001500ae430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305863f970eac3590ac99b798f8125f1c322c2a154a8a8d"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 1.906508956s ago: executing program 7 (id=24342): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000000000000000000000020085000000a800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc) 1.824122936s ago: executing program 7 (id=24344): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e00)=ANY=[@ANYBLOB="12000000220000000400000012"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r1}, &(0x7f0000000500), &(0x7f00000002c0)=r0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r1}, &(0x7f00000006c0), &(0x7f0000000700)=r0}, 0x20) 1.740004096s ago: executing program 4 (id=24347): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) setsockopt$sock_attach_bpf(r0, 0x10f, 0x85, 0x0, 0x0) 1.728849635s ago: executing program 7 (id=24350): r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000001800)=[{&(0x7f0000000340)="e5", 0x1}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000280)={&(0x7f0000000140)=@in6={0xa, 0x0, 0x0, @dev, 0x1}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000300)='`', 0x1}], 0x1}, 0x0) sendmsg$inet(r0, &(0x7f0000001740)={&(0x7f00000000c0)={0x2, 0x4e20, @remote}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000001500)="b8", 0x1}], 0x1}, 0x0) 1.386480945s ago: executing program 6 (id=24352): r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xed}, 0x100, 0x0, 0x0, 0x0, 0x2, 0x2000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21bef5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9b24be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6eab1aa7d55545a34effa077faa56d59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e59a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d0faab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72bc0480f94306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad9433269af3be5fa6a9a5c24e392955f4e979ea13201bafe4f0f6ea508000000a0c548552b571bed5647223c78a992810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ede62fc28839b5301160ecec37e83efceefd7ca2533659edc8be05cc85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d35a142a9ec9a7a3755e0f209150a07682c4e14e3a835701bea8240399c56ce8f58df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b262341c5e093fd66a2946501559335781092cf8ce3c7c56cd31121624d76517fd3666276c3c0e812b28e2f30d035cee5d0e77a3c70008ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856cf24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31651e0ecea5ece8fb11a4ee288eb149f1fa33669cc8d901fa8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463baf28345bde0c195bc9f021da8f3025ee9c8e3168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262fa3f1dabeb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a4601adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cc50feeb7bfad9b7be3283b6450d014e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5671820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff2418a18217747ae442e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51427a7f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d17eb0000000000000000000000fa08ad0731c4b839688b22c4da2a6b00008a1949a6ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282bffff2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae05334d5a44a020000001c0d882a564d74a7c72bf9a2152b261e58fea6d2f93589cfe261dc0410b5ccc92a5a0eab327a33431d62d2b7c75ce654d556c9e1817c1abca762ab53d40da51560351b673363652e1ecb56cfe4a746a45ab13c6014e9f361ab687d1cd1795ce9e05c817b83d76046bdb3709de5df7499a02d2f636a454b85b987580ada025d83bd7b8df28a540d5ec5537942e79f2f1ab25ea5f563bc77e4f9468bd309469880c7e34150ca886d1f9ac2f7e82dbe296c877d925c38c54cc8137b29028854b6bd57ca893927c331300e16aba792289e135589d93302fc37c73c303e383cdf8ef3f6d6265fe5ee01759d24027475c8901039a898582022bc95992b86dce0710887c8a625d9cbb897bdbfaf49a3f642a169827a9bae4fcfa5212461db000000000000e6ed75ca8fcda7ef3ee336189fef3b3ffb9f38fefc5ff39c4e69e3fa1f8b10ee97123e99b61eba065b1ad67530e7c4f11f9da7ae000002000000610101ad7f79cb9bbf64a0fc109f49fe8799fe266e2ccac80fefe750151f5ddfe51833ec65ece70e07ce8ab5d97db47da8f80000664dc0b86ae2b3ff9d4e220752a6b2f3ea9f793612386496dca5af7b8952aafa796ea7b156d19612297c63bb20e1e0469f7615f67a9218cbace38f5236821314f76302b98afa93044b83989339ca10e6ae30e70e17a82f03e915b8425e8e7a91614306d2ae0bc3550d856f2d7293672b5673d264fc886b0c8bdf436a0fcd21bf9da7bdca98e34cd6e59b0a7ce4ba1b466561aaa35448dff47bb1d7df23d467689a6669e4300d5acf12e4d0b35abf91569f605b2f6df0d861"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000001400)='syz0\x00', 0x1ff) 1.161068734s ago: executing program 6 (id=24353): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000002fc0)=ANY=[@ANYBLOB="7a0af8ff7525206cbfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000b2595285faa6ead0169191d54f8196217fc560e2fc91f6da4dad4fdc2eb1b5986fc4a3f611a7c8edd3aa5d6ee7ab10b1a297cf52866651dde583823c0f09621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000000db453620ce72d75946c2b638d91dbef661935839c77edf2d34b12cd48a1b20fb7dd8432619f2c50d77bc0ea9b0af58e604f4942eb613eff289026d5045ef76d7d864409eb2dc9518a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5208ff0df2db761014b1b999a12df6bee431a668135b8214afa5827b56a8074bf1e6cf5d84b35a3a3a4c66824fe12dbe20fcf50a194185b9e2d8b815fedb0d982936156be34dda66fb977aef7c9cb92428ef25d9bf665bd60024c09e9eed544126fabe4cb8d826e1ec03cc492f5cad6227c94fea467c8a7fa8b58abc37056433edf43fba5566a3e022034ac81fd48f9b7314ffa730017fbd37fdb23bc26992529402a520ef67e246415a697a95ca3314ded0d8a24abd57e042888a9141ab4e6c6b939aaefc248791464970c43120211b9bc82a85cd2fc18f535c7986c2d52ba62f74f000000000080000000000000000000000000400000000000000000000000000000000000000100000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000040)=r2, 0x4) sendmsg$unix(r1, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x0) 1.044886413s ago: executing program 5 (id=24355): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) close(r0) socket$kcm(0x2, 0x3, 0x84) write$cgroup_subtree(r0, 0x0, 0x0) 1.016082173s ago: executing program 6 (id=24356): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000000000000000000000020085000000a800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc) 970.398483ms ago: executing program 5 (id=24358): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x7, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) 885.683093ms ago: executing program 1 (id=24359): r0 = socket$kcm(0x2, 0x1000000000000002, 0x0) r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000900)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x0, 0xffffffffffffffff, r1, 0x0) sendmsg$inet(r0, &(0x7f0000000100)={&(0x7f00000001c0)={0x2, 0x4e1d, @multicast2=0xe0000018}, 0xfe3c, &(0x7f0000000180)=[{&(0x7f00000005c0)="476de32199", 0xffe3}], 0x1, &(0x7f0000000140)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x29}, @multicast1}}}], 0x20}, 0x40004) 839.996342ms ago: executing program 5 (id=24370): mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f00000001c0), 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000200)={[{0x2b, 'pids'}, {0x2d, 'cpuset'}]}, 0xe) 812.385082ms ago: executing program 6 (id=24360): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000001e40)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000580)='percpu_alloc_percpu\x00', r0}, 0x10) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="aeaa00000000000071101a000000000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) 749.958242ms ago: executing program 1 (id=24361): r0 = socket$kcm(0x29, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f00000006c0)={0x0, 0xffffffffffffff16, 0x0}, 0x44080) sendmsg$sock(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)='m', 0x1}], 0x1}, 0x0) sendmsg(r0, &(0x7f0000003680)={0x0, 0x0, &(0x7f0000003140)=[{&(0x7f0000002d80)="0f", 0x1}, {0x0, 0x2}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0, 0xff51}, {0x0, 0x4d}, {0x0}], 0x9}, 0x0) 698.135932ms ago: executing program 7 (id=24362): r0 = socket$kcm(0x2, 0x1000000000000002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000b80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ced4fbd44e24eb0d34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3a06d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796efea77aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece72f2090000f44a3210223fdae7ed04935c3c90941576aebc8619d73415cda2130f5011e4845505000001000000004f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c040035cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bf463261135e24d154114df1381b02a0dcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f884cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e1700000000000000000000000000000000000000000000000000000520500002952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9a33c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a62415f78000000005f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c81c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b40824095135861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac00000b0000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e5dd921a5eadd4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293d5c833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e602c28ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f257aac5af18d8c6b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e29b10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe8e4cd14dc5c1eb98b63198f6f830745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b51c34a5384f2cf51180c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af243b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380ecf1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f558982d57c556ca1427b5960b79990565ca2a20996fcba472213744d3a156979651596afde2b0089f023fcfccd072bd6ea8445fc787390d71ec61d5b7b0f05f6931914bf49aa0d66eff294271a93e32f54f281068514a4cd2d0700a43df59e9924e4affdbd22405e675e9d7cdc10546571131831d4dc8c8363077a908d9ae4f27ff095f5b07667f93a3573d3fabfca58ee0a6b6a691102bb3c7be4dc5b816853275e7ae8c13ec341bad15353fad794b46c4fd73e1b4cc78de2156cb158870d5b8446dae9ba5f7f244e6cf8f6791671057347208a313ebbcb72b04706005670f2b0055e440d72c7c3316982c6ebe8675458cf6bb393b007f5cedb7bc411834600000000000000000000000000a20071b07d568a8150ed646b4978d0226d9651647a5999ae7c7c85322a215fcdb1adbad63499518fe0d10145d430422c78367dfa941f74b63f3884565ac89c673da2c2b1172be5f2cd1f3f453ebddd432bd24c73fa773b739e20fcec16a821230654a383ac1868495f67d942c772ca75e09073dbe9307ff5cac7c2c411149a4d989a8a019e068da218d4bc34e4102fd2f97397331e4cd70b4915582b635f07ca87f00dc929f902540f565c20add8675b79e005cf0277d954697317b907b77fa5d6b7feaebaf676a2a37de8aa70748fee4bc198ffd3e2de11eb0eff896fd94de0805ba6b1054a7b3e300d4581e9af62a1ecaee96d2819b3d192e5b9561eb622da25450f586be14017a1cf74f89a1dd18af004decfe266134c3d036ae7996931fe6008a73ed34c35f0da4ffee1fe63bc1af6ef1b4731d50b8ceb582a1e9c6e8d97f8290cc105754f592d16ccdb1df8636d7ca5e372cea97dd0f005cc7092b126dd46758917fb0d94b8483d403bd451429cc1660f0b5a529d8134dc2702f6d8e2f943d98fbe50a3ba653f13f98a00fcbf311f9758ade8e4eb87b4b9fb2d387f5d8c4bdcab2fff9ed8c9de961fd831a070381c8020352fea7c334b2959ddd956701a7ea415e224a81c9fa1ebbabe74f7743e09b6c8b72650b51d5c2000ef3679c039b3604374fc1af7ab354204afbd24f0e701bc08a98452ce2668617e85e0d876f5a8b6d9b777f1c384d8a9883e4262defb6b9aab8d5b76bc91ca50f87966797da2499ca0ac76707c0408a7b6d8708fe7714988babdc11f"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) setsockopt$sock_attach_bpf(r0, 0x88, 0x67, &(0x7f00000002c0)=r1, 0x4) sendmsg$inet(r0, &(0x7f00000000c0)={&(0x7f0000000080)={0x2, 0x4e20, @multicast2}, 0x10, &(0x7f0000000300)=[{&(0x7f0000000140)='i-', 0x300}], 0x1, &(0x7f0000000100)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xd}, @private=0xa010102}}}], 0x20}, 0x0) 697.953052ms ago: executing program 5 (id=24364): perf_event_open(&(0x7f0000000a00)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0x6b589, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x401, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'nr0\x00', 0xe43986f95b0e4309}) syz_clone(0x4080b000, 0x0, 0x0, &(0x7f0000000e40), 0x0, 0x0) 601.366532ms ago: executing program 1 (id=24365): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x2808c3, 0x0) close(r0) socket$kcm(0xa, 0x2, 0x3a) ioctl$SIOCSIFHWADDR(r0, 0x8922, &(0x7f0000002280)={'team0\x00', @random="2b0100004ec6"}) 589.305862ms ago: executing program 4 (id=24366): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x11, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000100000000000000000000008500000087000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f00000003c0)="e0b9547ed387dbe9abc89b6e0704", 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 582.255561ms ago: executing program 7 (id=24367): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.time\x00', 0x26e1, 0x0) close(r0) socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8b25, &(0x7f0000000000)={'wlan1\x00', @random="c30020001400"}) 444.735131ms ago: executing program 4 (id=24368): perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0xfd, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffffffffefff}, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_subtree(r0, &(0x7f0000000140)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40305829, &(0x7f0000000040)) 444.351041ms ago: executing program 7 (id=24369): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xd68210}], 0x1, 0x0, 0x1f00000000000000, 0x200000}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x7, &(0x7f0000000000), 0x4) 444.080521ms ago: executing program 1 (id=24371): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x15, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000100850000000100000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000010000850000008200000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000a80)={r2, 0x0, 0x0}, 0x10) 379.417321ms ago: executing program 1 (id=24372): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x35) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_type(r0, &(0x7f00000001c0), 0x2, 0x0) write$cgroup_type(r1, &(0x7f0000000280), 0x9) 356.116711ms ago: executing program 6 (id=24373): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='hugetlb.1GB.rsvd.failcnt\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000001640), 0x12) 304.743761ms ago: executing program 5 (id=24374): r0 = socket$kcm(0x2, 0x1000000000000002, 0x0) r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000900)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x0, 0xffffffffffffffff, r1, 0x0) sendmsg$inet(r0, &(0x7f0000000100)={&(0x7f00000001c0)={0x2, 0x4e1d, @multicast2=0xe0000018}, 0xfe3c, &(0x7f0000000180)=[{&(0x7f00000005c0)="476de32199", 0xffe3}], 0x1, &(0x7f0000000140)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x29}, @multicast1}}}], 0x20}, 0x40004) 304.506251ms ago: executing program 4 (id=24375): r0 = socket$kcm(0x10, 0x400000002, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x10, &(0x7f0000001280), 0x4) recvmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)}, 0x2) write$cgroup_subtree(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="131000001200", @ANYRES32], 0xfe33) 290.37375ms ago: executing program 1 (id=24376): r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000001800)=[{&(0x7f0000000340)="e5", 0x1}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000280)={&(0x7f0000000140)=@in6={0xa, 0x0, 0x0, @dev, 0x1}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000300)='`', 0x1}], 0x1}, 0x0) sendmsg$inet(r0, &(0x7f0000001740)={&(0x7f00000000c0)={0x2, 0x4e20, @remote}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000001500)="b8", 0x1}], 0x1}, 0x0) 90.64225ms ago: executing program 4 (id=24377): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="5c00000012006bab9e3fe3d86e17aa31076b876c1d0000037ea60864160af36505001a0038001d00810000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f4d4938037e786a6d0bdd7fcf50e4509c5bb5b64f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 83.8924ms ago: executing program 5 (id=24378): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) setsockopt$sock_attach_bpf(r0, 0x10f, 0x85, 0x0, 0x0) 36.80198ms ago: executing program 6 (id=24379): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}, 0x14869, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x6, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000faffffff0000000000004000850000002c0000001800000004000000000000000700000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x27, 0x0, 0x0, 0x0, 0x0, 0x1400, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 0s ago: executing program 4 (id=24380): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000012c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x10, &(0x7f0000001280), 0x4) sendmsg$inet(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000013c0)="d080", 0x2}], 0x1}, 0x20000801) recvmsg(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x40002002) kernel console output (not intermixed with test programs): 6] validate_nla: 8 callbacks suppressed [ 971.984575][T12096] netlink: 'syz.3.19345': attribute type 29 has an invalid length. [ 972.014956][T12096] netlink: 'syz.3.19345': attribute type 29 has an invalid length. [ 972.027167][T12096] netlink: 'syz.3.19345': attribute type 29 has an invalid length. [ 972.389760][T12113] netlink: 122896 bytes leftover after parsing attributes in process `syz.2.19355'. [ 972.428785][T12113] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 972.454969][T12113] CPU: 0 PID: 12113 Comm: syz.2.19355 Not tainted 6.1.128-syzkaller #0 [ 972.463295][T12113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 972.473386][T12113] Call Trace: [ 972.476698][T12113] [ 972.479661][T12113] dump_stack_lvl+0x1e3/0x2cb [ 972.484370][T12113] ? nf_tcp_handle_invalid+0x642/0x642 [ 972.489839][T12113] ? panic+0x764/0x764 [ 972.493927][T12113] sysfs_warn_dup+0x8a/0xa0 [ 972.498431][T12113] sysfs_do_create_link_sd+0xbe/0x100 [ 972.503817][T12113] device_add+0x7d4/0xfd0 [ 972.508191][T12113] wiphy_register+0x1e44/0x2cc0 [ 972.513086][T12113] ? cfg80211_event_work+0x40/0x40 [ 972.518198][T12113] ? minstrel_ht_alloc+0x7cf/0x940 [ 972.523329][T12113] ? ieee80211_init_rate_ctrl_alg+0x592/0x610 [ 972.529404][T12113] ieee80211_register_hw+0x31bd/0x3f10 [ 972.534897][T12113] ? ieee80211_register_hw+0x11b1/0x3f10 [ 972.540529][T12113] ? ieee80211_register_hw+0x10b1/0x3f10 [ 972.546168][T12113] ? ieee80211_tasklet_handler+0x20/0x20 [ 972.551830][T12113] ? __debug_object_init+0xe9/0x450 [ 972.557038][T12113] ? memset+0x1f/0x40 [ 972.561026][T12113] ? __hrtimer_init+0x181/0x260 [ 972.565890][T12113] mac80211_hwsim_new_radio+0x22d9/0x4060 [ 972.571653][T12113] hwsim_new_radio_nl+0xc54/0x1190 [ 972.576783][T12113] ? hwsim_tx_info_frame_received_nl+0x10a0/0x10a0 [ 972.583309][T12113] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 972.589675][T12113] genl_rcv_msg+0xc1a/0xf70 [ 972.594223][T12113] ? genl_bind+0x400/0x400 [ 972.598672][T12113] ? read_lock_is_recursive+0x10/0x10 [ 972.604101][T12113] ? ref_tracker_free+0x638/0x7d0 [ 972.609128][T12113] ? hwsim_tx_info_frame_received_nl+0x10a0/0x10a0 [ 972.615638][T12113] ? refcount_inc+0x80/0x80 [ 972.620142][T12113] ? __kasan_kmalloc_large+0x92/0xd0 [ 972.625445][T12113] netlink_rcv_skb+0x1cd/0x410 [ 972.630231][T12113] ? genl_bind+0x400/0x400 [ 972.634659][T12113] ? netlink_ack+0x1290/0x1290 [ 972.639455][T12113] genl_rcv+0x24/0x40 [ 972.643434][T12113] netlink_unicast+0x7d8/0x970 [ 972.648216][T12113] ? netlink_detachskb+0x90/0x90 [ 972.653168][T12113] ? find_vmap_area+0xf3/0x100 [ 972.657942][T12113] ? __phys_addr_symbol+0x2b/0x70 [ 972.662973][T12113] ? __check_object_size+0x4dd/0xa30 [ 972.668268][T12113] ? bpf_lsm_netlink_send+0x5/0x10 [ 972.673402][T12113] netlink_sendmsg+0xa26/0xd60 [ 972.678210][T12113] ? netlink_getsockopt+0x580/0x580 [ 972.683425][T12113] ? aa_sock_msg_perm+0x91/0x150 [ 972.688381][T12113] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 972.693667][T12113] ? security_socket_sendmsg+0x7d/0xa0 [ 972.699128][T12113] ? netlink_getsockopt+0x580/0x580 [ 972.704334][T12113] ____sys_sendmsg+0x5a5/0x8f0 [ 972.709119][T12113] ? __sys_sendmsg_sock+0x30/0x30 [ 972.714172][T12113] __sys_sendmsg+0x2a9/0x390 [ 972.718770][T12113] ? ____sys_sendmsg+0x8f0/0x8f0 [ 972.723758][T12113] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 972.729767][T12113] ? syscall_enter_from_user_mode+0x2e/0x230 [ 972.735751][T12113] ? lockdep_hardirqs_on+0x94/0x130 [ 972.740953][T12113] ? syscall_enter_from_user_mode+0x2e/0x230 [ 972.746942][T12113] do_syscall_64+0x3b/0xb0 [ 972.751360][T12113] ? clear_bhb_loop+0x45/0xa0 [ 972.756049][T12113] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 972.761954][T12113] RIP: 0033:0x7f4285b8cde9 [ 972.766370][T12113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 972.785997][T12113] RSP: 002b:00007f4286aa0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 972.794436][T12113] RAX: ffffffffffffffda RBX: 00007f4285da5fa0 RCX: 00007f4285b8cde9 [ 972.802416][T12113] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004 [ 972.810393][T12113] RBP: 00007f4285c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 972.818363][T12113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 972.826357][T12113] R13: 0000000000000000 R14: 00007f4285da5fa0 R15: 00007ffd5a1d1b58 [ 972.834356][T12113] [ 972.985575][T12120] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 972.995310][T12120] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 973.336052][T12136] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.19364'. [ 975.942935][T12191] netlink: 122896 bytes leftover after parsing attributes in process `syz.0.19393'. [ 975.986981][T12191] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 976.006406][T12191] CPU: 1 PID: 12191 Comm: syz.0.19393 Not tainted 6.1.128-syzkaller #0 [ 976.014729][T12191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 976.024818][T12191] Call Trace: [ 976.028135][T12191] [ 976.031101][T12191] dump_stack_lvl+0x1e3/0x2cb [ 976.035822][T12191] ? nf_tcp_handle_invalid+0x642/0x642 [ 976.041323][T12191] ? panic+0x764/0x764 [ 976.045458][T12191] sysfs_warn_dup+0x8a/0xa0 [ 976.050006][T12191] sysfs_do_create_link_sd+0xbe/0x100 [ 976.055429][T12191] device_add+0x7d4/0xfd0 [ 976.059811][T12191] wiphy_register+0x1e44/0x2cc0 [ 976.064691][T12191] ? cfg80211_event_work+0x40/0x40 [ 976.069808][T12191] ? minstrel_ht_alloc+0x7cf/0x940 [ 976.074933][T12191] ? ieee80211_init_rate_ctrl_alg+0x592/0x610 [ 976.081013][T12191] ieee80211_register_hw+0x31bd/0x3f10 [ 976.086496][T12191] ? ieee80211_register_hw+0x11b1/0x3f10 [ 976.092131][T12191] ? ieee80211_register_hw+0x10b1/0x3f10 [ 976.097785][T12191] ? ieee80211_tasklet_handler+0x20/0x20 [ 976.103427][T12191] ? __debug_object_init+0xe9/0x450 [ 976.108644][T12191] ? memset+0x1f/0x40 [ 976.112640][T12191] ? __hrtimer_init+0x181/0x260 [ 976.117500][T12191] mac80211_hwsim_new_radio+0x22d9/0x4060 [ 976.123266][T12191] hwsim_new_radio_nl+0xc54/0x1190 [ 976.128396][T12191] ? hwsim_tx_info_frame_received_nl+0x10a0/0x10a0 [ 976.134923][T12191] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 976.141266][T12191] genl_rcv_msg+0xc1a/0xf70 [ 976.145782][T12191] ? genl_bind+0x400/0x400 [ 976.150246][T12191] ? read_lock_is_recursive+0x10/0x10 [ 976.155639][T12191] ? ref_tracker_free+0x638/0x7d0 [ 976.160663][T12191] ? hwsim_tx_info_frame_received_nl+0x10a0/0x10a0 [ 976.167175][T12191] ? refcount_inc+0x80/0x80 [ 976.171677][T12191] ? __kasan_kmalloc_large+0x92/0xd0 [ 976.176978][T12191] netlink_rcv_skb+0x1cd/0x410 [ 976.181755][T12191] ? genl_bind+0x400/0x400 [ 976.186174][T12191] ? netlink_ack+0x1290/0x1290 [ 976.190966][T12191] genl_rcv+0x24/0x40 [ 976.194949][T12191] netlink_unicast+0x7d8/0x970 [ 976.199752][T12191] ? netlink_detachskb+0x90/0x90 [ 976.204690][T12191] ? find_vmap_area+0xf3/0x100 [ 976.209460][T12191] ? __phys_addr_symbol+0x2b/0x70 [ 976.214488][T12191] ? __check_object_size+0x4dd/0xa30 [ 976.219776][T12191] ? bpf_lsm_netlink_send+0x5/0x10 [ 976.224906][T12191] netlink_sendmsg+0xa26/0xd60 [ 976.229695][T12191] ? netlink_getsockopt+0x580/0x580 [ 976.234906][T12191] ? aa_sock_msg_perm+0x91/0x150 [ 976.239849][T12191] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 976.245137][T12191] ? security_socket_sendmsg+0x7d/0xa0 [ 976.250592][T12191] ? netlink_getsockopt+0x580/0x580 [ 976.255820][T12191] ____sys_sendmsg+0x5a5/0x8f0 [ 976.260628][T12191] ? __sys_sendmsg_sock+0x30/0x30 [ 976.265685][T12191] __sys_sendmsg+0x2a9/0x390 [ 976.270291][T12191] ? ____sys_sendmsg+0x8f0/0x8f0 [ 976.275286][T12191] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 976.281293][T12191] ? syscall_enter_from_user_mode+0x2e/0x230 [ 976.287274][T12191] ? lockdep_hardirqs_on+0x94/0x130 [ 976.292476][T12191] ? syscall_enter_from_user_mode+0x2e/0x230 [ 976.298462][T12191] do_syscall_64+0x3b/0xb0 [ 976.302877][T12191] ? clear_bhb_loop+0x45/0xa0 [ 976.307576][T12191] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 976.313475][T12191] RIP: 0033:0x7ff95ed8cde9 [ 976.317891][T12191] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 976.337500][T12191] RSP: 002b:00007ff95fcc9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 976.345916][T12191] RAX: ffffffffffffffda RBX: 00007ff95efa5fa0 RCX: 00007ff95ed8cde9 [ 976.353886][T12191] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004 [ 976.361860][T12191] RBP: 00007ff95ee0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 976.369828][T12191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 976.377817][T12191] R13: 0000000000000000 R14: 00007ff95efa5fa0 R15: 00007ffc1bb42398 [ 976.385812][T12191] [ 976.779694][T12220] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.19406'. [ 977.201902][T12236] netlink: 122896 bytes leftover after parsing attributes in process `syz.3.19412'. [ 977.259640][T12236] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 977.274873][T12236] CPU: 0 PID: 12236 Comm: syz.3.19412 Not tainted 6.1.128-syzkaller #0 [ 977.283184][T12236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 977.293281][T12236] Call Trace: [ 977.296590][T12236] [ 977.299551][T12236] dump_stack_lvl+0x1e3/0x2cb [ 977.304268][T12236] ? nf_tcp_handle_invalid+0x642/0x642 [ 977.309757][T12236] ? panic+0x764/0x764 [ 977.313880][T12236] sysfs_warn_dup+0x8a/0xa0 [ 977.318407][T12236] sysfs_do_create_link_sd+0xbe/0x100 [ 977.323811][T12236] device_add+0x7d4/0xfd0 [ 977.328198][T12236] wiphy_register+0x1e44/0x2cc0 [ 977.333117][T12236] ? cfg80211_event_work+0x40/0x40 [ 977.338261][T12236] ? minstrel_ht_alloc+0x7cf/0x940 [ 977.343506][T12236] ? ieee80211_init_rate_ctrl_alg+0x592/0x610 [ 977.349623][T12236] ieee80211_register_hw+0x31bd/0x3f10 [ 977.355144][T12236] ? ieee80211_register_hw+0x11b1/0x3f10 [ 977.360812][T12236] ? ieee80211_register_hw+0x10b1/0x3f10 [ 977.366495][T12236] ? ieee80211_tasklet_handler+0x20/0x20 [ 977.372165][T12236] ? __debug_object_init+0xe9/0x450 [ 977.377405][T12236] ? memset+0x1f/0x40 [ 977.381422][T12236] ? __hrtimer_init+0x181/0x260 [ 977.386315][T12236] mac80211_hwsim_new_radio+0x22d9/0x4060 [ 977.392127][T12236] hwsim_new_radio_nl+0xc54/0x1190 [ 977.397297][T12236] ? hwsim_tx_info_frame_received_nl+0x10a0/0x10a0 [ 977.403857][T12236] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 977.410229][T12236] genl_rcv_msg+0xc1a/0xf70 [ 977.414768][T12236] ? genl_bind+0x400/0x400 [ 977.419241][T12236] ? read_lock_is_recursive+0x10/0x10 [ 977.424660][T12236] ? ref_tracker_free+0x638/0x7d0 [ 977.429721][T12236] ? hwsim_tx_info_frame_received_nl+0x10a0/0x10a0 [ 977.436271][T12236] ? refcount_inc+0x80/0x80 [ 977.440808][T12236] ? __kasan_kmalloc_large+0x92/0xd0 [ 977.446134][T12236] netlink_rcv_skb+0x1cd/0x410 [ 977.450929][T12236] ? genl_bind+0x400/0x400 [ 977.455364][T12236] ? netlink_ack+0x1290/0x1290 [ 977.460187][T12236] genl_rcv+0x24/0x40 [ 977.464187][T12236] netlink_unicast+0x7d8/0x970 [ 977.468998][T12236] ? netlink_detachskb+0x90/0x90 [ 977.473956][T12236] ? find_vmap_area+0xf3/0x100 [ 977.478764][T12236] ? __phys_addr_symbol+0x2b/0x70 [ 977.483839][T12236] ? __check_object_size+0x4dd/0xa30 [ 977.489160][T12236] ? bpf_lsm_netlink_send+0x5/0x10 [ 977.494320][T12236] netlink_sendmsg+0xa26/0xd60 [ 977.499151][T12236] ? netlink_getsockopt+0x580/0x580 [ 977.504414][T12236] ? aa_sock_msg_perm+0x91/0x150 [ 977.509389][T12236] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 977.514706][T12236] ? security_socket_sendmsg+0x7d/0xa0 [ 977.520208][T12236] ? netlink_getsockopt+0x580/0x580 [ 977.525459][T12236] ____sys_sendmsg+0x5a5/0x8f0 [ 977.530292][T12236] ? __sys_sendmsg_sock+0x30/0x30 [ 977.535405][T12236] __sys_sendmsg+0x2a9/0x390 [ 977.540053][T12236] ? ____sys_sendmsg+0x8f0/0x8f0 [ 977.545099][T12236] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 977.551152][T12236] ? syscall_enter_from_user_mode+0x2e/0x230 [ 977.557184][T12236] ? lockdep_hardirqs_on+0x94/0x130 [ 977.562434][T12236] ? syscall_enter_from_user_mode+0x2e/0x230 [ 977.568462][T12236] do_syscall_64+0x3b/0xb0 [ 977.572917][T12236] ? clear_bhb_loop+0x45/0xa0 [ 977.577633][T12236] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 977.583567][T12236] RIP: 0033:0x7efcbd18cde9 [ 977.588022][T12236] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 977.607675][T12236] RSP: 002b:00007efcbe033038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 977.616162][T12236] RAX: ffffffffffffffda RBX: 00007efcbd3a5fa0 RCX: 00007efcbd18cde9 [ 977.624174][T12236] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004 [ 977.632180][T12236] RBP: 00007efcbd20e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 977.640158][T12236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 977.648136][T12236] R13: 0000000000000000 R14: 00007efcbd3a5fa0 R15: 00007ffefb4487c8 [ 977.656138][T12236] [ 978.732070][T12285] netlink: 146340 bytes leftover after parsing attributes in process `syz.3.19437'. [ 978.742640][T12285] openvswitch: netlink: Key type 386 is out of range max 32 [ 980.766458][T12369] netlink: 146340 bytes leftover after parsing attributes in process `syz.1.19477'. [ 980.777631][T12369] openvswitch: netlink: Key type 386 is out of range max 32 [ 982.393234][T12401] netlink: 146340 bytes leftover after parsing attributes in process `syz.2.19490'. [ 982.420650][T12401] openvswitch: netlink: Key type 386 is out of range max 32 [ 983.150427][T12436] netlink: 'syz.3.19508': attribute type 3 has an invalid length. [ 983.175338][T12436] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.19508'. [ 983.622747][T12448] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 983.637811][T12448] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 986.077052][T12562] netlink: 'syz.4.19567': attribute type 3 has an invalid length. [ 986.108159][T12562] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.19567'. [ 986.359860][T12578] netlink: 'syz.1.19585': attribute type 3 has an invalid length. [ 986.393706][T12578] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.19585'. [ 986.597523][T12593] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 986.627812][T12593] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 988.465207][T12665] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 988.486406][T12665] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 991.108491][T12745] netlink: 'syz.4.19657': attribute type 29 has an invalid length. [ 991.116688][T12745] netlink: 'syz.4.19657': attribute type 29 has an invalid length. [ 991.199593][T12749] netlink: 'syz.4.19657': attribute type 29 has an invalid length. [ 992.929898][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 992.936246][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 996.786744][T12990] netlink: 'syz.1.19775': attribute type 33 has an invalid length. [ 996.805532][T12990] netlink: 164 bytes leftover after parsing attributes in process `syz.1.19775'. [ 997.050315][T22505] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 997.187722][T22505] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 997.299716][T22505] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 997.449012][T22505] bond0: (slave netdevsim0): Releasing backup interface [ 997.480654][T22505] device netdevsim0 left promiscuous mode [ 997.497272][T22505] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 997.866488][T13032] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 997.876897][T13032] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 997.887750][T13032] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 997.896393][T13032] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 997.907830][T13032] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 997.915146][T13032] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 998.326520][T13031] chnl_net:caif_netlink_parms(): no params data found [ 998.922245][T13031] bridge0: port 1(bridge_slave_0) entered blocking state [ 998.936193][T13031] bridge0: port 1(bridge_slave_0) entered disabled state [ 998.955719][T13031] device bridge_slave_0 entered promiscuous mode [ 998.971694][T13031] bridge0: port 2(bridge_slave_1) entered blocking state [ 999.016115][T13031] bridge0: port 2(bridge_slave_1) entered disabled state [ 999.033704][T13031] device bridge_slave_1 entered promiscuous mode [ 999.052520][T13075] netlink: 'syz.1.19807': attribute type 9 has an invalid length. [ 999.062878][T13075] netlink: 126588 bytes leftover after parsing attributes in process `syz.1.19807'. [ 999.123540][T13031] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 999.168850][T13031] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 999.315320][T13031] team0: Port device team_slave_0 added [ 999.348720][T13085] netlink: 'syz.0.19819': attribute type 33 has an invalid length. [ 999.367233][T13085] netlink: 164 bytes leftover after parsing attributes in process `syz.0.19819'. [ 999.568126][T22505] device wlan1 left promiscuous mode [ 999.600645][T22505] team0: Port device wlan1 removed [ 999.632667][T13031] team0: Port device team_slave_1 added [ 999.744494][T13031] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 999.769868][T13031] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 999.865645][T13031] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 999.977902][T13032] Bluetooth: hci4: command 0x0409 tx timeout [ 999.980625][T13031] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 999.996137][T13031] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1000.070674][T13031] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1000.567952][T22505] device hsr_slave_1 left promiscuous mode [ 1000.859042][T13156] netlink: 'syz.3.19837': attribute type 9 has an invalid length. [ 1000.867259][T13156] netlink: 126588 bytes leftover after parsing attributes in process `syz.3.19837'. [ 1001.068397][T22505] device geneve1 left promiscuous mode [ 1001.086230][T22505] team0 (unregistering): Port device geneve1 removed [ 1001.312912][T22505] device team_slave_1 left promiscuous mode [ 1001.319968][T22505] team0 (unregistering): Port device team_slave_1 removed [ 1001.404796][T22505] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1001.420100][T22505] device bond_slave_1 left promiscuous mode [ 1001.656470][T22505] device dummy0 left promiscuous mode [ 1001.664134][T22505] team0 (unregistering): Port device dummy0 removed [ 1001.914497][T22505] bond0 (unregistering): Released all slaves [ 1001.941740][T13031] device hsr_slave_0 entered promiscuous mode [ 1001.948491][T13031] device hsr_slave_1 entered promiscuous mode [ 1002.047778][T13032] Bluetooth: hci4: command 0x041b tx timeout [ 1002.130929][T13179] netlink: 'syz.1.19855': attribute type 21 has an invalid length. [ 1002.150307][T13179] netlink: 132 bytes leftover after parsing attributes in process `syz.1.19855'. [ 1002.421805][T13031] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1002.464742][T13031] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1002.505748][T13031] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1002.538236][T13031] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1002.770903][T13031] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1002.858810][T13031] 8021q: adding VLAN 0 to HW filter on device team0 [ 1002.865925][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1002.874670][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1002.920679][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1002.954168][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1002.989678][T22510] bridge0: port 1(bridge_slave_0) entered blocking state [ 1002.996934][T22510] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1003.054340][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1003.082538][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1003.104694][T22510] bridge0: port 2(bridge_slave_1) entered blocking state [ 1003.111914][T22510] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1003.159042][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1003.183059][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1003.213481][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1003.233873][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1003.265918][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1003.289013][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1003.329672][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1003.340676][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1003.380834][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1003.389535][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1003.404431][T13031] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1003.419278][T13031] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1003.431521][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1003.440836][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1003.590505][T13236] netlink: 'syz.4.19865': attribute type 21 has an invalid length. [ 1003.616398][T13236] netlink: 132 bytes leftover after parsing attributes in process `syz.4.19865'. [ 1003.941294][T22505] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1003.959828][T22505] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1003.982457][T13031] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1004.128098][T13032] Bluetooth: hci4: command 0x040f tx timeout [ 1004.451433][T13285] netlink: 'syz.3.19888': attribute type 29 has an invalid length. [ 1004.482597][T13285] netlink: 'syz.3.19888': attribute type 29 has an invalid length. [ 1004.508090][T13287] netlink: 'syz.3.19888': attribute type 29 has an invalid length. [ 1004.829889][T22505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1004.849018][T22505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1004.907122][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1004.923798][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1004.954804][T13031] device veth0_vlan entered promiscuous mode [ 1004.975421][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1004.986094][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1005.000646][T13031] device veth1_vlan entered promiscuous mode [ 1005.067024][T22495] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1005.087314][T22495] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1005.137211][T22495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1005.158934][T22495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1005.194200][T13031] device veth0_macvtap entered promiscuous mode [ 1005.210027][T22495] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1005.231844][T13031] device veth1_macvtap entered promiscuous mode [ 1005.276901][T13031] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1005.318201][T22495] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1005.334591][T22495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1005.362321][T13031] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1005.378213][T22495] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1005.398417][T22495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1005.419922][T13031] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1005.438176][T13031] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1005.466690][T13031] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1005.489044][T13031] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1005.703824][ T4307] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1005.723530][ T4307] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1005.798642][T22495] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1005.831269][T22495] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1005.855778][T22495] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1005.897973][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1006.208192][T13032] Bluetooth: hci4: command 0x0419 tx timeout [ 1007.618164][T13438] netlink: 'syz.1.19937': attribute type 29 has an invalid length. [ 1007.635650][T13438] netlink: 'syz.1.19937': attribute type 29 has an invalid length. [ 1007.680629][T13444] netlink: 'syz.1.19937': attribute type 29 has an invalid length. [ 1008.051836][T13460] netlink: 16098 bytes leftover after parsing attributes in process `syz.5.19943'. [ 1009.392930][T13513] netlink: 16098 bytes leftover after parsing attributes in process `syz.1.19958'. [ 1009.588752][T13523] netlink: 16098 bytes leftover after parsing attributes in process `syz.0.19973'. [ 1010.771821][T13570] netlink: 16255 bytes leftover after parsing attributes in process `syz.0.19981'. [ 1010.991556][T13576] netlink: 'syz.0.19983': attribute type 1 has an invalid length. [ 1011.017858][T13576] netlink: 16255 bytes leftover after parsing attributes in process `syz.0.19983'. [ 1012.052212][T13623] netlink: 'syz.1.20003': attribute type 1 has an invalid length. [ 1012.085326][T13623] netlink: 16255 bytes leftover after parsing attributes in process `syz.1.20003'. [ 1013.832652][T13692] netlink: 'syz.4.20031': attribute type 29 has an invalid length. [ 1013.868892][T13692] netlink: 'syz.4.20031': attribute type 29 has an invalid length. [ 1013.896537][T13697] netlink: 'syz.4.20031': attribute type 29 has an invalid length. [ 1013.942105][T13700] netlink: 16255 bytes leftover after parsing attributes in process `syz.1.20034'. [ 1013.985027][T13702] netlink: 'syz.0.20035': attribute type 3 has an invalid length. [ 1014.008157][T13702] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.20035'. [ 1015.925221][T13782] netlink: 'syz.3.20071': attribute type 29 has an invalid length. [ 1015.989665][T13782] netlink: 'syz.3.20071': attribute type 29 has an invalid length. [ 1016.010217][T13786] netlink: 'syz.3.20071': attribute type 29 has an invalid length. [ 1017.410067][T13838] netlink: 'syz.5.20098': attribute type 2 has an invalid length. [ 1017.427862][T13838] netlink: 'syz.5.20098': attribute type 1 has an invalid length. [ 1017.722868][T13851] netlink: 'syz.5.20103': attribute type 29 has an invalid length. [ 1018.220144][T13874] netlink: 56 bytes leftover after parsing attributes in process `syz.5.20112'. [ 1018.268074][T13874] netlink: 56 bytes leftover after parsing attributes in process `syz.5.20112'. [ 1018.316181][T13876] netlink: 56 bytes leftover after parsing attributes in process `syz.5.20112'. [ 1019.108025][T13907] validate_nla: 8 callbacks suppressed [ 1019.108041][T13907] netlink: 'syz.3.20126': attribute type 2 has an invalid length. [ 1019.156227][T13907] netlink: 'syz.3.20126': attribute type 1 has an invalid length. [ 1020.179780][T13951] netlink: 'syz.0.20146': attribute type 2 has an invalid length. [ 1020.225408][T13951] netlink: 'syz.0.20146': attribute type 1 has an invalid length. [ 1020.713592][T13971] netlink: 56 bytes leftover after parsing attributes in process `syz.1.20157'. [ 1020.753069][T13971] netlink: 56 bytes leftover after parsing attributes in process `syz.1.20157'. [ 1020.820207][T13979] netlink: 56 bytes leftover after parsing attributes in process `syz.1.20157'. [ 1022.588062][T14085] netlink: 'syz.4.20200': attribute type 3 has an invalid length. [ 1022.642114][T14085] netlink: 1034 bytes leftover after parsing attributes in process `syz.4.20200'. [ 1024.241714][T14163] netlink: 76 bytes leftover after parsing attributes in process `syz.4.20227'. [ 1025.534371][T14236] netlink: 'syz.1.20256': attribute type 3 has an invalid length. [ 1025.557737][T14236] netlink: 1034 bytes leftover after parsing attributes in process `syz.1.20256'. [ 1025.697520][T14245] netlink: 'syz.3.20258': attribute type 7 has an invalid length. [ 1026.415214][T14284] netlink: 76 bytes leftover after parsing attributes in process `syz.1.20272'. [ 1026.569186][T14293] netlink: 'syz.1.20274': attribute type 3 has an invalid length. [ 1026.600537][T14293] netlink: 132 bytes leftover after parsing attributes in process `syz.1.20274'. [ 1027.230289][T14323] netlink: 76 bytes leftover after parsing attributes in process `syz.0.20284'. [ 1027.311803][T14330] netlink: 'syz.1.20286': attribute type 7 has an invalid length. [ 1027.382757][T14333] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.20287'. [ 1027.508457][T14339] netlink: 144 bytes leftover after parsing attributes in process `syz.1.20290'. [ 1027.659703][T14342] netlink: 16255 bytes leftover after parsing attributes in process `syz.5.20291'. [ 1028.131501][T14371] netlink: 'syz.5.20301': attribute type 7 has an invalid length. [ 1028.203904][T14379] netlink: 144 bytes leftover after parsing attributes in process `syz.4.20304'. [ 1028.657415][T14403] netlink: 'syz.4.20313': attribute type 25 has an invalid length. [ 1028.675855][T14403] netlink: 2418 bytes leftover after parsing attributes in process `syz.4.20313'. [ 1028.717949][T14400] netlink: 'syz.5.20312': attribute type 3 has an invalid length. [ 1028.725835][T14400] netlink: 132 bytes leftover after parsing attributes in process `syz.5.20312'. [ 1029.004403][T14420] netlink: 144 bytes leftover after parsing attributes in process `syz.5.20319'. [ 1029.870444][T14468] netlink: 'syz.0.20331': attribute type 3 has an invalid length. [ 1030.680814][T14506] netlink: 'syz.3.20351': attribute type 25 has an invalid length. [ 1032.099041][T14569] __nla_validate_parse: 5 callbacks suppressed [ 1032.099062][T14569] netlink: 3 bytes leftover after parsing attributes in process `syz.5.20381'. [ 1032.494029][T14589] netlink: 6401 bytes leftover after parsing attributes in process `syz.0.20390'. [ 1033.203678][T14610] netlink: 3 bytes leftover after parsing attributes in process `syz.4.20399'. [ 1033.580747][T14622] netlink: 129384 bytes leftover after parsing attributes in process `syz.0.20403'. [ 1033.921552][T14640] netlink: 'syz.4.20413': attribute type 3 has an invalid length. [ 1033.942254][T14640] netlink: 132 bytes leftover after parsing attributes in process `syz.4.20413'. [ 1035.472173][T14723] netlink: 129384 bytes leftover after parsing attributes in process `syz.1.20453'. [ 1035.473488][T14725] netlink: 'syz.4.20454': attribute type 4 has an invalid length. [ 1035.493687][T14725] netlink: 'syz.4.20454': attribute type 1 has an invalid length. [ 1035.503199][T14725] netlink: 181400 bytes leftover after parsing attributes in process `syz.4.20454'. [ 1035.619787][T14731] netlink: 'syz.0.20465': attribute type 3 has an invalid length. [ 1035.638107][T14731] netlink: 132 bytes leftover after parsing attributes in process `syz.0.20465'. [ 1035.946235][T14741] netlink: 'syz.4.20461': attribute type 25 has an invalid length. [ 1035.981628][T14741] netlink: 2418 bytes leftover after parsing attributes in process `syz.4.20461'. [ 1036.383658][T14749] netlink: 129384 bytes leftover after parsing attributes in process `syz.4.20466'. [ 1036.633678][T14763] netlink: 'syz.1.20471': attribute type 3 has an invalid length. [ 1037.196128][T14795] netlink: 'syz.0.20486': attribute type 4 has an invalid length. [ 1037.217795][T14795] netlink: 'syz.0.20486': attribute type 1 has an invalid length. [ 1037.237804][T14795] __nla_validate_parse: 3 callbacks suppressed [ 1037.237820][T14795] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.20486'. [ 1037.449713][T14805] netlink: 'syz.4.20491': attribute type 29 has an invalid length. [ 1037.472472][T14805] netlink: 'syz.4.20491': attribute type 29 has an invalid length. [ 1037.534690][T14811] netlink: 'syz.4.20491': attribute type 29 has an invalid length. [ 1037.816461][T14825] netlink: 'syz.5.20501': attribute type 25 has an invalid length. [ 1037.878747][T14825] netlink: 2418 bytes leftover after parsing attributes in process `syz.5.20501'. [ 1038.562146][T14867] netlink: 'syz.0.20519': attribute type 25 has an invalid length. [ 1038.570581][T14867] netlink: 2418 bytes leftover after parsing attributes in process `syz.0.20519'. [ 1038.625732][T14869] netlink: 14593 bytes leftover after parsing attributes in process `syz.1.20522'. [ 1039.286343][T14894] netlink: 60 bytes leftover after parsing attributes in process `syz.5.20532'. [ 1039.852138][T14906] netlink: 14593 bytes leftover after parsing attributes in process `syz.4.20537'. [ 1041.219551][T14957] netlink: 4595 bytes leftover after parsing attributes in process `syz.5.20560'. [ 1044.427422][T15064] netlink: 4595 bytes leftover after parsing attributes in process `syz.4.20609'. [ 1045.634028][T15102] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.20626'. [ 1046.759387][T15142] netlink: 'syz.5.20646': attribute type 2 has an invalid length. [ 1046.839300][T15146] netlink: 9286 bytes leftover after parsing attributes in process `syz.4.20650'. [ 1047.031902][T22510] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1047.180256][T22510] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1047.290777][T22510] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1047.414607][T22510] bond0: (slave netdevsim0): Releasing backup interface [ 1047.468348][T22510] device netdevsim0 left promiscuous mode [ 1047.476512][T22510] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1047.640512][ T4260] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1047.650811][ T4260] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1047.659576][ T4260] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1047.668869][ T4260] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1047.676542][ T4260] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1047.685022][ T4260] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1047.811300][T22510] device 0 left promiscuous mode [ 1047.880228][T22510] device 0 left promiscuous mode [ 1048.049276][T15158] chnl_net:caif_netlink_parms(): no params data found [ 1048.099696][T13032] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1048.110315][T13032] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1048.124386][T13032] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1048.134114][T13032] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1048.141712][T13032] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1048.149244][T22510] bond0: (slave ip6gretap0): Releasing backup interface [ 1048.156520][T13032] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1048.156916][T22510] device ip6gretap0 left promiscuous mode [ 1048.320658][T15158] bridge0: port 1(bridge_slave_0) entered blocking state [ 1048.328485][T15158] bridge0: port 1(bridge_slave_0) entered disabled state [ 1048.336603][T15158] device bridge_slave_0 entered promiscuous mode [ 1048.347628][T15158] bridge0: port 2(bridge_slave_1) entered blocking state [ 1048.357267][T15158] bridge0: port 2(bridge_slave_1) entered disabled state [ 1048.365358][T15158] device bridge_slave_1 entered promiscuous mode [ 1048.413505][T15158] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1048.438001][T15158] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1048.488138][T15158] team0: Port device team_slave_0 added [ 1048.496063][T15158] team0: Port device team_slave_1 added [ 1048.570812][T15158] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1048.578112][T15158] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1048.605446][T15158] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1048.618796][T15158] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1048.625776][T15158] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1048.652527][T15158] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1048.664078][T15173] chnl_net:caif_netlink_parms(): no params data found [ 1048.764220][T15158] device hsr_slave_0 entered promiscuous mode [ 1048.771555][T15158] device hsr_slave_1 entered promiscuous mode [ 1048.781640][T15158] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1048.789362][T15158] Cannot create hsr debugfs directory [ 1048.939416][T15173] bridge0: port 1(bridge_slave_0) entered blocking state [ 1048.946550][T15173] bridge0: port 1(bridge_slave_0) entered disabled state [ 1048.955266][T15173] device bridge_slave_0 entered promiscuous mode [ 1049.002787][T15173] bridge0: port 2(bridge_slave_1) entered blocking state [ 1049.011352][T15173] bridge0: port 2(bridge_slave_1) entered disabled state [ 1049.020344][T15173] device bridge_slave_1 entered promiscuous mode [ 1049.105577][T15173] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1049.133868][T15173] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1049.220088][T15173] team0: Port device team_slave_0 added [ 1049.265521][T22510] device veth0_macvtap left promiscuous mode [ 1049.644567][T22510] device team_slave_1 left promiscuous mode [ 1049.653078][T22510] team0 (unregistering): Port device team_slave_1 removed [ 1049.686217][T22510] device team_slave_0 left promiscuous mode [ 1049.693593][T22510] team0 (unregistering): Port device team_slave_0 removed [ 1049.731138][ T4260] Bluetooth: hci2: command 0x0409 tx timeout [ 1049.739615][T22510] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1049.748904][T22510] device bond_slave_1 left promiscuous mode [ 1049.880959][T22510] device dummy0 left promiscuous mode [ 1049.887091][T22510] team0 (unregistering): Port device dummy0 removed [ 1050.079612][T22510] bond0 (unregistering): Released all slaves [ 1050.110293][T15173] team0: Port device team_slave_1 added [ 1050.194260][T15173] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1050.202068][T15173] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1050.207951][ T4260] Bluetooth: hci3: command 0x0409 tx timeout [ 1050.231509][T15173] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1050.246992][T15173] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1050.255701][T15173] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1050.281961][T15173] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1050.295065][T15158] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1050.304113][T15158] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1050.316349][T15158] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1050.336274][T15158] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1050.432027][T15173] device hsr_slave_0 entered promiscuous mode [ 1050.443879][T15173] device hsr_slave_1 entered promiscuous mode [ 1050.450955][T15173] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1050.459667][T15173] Cannot create hsr debugfs directory [ 1050.611945][T15158] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1050.661338][T22482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1050.670848][T22482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1050.705630][T22510] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1050.739449][T15158] 8021q: adding VLAN 0 to HW filter on device team0 [ 1050.779994][T22510] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1050.816666][T22482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1050.827425][T22482] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1050.836962][T22482] bridge0: port 1(bridge_slave_0) entered blocking state [ 1050.844141][T22482] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1050.855310][T22482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1050.870033][T22482] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1050.879596][T22482] bridge0: port 2(bridge_slave_1) entered blocking state [ 1050.886726][T22482] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1050.894826][T22482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1050.905051][T22482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1050.913982][T22482] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1050.931176][T15173] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1050.954352][T22510] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1050.972460][T14920] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1050.988602][T14920] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1050.997105][T14920] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1051.006501][T15173] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1051.022268][T15173] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1051.050075][T22510] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1051.068698][T22482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1051.078829][T22482] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1051.087286][T22482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1051.096059][T22482] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1051.104706][T22482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1051.113437][T22482] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1051.122035][T15173] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1051.134314][T15158] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1051.376966][T15173] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1051.402070][T22482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1051.411156][T22482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1051.424188][T15173] 8021q: adding VLAN 0 to HW filter on device team0 [ 1051.450395][T14920] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1051.461874][T14920] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1051.476283][T14920] bridge0: port 1(bridge_slave_0) entered blocking state [ 1051.483477][T14920] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1051.499677][T14920] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1051.594347][T14920] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1051.603819][T14920] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1051.613283][T14920] bridge0: port 2(bridge_slave_1) entered blocking state [ 1051.620467][T14920] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1051.629471][T14920] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1051.639662][T14920] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1051.649128][T14920] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1051.660998][T14920] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1051.716343][T14920] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1051.727408][T14920] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1051.742499][T14920] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1051.753679][T14920] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1051.764988][T14920] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1051.775183][T14920] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1051.784705][T14920] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1051.793349][T14920] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1051.802182][T14920] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1051.810254][T13032] Bluetooth: hci2: command 0x041b tx timeout [ 1051.815724][T15173] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1051.849019][T15158] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1052.126577][T22482] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1052.134984][T22482] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1052.167107][T15173] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1052.289023][T13032] Bluetooth: hci3: command 0x041b tx timeout [ 1052.460609][T22485] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1052.479611][T22485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1052.530309][T15158] device veth0_vlan entered promiscuous mode [ 1052.537041][T22485] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1052.568720][T22485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1052.580923][T22485] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1052.601666][T22485] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1052.644592][T15158] device veth1_vlan entered promiscuous mode [ 1052.674483][T22497] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1052.684606][T22497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1052.694428][T22497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1052.753179][T22497] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1052.762199][T22497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1052.772377][T22497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1052.786549][T22497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1052.795214][T22497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1052.803861][T22497] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1052.812089][T22497] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1052.822482][T15158] device veth0_macvtap entered promiscuous mode [ 1052.837589][T15158] device veth1_macvtap entered promiscuous mode [ 1052.852703][T15173] device veth0_vlan entered promiscuous mode [ 1052.914843][T22510] device wlan1 left promiscuous mode [ 1052.923035][T22510] team0: Port device wlan1 removed [ 1052.939032][T15158] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1052.949726][T15158] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1052.962901][T15158] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1052.972289][T15173] device veth1_vlan entered promiscuous mode [ 1052.982845][T22497] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1052.991388][T22497] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1052.999586][T22497] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1053.008500][T22497] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1053.017366][T22497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1053.028442][T15158] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1053.039035][T15158] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1053.050680][T15158] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1053.073508][T22485] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1053.082338][T22485] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1053.092076][T22485] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1053.105441][T15158] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1053.114772][T15158] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1053.124089][T15158] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1053.133175][T15158] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1053.201628][T22482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1053.214075][T22482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1053.235559][T15173] device veth0_macvtap entered promiscuous mode [ 1053.274940][T22510] device hsr_slave_0 left promiscuous mode [ 1053.290593][T22510] device hsr_slave_1 left promiscuous mode [ 1053.431414][T22510] device geneve1 left promiscuous mode [ 1053.439981][T22510] team0 (unregistering): Port device geneve1 removed [ 1053.699841][T22510] device team_slave_1 left promiscuous mode [ 1053.706700][T22510] team0 (unregistering): Port device team_slave_1 removed [ 1053.741925][T22510] device team_slave_0 left promiscuous mode [ 1053.749659][T22510] team0 (unregistering): Port device team_slave_0 removed [ 1053.887852][T13032] Bluetooth: hci2: command 0x040f tx timeout [ 1053.912723][T22510] device dummy0 left promiscuous mode [ 1053.919443][T22510] team0 (unregistering): Port device dummy0 removed [ 1054.049608][T15173] device veth1_macvtap entered promiscuous mode [ 1054.085825][T22485] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1054.097420][T22485] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1054.104676][T15173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1054.117608][T15173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1054.136698][T15173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1054.148084][T15173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1054.159688][T15173] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1054.167107][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1054.176199][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1054.184689][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1054.193436][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1054.205860][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1054.225477][T15173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1054.236889][T15173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1054.251911][T15173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1054.262561][T15173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1054.277253][T15173] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1054.297600][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1054.308897][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1054.320820][T15173] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1054.331262][T15173] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1054.344563][T15173] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1054.353756][T15173] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1054.367939][T13032] Bluetooth: hci3: command 0x040f tx timeout [ 1054.374534][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.382044][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.405964][T22482] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1054.419670][T22482] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1054.437556][T22482] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1054.581644][T22491] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1054.626356][T22491] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1054.690571][T22482] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1054.732806][T22482] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1054.752814][T22482] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1054.783048][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1055.290145][ T3622] udevd[3622]: worker [4237] terminated by signal 32 (Unknown signal 32) [ 1055.968465][T13032] Bluetooth: hci2: command 0x0419 tx timeout [ 1056.297493][T15336] netlink: 40 bytes leftover after parsing attributes in process `syz.6.20664'. [ 1056.449520][T13032] Bluetooth: hci3: command 0x0419 tx timeout [ 1056.728341][T15364] netlink: 40 bytes leftover after parsing attributes in process `syz.1.20694'. [ 1056.820676][T15364] netlink: 'syz.1.20694': attribute type 3 has an invalid length. [ 1056.858444][T15364] netlink: 1 bytes leftover after parsing attributes in process `syz.1.20694'. [ 1058.024952][T15375] netlink: 40 bytes leftover after parsing attributes in process `syz.5.20688'. [ 1058.390660][T15396] netlink: 35347 bytes leftover after parsing attributes in process `syz.7.20700'. [ 1061.677839][T15455] netlink: 16255 bytes leftover after parsing attributes in process `syz.5.20729'. [ 1065.232309][T15598] Â: renamed from pim6reg1 [ 1066.167520][T15627] netlink: 'syz.7.20811': attribute type 21 has an invalid length. [ 1066.188432][T15627] netlink: 'syz.7.20811': attribute type 1 has an invalid length. [ 1066.196355][T15627] netlink: 'syz.7.20811': attribute type 2 has an invalid length. [ 1066.205325][T15627] netlink: 9062 bytes leftover after parsing attributes in process `syz.7.20811'. [ 1069.671786][T15748] netlink: 'syz.1.20869': attribute type 21 has an invalid length. [ 1069.703378][T15748] netlink: 'syz.1.20869': attribute type 1 has an invalid length. [ 1069.721449][T15748] netlink: 'syz.1.20869': attribute type 2 has an invalid length. [ 1069.737808][T15748] netlink: 9062 bytes leftover after parsing attributes in process `syz.1.20869'. [ 1069.810914][T15757] Â: renamed from pim6reg1 [ 1070.873305][T15783] netlink: 'syz.7.20883': attribute type 11 has an invalid length. [ 1070.901489][T15783] netlink: 199836 bytes leftover after parsing attributes in process `syz.7.20883'. [ 1071.014077][T15782] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1071.016141][T15789] netlink: 'syz.6.20888': attribute type 21 has an invalid length. [ 1071.049784][T15789] netlink: 'syz.6.20888': attribute type 1 has an invalid length. [ 1071.058891][T15789] netlink: 'syz.6.20888': attribute type 2 has an invalid length. [ 1071.069043][T15789] netlink: 9062 bytes leftover after parsing attributes in process `syz.6.20888'. [ 1071.111204][T15795] Â: renamed from pim6reg1 [ 1072.293466][T15830] netlink: 'syz.5.20905': attribute type 21 has an invalid length. [ 1072.355749][T15830] netlink: 'syz.5.20905': attribute type 1 has an invalid length. [ 1072.384539][T15830] netlink: 'syz.5.20905': attribute type 2 has an invalid length. [ 1072.414101][T15830] netlink: 9062 bytes leftover after parsing attributes in process `syz.5.20905'. [ 1076.201442][T15966] netlink: 16255 bytes leftover after parsing attributes in process `syz.4.20965'. [ 1078.185220][T16043] netlink: 16255 bytes leftover after parsing attributes in process `syz.7.21000'. [ 1079.425079][T16068] netlink: 35347 bytes leftover after parsing attributes in process `syz.1.21015'. [ 1080.935319][T16104] netlink: 35347 bytes leftover after parsing attributes in process `syz.6.21030'. [ 1082.783548][T16144] netlink: 40 bytes leftover after parsing attributes in process `syz.7.21057'. [ 1082.811346][T16144] bridge0: port 1(bridge_slave_0) entered disabled state [ 1082.838625][T16144] netlink: 'syz.7.21057': attribute type 3 has an invalid length. [ 1082.852173][T16144] netlink: 1 bytes leftover after parsing attributes in process `syz.7.21057'. [ 1084.136004][T16178] netlink: 40 bytes leftover after parsing attributes in process `syz.5.21064'. [ 1084.159377][T16178] bridge0: port 1(bridge_slave_0) entered disabled state [ 1084.187116][T16178] netlink: 'syz.5.21064': attribute type 3 has an invalid length. [ 1084.197803][T16178] netlink: 1 bytes leftover after parsing attributes in process `syz.5.21064'. [ 1084.512715][T16196] netlink: 40 bytes leftover after parsing attributes in process `syz.4.21080'. [ 1084.554771][T16196] netlink: 'syz.4.21080': attribute type 3 has an invalid length. [ 1084.566103][T16196] netlink: 1 bytes leftover after parsing attributes in process `syz.4.21080'. [ 1085.452874][T16244] netlink: 40 bytes leftover after parsing attributes in process `syz.6.21086'. [ 1085.478439][T16244] bridge0: port 1(bridge_slave_0) entered disabled state [ 1085.486931][T16244] netlink: 'syz.6.21086': attribute type 3 has an invalid length. [ 1085.502166][T16244] netlink: 1 bytes leftover after parsing attributes in process `syz.6.21086'. [ 1085.798366][T16266] bond_slave_1: mtu less than device minimum [ 1087.236675][T16327] tap0: tun_chr_ioctl cmd 2147767519 [ 1088.465188][T16360] netlink: 'syz.1.21141': attribute type 11 has an invalid length. [ 1088.514130][T16360] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.21141'. [ 1088.608484][T16357] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1089.631151][T16404] netlink: 'syz.1.21163': attribute type 29 has an invalid length. [ 1089.648047][T16404] netlink: 'syz.1.21163': attribute type 29 has an invalid length. [ 1089.662335][T16404] netlink: 'syz.1.21163': attribute type 29 has an invalid length. [ 1089.676593][T16404] netlink: 'syz.1.21163': attribute type 29 has an invalid length. [ 1090.373802][T16441] bond_slave_1: mtu less than device minimum [ 1090.596674][T16452] tap0: tun_chr_ioctl cmd 35590 [ 1090.666545][T16455] netlink: 60 bytes leftover after parsing attributes in process `syz.6.21189'. [ 1091.770664][T16477] netlink: 148 bytes leftover after parsing attributes in process `syz.1.21197'. [ 1091.851772][T16483] netlink: 'syz.7.21200': attribute type 29 has an invalid length. [ 1091.876553][T16483] netlink: 'syz.7.21200': attribute type 29 has an invalid length. [ 1091.909372][T16486] netlink: 'syz.7.21200': attribute type 29 has an invalid length. [ 1091.951680][T16483] netlink: 'syz.7.21200': attribute type 29 has an invalid length. [ 1092.073933][T16492] netlink: 64859 bytes leftover after parsing attributes in process `syz.6.21206'. [ 1092.361734][T16511] tap0: tun_chr_ioctl cmd 2147767519 [ 1092.422061][T16517] netlink: 'syz.7.21216': attribute type 29 has an invalid length. [ 1092.448069][T16517] netlink: 'syz.7.21216': attribute type 29 has an invalid length. [ 1092.725946][T16530] tap0: tun_chr_ioctl cmd 35590 [ 1093.388438][T16556] tap0: tun_chr_ioctl cmd 2147767519 [ 1093.639894][T16566] tap0: tun_chr_ioctl cmd 35590 [ 1093.700883][T16572] netlink: 60 bytes leftover after parsing attributes in process `syz.7.21243'. [ 1093.906510][T16581] netlink: 148 bytes leftover after parsing attributes in process `syz.5.21248'. [ 1095.112448][T16608] netlink: 60 bytes leftover after parsing attributes in process `syz.1.21258'. [ 1095.441197][T16620] netlink: 64859 bytes leftover after parsing attributes in process `syz.7.21263'. [ 1096.928359][T16657] netlink: 64859 bytes leftover after parsing attributes in process `syz.4.21281'. [ 1097.116137][T16661] tap0: tun_chr_ioctl cmd 2147767517 [ 1098.986804][T16685] device bridge_slave_0 left promiscuous mode [ 1098.995137][T16685] bridge0: port 1(bridge_slave_0) entered disabled state [ 1099.130357][T16700] netlink: 14513 bytes leftover after parsing attributes in process `syz.5.21302'. [ 1099.424329][T16719] tap0: tun_chr_ioctl cmd 2147767517 [ 1100.475349][T16731] netlink: 64535 bytes leftover after parsing attributes in process `syz.7.21315'. [ 1100.636195][T16737] netlink: 14513 bytes leftover after parsing attributes in process `syz.4.21318'. [ 1101.053875][T16762] tap0: tun_chr_ioctl cmd 2147767517 [ 1101.764854][T16781] netlink: 14513 bytes leftover after parsing attributes in process `syz.1.21335'. [ 1101.995412][T16785] netlink: 14513 bytes leftover after parsing attributes in process `syz.7.21350'. [ 1102.418985][T16799] tap0: tun_chr_ioctl cmd 2147767517 [ 1103.090110][T16821] netlink: 64535 bytes leftover after parsing attributes in process `syz.6.21357'. [ 1103.775771][T16832] tap0: tun_chr_ioctl cmd 2147767517 [ 1104.071277][T16853] netlink: 48 bytes leftover after parsing attributes in process `syz.1.21371'. [ 1104.110150][T16853] validate_nla: 6 callbacks suppressed [ 1104.110168][T16853] netlink: 'syz.1.21371': attribute type 8 has an invalid length. [ 1104.918666][T16881] netlink: 48 bytes leftover after parsing attributes in process `syz.5.21385'. [ 1104.935807][T16881] netlink: 'syz.5.21385': attribute type 8 has an invalid length. [ 1105.032249][T16885] netlink: 16255 bytes leftover after parsing attributes in process `syz.7.21384'. [ 1105.220259][T16895] netlink: 188 bytes leftover after parsing attributes in process `syz.1.21389'. [ 1107.022277][T16925] netlink: 48 bytes leftover after parsing attributes in process `syz.7.21401'. [ 1107.039791][T16925] netlink: 'syz.7.21401': attribute type 8 has an invalid length. [ 1107.160312][T16935] netlink: 'syz.4.21407': attribute type 10 has an invalid length. [ 1107.188844][T16935] team0: Port device syz_tun removed [ 1108.477506][T16975] netlink: 188 bytes leftover after parsing attributes in process `syz.6.21427'. [ 1110.045092][T17017] netlink: 202920 bytes leftover after parsing attributes in process `syz.5.21457'. [ 1111.630070][T17051] netlink: 15999 bytes leftover after parsing attributes in process `syz.6.21462'. [ 1112.199115][T17075] netlink: 202920 bytes leftover after parsing attributes in process `syz.1.21471'. [ 1112.415831][T17085] netlink: 'syz.7.21477': attribute type 29 has an invalid length. [ 1112.445192][T17085] netlink: 'syz.7.21477': attribute type 29 has an invalid length. [ 1112.477961][T17086] netlink: 'syz.7.21477': attribute type 29 has an invalid length. [ 1112.495325][T17085] netlink: 'syz.7.21477': attribute type 29 has an invalid length. [ 1113.013314][T17111] netlink: 202920 bytes leftover after parsing attributes in process `syz.7.21489'. [ 1113.714298][T17140] netlink: 202920 bytes leftover after parsing attributes in process `syz.6.21504'. [ 1114.161739][T17167] netlink: 15999 bytes leftover after parsing attributes in process `syz.5.21515'. [ 1114.341697][T17171] netlink: 16255 bytes leftover after parsing attributes in process `syz.5.21518'. [ 1114.704610][T17193] netlink: 15999 bytes leftover after parsing attributes in process `syz.4.21529'. [ 1114.960596][T17203] netlink: 148 bytes leftover after parsing attributes in process `syz.4.21534'. [ 1115.828095][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 1115.834504][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 1117.437306][T17305] netlink: 148 bytes leftover after parsing attributes in process `syz.1.21580'. [ 1117.908481][T17333] netlink: 'syz.7.21604': attribute type 21 has an invalid length. [ 1117.925667][T17333] netlink: 14548 bytes leftover after parsing attributes in process `syz.7.21604'. [ 1118.069990][T17343] netlink: 148 bytes leftover after parsing attributes in process `syz.5.21595'. [ 1118.445689][T17357] netlink: 16255 bytes leftover after parsing attributes in process `syz.5.21599'. [ 1118.639664][T17368] netlink: 'syz.6.21608': attribute type 29 has an invalid length. [ 1118.658208][T17368] netlink: 'syz.6.21608': attribute type 29 has an invalid length. [ 1118.681856][T17372] netlink: 'syz.6.21608': attribute type 29 has an invalid length. [ 1118.699103][T17368] netlink: 'syz.6.21608': attribute type 29 has an invalid length. [ 1119.866210][T17397] netlink: 'syz.6.21623': attribute type 10 has an invalid length. [ 1119.876733][T17397] netlink: 3867 bytes leftover after parsing attributes in process `syz.6.21623'. [ 1120.489280][T17422] netlink: 'syz.1.21645': attribute type 29 has an invalid length. [ 1120.517792][T17422] netlink: 'syz.1.21645': attribute type 29 has an invalid length. [ 1120.558076][T17422] netlink: 'syz.1.21645': attribute type 29 has an invalid length. [ 1120.603095][T17428] netlink: 'syz.1.21645': attribute type 29 has an invalid length. [ 1121.387828][T17457] netlink: 16255 bytes leftover after parsing attributes in process `syz.1.21650'. [ 1122.648357][T17494] netlink: 3867 bytes leftover after parsing attributes in process `syz.5.21665'. [ 1123.007812][ T4260] Bluetooth: hci4: command 0x0406 tx timeout [ 1123.857812][T17546] syzkaller0: tun_chr_ioctl cmd 1074812118 [ 1124.022406][T17559] netlink: 60 bytes leftover after parsing attributes in process `syz.7.21698'. [ 1124.071270][T17559] netlink: 60 bytes leftover after parsing attributes in process `syz.7.21698'. [ 1124.108605][T17565] validate_nla: 5 callbacks suppressed [ 1124.108624][T17565] netlink: 'syz.1.21699': attribute type 46 has an invalid length. [ 1124.137433][T17565] netlink: 44 bytes leftover after parsing attributes in process `syz.1.21699'. [ 1124.157236][T17566] netlink: 60 bytes leftover after parsing attributes in process `syz.7.21698'. [ 1124.187042][T17559] netlink: 60 bytes leftover after parsing attributes in process `syz.7.21698'. [ 1124.607890][T17591] netlink: 15999 bytes leftover after parsing attributes in process `syz.4.21712'. [ 1125.767793][T17625] tap0: tun_chr_ioctl cmd 1074025677 [ 1125.773283][T17625] tap0: linktype set to 65534 [ 1126.582975][T17649] syzkaller0: tun_chr_ioctl cmd 1074812118 [ 1126.674767][T17654] netlink: 'syz.6.21740': attribute type 46 has an invalid length. [ 1126.708456][T17654] netlink: 44 bytes leftover after parsing attributes in process `syz.6.21740'. [ 1126.850133][T17662] netlink: 60 bytes leftover after parsing attributes in process `syz.4.21741'. [ 1126.879106][T17662] netlink: 60 bytes leftover after parsing attributes in process `syz.4.21741'. [ 1127.362552][T17689] syzkaller0: tun_chr_ioctl cmd 1074812118 [ 1127.423115][T17692] netlink: 'syz.7.21756': attribute type 46 has an invalid length. [ 1127.716416][T17710] __nla_validate_parse: 8 callbacks suppressed [ 1127.716434][T17710] netlink: 15999 bytes leftover after parsing attributes in process `syz.7.21766'. [ 1127.846244][T17712] netlink: 60 bytes leftover after parsing attributes in process `syz.1.21777'. [ 1127.882806][T17712] netlink: 60 bytes leftover after parsing attributes in process `syz.1.21777'. [ 1127.913691][T17719] netlink: 60 bytes leftover after parsing attributes in process `syz.1.21777'. [ 1127.990774][T17712] netlink: 60 bytes leftover after parsing attributes in process `syz.1.21777'. [ 1128.073302][T17722] tap0: tun_chr_ioctl cmd 1074025677 [ 1128.103806][T17722] tap0: linktype set to 65534 [ 1128.313240][T17729] syzkaller0: tun_chr_ioctl cmd 1074812118 [ 1129.157056][T17761] tap0: tun_chr_ioctl cmd 1074025677 [ 1129.167892][T17761] tap0: linktype set to 65534 [ 1130.319734][T17802] netlink: 'syz.6.21809': attribute type 21 has an invalid length. [ 1131.947098][T17895] netlink: 'syz.5.21855': attribute type 21 has an invalid length. [ 1134.642984][T18022] tap0: tun_chr_ioctl cmd 1074025675 [ 1134.649090][T18022] tap0: persist disabled [ 1134.686122][T18024] netlink: 'syz.5.21917': attribute type 21 has an invalid length. [ 1134.695146][T18024] netlink: 16166 bytes leftover after parsing attributes in process `syz.5.21917'. [ 1135.360676][T18059] netlink: 'syz.7.21934': attribute type 29 has an invalid length. [ 1135.374848][T18059] netlink: 'syz.7.21934': attribute type 29 has an invalid length. [ 1136.171630][T18098] netlink: 8 bytes leftover after parsing attributes in process `syz.5.21949'. [ 1136.435549][T18109] tap0: tun_chr_ioctl cmd 1074025675 [ 1136.448062][T18109] tap0: persist disabled [ 1137.135080][T18137] netlink: 'syz.6.21970': attribute type 29 has an invalid length. [ 1137.172442][T18137] netlink: 'syz.6.21970': attribute type 29 has an invalid length. [ 1137.305885][T18149] netlink: 'syz.5.21985': attribute type 29 has an invalid length. [ 1137.342399][T18149] netlink: 'syz.5.21985': attribute type 29 has an invalid length. [ 1137.353316][T18153] tap0: tun_chr_ioctl cmd 1074025675 [ 1137.367983][T18153] tap0: persist disabled [ 1139.036912][T18240] syz.1.22016[18240] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1139.037053][T18240] syz.1.22016[18240] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1139.479382][T18255] netlink: 'syz.1.22025': attribute type 16 has an invalid length. [ 1139.529919][T18255] netlink: 48 bytes leftover after parsing attributes in process `syz.1.22025'. [ 1139.707581][T18261] syzkaller0: tun_chr_ioctl cmd 35108 [ 1140.493318][T18284] tun0: tun_chr_ioctl cmd 21731 [ 1140.517084][T18290] syz.4.22042[18290] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1140.517244][T18290] syz.4.22042[18290] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1140.922517][T18314] netlink: 'syz.6.22052': attribute type 29 has an invalid length. [ 1141.059837][T18314] netlink: 'syz.6.22052': attribute type 29 has an invalid length. [ 1141.068590][T18317] netlink: 'syz.6.22052': attribute type 29 has an invalid length. [ 1141.077121][T18318] netlink: 'syz.6.22052': attribute type 29 has an invalid length. [ 1141.271890][T18326] syz.6.22057[18326] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1141.272029][T18326] syz.6.22057[18326] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1141.491807][T18332] netlink: 'syz.6.22061': attribute type 16 has an invalid length. [ 1141.513034][T18332] netlink: 48 bytes leftover after parsing attributes in process `syz.6.22061'. [ 1142.128289][T18359] netlink: 'syz.5.22071': attribute type 29 has an invalid length. [ 1142.145988][T18359] netlink: 'syz.5.22071': attribute type 29 has an invalid length. [ 1142.165040][T18359] netlink: 'syz.5.22071': attribute type 29 has an invalid length. [ 1142.178226][T18359] netlink: 'syz.5.22071': attribute type 29 has an invalid length. [ 1142.186891][T18364] netlink: 'syz.4.22074': attribute type 16 has an invalid length. [ 1142.217850][T18364] netlink: 48 bytes leftover after parsing attributes in process `syz.4.22074'. [ 1142.407112][T18375] netlink: 9814 bytes leftover after parsing attributes in process `syz.4.22080'. [ 1143.280464][T18404] tun0: tun_chr_ioctl cmd 21731 [ 1143.434793][T18410] netlink: 2451 bytes leftover after parsing attributes in process `syz.1.22096'. [ 1143.515896][T18412] syzkaller0: tun_chr_ioctl cmd 35108 [ 1144.400043][T18453] netlink: 152 bytes leftover after parsing attributes in process `syz.6.22114'. [ 1144.741766][T18468] tun0: tun_chr_ioctl cmd 21731 [ 1145.015100][T18474] tap0: tun_chr_ioctl cmd 1074025677 [ 1145.021493][T18474] tap0: linktype set to 780 [ 1145.675781][T18502] netlink: 65039 bytes leftover after parsing attributes in process `syz.4.22133'. [ 1145.716699][T18506] netlink: 9814 bytes leftover after parsing attributes in process `syz.1.22134'. [ 1145.915808][T18512] tun0: tun_chr_ioctl cmd 21731 [ 1146.289887][T18525] netlink: 152 bytes leftover after parsing attributes in process `syz.5.22149'. [ 1146.692699][T18553] validate_nla: 10 callbacks suppressed [ 1146.692718][T18553] netlink: 'syz.1.22163': attribute type 3 has an invalid length. [ 1146.717854][T18553] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.22163'. [ 1146.786421][T18558] netlink: 152 bytes leftover after parsing attributes in process `syz.7.22164'. [ 1146.971114][T18563] netlink: 2451 bytes leftover after parsing attributes in process `syz.5.22167'. [ 1147.268168][T18581] tap0: tun_chr_ioctl cmd 1074025677 [ 1147.273920][T18581] tap0: linktype set to 780 [ 1147.454042][T18587] netlink: 152 bytes leftover after parsing attributes in process `syz.6.22179'. [ 1147.465373][T18587] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1147.627194][T18595] netlink: 'syz.7.22183': attribute type 10 has an invalid length. [ 1147.636741][T18595] bridge0: port 2(bridge_slave_1) entered disabled state [ 1147.671770][T18595] bridge0: port 2(bridge_slave_1) entered blocking state [ 1147.679023][T18595] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1147.738242][T18595] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 1148.069724][T18605] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.22187'. [ 1148.083694][T18603] netlink: 'syz.6.22186': attribute type 29 has an invalid length. [ 1148.098509][T18603] netlink: 'syz.6.22186': attribute type 29 has an invalid length. [ 1148.225955][T18610] netlink: 'syz.5.22189': attribute type 1 has an invalid length. [ 1148.257955][T18610] netlink: 16255 bytes leftover after parsing attributes in process `syz.5.22189'. [ 1148.376836][T18622] tap0: tun_chr_ioctl cmd 1074025677 [ 1148.394174][T18622] tap0: linktype set to 780 [ 1148.498102][T18629] netlink: 'syz.6.22199': attribute type 3 has an invalid length. [ 1148.505998][T18629] netlink: 105116 bytes leftover after parsing attributes in process `syz.6.22199'. [ 1148.614102][T18636] netlink: 65039 bytes leftover after parsing attributes in process `syz.7.22202'. [ 1149.003684][T18661] netlink: 152 bytes leftover after parsing attributes in process `syz.4.22215'. [ 1149.024194][T18661] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1149.290822][T18677] netlink: 'syz.5.22222': attribute type 21 has an invalid length. [ 1149.317750][T18677] netlink: 152 bytes leftover after parsing attributes in process `syz.5.22222'. [ 1149.594639][T18692] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1150.839314][T18724] netlink: 'syz.4.22245': attribute type 29 has an invalid length. [ 1150.854135][T18724] netlink: 'syz.4.22245': attribute type 29 has an invalid length. [ 1152.199014][T18747] netlink: 'syz.6.22253': attribute type 10 has an invalid length. [ 1152.908940][T18747] bridge0: port 2(bridge_slave_1) entered disabled state [ 1152.967478][T18747] bridge0: port 2(bridge_slave_1) entered blocking state [ 1152.974688][T18747] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1152.990797][T18747] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 1153.288926][T18763] netlink: 'syz.6.22261': attribute type 1 has an invalid length. [ 1153.322778][T18763] __nla_validate_parse: 2 callbacks suppressed [ 1153.322798][T18763] netlink: 16255 bytes leftover after parsing attributes in process `syz.6.22261'. [ 1153.323452][T18768] netlink: 'syz.7.22263': attribute type 2 has an invalid length. [ 1153.397826][T18768] netlink: 164 bytes leftover after parsing attributes in process `syz.7.22263'. [ 1153.511315][T18776] netlink: 188 bytes leftover after parsing attributes in process `syz.4.22267'. [ 1153.685676][T18785] netlink: 'syz.4.22271': attribute type 21 has an invalid length. [ 1153.717929][T18785] netlink: 152 bytes leftover after parsing attributes in process `syz.4.22271'. [ 1153.760022][T18790] netlink: 'syz.5.22272': attribute type 10 has an invalid length. [ 1153.786473][T18790] bridge0: port 2(bridge_slave_1) entered disabled state [ 1153.814231][T18790] bridge0: port 2(bridge_slave_1) entered blocking state [ 1153.821462][T18790] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1153.836394][T18790] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 1154.072310][T18809] netlink: 'syz.4.22292': attribute type 10 has an invalid length. [ 1154.165971][T18813] netlink: 188 bytes leftover after parsing attributes in process `syz.1.22282'. [ 1154.275074][T18818] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.22287'. [ 1155.385413][T18869] netlink: 'syz.1.22311': attribute type 4 has an invalid length. [ 1157.629239][T18975] netlink: 64859 bytes leftover after parsing attributes in process `syz.5.22358'. [ 1157.788209][T18983] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1157.850057][T18983] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1162.131700][T19049] netlink: 'syz.7.22391': attribute type 4 has an invalid length. [ 1162.238273][T19053] netlink: 'syz.1.22392': attribute type 2 has an invalid length. [ 1162.256391][T19053] netlink: 164 bytes leftover after parsing attributes in process `syz.1.22392'. [ 1165.415510][T19079] netlink: 'syz.5.22403': attribute type 4 has an invalid length. [ 1165.563852][T19087] netlink: 64859 bytes leftover after parsing attributes in process `syz.7.22407'. [ 1165.891550][T19107] netlink: 'syz.5.22425': attribute type 9 has an invalid length. [ 1165.910521][T19107] netlink: 61951 bytes leftover after parsing attributes in process `syz.5.22425'. [ 1166.645538][T19129] netlink: 64859 bytes leftover after parsing attributes in process `syz.1.22423'. [ 1168.525729][T19195] netlink: 'syz.5.22453': attribute type 29 has an invalid length. [ 1168.540562][T19195] netlink: 44 bytes leftover after parsing attributes in process `syz.5.22453'. [ 1168.557601][T19195] netlink: 'syz.5.22453': attribute type 29 has an invalid length. [ 1168.572845][T19195] netlink: 44 bytes leftover after parsing attributes in process `syz.5.22453'. [ 1170.271224][T19236] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1170.291351][T19236] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1170.394386][T19245] netlink: 'syz.1.22475': attribute type 9 has an invalid length. [ 1170.412938][T19245] netlink: 61951 bytes leftover after parsing attributes in process `syz.1.22475'. [ 1171.065324][T19276] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1171.083490][T19276] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1171.342381][T19288] netlink: 'syz.6.22494': attribute type 9 has an invalid length. [ 1171.361126][T19288] netlink: 61951 bytes leftover after parsing attributes in process `syz.6.22494'. [ 1171.672212][T19302] netlink: 'syz.1.22503': attribute type 29 has an invalid length. [ 1171.700865][T19302] netlink: 44 bytes leftover after parsing attributes in process `syz.1.22503'. [ 1171.744586][T19302] netlink: 'syz.1.22503': attribute type 29 has an invalid length. [ 1171.771135][T19302] netlink: 44 bytes leftover after parsing attributes in process `syz.1.22503'. [ 1174.207912][ T4260] Bluetooth: hci2: command 0x0406 tx timeout [ 1174.214007][ T4260] Bluetooth: hci3: command 0x0406 tx timeout [ 1174.862834][T19341] netlink: 61959 bytes leftover after parsing attributes in process `syz.1.22519'. [ 1174.886033][T19341] tc_dump_action: action bad kind [ 1175.009176][T19346] netlink: 'syz.7.22521': attribute type 29 has an invalid length. [ 1175.023610][T19346] netlink: 44 bytes leftover after parsing attributes in process `syz.7.22521'. [ 1175.052138][T19346] netlink: 'syz.7.22521': attribute type 29 has an invalid length. [ 1175.067872][T19346] netlink: 44 bytes leftover after parsing attributes in process `syz.7.22521'. [ 1175.171780][T19354] netlink: 'syz.5.22525': attribute type 29 has an invalid length. [ 1175.185510][T19354] netlink: 'syz.5.22525': attribute type 29 has an invalid length. [ 1175.197001][T19353] bridge0: port 1(veth0_to_bond) entered blocking state [ 1175.209600][T19353] bridge0: port 1(veth0_to_bond) entered disabled state [ 1175.220928][T19353] device veth0_to_bond entered promiscuous mode [ 1175.228838][T19353] bridge0: port 1(veth0_to_bond) entered blocking state [ 1175.236308][T19353] bridge0: port 1(veth0_to_bond) entered forwarding state [ 1175.251834][T19354] netlink: 'syz.5.22525': attribute type 29 has an invalid length. [ 1175.264174][T19355] netlink: 'syz.5.22525': attribute type 29 has an invalid length. [ 1175.915774][T19368] netlink: 61959 bytes leftover after parsing attributes in process `syz.6.22542'. [ 1175.927615][T19368] tc_dump_action: action bad kind [ 1177.252669][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.259042][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 1178.495325][T19384] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1178.523228][T19384] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1178.903690][T19401] netlink: 61959 bytes leftover after parsing attributes in process `syz.4.22546'. [ 1178.927535][T19401] tc_dump_action: action bad kind [ 1179.441121][T19417] tap0: tun_chr_ioctl cmd 1074812118 [ 1180.143557][T19446] tun0: tun_chr_ioctl cmd 1074025681 [ 1180.261605][T19452] tap0: tun_chr_ioctl cmd 1074812118 [ 1180.282786][T19456] netlink: 152 bytes leftover after parsing attributes in process `syz.4.22574'. [ 1180.471264][T19468] netlink: 152 bytes leftover after parsing attributes in process `syz.1.22588'. [ 1180.793541][T19488] tap0: tun_chr_ioctl cmd 1074812118 [ 1180.919004][T19497] netlink: 152 bytes leftover after parsing attributes in process `syz.5.22592'. [ 1181.644918][T19533] tap0: tun_chr_ioctl cmd 1074812118 [ 1181.933339][T19539] tap0: tun_chr_ioctl cmd 1074025677 [ 1181.938906][T19539] tap0: linktype set to 821 [ 1182.572367][T19548] tun0: tun_chr_ioctl cmd 2147767507 [ 1183.662934][T19577] tun0: tun_chr_ioctl cmd 1074025680 [ 1183.813123][T19581] netlink: 'syz.5.22628': attribute type 49 has an invalid length. [ 1183.825916][T19581] netlink: 'syz.5.22628': attribute type 49 has an invalid length. [ 1184.935222][T19599] tap0: tun_chr_ioctl cmd 1074025677 [ 1184.943408][T19599] tap0: linktype set to 768 [ 1186.947785][T19603] tun0: tun_chr_ioctl cmd 2147767507 [ 1190.931953][T19662] netlink: 40 bytes leftover after parsing attributes in process `syz.7.22662'. [ 1191.196236][T19679] tun0: tun_chr_ioctl cmd 2147767507 [ 1191.493748][T19689] netlink: 'syz.6.22674': attribute type 49 has an invalid length. [ 1191.555652][T19685] netlink: 40 bytes leftover after parsing attributes in process `syz.5.22673'. [ 1191.571363][T19685] netlink: 8 bytes leftover after parsing attributes in process `syz.5.22673'. [ 1191.582241][T19685] netlink: 8 bytes leftover after parsing attributes in process `syz.5.22673'. [ 1191.593746][T19685] netlink: 8 bytes leftover after parsing attributes in process `syz.5.22673'. [ 1191.621099][T19689] netlink: 'syz.6.22674': attribute type 49 has an invalid length. [ 1191.931453][T19695] tap0: tun_chr_ioctl cmd 1074025677 [ 1191.947141][T19695] tap0: linktype set to 768 [ 1192.317966][T19717] tun0: tun_chr_ioctl cmd 2147767507 [ 1192.372974][T19720] tun0: tun_chr_ioctl cmd 1074025680 [ 1192.413842][T19726] netlink: 'syz.7.22690': attribute type 21 has an invalid length. [ 1192.457396][T19726] netlink: 'syz.7.22690': attribute type 1 has an invalid length. [ 1192.494469][T19726] netlink: 16050 bytes leftover after parsing attributes in process `syz.7.22690'. [ 1192.611551][ C0] bridge0: received packet on veth0_to_bond with own address as source address (addr:aa:aa:aa:aa:aa:17, vlan:0) [ 1193.641689][T19762] tun0: tun_chr_ioctl cmd 2147767507 [ 1193.747305][T19769] netlink: 'syz.7.22709': attribute type 29 has an invalid length. [ 1193.760731][T19769] netlink: 'syz.7.22709': attribute type 29 has an invalid length. [ 1193.780054][T19769] netlink: 'syz.7.22709': attribute type 29 has an invalid length. [ 1193.804436][T19769] netlink: 'syz.7.22709': attribute type 29 has an invalid length. [ 1194.191783][T19796] netlink: 40 bytes leftover after parsing attributes in process `syz.4.22726'. [ 1194.217823][T19796] netlink: 8 bytes leftover after parsing attributes in process `syz.4.22726'. [ 1194.454940][T19811] netlink: 'syz.1.22732': attribute type 29 has an invalid length. [ 1194.464366][T19811] netlink: 'syz.1.22732': attribute type 29 has an invalid length. [ 1195.204479][T19819] netlink: 16050 bytes leftover after parsing attributes in process `syz.1.22745'. [ 1195.736135][T19842] tun0: tun_chr_ioctl cmd 1074025680 [ 1195.795145][T19845] netlink: 2418 bytes leftover after parsing attributes in process `syz.6.22744'. [ 1196.363571][T19857] netlink: 152 bytes leftover after parsing attributes in process `syz.7.22755'. [ 1196.386639][T19857] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1196.643487][T19875] validate_nla: 6 callbacks suppressed [ 1196.643504][T19875] netlink: 'syz.1.22763': attribute type 1 has an invalid length. [ 1196.678718][T19875] netlink: 5 bytes leftover after parsing attributes in process `syz.1.22763'. [ 1196.974253][T19892] netlink: 'syz.5.22767': attribute type 21 has an invalid length. [ 1196.983904][T19892] netlink: 'syz.5.22767': attribute type 1 has an invalid length. [ 1196.996070][T19892] netlink: 16050 bytes leftover after parsing attributes in process `syz.5.22767'. [ 1197.820819][T19909] netlink: 'syz.1.22773': attribute type 49 has an invalid length. [ 1198.210604][T19929] netlink: 'syz.4.22784': attribute type 27 has an invalid length. [ 1198.227904][T19929] netlink: 2418 bytes leftover after parsing attributes in process `syz.4.22784'. [ 1199.148448][T19948] netlink: 'syz.5.22792': attribute type 10 has an invalid length. [ 1199.167882][T19948] netlink: 152 bytes leftover after parsing attributes in process `syz.5.22792'. [ 1199.208335][T19948] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1199.462570][T19960] netlink: 'syz.7.22799': attribute type 5 has an invalid length. [ 1203.821152][T20063] netlink: 'syz.1.22845': attribute type 5 has an invalid length. [ 1204.280710][T20084] tun0: tun_chr_ioctl cmd 1074025672 [ 1204.303969][T20084] tun0: ignored: set checksum enabled [ 1204.503385][T20096] netlink: 'syz.4.22860': attribute type 5 has an invalid length. [ 1205.197981][T20128] tun0: tun_chr_ioctl cmd 1074025672 [ 1205.206885][T20128] tun0: ignored: set checksum enabled [ 1205.613415][T20146] netlink: 4031 bytes leftover after parsing attributes in process `syz.1.22892'. [ 1206.910166][T20205] netlink: 60 bytes leftover after parsing attributes in process `syz.4.22908'. [ 1206.921491][T20205] netlink: 60 bytes leftover after parsing attributes in process `syz.4.22908'. [ 1206.941669][T20204] netlink: 60 bytes leftover after parsing attributes in process `syz.4.22908'. [ 1206.954312][T20205] netlink: 60 bytes leftover after parsing attributes in process `syz.4.22908'. [ 1207.055167][T20209] tun0: tun_chr_ioctl cmd 1074025672 [ 1207.086284][T20209] tun0: ignored: set checksum enabled [ 1208.481893][T20242] netlink: 4031 bytes leftover after parsing attributes in process `syz.5.22925'. [ 1208.616758][T20246] netlink: 40 bytes leftover after parsing attributes in process `syz.1.22928'. [ 1208.631056][T20246] netlink: 3 bytes leftover after parsing attributes in process `syz.1.22928'. [ 1208.640879][T20245] tun0: tun_chr_ioctl cmd 1074025672 [ 1208.646306][T20245] tun0: ignored: set checksum enabled [ 1208.848303][T20253] netlink: 60 bytes leftover after parsing attributes in process `syz.1.22930'. [ 1210.402195][T20253] netlink: 60 bytes leftover after parsing attributes in process `syz.1.22930'. [ 1210.423841][T20260] netlink: 'syz.6.22933': attribute type 10 has an invalid length. [ 1210.625275][T20274] __nla_validate_parse: 6 callbacks suppressed [ 1210.625293][T20274] netlink: 4031 bytes leftover after parsing attributes in process `syz.4.22940'. [ 1210.978323][T20294] tap0: tun_chr_ioctl cmd 1074025681 [ 1211.089510][T20297] pim6reg0: tun_chr_ioctl cmd 1074025688 [ 1211.924346][T20341] netlink: 60 bytes leftover after parsing attributes in process `syz.6.22953'. [ 1211.957923][T20343] netlink: 14556 bytes leftover after parsing attributes in process `syz.1.22969'. [ 1212.122823][T20341] netlink: 60 bytes leftover after parsing attributes in process `syz.6.22953'. [ 1212.143779][T20354] netlink: 40 bytes leftover after parsing attributes in process `syz.5.22974'. [ 1212.158454][T20354] netlink: 3 bytes leftover after parsing attributes in process `syz.5.22974'. [ 1212.184485][T20354] netlink: 3 bytes leftover after parsing attributes in process `syz.5.22974'. [ 1212.201460][T20354] netlink: 3 bytes leftover after parsing attributes in process `syz.5.22974'. [ 1212.221464][T20338] netlink: 60 bytes leftover after parsing attributes in process `syz.6.22953'. [ 1212.264951][T20346] netlink: 60 bytes leftover after parsing attributes in process `syz.6.22953'. [ 1212.688764][T20384] tap0: tun_chr_ioctl cmd 1074025681 [ 1213.102209][T20416] netlink: 'syz.4.23011': attribute type 29 has an invalid length. [ 1213.112310][T20416] netlink: 'syz.4.23011': attribute type 29 has an invalid length. [ 1213.277700][T20425] tap0: tun_chr_ioctl cmd 1074025681 [ 1213.377356][T20431] netlink: 'syz.6.23002': attribute type 21 has an invalid length. [ 1213.627433][T20449] netlink: 'syz.1.23015': attribute type 29 has an invalid length. [ 1213.644292][T20449] netlink: 'syz.1.23015': attribute type 29 has an invalid length. [ 1213.763720][T20454] netlink: 'syz.1.23019': attribute type 10 has an invalid length. [ 1213.809966][T20456] netlink: 'syz.4.23020': attribute type 13 has an invalid length. [ 1214.048412][T20470] ip6erspan0: tun_chr_ioctl cmd 2148553947 [ 1214.351151][T20490] pim6reg0: tun_chr_ioctl cmd 1074025688 [ 1214.909260][T20527] netlink: 'syz.7.23053': attribute type 21 has an invalid length. [ 1215.689278][T20556] netlink: 'syz.5.23065': attribute type 10 has an invalid length. [ 1215.697235][T20556] __nla_validate_parse: 18 callbacks suppressed [ 1215.697248][T20556] netlink: 148 bytes leftover after parsing attributes in process `syz.5.23065'. [ 1215.740932][T20558] netlink: 'syz.4.23067': attribute type 21 has an invalid length. [ 1215.749610][T20558] netlink: 168 bytes leftover after parsing attributes in process `syz.4.23067'. [ 1215.900877][T20568] netlink: 60 bytes leftover after parsing attributes in process `syz.4.23071'. [ 1215.917798][T20568] netlink: 60 bytes leftover after parsing attributes in process `syz.4.23071'. [ 1215.939823][T20568] netlink: 60 bytes leftover after parsing attributes in process `syz.4.23071'. [ 1215.963542][T20568] netlink: 60 bytes leftover after parsing attributes in process `syz.4.23071'. [ 1216.266417][T20592] netlink: 'syz.7.23082': attribute type 10 has an invalid length. [ 1216.275281][T20592] netlink: 148 bytes leftover after parsing attributes in process `syz.7.23082'. [ 1216.319254][T20594] netlink: 'syz.1.23085': attribute type 13 has an invalid length. [ 1216.327356][T20594] netlink: 61967 bytes leftover after parsing attributes in process `syz.1.23085'. [ 1216.433918][T20602] netlink: 60 bytes leftover after parsing attributes in process `syz.1.23088'. [ 1216.455778][T20602] netlink: 60 bytes leftover after parsing attributes in process `syz.1.23088'. [ 1216.945600][T20630] netlink: 'syz.6.23098': attribute type 10 has an invalid length. [ 1218.567487][T20715] IPv6: Can't replace route, no match found [ 1220.478747][T20782] IPv6: Can't replace route, no match found [ 1222.220964][T20878] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 1222.226958][T20878] syzkaller0: linktype set to 270 [ 1223.021164][T20922] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 1223.029777][T20922] syzkaller0: linktype set to 270 [ 1223.570451][T20948] delete_channel: no stack [ 1223.590880][T20948] delete_channel: no stack [ 1223.785019][T20958] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 1223.798073][T20958] syzkaller0: linktype set to 270 [ 1224.594419][T20994] __nla_validate_parse: 14 callbacks suppressed [ 1224.594441][T20994] netlink: 154020 bytes leftover after parsing attributes in process `syz.1.23269'. [ 1224.639147][T20994] openvswitch: netlink: ufid size 48894 bytes exceeds the range (1, 16) [ 1225.260108][T21032] netlink: 154020 bytes leftover after parsing attributes in process `syz.5.23287'. [ 1225.282563][T21032] openvswitch: netlink: ufid size 48894 bytes exceeds the range (1, 16) [ 1225.522912][T21050] netlink: 'syz.5.23297': attribute type 3 has an invalid length. [ 1225.540907][T21050] netlink: 105116 bytes leftover after parsing attributes in process `syz.5.23297'. [ 1225.737373][T21063] netlink: 154020 bytes leftover after parsing attributes in process `syz.7.23302'. [ 1225.753020][T21063] openvswitch: netlink: ufid size 48894 bytes exceeds the range (1, 16) [ 1225.930158][T21073] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1225.937460][T21073] IPv6: NLM_F_CREATE should be set when creating new route [ 1225.944774][T21073] IPv6: NLM_F_CREATE should be set when creating new route [ 1225.952110][T21073] IPv6: NLM_F_CREATE should be set when creating new route [ 1226.430867][T21103] dvmrp1: tun_chr_ioctl cmd 2148553947 [ 1226.904812][T21125] netlink: 'syz.7.23329': attribute type 3 has an invalid length. [ 1226.913526][T21125] netlink: 105116 bytes leftover after parsing attributes in process `syz.7.23329'. [ 1227.380299][T21152] netlink: 'syz.1.23342': attribute type 3 has an invalid length. [ 1227.393062][T21152] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.23342'. [ 1227.541882][T21160] netlink: 830 bytes leftover after parsing attributes in process `syz.7.23346'. [ 1227.689137][T21165] dvmrp1: tun_chr_ioctl cmd 2148553947 [ 1227.891748][T21177] netlink: 'syz.7.23353': attribute type 46 has an invalid length. [ 1228.032910][T21183] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1228.040183][T21183] IPv6: NLM_F_CREATE should be set when creating new route [ 1228.047473][T21183] IPv6: NLM_F_CREATE should be set when creating new route [ 1228.054759][T21183] IPv6: NLM_F_CREATE should be set when creating new route [ 1228.749182][T21217] netlink: 14 bytes leftover after parsing attributes in process `syz.7.23372'. [ 1228.766158][T21219] netlink: 'syz.4.23373': attribute type 5 has an invalid length. [ 1228.784554][T21219] netlink: 'syz.4.23373': attribute type 5 has an invalid length. [ 1229.340751][T21255] netlink: 'syz.1.23388': attribute type 46 has an invalid length. [ 1229.464541][T21263] netlink: 14 bytes leftover after parsing attributes in process `syz.4.23391'. [ 1229.620557][T21270] tun0: tun_chr_ioctl cmd 1074025673 [ 1229.646508][T21274] netlink: 830 bytes leftover after parsing attributes in process `syz.1.23400'. [ 1229.795330][T21285] netlink: 'syz.5.23405': attribute type 46 has an invalid length. [ 1229.929014][T21292] netlink: 'syz.5.23418': attribute type 5 has an invalid length. [ 1229.952623][T21292] netlink: 'syz.5.23418': attribute type 5 has an invalid length. [ 1230.435824][T21318] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 1230.447196][T21318] syzkaller0: linktype set to 1 [ 1230.874260][T21341] netlink: 48 bytes leftover after parsing attributes in process `syz.7.23429'. [ 1231.569048][T21365] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 1231.594523][T21365] syzkaller0: linktype set to 1 [ 1231.928105][T21381] tap0: tun_chr_ioctl cmd 2147767520 [ 1231.950753][T21384] tun0: tun_chr_ioctl cmd 1074025673 [ 1233.467854][T21455] tap0: tun_chr_ioctl cmd 2147767520 [ 1233.609963][T21461] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 1233.615922][T21461] syzkaller0: linktype set to 778 [ 1234.037737][T21485] tap0: tun_chr_ioctl cmd 2147767520 [ 1234.395234][T21509] netlink: 'syz.4.23510': attribute type 2 has an invalid length. [ 1234.428347][T21509] netlink: 17267 bytes leftover after parsing attributes in process `syz.4.23510'. [ 1234.463974][T21511] netlink: 16186 bytes leftover after parsing attributes in process `syz.5.23511'. [ 1234.615066][T21523] tap0: tun_chr_ioctl cmd 2147767520 [ 1236.397840][T21572] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 1236.403817][T21572] syzkaller0: linktype set to 778 [ 1236.510659][T21579] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.23544'. [ 1236.633594][T21587] netlink: 40 bytes leftover after parsing attributes in process `syz.7.23548'. [ 1236.913926][T21604] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 1236.920006][T21604] syzkaller0: linktype set to 778 [ 1237.247534][T21612] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.23558'. [ 1237.522053][T21628] Â: renamed from pim6reg1 [ 1237.925331][T21642] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1237.934094][T21642] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1237.961180][T21642] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1237.970175][T21642] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1238.592478][T21651] netlink: 'syz.1.23578': attribute type 2 has an invalid length. [ 1238.600829][T21651] netlink: 17267 bytes leftover after parsing attributes in process `syz.1.23578'. [ 1238.691863][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 1238.698232][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 1240.497889][T21702] Â: renamed from pim6reg1 [ 1240.953567][T21724] netlink: 'syz.4.23611': attribute type 21 has an invalid length. [ 1240.977819][T21724] netlink: 'syz.4.23611': attribute type 1 has an invalid length. [ 1240.985987][T21724] netlink: 14374 bytes leftover after parsing attributes in process `syz.4.23611'. [ 1241.255860][T21738] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1241.263538][T21738] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1241.272241][T21738] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1241.288196][T21738] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1241.816049][T21754] Â: renamed from pim6reg1 [ 1242.295007][T21768] netlink: 'syz.5.23642': attribute type 21 has an invalid length. [ 1242.310889][T21767] netlink: 'syz.7.23630': attribute type 29 has an invalid length. [ 1242.312805][T21768] netlink: 'syz.5.23642': attribute type 1 has an invalid length. [ 1242.344582][T21768] netlink: 14374 bytes leftover after parsing attributes in process `syz.5.23642'. [ 1242.366860][T21767] netlink: 'syz.7.23630': attribute type 29 has an invalid length. [ 1242.403950][T21770] netlink: 'syz.7.23630': attribute type 29 has an invalid length. [ 1242.443602][T21767] netlink: 'syz.7.23630': attribute type 29 has an invalid length. [ 1242.894753][T21790] netlink: 'syz.1.23641': attribute type 4 has an invalid length. [ 1242.912966][T21790] netlink: 152 bytes leftover after parsing attributes in process `syz.1.23641'. [ 1242.955929][T21790] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 1243.090405][T21796] Â: renamed from pim6reg1 [ 1245.931765][T21874] Â: renamed from pim6reg1 [ 1246.510108][T21904] Â: renamed from pim6reg1 [ 1246.900564][T21923] netlink: 'syz.5.23697': attribute type 4 has an invalid length. [ 1246.910530][T21923] netlink: 152 bytes leftover after parsing attributes in process `syz.5.23697'. [ 1246.971149][T21923] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 1247.111338][T21929] netlink: 'syz.5.23711': attribute type 3 has an invalid length. [ 1247.120460][T21929] netlink: 105116 bytes leftover after parsing attributes in process `syz.5.23711'. [ 1248.600801][T21969] netlink: 'syz.4.23721': attribute type 3 has an invalid length. [ 1248.620641][T21969] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.23721'. [ 1248.838133][T21981] netlink: 60 bytes leftover after parsing attributes in process `syz.1.23726'. [ 1248.849533][T21981] netlink: 60 bytes leftover after parsing attributes in process `syz.1.23726'. [ 1248.887132][T21979] netlink: 60 bytes leftover after parsing attributes in process `syz.1.23726'. [ 1248.916930][T21987] netlink: 60 bytes leftover after parsing attributes in process `syz.1.23726'. [ 1249.012726][T21993] pimreg0: tun_chr_ioctl cmd 1074025677 [ 1249.024527][T21993] pimreg0: linktype set to 769 [ 1249.716559][T22030] netlink: 'syz.5.23748': attribute type 29 has an invalid length. [ 1249.735530][T22030] netlink: 'syz.5.23748': attribute type 29 has an invalid length. [ 1249.758345][T22030] netlink: 'syz.5.23748': attribute type 29 has an invalid length. [ 1249.779378][T22030] netlink: 'syz.5.23748': attribute type 29 has an invalid length. [ 1250.960694][T22112] netlink: 'syz.4.23788': attribute type 2 has an invalid length. [ 1250.978099][T22112] netlink: 17267 bytes leftover after parsing attributes in process `syz.4.23788'. [ 1251.265494][T22129] pimreg0: tun_chr_ioctl cmd 1074025677 [ 1251.277964][T22129] pimreg0: linktype set to 769 [ 1251.386514][T22138] netlink: 60 bytes leftover after parsing attributes in process `syz.4.23799'. [ 1251.398613][T22138] netlink: 60 bytes leftover after parsing attributes in process `syz.4.23799'. [ 1251.408151][T22135] netlink: 60 bytes leftover after parsing attributes in process `syz.4.23799'. [ 1251.420427][T22138] netlink: 60 bytes leftover after parsing attributes in process `syz.4.23799'. [ 1251.503328][T22144] pimreg0: tun_chr_ioctl cmd 1074025677 [ 1251.509112][T22144] pimreg0: linktype set to 769 [ 1252.023467][T22157] netlink: 'syz.5.23808': attribute type 2 has an invalid length. [ 1252.480961][T22187] netlink: 'syz.7.23826': attribute type 2 has an invalid length. [ 1254.827147][T22303] __nla_validate_parse: 3 callbacks suppressed [ 1254.827164][T22303] netlink: 15998 bytes leftover after parsing attributes in process `syz.7.23880'. [ 1255.739351][T22352] netlink: 15998 bytes leftover after parsing attributes in process `syz.4.23902'. [ 1256.327392][T22385] netlink: 15998 bytes leftover after parsing attributes in process `syz.1.23918'. [ 1258.523264][T22463] netlink: 65039 bytes leftover after parsing attributes in process `syz.5.23950'. [ 1258.538115][T22464] netlink: 'syz.7.23949': attribute type 17 has an invalid length. [ 1259.159753][ T4249] cgroup: fork rejected by pids controller in /syz4 [ 1260.008956][T22495] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1260.104213][T22495] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1260.213379][T22495] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1260.538469][ T4260] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1260.571288][ T4260] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1260.579346][ T4260] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1260.588904][ T4260] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1260.596501][ T4260] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1260.604532][ T4260] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1260.619509][T22495] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1261.337107][T22530] chnl_net:caif_netlink_parms(): no params data found [ 1261.356420][T22495] device 0 left promiscuous mode [ 1261.906685][T22530] bridge0: port 1(bridge_slave_0) entered blocking state [ 1261.917504][T22530] bridge0: port 1(bridge_slave_0) entered disabled state [ 1261.939948][T22530] device bridge_slave_0 entered promiscuous mode [ 1262.058051][T22530] bridge0: port 2(bridge_slave_1) entered blocking state [ 1262.065227][T22530] bridge0: port 2(bridge_slave_1) entered disabled state [ 1262.080260][T22530] device bridge_slave_1 entered promiscuous mode [ 1262.130880][T22530] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1262.161642][T22530] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1262.186582][T22530] team0: Port device team_slave_0 added [ 1262.194897][T22530] team0: Port device team_slave_1 added [ 1262.213776][T22530] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1262.221027][T22530] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1262.247071][T22530] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1262.259426][T22530] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1262.266402][T22530] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1262.293397][T22530] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1262.334790][T22530] device hsr_slave_0 entered promiscuous mode [ 1262.341513][T22530] device hsr_slave_1 entered promiscuous mode [ 1262.348211][T22530] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1262.355773][T22530] Cannot create hsr debugfs directory [ 1262.688106][T13032] Bluetooth: hci1: command 0x0409 tx timeout [ 1262.939612][T22530] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1262.958957][T22530] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1262.973501][T22530] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1262.992376][T22530] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1263.222430][T22530] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1263.245826][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1263.255103][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1263.312099][T22530] 8021q: adding VLAN 0 to HW filter on device team0 [ 1263.331637][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1263.346068][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1263.355554][T22510] bridge0: port 1(bridge_slave_0) entered blocking state [ 1263.362720][T22510] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1263.396405][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1263.454330][T22495] device veth0_macvtap left promiscuous mode [ 1263.587333][T22495] device geneve1 left promiscuous mode [ 1263.600802][T22495] team0 (unregistering): Port device geneve1 removed [ 1263.835485][T22495] device team_slave_1 left promiscuous mode [ 1263.842624][T22495] team0 (unregistering): Port device team_slave_1 removed [ 1263.991763][T22495] device dummy0 left promiscuous mode [ 1263.998138][T22495] team0 (unregistering): Port device dummy0 removed [ 1264.118241][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1264.126958][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1264.137046][T22510] bridge0: port 2(bridge_slave_1) entered blocking state [ 1264.144194][T22510] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1264.154072][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1264.162863][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1264.172895][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1264.182994][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1264.191428][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1264.200143][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1264.208842][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1264.219013][T22598] netlink: 65039 bytes leftover after parsing attributes in process `syz.6.23997'. [ 1264.231581][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1264.240261][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1264.254771][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1264.264705][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1264.282199][T22530] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1264.441004][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1264.451565][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1264.463590][T22530] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1264.617000][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1264.627569][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1264.644799][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1264.653079][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1264.662225][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1264.670982][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1264.681358][T22530] device veth0_vlan entered promiscuous mode [ 1264.692974][T22530] device veth1_vlan entered promiscuous mode [ 1264.710153][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1264.720107][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1264.728356][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1264.736763][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1264.747439][T22530] device veth0_macvtap entered promiscuous mode [ 1264.756494][T22530] device veth1_macvtap entered promiscuous mode [ 1264.767895][T13032] Bluetooth: hci1: command 0x041b tx timeout [ 1264.771662][T22530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1264.784766][T22530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1264.795822][T22530] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1264.804809][T22495] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1264.813289][T22495] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1264.822276][T22495] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1264.831334][T22495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1264.841661][T22530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1264.852266][T22530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1264.863455][T22530] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1264.871909][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1264.882691][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1264.894191][T22530] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1264.903052][T22530] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1264.912347][T22530] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1264.921223][T22530] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1264.966899][T22491] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1264.976151][T22491] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1264.992123][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1265.004258][ T4307] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1265.012501][ T4307] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1265.021793][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1265.135968][ T4245] cgroup: fork rejected by pids controller in /syz1 [ 1265.145082][T22616] netlink: 65039 bytes leftover after parsing attributes in process `syz.7.24015'. [ 1265.323927][ T4307] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1265.410329][ T4307] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1265.492890][ T4307] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1265.579851][ T4307] bond0: (slave netdevsim0): Releasing backup interface [ 1265.587556][ T4307] device netdevsim0 left promiscuous mode [ 1265.600866][ T4307] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1265.698674][T13032] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1265.718886][T13032] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1265.726737][T13032] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1265.736051][T13032] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1265.740247][ T4307] device 0 left promiscuous mode [ 1265.749438][T13032] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1265.759134][T13032] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1265.800885][ T4307] device 0 left promiscuous mode [ 1265.943955][ T4307] bond0: (slave ip6gretap0): Releasing backup interface [ 1265.954177][ T4307] device ip6gretap0 left promiscuous mode [ 1266.109678][T22633] chnl_net:caif_netlink_parms(): no params data found [ 1266.228019][T22653] syz.7.24018[22653] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1266.228177][T22653] syz.7.24018[22653] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1266.345759][T22633] bridge0: port 1(bridge_slave_0) entered blocking state [ 1266.399017][T22633] bridge0: port 1(bridge_slave_0) entered disabled state [ 1266.417334][T22633] device bridge_slave_0 entered promiscuous mode [ 1266.508807][T22633] bridge0: port 2(bridge_slave_1) entered blocking state [ 1266.516392][T22633] bridge0: port 2(bridge_slave_1) entered disabled state [ 1266.536535][T22633] device bridge_slave_1 entered promiscuous mode [ 1266.649223][T22633] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1266.702105][T22633] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1266.747074][T22633] team0: Port device team_slave_0 added [ 1266.775105][T22633] team0: Port device team_slave_1 added [ 1266.828973][T22633] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1266.835961][T22633] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1266.862300][T13032] Bluetooth: hci1: command 0x040f tx timeout [ 1266.891708][T22633] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1266.906262][T22633] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1266.913413][T22633] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1266.940124][T22633] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1266.966519][T22671] netlink: 'syz.6.24029': attribute type 13 has an invalid length. [ 1267.042303][T22671] netlink: 24859 bytes leftover after parsing attributes in process `syz.6.24029'. [ 1267.161228][T22633] device hsr_slave_0 entered promiscuous mode [ 1267.179792][T22633] device hsr_slave_1 entered promiscuous mode [ 1267.197727][T22633] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1267.205337][T22633] Cannot create hsr debugfs directory [ 1267.754392][ T4307] device wlan1 left promiscuous mode [ 1267.763220][ T4307] team0: Port device wlan1 removed [ 1267.779691][T22714] tap0: tun_chr_ioctl cmd 1074025677 [ 1267.789997][T22714] tap0: linktype set to 804 [ 1267.812258][T13032] Bluetooth: hci0: command 0x0409 tx timeout [ 1268.238420][ T4307] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface [ 1268.249810][ T4307] device batadv_slave_0 left promiscuous mode [ 1268.322458][ T4307] device team_slave_1 left promiscuous mode [ 1268.330417][ T4307] team0 (unregistering): Port device team_slave_1 removed [ 1268.375104][ T4307] device team_slave_0 left promiscuous mode [ 1268.384926][ T4307] team0 (unregistering): Port device team_slave_0 removed [ 1268.455369][ T4307] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1268.466308][ T4307] device bond_slave_1 left promiscuous mode [ 1268.759598][ T4307] device dummy0 left promiscuous mode [ 1268.775742][ T4307] team0 (unregistering): Port device dummy0 removed [ 1268.927791][T13032] Bluetooth: hci1: command 0x0419 tx timeout [ 1269.085031][ T4307] bond0 (unregistering): Released all slaves [ 1269.128215][T22742] netlink: 'syz.4.24061': attribute type 2 has an invalid length. [ 1269.136059][T22742] netlink: 132 bytes leftover after parsing attributes in process `syz.4.24061'. [ 1269.251232][T22633] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1269.295974][T22759] netlink: 132 bytes leftover after parsing attributes in process `syz.7.24067'. [ 1269.324624][T22633] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1269.339209][T22633] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1269.367535][T22633] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1269.531150][T22633] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1269.546340][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1269.568981][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1269.595908][T22633] 8021q: adding VLAN 0 to HW filter on device team0 [ 1269.607312][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1269.629161][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1269.648367][T22491] bridge0: port 1(bridge_slave_0) entered blocking state [ 1269.655565][T22491] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1269.676600][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1269.702543][T22773] netlink: 'syz.7.24072': attribute type 4 has an invalid length. [ 1269.705951][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1269.711662][T22773] netlink: 199836 bytes leftover after parsing attributes in process `syz.7.24072'. [ 1269.728236][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1269.737004][T22491] bridge0: port 2(bridge_slave_1) entered blocking state [ 1269.744166][T22491] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1269.763449][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1269.798140][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1269.829026][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1269.848707][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1269.867558][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1269.887194][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1269.895997][T13032] Bluetooth: hci0: command 0x041b tx timeout [ 1269.912703][T22633] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1269.923583][T22633] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1269.936926][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1269.945293][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1269.953871][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1269.962950][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1269.972103][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1269.985356][T22491] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1270.059279][T22784] netlink: 16255 bytes leftover after parsing attributes in process `syz.4.24078'. [ 1270.248861][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1270.272501][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1270.313277][T22633] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1270.372276][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1270.388550][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1270.455495][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1270.479574][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1270.499284][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1270.513946][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1270.536624][T22633] device veth0_vlan entered promiscuous mode [ 1270.564183][T22633] device veth1_vlan entered promiscuous mode [ 1270.638378][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1270.651004][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1270.660925][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1270.675054][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1270.686412][T22633] device veth0_macvtap entered promiscuous mode [ 1270.722866][T22633] device veth1_macvtap entered promiscuous mode [ 1270.763123][T22633] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1270.785024][T22633] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.805927][T22633] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1270.835350][T22633] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.867520][T22633] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1270.876592][T22495] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1270.901345][T22495] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1270.922557][T22495] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1270.940212][T22495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1270.952253][T22633] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1270.977885][T22633] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.987989][T22633] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1271.015235][T22633] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1271.076534][T22633] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1271.120165][T22495] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1271.132602][T22495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1271.145470][T22633] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1271.169076][T22633] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1271.185345][T22633] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1271.198104][T22633] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1271.946157][ T4307] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1271.968048][T13032] Bluetooth: hci0: command 0x040f tx timeout [ 1271.988679][ T4307] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1272.006451][T22495] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1272.012330][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1272.050731][T22495] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1272.084160][T22510] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1272.317061][T22848] netlink: 'syz.1.24104': attribute type 2 has an invalid length. [ 1272.342688][T22848] netlink: 132 bytes leftover after parsing attributes in process `syz.1.24104'. [ 1272.577418][T22860] netlink: 132 bytes leftover after parsing attributes in process `syz.4.24109'. [ 1274.051799][T13032] Bluetooth: hci0: command 0x0419 tx timeout [ 1274.362633][T22942] netlink: 132 bytes leftover after parsing attributes in process `syz.1.24146'. [ 1274.727548][T22954] netlink: 'syz.7.24151': attribute type 13 has an invalid length. [ 1274.735803][T22954] netlink: 24859 bytes leftover after parsing attributes in process `syz.7.24151'. [ 1274.820377][T22958] tap0: tun_chr_ioctl cmd 1074025677 [ 1274.825861][T22958] tap0: linktype set to 804 [ 1275.053636][T22972] netlink: 'syz.5.24156': attribute type 4 has an invalid length. [ 1275.079553][T22972] netlink: 199836 bytes leftover after parsing attributes in process `syz.5.24156'. [ 1275.124810][T22976] netlink: 16255 bytes leftover after parsing attributes in process `syz.7.24160'. [ 1275.802698][T22993] netlink: 132 bytes leftover after parsing attributes in process `syz.6.24161'. [ 1276.116158][T23008] netlink: 'syz.1.24174': attribute type 4 has an invalid length. [ 1276.145051][T23008] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.24174'. [ 1278.726956][T23086] netlink: 202920 bytes leftover after parsing attributes in process `syz.6.24205'. [ 1279.743998][T23109] batman_adv: The newly added mac address (00:00:00:20:00:00) already exists on: batadv_slave_0 [ 1279.772827][T23109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1285.098771][T23262] netlink: 202920 bytes leftover after parsing attributes in process `syz.4.24282'. [ 1285.571308][T23279] netpci0: tun_chr_ioctl cmd 1074025694 [ 1288.153857][T23356] netlink: 156 bytes leftover after parsing attributes in process `syz.4.24318'. [ 1288.187562][T23357] netlink: 3291 bytes leftover after parsing attributes in process `syz.1.24319'. [ 1291.452995][T23477] netlink: 4083 bytes leftover after parsing attributes in process `syz.4.24375'. [ 1291.485885][T23477] netlink: 4083 bytes leftover after parsing attributes in process `syz.4.24375'. [ 1291.497980][T23471] netlink: 4083 bytes leftover after parsing attributes in process `syz.4.24375'. [ 1291.822667][T23489] ================================================================== [ 1291.830780][T23489] BUG: KASAN: use-after-free in dev_map_enqueue+0x3c/0x340 [ 1291.838008][T23489] Read of size 8 at addr ffff888029fc3500 by task syz.6.24379/23489 [ 1291.846007][T23489] [ 1291.848342][T23489] CPU: 0 PID: 23489 Comm: syz.6.24379 Not tainted 6.1.128-syzkaller #0 [ 1291.856598][T23489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1291.866666][T23489] Call Trace: [ 1291.869963][T23489] [ 1291.872911][T23489] dump_stack_lvl+0x1e3/0x2cb [ 1291.877601][T23489] ? nf_tcp_handle_invalid+0x642/0x642 [ 1291.883069][T23489] ? panic+0x764/0x764 [ 1291.887150][T23489] ? _printk+0xd1/0x111 [ 1291.891324][T23489] ? __virt_addr_valid+0x17f/0x530 [ 1291.896456][T23489] ? __virt_addr_valid+0x17f/0x530 [ 1291.901590][T23489] print_report+0x15f/0x4f0 [ 1291.906102][T23489] ? __virt_addr_valid+0x17f/0x530 [ 1291.911224][T23489] ? __virt_addr_valid+0x17f/0x530 [ 1291.916354][T23489] ? __virt_addr_valid+0x45b/0x530 [ 1291.921483][T23489] ? __phys_addr+0xb6/0x170 [ 1291.926000][T23489] ? dev_map_enqueue+0x3c/0x340 [ 1291.930871][T23489] kasan_report+0x136/0x160 [ 1291.935388][T23489] ? dev_map_enqueue+0x3c/0x340 [ 1291.940253][T23489] dev_map_enqueue+0x3c/0x340 [ 1291.944940][T23489] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 1291.951105][T23489] xdp_do_redirect_frame+0x323/0x660 [ 1291.956427][T23489] bpf_test_run_xdp_live+0xbf4/0x1ea0 [ 1291.961815][T23489] ? __mutex_unlock_slowpath+0x218/0x750 [ 1291.967463][T23489] ? 0xffffffffa00038c0 [ 1291.971629][T23489] ? bpf_test_run_xdp_live+0x75c/0x1ea0 [ 1291.977189][T23489] ? xdp_convert_md_to_buff+0x330/0x330 [ 1291.982747][T23489] ? bpf_dispatcher_change_prog+0xdf5/0xf80 [ 1291.988651][T23489] ? 0xffffffffa00038c0 [ 1291.992824][T23489] ? trace_raw_output_bpf_test_finish+0xd0/0xd0 [ 1291.999086][T23489] ? __might_fault+0xbd/0x110 [ 1292.003778][T23489] ? _copy_from_user+0x109/0x170 [ 1292.008733][T23489] ? bpf_test_init+0x15a/0x180 [ 1292.013505][T23489] ? xdp_convert_md_to_buff+0x5b/0x330 [ 1292.018977][T23489] bpf_prog_test_run_xdp+0x7d1/0x1130 [ 1292.024372][T23489] ? dev_put+0x80/0x80 [ 1292.028450][T23489] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 1292.034616][T23489] ? lockdep_hardirqs_on+0x94/0x130 [ 1292.039834][T23489] ? dev_put+0x80/0x80 [ 1292.043921][T23489] bpf_prog_test_run+0x32f/0x3a0 [ 1292.048870][T23489] __sys_bpf+0x3eb/0x6c0 [ 1292.053135][T23489] ? bpf_link_show_fdinfo+0x300/0x300 [ 1292.058529][T23489] ? ct_irq_exit_irqson+0x13c/0x1b0 [ 1292.063743][T23489] ? syscall_enter_from_user_mode+0x37/0x230 [ 1292.069742][T23489] __x64_sys_bpf+0x78/0x90 [ 1292.074179][T23489] do_syscall_64+0x3b/0xb0 [ 1292.078606][T23489] ? clear_bhb_loop+0x45/0xa0 [ 1292.083294][T23489] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1292.089206][T23489] RIP: 0033:0x7fa8c8d8cde9 [ 1292.093632][T23489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1292.113339][T23489] RSP: 002b:00007fa8c9b4f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1292.121772][T23489] RAX: ffffffffffffffda RBX: 00007fa8c8fa5fa0 RCX: 00007fa8c8d8cde9 [ 1292.129762][T23489] RDX: 0000000000000050 RSI: 00002000000000c0 RDI: 000000000000000a [ 1292.137747][T23489] RBP: 00007fa8c8e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1292.145736][T23489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1292.153720][T23489] R13: 0000000000000000 R14: 00007fa8c8fa5fa0 R15: 00007ffc1094c218 [ 1292.161714][T23489] [ 1292.164748][T23489] [ 1292.167076][T23489] Allocated by task 23454: [ 1292.171495][T23489] kasan_set_track+0x4b/0x70 [ 1292.176091][T23489] __kasan_kmalloc+0x97/0xb0 [ 1292.180687][T23489] copy_semundo+0xb1/0x230 [ 1292.185118][T23489] copy_process+0x1848/0x4060 [ 1292.189812][T23489] kernel_clone+0x222/0x920 [ 1292.194324][T23489] __se_sys_clone3+0x373/0x410 [ 1292.199102][T23489] do_syscall_64+0x3b/0xb0 [ 1292.203520][T23489] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1292.209427][T23489] [ 1292.211758][T23489] Freed by task 23455: [ 1292.215819][T23489] kasan_set_track+0x4b/0x70 [ 1292.220413][T23489] kasan_save_free_info+0x27/0x40 [ 1292.225441][T23489] ____kasan_slab_free+0xd6/0x120 [ 1292.230466][T23489] __kmem_cache_free+0x25c/0x3c0 [ 1292.235414][T23489] exit_sem+0x197a/0x19e0 [ 1292.239747][T23489] do_exit+0xa3f/0x26a0 [ 1292.243905][T23489] do_group_exit+0x202/0x2b0 [ 1292.248502][T23489] get_signal+0x16f7/0x17d0 [ 1292.253018][T23489] arch_do_signal_or_restart+0xb0/0x1a10 [ 1292.258651][T23489] exit_to_user_mode_loop+0x6a/0x100 [ 1292.263939][T23489] exit_to_user_mode_prepare+0xb1/0x140 [ 1292.269486][T23489] syscall_exit_to_user_mode+0x60/0x270 [ 1292.275041][T23489] do_syscall_64+0x47/0xb0 [ 1292.279459][T23489] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1292.285361][T23489] [ 1292.287681][T23489] The buggy address belongs to the object at ffff888029fc3500 [ 1292.287681][T23489] which belongs to the cache kmalloc-cg-96 of size 96 [ 1292.301821][T23489] The buggy address is located 0 bytes inside of [ 1292.301821][T23489] 96-byte region [ffff888029fc3500, ffff888029fc3560) [ 1292.314837][T23489] [ 1292.317159][T23489] The buggy address belongs to the physical page: [ 1292.323580][T23489] page:ffffea0000a7f0c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29fc3 [ 1292.333739][T23489] memcg:ffff88807f0b0801 [ 1292.337979][T23489] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 1292.345555][T23489] raw: 00fff00000000200 ffffea0001692e40 dead000000000003 ffff888017c428c0 [ 1292.354142][T23489] raw: 0000000000000000 0000000080200020 00000001ffffffff ffff88807f0b0801 [ 1292.362716][T23489] page dumped because: kasan: bad access detected [ 1292.369134][T23489] page_owner tracks the page as allocated [ 1292.374849][T23489] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 4249, tgid 4249 (syz-executor), ts 1214671612957, free_ts 1214671258000 [ 1292.393435][T23489] post_alloc_hook+0x18d/0x1b0 [ 1292.398206][T23489] get_page_from_freelist+0x3731/0x38d0 [ 1292.403755][T23489] __alloc_pages+0x28d/0x770 [ 1292.408346][T23489] alloc_slab_page+0x6a/0x150 [ 1292.413123][T23489] new_slab+0x84/0x2d0 [ 1292.417209][T23489] ___slab_alloc+0xc20/0x1270 [ 1292.421902][T23489] __kmem_cache_alloc_node+0x19f/0x260 [ 1292.427382][T23489] __kmalloc_node+0xa2/0x230 [ 1292.431986][T23489] kvmalloc_node+0x6e/0x180 [ 1292.436506][T23489] alloc_fdtable+0x154/0x280 [ 1292.441105][T23489] dup_fd+0x95c/0xca0 [ 1292.445104][T23489] copy_files+0x72/0xe0 [ 1292.449271][T23489] copy_process+0x1873/0x4060 [ 1292.453975][T23489] kernel_clone+0x222/0x920 [ 1292.458488][T23489] __x64_sys_clone+0x231/0x280 [ 1292.463267][T23489] do_syscall_64+0x3b/0xb0 [ 1292.467697][T23489] page last free stack trace: [ 1292.472377][T23489] free_unref_page_prepare+0x12a6/0x15b0 [ 1292.478030][T23489] free_unref_page+0x33/0x3e0 [ 1292.482725][T23489] __vunmap+0x873/0xa30 [ 1292.486902][T23489] do_ip6t_get_ctl+0x11df/0x18a0 [ 1292.491877][T23489] nf_getsockopt+0x28e/0x2b0 [ 1292.496482][T23489] ipv6_getsockopt+0x259/0x370 [ 1292.501247][T23489] tcp_getsockopt+0x15c/0x1c0 [ 1292.505937][T23489] __sys_getsockopt+0x2b2/0x5d0 [ 1292.510799][T23489] __x64_sys_getsockopt+0xb1/0xc0 [ 1292.515831][T23489] do_syscall_64+0x3b/0xb0 [ 1292.520250][T23489] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1292.526162][T23489] [ 1292.528486][T23489] Memory state around the buggy address: [ 1292.534116][T23489] ffff888029fc3400: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 1292.542182][T23489] ffff888029fc3480: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 1292.550245][T23489] >ffff888029fc3500: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 1292.558305][T23489] ^ [ 1292.562370][T23489] ffff888029fc3580: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc [ 1292.570436][T23489] ffff888029fc3600: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 1292.578501][T23489] ================================================================== [ 1292.586793][T23489] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1292.594001][T23489] CPU: 0 PID: 23489 Comm: syz.6.24379 Not tainted 6.1.128-syzkaller #0 [ 1292.602247][T23489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1292.612322][T23489] Call Trace: [ 1292.615605][T23489] [ 1292.618545][T23489] dump_stack_lvl+0x1e3/0x2cb [ 1292.623241][T23489] ? nf_tcp_handle_invalid+0x642/0x642 [ 1292.628708][T23489] ? panic+0x764/0x764 [ 1292.632803][T23489] ? vscnprintf+0x59/0x80 [ 1292.637148][T23489] panic+0x318/0x764 [ 1292.641053][T23489] ? print_irqtrace_events+0x210/0x210 [ 1292.646530][T23489] ? check_panic_on_warn+0x1d/0xa0 [ 1292.651652][T23489] ? memcpy_page_flushcache+0xfc/0xfc [ 1292.657034][T23489] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 1292.663194][T23489] ? lockdep_hardirqs_on+0x94/0x130 [ 1292.668406][T23489] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 1292.674573][T23489] ? dev_map_enqueue+0x3c/0x340 [ 1292.679438][T23489] check_panic_on_warn+0x7e/0xa0 [ 1292.684394][T23489] ? dev_map_enqueue+0x3c/0x340 [ 1292.689256][T23489] end_report+0x66/0x110 [ 1292.693510][T23489] kasan_report+0x143/0x160 [ 1292.698022][T23489] ? dev_map_enqueue+0x3c/0x340 [ 1292.702887][T23489] dev_map_enqueue+0x3c/0x340 [ 1292.707576][T23489] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 1292.713742][T23489] xdp_do_redirect_frame+0x323/0x660 [ 1292.719045][T23489] bpf_test_run_xdp_live+0xbf4/0x1ea0 [ 1292.724431][T23489] ? __mutex_unlock_slowpath+0x218/0x750 [ 1292.730088][T23489] ? 0xffffffffa00038c0 [ 1292.734254][T23489] ? bpf_test_run_xdp_live+0x75c/0x1ea0 [ 1292.739818][T23489] ? xdp_convert_md_to_buff+0x330/0x330 [ 1292.745366][T23489] ? bpf_dispatcher_change_prog+0xdf5/0xf80 [ 1292.751278][T23489] ? 0xffffffffa00038c0 [ 1292.755440][T23489] ? trace_raw_output_bpf_test_finish+0xd0/0xd0 [ 1292.761699][T23489] ? __might_fault+0xbd/0x110 [ 1292.766400][T23489] ? _copy_from_user+0x109/0x170 [ 1292.771366][T23489] ? bpf_test_init+0x15a/0x180 [ 1292.776142][T23489] ? xdp_convert_md_to_buff+0x5b/0x330 [ 1292.781621][T23489] bpf_prog_test_run_xdp+0x7d1/0x1130 [ 1292.787032][T23489] ? dev_put+0x80/0x80 [ 1292.791111][T23489] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 1292.797279][T23489] ? lockdep_hardirqs_on+0x94/0x130 [ 1292.802503][T23489] ? dev_put+0x80/0x80 [ 1292.806583][T23489] bpf_prog_test_run+0x32f/0x3a0 [ 1292.811534][T23489] __sys_bpf+0x3eb/0x6c0 [ 1292.815794][T23489] ? bpf_link_show_fdinfo+0x300/0x300 [ 1292.821199][T23489] ? ct_irq_exit_irqson+0x13c/0x1b0 [ 1292.826423][T23489] ? syscall_enter_from_user_mode+0x37/0x230 [ 1292.832418][T23489] __x64_sys_bpf+0x78/0x90 [ 1292.836872][T23489] do_syscall_64+0x3b/0xb0 [ 1292.841287][T23489] ? clear_bhb_loop+0x45/0xa0 [ 1292.845978][T23489] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1292.851870][T23489] RIP: 0033:0x7fa8c8d8cde9 [ 1292.856292][T23489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1292.875912][T23489] RSP: 002b:00007fa8c9b4f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1292.884357][T23489] RAX: ffffffffffffffda RBX: 00007fa8c8fa5fa0 RCX: 00007fa8c8d8cde9 [ 1292.892342][T23489] RDX: 0000000000000050 RSI: 00002000000000c0 RDI: 000000000000000a [ 1292.900335][T23489] RBP: 00007fa8c8e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1292.908317][T23489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1292.916310][T23489] R13: 0000000000000000 R14: 00007fa8c8fa5fa0 R15: 00007ffc1094c218 [ 1292.924394][T23489] [ 1292.927721][T23489] Kernel Offset: disabled [ 1292.932038][T23489] Rebooting in 86400 seconds..