last executing test programs: 3.640551935s ago: executing program 3 (id=1673): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f00000015c0)=@file={0x1, './file0\x00'}, 0x6e) recvmmsg$unix(r0, &(0x7f0000007080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1}}], 0x2, 0x2000, 0x0) sendmmsg$unix(r0, &(0x7f0000001c80)=[{{&(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000001540)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001980)=[{&(0x7f0000001640)='k', 0x1}], 0x1}}], 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x1, 0x5, 0x2, 0x4}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000440)='wlan0\x00', 0x10) setsockopt$sock_int(r3, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) r4 = socket$netlink(0x10, 0x3, 0x0) writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r4, &(0x7f0000000100)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) r5 = syz_genetlink_get_family_id$fou(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$FOU_CMD_GET(r4, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x2c, r5, 0x0, 0x70bd2d, 0x25dfdbfc, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e21}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @local}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008004}, 0x4000018) sendto$inet(r3, 0x0, 0x0, 0x400c8c6, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10) sendto$inet(r3, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003030000850000008600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000380)={'wlan1\x00'}) sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40039106}, 0xc, &(0x7f0000000400)={&(0x7f0000000580)={0x260, 0x0, 0x100, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x0, 0x37}}}}, [@NL80211_ATTR_IE={0x54, 0x2a, [@mesh_config={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1, 0x2, 0x3, 0x23}}, @supported_rates={0x1, 0x7, [{0x2}, {0x12, 0x1}, {0x29, 0x1}, {0x6}, {0x3a}, {0x3}, {0xc, 0x1}]}, @rann={0x7e, 0x15, {{0x0, 0x79}, 0x40, 0x4, @broadcast, 0x6, 0x3ff, 0x3}}, @ibss={0x6, 0x2, 0x9}, @dsss={0x3, 0x1, 0x6c}, @gcr_ga={0xbd, 0x6}, @peer_mgmt={0x75, 0x16, {0x1, 0x5, @val=0x3, @void, @val="b8c151feaf53a9b391c88a0996670a8e"}}]}, @NL80211_ATTR_PROBE_RESP={0x1e3, 0x91, "54046dc0f752e34a9c0dbc2a804298836dc09b5c6d831dce25dc4cc54d03a1695945d5496c76d115f035f15c36377dc07a24e8856ecbee77edf81fbb6953ff8f0dc1ccd1479ec6dede9790c256e584e9a78c00a59b1a0a5ea2dcd8003c7b6493e62fac941eb65c901f3d6f009227918311e0c5852aaad1c0857a770fddf0faff9a14795194d6a3b87deb59f3fc3bc505f6e0357cbbc68d42f9328a158fb7c206385f174142f31aec8eadc857804be05280495f0b5389fe3aa3da90a6289011c624d95f2e3066f451828392ed6bf68762d80cb45b7b00ddb17a0498312ac38f70c698ed03cd0310058b0469fe06263507653486205c5c9493f7e53c3c0518202c6d692eaa0ad155aad77596c6ba0eb5dee2f6eecaf1678142f7fbb41c084aa2a5019339f6736cd30587477a4904321cc75941ef210100ffcbca6c3d605e4b865608896fbcb7c531fdaf11f92bcd9b8d1b4820c5dd401990b076beff916abcf3d949f1864de04b9e89e3a3324662a1527e6e1c4afc126f6805449605679574f9d067a490f522ab2103f3077617557c8895aa2ca84a72410d41a526e9e9ec19ed91a2a47548c948282c4f39096be284adaf4338005f1856a41cfb42fb8a91e1970bc1e045ed5f2d3c5b4a57b553ea6735eaa461a1e3d56d2ca6343d2d507ff694"}]}, 0x260}, 0x1, 0x0, 0x0, 0x4010}, 0x20000034) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='ext4_allocate_inode\x00', r6}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x200000000000000) 3.130988227s ago: executing program 3 (id=1680): r0 = socket(0x400000000010, 0x5, 0x20000001) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000001440)={'pim6reg1\x00', &(0x7f0000000140)=@ethtool_gstrings={0x1b, 0x2, 0xcd, "ae5560ea62b17ab39b92f53fb9e17c3248d1d6fa07cd0bb83f6029763bd584db7661dbbec767ba693500ec7e3760ae670549d2fb97e4e8dcb9ab39b9850f0013e798ae3ab2decae3760c18db5dd1ca18ca385ae3cf913617967e7b234def6554adf93c972269a44a7dd67ef0b6b08e6f515d52383d37a0e70a44a0f6252b9eca1947d7d6d8bb84f52b6684976e46796624d24a0e4a5d1a77aebb805b206804eee80588452f22252fc631ba7e78a80f3de4f8ab4f0b274c8d24da62711680300be4c9bbbda4b73982d59bfb4da7"}}) unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) unshare(0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000800), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000000)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="08002bbd7000a24be5d059a8cc7dd18c347800000080010000000000000001410000001c0017000000000000000069623a62"], 0x38}, 0x1, 0x0, 0x0, 0x20004041}, 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0842b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66a99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca20508011132153c528f7bca92980a3223c5b9cdddedb0a14adddf9a6e70a26b5c0ee0879c349814bee9d96d8bd23db4e801d49201ae84090455682794098afa42b34196b1d849020eeeb1ef48d003d71524683d7cdfa841bca708414fb8ff49742420d1ab7fa678aa4806d5247616e8bc0b02887f8efe9310ccf9bec1c9b7f6671c9d59ac6b09b4436cafdd1887c8e884c930d21ace088ccc99a94d4b33da2fc1b1310bb607a9ad65844655de1ac9fd36d12e07a821fb950368a970c58fb4f3f403fdaf68902874"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x4}, 0x48) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x44) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x34}, 0x10) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, &(0x7f0000000280)=@broute={'broute\x00', 0x20, 0x2, 0x238, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200005c0], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000d96600000000000000000000000000000000000000000000000000001ae0000000000000feffffff0100000011000000000000008100626373663000000200080000003f000000000000000002000000ffff00000000626f6e643000000000000000000000007600000000010000005c121d00000000ffffffffffff0000000000000000000000000000000000000000d0000000d000000000010000766c616e000000ff030000002000000000000000000000000000000000000000080000000000007f0000000000000100766c616e000000000000000000000000000000000000000000000000000000000800000000000000000000063810020041554449540000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff01000000030000000000000000006970365f76746930000000000000000073797a6b616c6c6572300000000000006263736630000000000000000000000076657468305f746f5f7465616d000000aaaaaaaaaacc030000000000aaaaaaaaaaaa00000000000000007000000070000000a8000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000fcffffff0000000000000000000000000000000000000000000000000000000000000000400000000000000002000000ffffffff00000000"]}, 0x2b0) 1.949721849s ago: executing program 2 (id=1692): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f00000015c0)=@file={0x1, './file0\x00'}, 0x6e) recvmmsg$unix(r0, &(0x7f0000007080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1}}], 0x2, 0x2000, 0x0) sendmmsg$unix(r0, &(0x7f0000001c80)=[{{&(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000001540)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001980)=[{&(0x7f0000001640)='k', 0x1}], 0x1}}], 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x1, 0x5, 0x2, 0x4}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000440)='wlan0\x00', 0x10) setsockopt$sock_int(r3, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) r4 = socket$netlink(0x10, 0x3, 0x0) writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r4, &(0x7f0000000100)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) r5 = syz_genetlink_get_family_id$fou(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$FOU_CMD_GET(r4, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x2c, r5, 0x0, 0x70bd2d, 0x25dfdbfc, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e21}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @local}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008004}, 0x4000018) sendto$inet(r3, 0x0, 0x0, 0x400c8c6, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10) sendto$inet(r3, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003030000850000008600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000380)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40039106}, 0xc, &(0x7f0000000400)={&(0x7f0000000580)={0x260, 0x0, 0x100, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r7}, @val={0xc}}}, [@NL80211_ATTR_IE={0x54, 0x2a, [@mesh_config={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1, 0x2, 0x3, 0x23}}, @supported_rates={0x1, 0x7, [{0x2}, {0x12, 0x1}, {0x29, 0x1}, {0x6}, {0x3a}, {0x3}, {0xc, 0x1}]}, @rann={0x7e, 0x15, {{0x0, 0x79}, 0x40, 0x4, @broadcast, 0x6, 0x3ff, 0x3}}, @ibss={0x6, 0x2, 0x9}, @dsss={0x3, 0x1, 0x6c}, @gcr_ga={0xbd, 0x6}, @peer_mgmt={0x75, 0x16, {0x1, 0x5, @val=0x3, @void, @val="b8c151feaf53a9b391c88a0996670a8e"}}]}, @NL80211_ATTR_PROBE_RESP={0x1e3, 0x91, "54046dc0f752e34a9c0dbc2a804298836dc09b5c6d831dce25dc4cc54d03a1695945d5496c76d115f035f15c36377dc07a24e8856ecbee77edf81fbb6953ff8f0dc1ccd1479ec6dede9790c256e584e9a78c00a59b1a0a5ea2dcd8003c7b6493e62fac941eb65c901f3d6f009227918311e0c5852aaad1c0857a770fddf0faff9a14795194d6a3b87deb59f3fc3bc505f6e0357cbbc68d42f9328a158fb7c206385f174142f31aec8eadc857804be05280495f0b5389fe3aa3da90a6289011c624d95f2e3066f451828392ed6bf68762d80cb45b7b00ddb17a0498312ac38f70c698ed03cd0310058b0469fe06263507653486205c5c9493f7e53c3c0518202c6d692eaa0ad155aad77596c6ba0eb5dee2f6eecaf1678142f7fbb41c084aa2a5019339f6736cd30587477a4904321cc75941ef210100ffcbca6c3d605e4b865608896fbcb7c531fdaf11f92bcd9b8d1b4820c5dd401990b076beff916abcf3d949f1864de04b9e89e3a3324662a1527e6e1c4afc126f6805449605679574f9d067a490f522ab2103f3077617557c8895aa2ca84a72410d41a526e9e9ec19ed91a2a47548c948282c4f39096be284adaf4338005f1856a41cfb42fb8a91e1970bc1e045ed5f2d3c5b4a57b553ea6735eaa461a1e3d56d2ca6343d2d507ff694"}]}, 0x260}, 0x1, 0x0, 0x0, 0x4010}, 0x20000034) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='ext4_allocate_inode\x00', r6}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x200000000000000) 1.842571023s ago: executing program 4 (id=1694): r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x200000100000011, 0x3, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000080)='hugetlb.1GB.rsvd.limit_in_bytes\x00', 0x2, 0x0) writev(r3, &(0x7f0000000a40)=[{&(0x7f00000007c0)='G', 0x1}], 0x1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r4}, [@IFA_LOCAL={0x14, 0x2, @local}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x3, 0x0, 0x10000}}]}, 0x40}}, 0x0) 1.76833379s ago: executing program 3 (id=1695): unshare(0x0) r0 = socket$packet(0x11, 0x2, 0x300) (async) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f00000001c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x5}, @printk={@d, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0xb0}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000480)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000080)="030600ffffffba000040000b86dd", 0xe, 0x0, &(0x7f0000000000)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) 1.550858974s ago: executing program 3 (id=1697): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00'}, 0x70) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@cgroup=r1, r0, 0x2, 0x0, 0x4000}, 0x10) r2 = socket$kcm(0x2, 0x2, 0x73) sendto$inet6(0xffffffffffffffff, &(0x7f0000000500)="7804ca2b7bdef249166a19961bb0c3c49194a0b2ef46c3aeee3d32ae100460cc9b6f692604205b9459b6cdf23b9546369ec3721efc90a891a1a71d4f497bd109a995ff093dc78cd9aae8c2ca0d7f35210d323e95ebf1ab6f5b8697d9d5730bbad7956de87a55326a4b296001c05c23b87d35914fe461b6bf4ff4b5876d6bf0126dacdd510ab0fc023eaa3d2352edf56ded5601b77eaa8b8b9a5a99b03bf36c35b620076f8ff29093e2c34ed3e53f3100db943ba254f1aeb8c107595c2eec7324231248", 0xc3, 0xa0f15a6d21a68a81, &(0x7f00000000c0)={0xa, 0x4e23, 0x4, @local, 0x7f}, 0x1c) getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000000), 0x10) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000440)={@private0={0xfc, 0x0, '\x00', 0x1}, 0x8, 0x2, 0xfe, 0xf, 0x2, 0x800}, 0x20) ioctl$sock_inet6_tcp_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, &(0x7f0000000480)) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000140)={'syztnl0\x00', &(0x7f0000000240)={'syztnl2\x00', 0x0, 0x75, 0x9, 0x8, 0x3, 0x2f, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x700, 0x0, 0x1}}) r3 = socket(0x10, 0x803, 0x0) sendto$inet6(r3, &(0x7f0000000240)='p', 0x1, 0x40804, 0x0, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) getsockname$packet(r3, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000007c0)={{{@in=@multicast2, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@private0}}, &(0x7f0000000a40)=0xe8) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000ac0)={&(0x7f0000000640), 0xc, &(0x7f0000000a80)={&(0x7f00000008c0)=ANY=[@ANYBLOB="740100002000000129bd7000fedbdf2532000000fc020000000000000000000000000000ff0100000000000000000000000000014e230fff4e2300090200a0fc06000000", @ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="080016000100000014000e00ffffffff000000000000000000000000e80011006401010200000000000000000000000020010000000000000000000000000000fe800000000001000000000000000042ac1414bb000000000000000000000000ff040000000000000a000200ac1414bb00008b7f37e0a42b268bb611d8000000000000000000000000000000000000000000000000000164010101000000000000000000000000000000000000000000000000000000003c0000000035000002000a0000ffffffffffffff0000000000000001fc000000000000000000000000000001ac1414aa000000000000000000000000fe8000000000000000000000000000aa33000000063500001e000a00050019002b00000014000e00000000000000000000ffffac"], 0x174}, 0x1, 0x0, 0x0, 0x8091}, 0x20) r7 = accept(r2, &(0x7f00000023c0)=@in6={0xa, 0x0, 0x0, @private0}, &(0x7f0000002440)=0x80) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000004f00000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000009800000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000002480)=0x0) r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000b00)={'pim6reg1\x00', 0x2}) r11 = socket(0x840000000002, 0x3, 0xff) getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0, 0x0}, &(0x7f0000000140)=0xc) ioctl$TUNSETGROUP(r10, 0x400454ce, r12) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000024c0)={{{@in6, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@multicast2}}, &(0x7f00000025c0)=0xe8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000002600)={0x0, 0x0, 0x0}, &(0x7f0000002640)=0xc) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002780)=[{{&(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f00000007c0), 0x4, &(0x7f0000000b80)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000028000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r2, @ANYRES32=r2, @ANYRES32=r2, @ANYRES32=r0, @ANYRES32, @ANYBLOB="2c000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r2, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r1, @ANYBLOB="0000000021fd0000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="300000000100000001000000", @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r2, @ANYRES32=r1, @ANYRES32, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="20000000000000000100000001000000", @ANYRES32, @ANYRES32=r0, @ANYRES32=r2, @ANYRES32=r2, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x120, 0x4}}, {{&(0x7f0000000cc0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000002280)=[{&(0x7f0000000d40)="8d7b78037daadc555f0eb1cdb02595f726831fc147fe3f474cac9863097bfa9767c6d6418a948781066fbf61e8ace3ae846a0cdc816f4969e5213e95fbb7bad3c0d0368bff2fdc9ced77cfe6beb616777169ab3b85491d2e838a00994fb40567daf23cc998e7718be2480465bbbfc54926e953f7fce7e6107550171ebe4f80c5ba301944606bb81f19f591e9459170de69a4895e0cbd5f5953c9d321662292bd7b3c45ba30f608190ab303bded9fa7e60b623e8dd434a51033410acbc973b0aafdf222f1f1d1a0e679b1899798910f008a4bce84f3638637af9c51ff03a5fc481deac8df0637", 0xe6}, {&(0x7f0000000e40)="4fd4acda8e59050572caf95e64ec78ba42598b3a12709b7d68f12da12a58992173405f502cce719ca996943a83bf990c8b6b953876a78dfc13251f87351c07cf368e", 0x42}, {&(0x7f0000000ec0)="31421d82e8798b57ac9e7d5b16dff3447931aa594eba3b737d04ff16b471b003d7cc2d80b2ccd62da46c4ecc63ba956b6246231a7ea52188463781134d9548707b1b91b67569e112d990cbd3cb081afa4aa95c1b5bcad4d7ba4aef3e92d43f06952f977912753a0c258c190d950f454ddbcdf2f6337295ce6419008a7cddff6bfb1d4577d54f0f149b765145372a6b34e13c5b502efb2a4cdbe1bddebe7a004fa5837b3cd1d58f3a0638f64cfc6973297100fb56a64a4e07", 0xb8}, {&(0x7f0000000f80)="a5ef85327109ad929b3bac4b8b5645c33c8dc6045b2f457d81e4d0e342729d78e97c577153f9d8a4f11afb7d025e4572011a3afe73dafbf63c40c47f3d06224623b2fede799e4da58b34f3067bdc6af0e9869a4cef9c52dfeba3f1518dd711390c5317e47d1a0d8ac9ac00586405a39570e86ef543ea6547a6832f77b283047aff9a13df2a6389c942dbc5a360cf93e4197756114308e2e168f7fffe6994e0ff8b34b3b4fea8cf1368f8dc", 0xab}, {&(0x7f0000001040)="9f6b2dd48e8cfad95600cd0511a516a81304e9f453c65cc44c369e32b8bbb3fce8a40024cc9204d3d60f82416e3780a07dbe55aaf2ea317e0726af482ae3115d", 0x40}, {&(0x7f0000001080)="fd7dc9811560b39480324148591f2d873542fbe308daa485b4b307ae609b3a7fc755a8c52e84ead8556ca353a460f9c7fa7a65ac413aa8bb0fb8048853a5de82b446cb21fdf6cbc7e20bcc1de9d7f7fc99b2cc0e746446c5c034280574b6be9822b5a4dbc2bb386d6a3a2a5d581ebac4966129a5f4a2c4aae501553d06925493988e2a541998757c70372ab0fd2616d5d0389ac3b4860edd3abdb3374c908fe595d28a87b85f9cef6163fbc0679fc972ee080f43852665c9e18256ab07113c156b28f82e30532861223450b7213fb5209e849263", 0xd4}, {&(0x7f0000001180)="b299db3e4982f6df67a48abf28a2e767b543534102eb7dfcf1966d3d0d20648c84eb228110106b51895ec4ed34dada23817a1c019d5b4c90c5a93d835eb1acdac50abb3e67d4732dc2977a8fd6b0fad1d7f74a816cc86126b75dc7c1a4e273fcc02865813ecaf6a531f166ae46e89d8ad6b73a05e06a11849cfcb49571a478329c9d7246d355df23f3660cdc3d0e6fbbec0f0f3b7077205bad1d5527ae895556741ab6c580a31b5b478b9bbc58eb7224a87ac844c8db7e7bd0ea09e1232dbe8a9078ee3988f67027300fcfac74beabc34fa1b9fbba59", 0xd6}, {&(0x7f0000001280)="e4734c28d55dead1e268dfd72a57894f0d3af7ac96651109bb32102ebc401e902d4fa6133cba96be627a98555bb7b09e8e94c87cc80dad59e2108ec24dfdf6797a83b522b16c29427ae7b31195cf977348a8b046f001cc8383ea8b16f10ff7863d12c29504ed431c5db43a423dc77a645336375db5b179dfd7afd2e67ad85c22165dd75323e6990390b3fd7d556d624b84efcb947af2f53d2f5fe521bc884b5024db972d4e0f4dd3019b4b62329de6821ac536aad1580db3cedfba9ff28367593561efe417b3f46fa016be9c0bb29f2303c51a5532742dace0be096ae19de255c2f047fe92942e33617f51976db9012f16b62ade1af8856d9c450c2260ee6cc1e3dcdd20d905708483c9bf6f70172ad5f8894f0fe40ecb550c0dc537f6e51c1fb036e0ec4e5b0ff60b117017c010d4b61e57a4c0abb23706f58d2b967b728c81d629577c03d7ebe8179548da53dce38b4c050b6d824e5b8ba676a71bb05e42857b58ec366c56cbae06da9593272d2562af3541f2e82d4f6650ad6b5c82f3e719e9e599fe648b6413bb16f855dd5a4000acd5867a3b8b9cdd57d2b5e9fb525ef8b8c1fdecf80676e160b070f58d0d12aa14111071087290c7ef0339a7aec2628fbf9d24e757ac1e176e0c468f132045ffd4c538a0dfe98becba218287fd3169fdeac469fcc82e34561162fcd46087ced4bb7037309c1d6be56e6660bba9f256fde4ac27cf564c9423dfe218620284e1d2cdbf19ec9095f27f93bf39368fccc5482a1f37d8643a82e50bd28e6953512ca7ba6d8fcc5e72038abf4fd94c953ce0bec0007bd17e3642aff42f162206a3a39c50829e1627c6278da21250a16d061ec8ff992ee1cb6d203ef3864ed27239ae4fc07304829b7e5f87e1170951d446bd53b155487dad7febb1e0e902c613339176adb162620b12e5462449d84652d4d4bb8462f737e665ce16c40ae44ab993c6a7a16908eeeec58afacbebc6610584944fbcd7a7155f4b8fee7b2a45776e2926b5c5f7fad999d18bf5c740f3c0686f425c5cab195c8778ec1b9fb89ed7f4607deeedb659e3eebd6b63b5f683b95cacd7f3b0529e863fe9f06c81b9c892588f7470c31a57f927630063029a820be56add1734bda3319f85059296525b45e82fefc80d4574694c92e763a3153c700636a6ee98026b21608ca6650910e74605976bf775eade95ca04a3def400527610736486782ea2781b984bab566182c0b898dc16514ea812ef96c22c4bb8bd44b78f595e85a06053ddab756b98512ec961a8fcdcaa5616f430e585e13f0c7f7e38a0b467a0042d6539f7fafcdc6c232b23365f21c090d0798642f0748d6c2594a9fb1942ff8d9f7544b97390d5617fee8f2be74384feca9042afb1df9ce787c86a56420f9a5ff55f65fee5460bbf95d11ba870ef31e32554e7235643ee55a19a2a525835b0eaa252ea659fcc1426ec10c76e56ec05c1c4a6f8cfb0e070ba607754ba1f340ee802aea5457b6e6f492a952b2b69b1dc6c5d831a2b71bfb318d95977522cd98d76413c9881e8f9c5a0e99df7d50b625fd032073fcc7214cb6acc90395c9550a39dba35e25f2783c00d6254fbf2463146921b330d0d17df6a9097128c7ee0063688270c4d727ccefeda221196e43614cc146cbec5e13534bb719ec4064267bcdc2628942b72957a10552e8621dc3d05ea3f1a552c61849c0f2c0e913241fe5ebaee729be6a680e3fadc3e98ce574ad9b5040f3bf3a44054a8deb253344d7e9899cd7c780f2e6192c89eae9bfbfcccefc0fcc101714a450a8fe406e8a5ef63f551281b0cb9b53a1b4ed29f5b2df0faf99eb8d8901774606ab7db88f1955bbd13c4acd624f187be2b0bb531cfa07b70e52b09c29c80313b42af620a92056d87c65df5c8e4fb0747117752f0cdb9f4401990e75a30fa04e59eef495a464acfc8bbb5fe5672f02f38f4ce94fc251fadcd586bfb97e199e2c22a1e431848bed90a7aeeeac3bbb813a0ad31c6d680417b47ed4caaf2749e34d51fe33b4a28483cd3cf163836cd4b6c463f45a2b8a35b723adca7bbbbf299ce518a7b63cb3ff98562b6348db736ed770cdafe91edc7290e584fad62006132a9d2cc9cb821f62727b6d0791557ede6690fd9a6d7a814fb312a28efafc2ac5e940fa09e481de73cb0646cf4ee62fbf86c472276b310291f0410248521a2a14eaa29c787746749564632fa863e2d1d4a8b0535cb37ca171d7c9e42128f3c18d3a3675a12927e9c25e38b0b442068279a657746024534253b765db8a9834aaf07524b356619ec1a20122af004323a459699d0fac4dc5a21b4a1bbcd7c79a44f41a110a8ae2f0b51e03fe1db416eaa3c271451317348d84374278be6e64c6ddee62ad253c60b204dd26e55d5648de68af5872d9bc0cdd842fe539f329f493f7699be8012a91133f100f0c2dd7961f09e51c1521297deb7c7313fb7a9484fc0c5440556766b95a4794509158ed7d46f4ed3ae77d1a6becab7da5e3c82e5e6d41dcf1b9dcb4a449bae5762ed064e1743ed1ef30f20f5cdce3ec379b64eac0f448e5c7c09564e8545426b1d63cb12f7bd8948ce8d24a4c60d36a0a11fe8fe967921c18bdfae137e8aff659b1537108e074c46353530f9c02d7a98f2d24c070621da72e06f072b082ed9159f6baee1c48f0465416d990806741a0b1b0cc9a9dcc351b9f60488d64cceef7d72b4807a529e96d700cd1b5ee0feaccc50240ce4030a2a6e625600947ddadeb1fbeee8dcaf3069e52d3b49a5b7d8da421288e6bcbfbee08fdb251de41a132212c60e5430f5bb30a6d2b24fa6a536539fcd492dd911438a8014eb7055af2676a03cbaa5930c0b79d9e4b2883d4215e5f58cf76139c9490e82a9ce5b0cf1e712f4ad2d52ba1cb41f89165be26d02e8f720913f95c20a09dcbc707d8a83c10dc7c42530ebdc63453206695707e83b4c6e50c46d112d1359ef331b9b2adcc5bc355e567199fd5583608ad1648585bc9385308fc404e7d23a66e055d5d47816a7692bfc5ec73b6a021a46b902e6bb3b324dde25c3f1d08466deae8f09f40e6f4fcb603d159307d6fa0eddbf2bcfbfa064eb6c1cb4c70fb76b71393e5ae0addd7c248f575b682d4d2aa58fe6a95946c8a316540eb4976c265f38bb3063a16292d2f9ec6c038c18f604557a5fd5eafa3e3cc8c3cd948aced545fdd2b67b617eb2f6169280a98a9b834e6b9ed2455fb82ef39a9e2c22a1f101ebf1a3ab3779935e8fe8544b615cef1f543f95b0448e29e534e56593e0cd9bfa924dde0a2804f3a1f4e8e8e26fb9f7b2a95b9d0e8214683b883f077bcf783b9c298a375ce0c39d8cb59278665344e59d612d9eabec42e8a67c97939ad95780d273537c279cafca206aeae81e96121b2ac05959f076caa146556ae3e14b0ad67ff85e964f10516b007d9d6a41f0d6e98d0daead3bb3adbb1ba5ef6c8025132981f7bb99bc6e3f4e4a9fc9868154c5551703b1a66e6f53a1db57151662a3636f4f279d85ffedd46174a2b8b5c0bd965bfb2bc47a28ca6ba7d6acdd14f935ac69dc48be4b7ee8ac36c82dba3a784e0fdd6c6b1cfd9fd1da417d5ec366b68d8d8da6adbccef5d3dadd930ca4968c14ff51226ad11fdef4dd306b38d2fadc311e1bae00e31abbce28a93c0746ac73e711c3562b38209059cfaa2af593b6311048ca3a3d2a6f897ed7c48eb2297bc22162854615026eeae41d05b272aa1f70c78c0e2face4d66c06f934d0b97045c1ec937334f1fc69d70a0ab1b2188b7b27b4581d25077cc9d67af98cae0e199013cd276e1cb2ffc7ed57f88db86fce61d7531ee9427d41c94865907278500346de1a2369ade1818dfe42f3fbe1cfd0594a863b98907de4077c42e869484582117529decd71696e5688e5a91093c180de78b18d1ac2d9d954841dd8dbf6a10d1a298c3c8263eb257e774ea74c9bb39ad7ef3f5dc648dea45b577f7fb7bda1ed1bc21fbbdbb84b3da2784e19a380a961b34a248026b05a2601827f57700264253efd694a141f037a43f0a5c866e604cb1441feb6e60853feee9bf1d881a14088145fbcaccb18a6dbfcb5e93706b72950559d6313637037b8aea664787b949ac6f680ccb6ac636e42941bfb30de68b51e03258f888e0582d00691dbfeaca69a006eeae0ab0bc680a58a4bebe23415ed16945f8c08c498a7e95ca8b1f485424ae834b51c39bc4b6f1becb68a4e37ef0fe49e1f359af5dc005da92aad0c1466cbb8eeef5da26658e9d7d47d47e42fbeb329645d80005ec6d0ffbe66d951aa8d312cc2cf4e9a1b287087150732d9f481e60e8d403db5be7a1f85e2ecb79cf1ec653a1b2bb49575c9fa8513caab205b0ed2b84fbf258f0a0355d13c904cb08e46395e2171e07f7c5175d54eccee272e1cdf791e74aad2265ddd4ff92b9cdc9094a13f446250dc225125519dc0753255e064a73ea1ed4a5278d474d1cf8fc6ca125cbfdd6a9db435ce415797a28494e3b46795a3279fe865ac4688fd6343a56ce6af6292eb3652deba3da26060608528a13950327e32abe648f0f02f0923af70e63f69d8b6c2124ed99b15d441c5b6a7f7ed6958fb412b68682f4687f2afbe1ef05f55a58ab3a9cfe7d96934b4345fbe2cf147e0a2477bc76ed4b3ae4e77d3933dd8443d3184ef1c10c598ed155f660a195b930315ee38dd986939cf7a98a55144852ceca763a6639ffcad8324dfb37ec1bcbe85a2664c25f3ad010155b31569a091e42d799ef2007371ac5a223a5c444fc617d6d3fffb41562ac9596ca5c91ecf2afaa2aab02c3611835cc747d3e978442e782e84c0162400f680a81d3f2cf0f7cd80695e5cc8029eb677ec20e9334773740f0a01ebc36590f443d917faf49648d9a5930c71b40768278a79a32baa8b71b1c3a390a11c5a32b82c3d5238e22769294db0ee2afdc38c24eda5184029669a3794063bc92683869249bc38b9414b42bee3ea25b2ed8ed6aac46182238d27d40e637a351241ae51b7e0fb10b2e105592d6031c04e534248135fff9930abe881546da4c9394888c3fa21409e0ae4a954028f48204eaa834cb355ef5ac9cf946128234b2242588363fca6d73131f31a4a7aabaee244cda50fca817f483ae2d31dc9f541ae79fcb9d07330123474e4ea757c89e6256d1b23b2dd40d18b45994b04deb73adf606fa7569665487ee4c5d5dd7f4aa3e31936df1f85094b533e9b3bc3af1d3f8fee67cb5870f20739d1777980d19581ea816815da654310c83e281176c1f8193ddf9811e5b720b51580bc3f2db0f626f36cc36e808356ecb3858ec28c1168ef9d387d769800f5bc35df0a3cc25914ffa4f0fef5c5dd29ec40cd9df5b2d7610a8a0d179ad55ea827a5288f73d637a04eb087f1fcecf317415c96db823eaa5fde646c349b323843692348a19227ea2c2366dc872223d9cf620554b1db96be5a8b894bb713b2933b489f18e8c0f3b6ceadffcb113f5dcd315a0c91ef200c915a4ef65e0c3b7ac278d0f61ccd20ac620626c69d960d7e686145729a7efe4508809fd45d4ab38decadba693097ddd031cb5f9d86c30ea3031a8927326287919c04ed0a2f3e298c21875ffe68a83bcca8dd96dd82eedb3d04ca15419615c74097a86880e6c3be40a4beb0b5915df83b7064a2ca6a16aa94417f6889fef8016ea5df7ae70a91c464002c742ce07586900c7bc74b653b1b2c0fec16a668267eb0d26316ea68558fe909b740e73563e5cf576b6e7c3e1580c25fd84c534fb301259adb31efcde223b419316a793ebd44ac8c5a4e09622f", 0x1000}], 0x8, &(0x7f0000002900)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=r5, @ANYRES32=0xee00, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32=r7, @ANYRES32=r1, @ANYBLOB="20000000000000000100000001000000", @ANYRES8, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r6, @ANYBLOB="1c000000000000000000000000000015dbe4fbacebc0fd0e7eac5384e0df3e55c8156a28391b4c6c49eb55ef8f4ad4ec48838d234d4179312db5f87f047f28f4d8b9b5b32a000b375bcdb395f84b43040d098ff56386c9b762e3b46805575c9bfd44fbb7f9a7e06b1e7f537c", @ANYRES32=r9, @ANYRES32=0xee00, @ANYRES32=r12, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r1, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32, @ANYRES32=r13, @ANYRES32=r14, @ANYBLOB="0000000859d40e21021631b88fddac9c1003e082324d86722eb24bcd4ac114670f3e"], 0xd0, 0x8810}}], 0x2, 0x8010) r15 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x18080, 0x0) ioctl$TUNSETSNDBUF(r15, 0x400454d4, &(0x7f0000000140)=0x6) 1.550323347s ago: executing program 4 (id=1698): socket$tipc(0x1e, 0x5, 0x0) bind$tipc(0xffffffffffffffff, &(0x7f0000000080)=@id, 0x10) socket$tipc(0x1e, 0x2, 0x0) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000001440)={&(0x7f00000001c0)=@name={0x1e, 0x2, 0x0, {{0x42, 0x1}}}, 0x10, 0x0}, 0x0) 1.499793189s ago: executing program 2 (id=1700): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000009508000000000000"], &(0x7f00000000c0)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) write(r1, &(0x7f0000000000)="240000001a005f0214f9f407000904008100000003000001000000000800040001000000", 0x24) socket$nl_route(0x10, 0x3, 0x0) r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r3, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000340)=0x8) r4 = socket(0x10, 0x3, 0x0) r5 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'veth1_to_bridge\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_MEMORY_LIMIT={0x8}, @TCA_FQ_PIE_ECN_PROB={0x8}]}}]}, 0x44}}, 0x0) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000280)=0x0, &(0x7f00000002c0)=0x4) connect$can_bcm(r4, &(0x7f0000000300)={0x1d, r7}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12, 0x2004}, 0x48) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r9 = openat$cgroup_procs(r8, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r9, &(0x7f0000000140), 0x12) socket(0x10, 0x3, 0x0) r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r11 = openat$cgroup_int(r10, &(0x7f0000000080)='cpuset.mems\x00', 0x2, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x30}]}, 0x8) write$cgroup_subtree(r11, &(0x7f00000000c0)=ANY=[], 0x5) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x1, 0x7, 0x0, 0x1}, 0x48) r12 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r12, 0x10e, 0xc, &(0x7f0000000180)={0xfffffc}, 0x10) 1.365203898s ago: executing program 4 (id=1701): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) (async) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$int_in(r1, 0x5421, &(0x7f0000000140)=0x2f) (async) connect$inet6(r1, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev, 0x7}, 0x1c) (async) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) (async) r3 = socket$nl_crypto(0x10, 0x3, 0x15) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) syz_genetlink_get_family_id$fou(0x0, 0xffffffffffffffff) (async) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f0000000100)) (async) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000000), r6) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, 0x0, 0x0) (async) sendmsg$NL802154_CMD_SET_MAX_CSMA_BACKOFFS(0xffffffffffffffff, 0x0, 0x0) (async) sendmsg$NLBL_MGMT_C_REMOVE(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="01000000000000f64ad2ad17af3166000100000000004781a6ac87fa47457a4e69a7aec5ca9e72c3b760fde56d548409b76f5d792f692dc871dd84cd31f5f4222ada16de6f29b586a7acb32db1b3ca25aa2323eddad01b7e4faf26a81e943cd8b264a901142c1f4acd7e851887445185e885c46590249a3d81e895d77e32e72120f8641bc7a78ff0c2bdd7909a3a496d85c019b9f4de20473ea18e4f822d66ecd3f24def067f0d3097dc450b9c517faa96a943c0a1046ba28100123340a5df8f973aa37ab03628f1f0f981b93c388b97a000a9f7b8127c8c35855b1ec7862bcdf600501850853dfe71f1ec3bb7cddd285eda0154ba2127d6bef79f30f9cca28800"/269], 0x1c}}, 0x0) sendmsg$netlink(r3, &(0x7f0000003780)={0x0, 0x0, &(0x7f00000036c0)=[{&(0x7f0000000280)={0x10}, 0x10}, {&(0x7f0000000500)={0x10, 0x24, 0x1}, 0x10}], 0x2}, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r3, 0x80049367, &(0x7f00000002c0)) (async) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f00000000c0)={0x0, 0x4}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r8, 0x84, 0x6c, &(0x7f00000001c0)={r9, 0x61, "ceb0ba5a3c9cf9ca6f1f9c37b1f1bae3809c2d7479723a704135fe0c7a19fbaaa8603a6cbc482789fb2226ad47a26b7af97ba74cf9ce95eb545d55553405d90fd6eea9f51a66070f0407884da360fc0fd872c428d64ac0531041bdf44ec618e1cc"}, &(0x7f0000000240)=0x69) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000080)={0x4}, 0x8) (async) close(r1) setsockopt$inet6_tcp_int(r0, 0x6, 0x4, &(0x7f0000000180)=0xfffffffe, 0x4) (async) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r0, 0x942e, 0x0) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x90100, 0x0) 1.298648111s ago: executing program 1 (id=1702): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vxcan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000800)={0x0, 0xb00, &(0x7f0000000040)={&(0x7f00000000c0)=@can_newroute={0x24, 0x18, 0x1, 0x0, 0x0, {}, [@CGW_DST_IF={0x8, 0xa, r2}, @CGW_SRC_IF={0x8}]}, 0x24}}, 0x0) 1.190797431s ago: executing program 4 (id=1703): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = epoll_create(0x20400) unshare(0x40400) epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r1, &(0x7f0000000040)={0x70002000}) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000340)=ANY=[@ANYBLOB="84000000", @ANYRES16=r4, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r5, @ANYBLOB="5900330050000000080211000001080211000000080211000001000000000000000000000000000004f0000000000000060200002d1a000000000000000000001300000000000000000000000000000071070000000000000000000004008e000600cd0000000000448de74c84baa0366b129251d32c9e2ec887f4448d53cc4d6fb46f6d0e353391a69414eafffed1cf8f199271cc1868fb0ece0417d58ff9f7185e14ba0351c1054e607373ab269e23a9d7f1e0a1906e801d5c1c011d4962e9351e8d9bcf8272bbe553679db1aa30afddaf0b1d8bbea9cdcb6c6d54db3439ec1b156921d5ad8a18187a680629"], 0x84}}, 0x0) r6 = socket(0x200000000000011, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'syz_tun\x00', 0x0}) r8 = socket(0x6, 0x4, 0x3ff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'syz_tun\x00', 0x0}) bind$packet(r8, &(0x7f0000000080)={0x11, 0x800, r9, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2a}}, 0x14) bind$packet(r6, &(0x7f0000000080)={0x11, 0x18, r7, 0x1, 0x0, 0x6, @multicast}, 0x14) syz_emit_ethernet(0xe, &(0x7f00000002c0)=ANY=[@ANYRESHEX=0x0, @ANYRES32=r9], 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) r10 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f00000032c0), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="08030000", @ANYRES16=0x0, @ANYRESDEC, @ANYRES32=0x0, @ANYBLOB="50005a804c0000801b00010030400502180b091b1205010636056005200b06480548360005000400010000000500070002000000130001001624486018123604120c09031b0b0300050004000100000078015a801800038014000500670061030300d1ade30e13e50500040068000080050004000000000009000100360436300c00000014000500ff920400080002000100010006000080050007000200000005000400000000000500040002000000140003000100ff0f000002000200090007000600050007000000000005000700000000000c000080050004000100000088000380380002004c2910324d3837230b1e3a0b273e30101057514052173e3849334a5c3116511c31464f2932090c152d002c2c0c3a0654151a2d061400030006003f0003000200010006003600fdff1d000100021b1b30410c342401011630360143182460607e6c05056048000000050004000200000007000100020c6c0005000400020000006000038005000600000000002d0002001f51241e223e3a084c311340450d474e0f101c520614124e43543903511e4110214f2935404d1808230000002300010048010ce509363605301b3648046000d10e6036010318050916013009240b020024015a80040000801400018005000600000000000500070002000000fc00028005000600010000001400050094440100060000000700000006008e00300002000513444921172f00121a0d012f494c35291e4f3f054c01254421074b423636131cff2f4b3f0d4308481f494805000400020000004b00020008054d37563f35390538514a3b4b4a0926552e031c4441024a470c5002174840123838492f0110201201301a534f4f1805314d2857294c56024a551c202b0b0c2b010d38490e4e000e0001001215051b09181800066000003d0002000420164b0f1d46141e351c2b314e2e0e0c341341061901190e3b3e0a0819341630381809410c18073a3255382c3438170e260939281707204700000005000700020000000c00028005008cda1b6d93f6bb549a3244f0f14f060002000000"], 0x308}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x96, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaac886dd6010104000600600fe8000006b000000000000609bca172e6c70a07b619d1b9b3c00000000bbfe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="84c2000090780000220503c0ab030300020409000402000a8bfbd54ae56dd076080a0000000000000000040213127232407c80067615774fdbb46eb86cc8000a111fad2ea7434823fe09f989b43eb61a1a000000"], 0x0) close(r10) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x0, 0x803, 0x8000) 1.144435355s ago: executing program 0 (id=1704): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_AUTHENTICATE(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)={0x3c, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_MAC={0xa, 0x6, @random="9203effbb1bc"}, @NL80211_ATTR_SSID={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random}]]}, 0x3c}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r7) sendmsg$NLBL_CIPSOV4_C_ADD(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={0x48, r8, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x24, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x48}}, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0xf0, r3, 0x200, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x3f, 0x26}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_IFTYPE={0x8}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x5}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "5862ff5bffe18d064e5112d83b2e63123b36eaa13e23ffb4"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MNTR_FLAGS={0xc, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_FCSFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "026c05de50d55dd78fd2be0a66892026dc2ed9afee6bffb1"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "752bd2cbe425da05187bce5676b122e8848f2fad998fa71f"}], @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xa}]}, 0xf0}, 0x1, 0x0, 0x0, 0x4000081}, 0x8000) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)={0x34, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_TX={0x5, 0xc, 0x1}]}, 0x34}}, 0x0) 1.142734648s ago: executing program 3 (id=1705): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000880)=@nat={'nat\x00', 0x19, 0x2, 0x348, [0x20000280, 0x0, 0x0, 0x200002b0, 0x200002e0], 0x2, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="00000000000000000000000000000021000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000400000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff020000000300000000000000ffff0000000000000000000000000000000062726983676530000000000000000000736974300000000000000000000000007465616d300000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaabb0000000000000000d8010000d801000010020000636f6d6d656e7400000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000003f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073746174697374696300000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa000000ffffffff000000001b0000000000000000007465616d5f736c6176655f310000000069726c616e301d00000000000000000069726c616e3000e575dd73000000000073797a6b616c6c6572300000000000000180c2000000000000000000f646793b7b3900000000000000007000000070000000a8000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa000000ffffffff00000000"]}, 0x3c0) r2 = socket(0x2a, 0xa, 0x40) getpeername$l2tp6(r2, &(0x7f0000000600)={0xa, 0x0, 0x0, @private2}, &(0x7f0000000640)=0x20) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x408, 0x130, 0x111, 0x4b4, 0x130, 0xd4feffff, 0x338, 0x20a, 0x278, 0x338, 0x278, 0x3, 0x0, {[{{@ipv6={@empty, @mcast1, [], [], 'ipvlan0\x00', 'team_slave_0\x00', {}, {}, 0x6}, 0x0, 0x108, 0x130, 0x0, {}, [@common=@inet=@tcp={{0x30}, {[], [], 0x0, 0x0, 0x2, 0xe}}, @common=@unspec=@mark={{0x30}}]}, @common=@inet=@TCPMSS={0x28}}, {{@uncond, 0x0, 0x1e0, 0x208, 0x0, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0, @remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @empty, @loopback, @loopback, @remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @rand_addr=' \x01\x00', @rand_addr=' \x01\x00', @mcast1, @private0, @private2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}}]}, @common=@inet=@SET1={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x468) 992.862382ms ago: executing program 4 (id=1706): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000080)) getgid() write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth1_to_bridge\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_ALPHA={0x8}, @TCA_FQ_PIE_TUPDATE={0x8, 0x4, 0xfffffffd}]}}]}, 0x44}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=ANY=[@ANYBLOB="38000000180001000000000000000000020000000000000900000000060015000200000014001680100008800c000380"], 0x38}}, 0x0) 854.717569ms ago: executing program 0 (id=1707): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000140), 0x4) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, 0xffffffffffffffff, 0x0) (async) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x0) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='freezer.state\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x11, r2, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000040), 0xfea0) (async) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x8, 0xfffe, 0x0, 0x1}, 0x48) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x0, 0x4, 0x9, 0x0, r4}, 0x48) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000940)={r5, &(0x7f0000000880)}, 0x20) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r6, 0x29, 0x36, &(0x7f00000003c0)=ANY=[], 0x8) setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000080)='batadv0\x00', 0x10) (async) write$binfmt_script(r6, &(0x7f0000000380)={'#! ', './file0', [], 0xa, "acb3d037a1c72d520433aea831"}, 0x18) (async) close(0xffffffffffffffff) (async) close(0xffffffffffffffff) (async) socket$inet_smc(0x2b, 0x1, 0x0) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB="fc0000001b0001000000000000000000000000000000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000004400080008000000000000000000000000000001000000000000000000000000ffffffff000000000000000000d6ea9adf8fcc93be0000000000000000000000000000005559945732c24faf913581a679e0031ca94e79496386c8d100ef1b3401c6e1916edd70f45b7c9337f5c4b671ba13d49f49fb3c6c0909b7977de0a86efe5eaaa16bdee9dacfa1a17d13e9a340a220d8c2913b62e9732b6960fc413e66f1e7b02183186a60c0e36ecd46d139b892b56f649dc191b3c9c96a60ed219ff6f9af3b8976f848f21b4a5ad5d15bc51fcc2be97127551c186783afaa84bff39f5a600f0bd944eb9da7b30bff482f29e2b8fe111d740f22214e412fda2dbade"], 0xfc}}, 0x0) 811.407208ms ago: executing program 1 (id=1708): bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f00004e7000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x60, &(0x7f0000000000)={&(0x7f00000003c0)=@newsa={0x144, 0x10, 0x113, 0x0, 0x0, {{@in=@loopback, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @offload={0xc, 0x1c, {0x0, 0x4}}]}, 0x144}}, 0x0) 762.37457ms ago: executing program 4 (id=1709): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYRES32=0x0, @ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x40001) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r7 = socket(0x15, 0x5, 0x0) getsockopt$nfc_llcp(r7, 0x114, 0x2718, 0x0, 0x20000008) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x64, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1f}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r6}, @IFLA_ADDRESS={0xa, 0x1, @dev}]}, 0x64}}, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0xe) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r9 = socket$kcm(0x2, 0x1000000000000002, 0x0) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000b80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ced4fbd44e24eb0d34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3a06d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90941576aebc8619d73415cda2130f5011e4845505000000000000004f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c040035cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e1700000000000000000000000000000000000000000000000000000520500002952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9a33c3093c3690d10ecb65dc5b47481edbf1f00000000000069a1777669a2afca004d16d29c28eb5167e9936ed327fb237a62415f78000000005f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c81c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b40824095135861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e5dd921a5eadd4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e602c28ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f257aac5af18d8c6b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e29b10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe8e4cd14dc5c1eb98b63198f6f830745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b51c34a5384f2cf51180c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af243b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380ecf1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f558982d57c556ca1427b5960b79990565ca2a20996fcba472213744d3a156979651596afde2b0089f023fcfccd072bd6ea8445fc787390d71ec61d5b7b0f05f6931914bf49d66f07dd646bfbdea1cf021a88aa0d66eff294271a93e32f54f281068514a4cd2d0700a43df59e9924e4affdbd22405e675e9d7cdc10546571131831d4dc8c8363077a908d9ae4f27ff095f5b07667f93a3573d3fabfca58ee0a6b6a691102bb3c7be4dc5b816853275e7ae8c13ec341bad15353fad794b46c4fd73e1b4cc78de2156cb158870d5b8446dae9ba5f7f244e6cf8f6791671057347208a313ebbcb72b04706005670f2b0055e440d72c7c3316982c6ebe8675459cf6bb393b007f5cedb7bc411834600000000000000000000000000a20071b07d568a8150ed646b4978d0226d9651647a5999ae7c7c85322a215fcdb1adbad63499518fe0d10145d430422c78367dfa941f74b63f3884565ac89c673da2c2b1172be5f2cd1f3f453ebddd432bd24c73fa773b739e20fcec16a821230654a383ac1868495f67d942c772ca75e09073dbe9307ff5cac7c2c411149a4d989a8a019e068da218d4bc34e4102fd2f97397331e4cd70b4915582b635f07ca87f00dc929f902540f565c20add8675b79e005cf0277d954697317b907b77fa5d6b7feaebaf676a2a37de8aa70748fee4bc198ffd3e2de11eb0eff896fd94de0805ba6b1054a7b3e300d4581e9af62a1ecaee96d2819b3d192e5b9561eb622da25450f586be14017a1cf74f89a1dd18af004decfe266134c3d036ae7996931fe6008a73ed34c35f0da4ffee1fe63bc1af6ef1b4731d50b8ceb582a1e9c6e8d97f8290cc105754f592d16ccdb1df8636d7ca5e372cea97dd0f005cc7092b126dd46758917fb0d94b8483d403bd451429cc1660f0b5a529d8134dc2702f6d8e2f943d98fbe50a3ba653f13f98a00fcbf311f9758ade8e4eb87b4b9fb2d387f5d8c4bdcab2fff9ed8c9de961fd831a070381c8020352fea7c334b2959ddd956701a7ea415e224a81c9fa1ebbabe74f7743e09b6c8b72650b51d5c2000ef3679c039b3604374fc1af7ab354204afbd24f0e701bc08a98452ce2668617e85e0d876f5a8b6d9b777f1c384d8a9883e30ede126fc485972eca6ad5b8d324262defb6b9aab8d5b76bc91ca50f87966797da2499ca0ac76707c0408a7b6d8708fe771"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) setsockopt$sock_attach_bpf(r9, 0x88, 0x67, &(0x7f00000002c0)=r10, 0x4) sendmsg$inet(r9, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_emit_ethernet(0x7e, &(0x7f0000000280)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @empty, @local, {[@timestamp_prespec={0x44, 0x1c, 0x0, 0x3, 0x0, [{@initdev={0xac, 0x1e, 0x0, 0x0}}, {@dev}, {@local}]}, @cipso={0x86, 0x6}, @timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}}}}}}}, 0x0) 720.166095ms ago: executing program 3 (id=1710): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f00000015c0)=@file={0x1, './file0\x00'}, 0x6e) recvmmsg$unix(r0, &(0x7f0000007080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1}}], 0x2, 0x2000, 0x0) sendmmsg$unix(r0, &(0x7f0000001c80)=[{{&(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000001540)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001980)=[{&(0x7f0000001640)='k', 0x1}], 0x1}}], 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x1, 0x5, 0x2, 0x4}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000440)='wlan0\x00', 0x10) setsockopt$sock_int(r3, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) r4 = socket$netlink(0x10, 0x3, 0x0) writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r4, &(0x7f0000000100)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) r5 = syz_genetlink_get_family_id$fou(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$FOU_CMD_GET(r4, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x2c, r5, 0x0, 0x70bd2d, 0x25dfdbfc, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e21}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @local}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008004}, 0x4000018) sendto$inet(r3, 0x0, 0x0, 0x400c8c6, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10) sendto$inet(r3, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003030000850000008600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000380)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40039106}, 0xc, &(0x7f0000000400)={&(0x7f0000000580)={0x7c, 0x0, 0x100, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r7}, @val={0xc, 0x99, {0x0, 0x37}}}}, [@NL80211_ATTR_IE={0x54, 0x2a, [@mesh_config={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1, 0x2, 0x3, 0x23}}, @supported_rates={0x1, 0x7, [{0x2}, {0x12, 0x1}, {0x29, 0x1}, {0x6}, {0x3a}, {0x3}, {0xc, 0x1}]}, @rann={0x7e, 0x15, {{0x0, 0x79}, 0x40, 0x4, @broadcast, 0x6, 0x3ff, 0x3}}, @ibss={0x6, 0x2, 0x9}, @dsss={0x3, 0x1, 0x6c}, @gcr_ga={0xbd, 0x6}, @peer_mgmt={0x75, 0x16, {0x1, 0x5, @val=0x3, @void, @val="b8c151feaf53a9b391c88a0996670a8e"}}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4010}, 0x20000034) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='ext4_allocate_inode\x00', r6}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x200000000000000) 719.248529ms ago: executing program 1 (id=1711): socket$tipc(0x1e, 0x5, 0x0) bind$tipc(0xffffffffffffffff, &(0x7f0000000080)=@id, 0x10) socket$tipc(0x1e, 0x2, 0x0) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000001440)={&(0x7f00000001c0)=@name={0x1e, 0x2, 0x0, {{0x42, 0x1}}}, 0x10, 0x0}, 0x0) 690.675834ms ago: executing program 0 (id=1712): r0 = socket$unix(0x1, 0x5, 0x0) sendmsg(r0, 0x0, 0x10) 380.062158ms ago: executing program 0 (id=1713): bind$netlink(0xffffffffffffffff, 0x0, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) 379.453521ms ago: executing program 1 (id=1714): close(0xffffffffffffffff) epoll_wait(0xffffffffffffffff, &(0x7f0000001f80)=[{}], 0x1, 0x0) 377.115699ms ago: executing program 2 (id=1715): ioctl$AUTOFS_IOC_SETTIMEOUT(0xffffffffffffffff, 0x80049367, 0x0) 225.203986ms ago: executing program 2 (id=1716): r0 = socket(0xa, 0x2, 0x0) getsockopt$inet6_mtu(r0, 0x29, 0x43, 0x0, 0x0) 224.917869ms ago: executing program 0 (id=1717): r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, &(0x7f0000002080)={'filter\x00', 0x4, "95b3e805"}, &(0x7f0000002180)=0x28) 224.82373ms ago: executing program 1 (id=1718): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) write$binfmt_script(r0, 0x0, 0x0) 116.67687ms ago: executing program 2 (id=1719): setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_NEW(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x34, 0x0, 0x7, 0x801, 0x0, 0x0, {}, [@NFACCT_NAME={0x9, 0x1, 'syz1\x00'}, @NFACCT_QUOTA={0xc}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}]}, 0x34}}, 0x0) 81.41916ms ago: executing program 0 (id=1720): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_GET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x2c, r1, 0xc713c3d5eb981f8f, 0x0, 0x0, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}]}]}, 0x2c}}, 0x0) 22.55365ms ago: executing program 1 (id=1721): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000003c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x0) r1 = epoll_create(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x4) writev(r2, &(0x7f0000000080)=[{&(0x7f0000000200)="a10100001500add427323b470c45b4560a067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x1a1}], 0x1) connect$inet6(r0, &(0x7f0000000780)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) 0s ago: executing program 2 (id=1722): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'veth1_to_batadv\x00', 0x0}) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000100)={@local, 0x0, r1}) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f0000000140)={@mcast2, @mcast1, @private2}) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000540)={@rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4400046, r1}) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00', 0x0}) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet6_SIOCADDRT(r6, 0x890b, &(0x7f0000000540)={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, r5}) kernel console output (not intermixed with test programs): miscuous mode [ 119.916014][ T57] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.947475][ T57] bridge_slave_0: left allmulticast mode [ 119.955490][ T57] bridge_slave_0: left promiscuous mode [ 119.979022][ T57] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.366941][ T5094] Bluetooth: hci0: command tx timeout [ 120.507251][ T6557] netlink: 129384 bytes leftover after parsing attributes in process `syz.4.369'. [ 120.756946][ T5094] Bluetooth: hci1: command tx timeout [ 120.772388][ T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 120.792438][ T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 120.815561][ T57] bond0 (unregistering): Released all slaves [ 121.096165][ T6564] netlink: 4 bytes leftover after parsing attributes in process `syz.0.372'. [ 121.224119][ T6383] hsr_slave_0: entered promiscuous mode [ 121.272148][ T6383] hsr_slave_1: entered promiscuous mode [ 121.329269][ T6383] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 121.364265][ T6573] TCP: TCP_TX_DELAY enabled [ 121.371046][ T6383] Cannot create hsr debugfs directory [ 121.717297][ T6577] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 121.756269][ T6577] netlink: 60 bytes leftover after parsing attributes in process `syz.0.376'. [ 121.874646][ T57] hsr_slave_0: left promiscuous mode [ 121.893343][ T57] hsr_slave_1: left promiscuous mode [ 121.910559][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 121.921427][ T57] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 121.930870][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 121.938629][ T57] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 121.981511][ T57] veth1_macvtap: left promiscuous mode [ 121.992966][ T57] veth0_macvtap: left promiscuous mode [ 122.000239][ T57] veth1_vlan: left promiscuous mode [ 122.006314][ T57] veth0_vlan: left promiscuous mode [ 122.253521][ T6591] netlink: 129384 bytes leftover after parsing attributes in process `syz.2.380'. [ 122.586082][ T6596] netlink: 4 bytes leftover after parsing attributes in process `syz.2.381'. [ 122.685172][ T57] team0 (unregistering): Port device team_slave_1 removed [ 122.727710][ T57] team0 (unregistering): Port device team_slave_0 removed [ 123.176350][ T6577] netlink: 4 bytes leftover after parsing attributes in process `syz.0.376'. [ 123.227076][ T6581] syzkaller1: entered promiscuous mode [ 123.236077][ T6581] syzkaller1: entered allmulticast mode [ 123.304366][ T6595] netlink: 1 bytes leftover after parsing attributes in process `syz.2.381'. [ 123.317006][ T6595] netlink: 1 bytes leftover after parsing attributes in process `syz.2.381'. [ 123.884680][ T6613] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 124.000424][ T6620] netlink: 'syz.2.390': attribute type 9 has an invalid length. [ 124.030627][ T6620] netlink: 'syz.2.390': attribute type 7 has an invalid length. [ 124.044760][ T6620] netlink: 'syz.2.390': attribute type 8 has an invalid length. [ 124.306145][ T6633] tipc: Resetting bearer [ 124.314368][ T6633] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.322384][ T6633] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.008683][ T6650] team0: Device macvtap1 is already an upper device of the team interface [ 125.411765][ T6676] netlink: 'syz.0.400': attribute type 10 has an invalid length. [ 125.506341][ T6676] team0: Device hsr_slave_1 failed to register rx_handler [ 125.523455][ T6679] netlink: 'syz.2.402': attribute type 9 has an invalid length. [ 125.554878][ T6679] netlink: 'syz.2.402': attribute type 7 has an invalid length. [ 125.580453][ T6679] netlink: 'syz.2.402': attribute type 8 has an invalid length. [ 125.836332][ T6391] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 125.881218][ T6391] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 125.929220][ T6391] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 126.030110][ T6391] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 126.041644][ T6707] netlink: 'syz.4.405': attribute type 23 has an invalid length. [ 126.256853][ T6710] netlink: 1 bytes leftover after parsing attributes in process `syz.0.406'. [ 126.273645][ T6710] netlink: 1 bytes leftover after parsing attributes in process `syz.0.406'. [ 126.320269][ T6383] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 126.339589][ T6710] netlink: 4 bytes leftover after parsing attributes in process `syz.0.406'. [ 126.386655][ T6383] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 126.426441][ T6383] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 126.517694][ T6383] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 126.741723][ T6721] Cannot find del_set index 0 as target [ 126.982574][ T6391] 8021q: adding VLAN 0 to HW filter on device bond0 [ 127.035380][ T6383] 8021q: adding VLAN 0 to HW filter on device bond0 [ 127.144958][ T6391] 8021q: adding VLAN 0 to HW filter on device team0 [ 127.201954][ T6731] netlink: 24 bytes leftover after parsing attributes in process `syz.0.413'. [ 127.223235][ T6383] 8021q: adding VLAN 0 to HW filter on device team0 [ 127.232779][ T6733] netlink: 12 bytes leftover after parsing attributes in process `syz.2.412'. [ 127.252283][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.259569][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 127.369295][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.376634][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 127.414256][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.421742][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 127.442537][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.449787][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 127.548063][ T6749] netlink: 4 bytes leftover after parsing attributes in process `syz.0.414'. [ 127.655292][ T6391] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 127.691977][ T6391] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 128.125889][ T6771] netlink: 4 bytes leftover after parsing attributes in process `syz.4.419'. [ 128.171431][ T6771] netlink: 12 bytes leftover after parsing attributes in process `syz.4.419'. [ 128.339583][ T6776] bridge1: entered promiscuous mode [ 128.344987][ T6776] vlan2: entered promiscuous mode [ 128.372398][ T6776] bridge1: port 1(vlan2) entered blocking state [ 128.442763][ T6776] bridge1: port 1(vlan2) entered disabled state [ 128.457451][ T6776] vlan2: entered allmulticast mode [ 128.462797][ T6776] bridge1: entered allmulticast mode [ 128.486000][ T6776] vlan2: left allmulticast mode [ 128.493787][ T6776] bridge1: left allmulticast mode [ 128.543825][ T6776] bridge1: left promiscuous mode [ 128.618472][ T6791] xt_addrtype: both incoming and outgoing interface limitation cannot be selected [ 128.735438][ T6391] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 128.807494][ T6383] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 129.121784][ T6383] veth0_vlan: entered promiscuous mode [ 129.152007][ T6391] veth0_vlan: entered promiscuous mode [ 129.215427][ T6383] veth1_vlan: entered promiscuous mode [ 129.272217][ T6391] veth1_vlan: entered promiscuous mode [ 129.377500][ T6818] netlink: 129384 bytes leftover after parsing attributes in process `syz.4.432'. [ 129.408029][ T6383] veth0_macvtap: entered promiscuous mode [ 129.430452][ T6383] veth1_macvtap: entered promiscuous mode [ 129.452585][ T6391] veth0_macvtap: entered promiscuous mode [ 129.476228][ T6391] veth1_macvtap: entered promiscuous mode [ 129.534936][ T6383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.550893][ T6383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.566067][ T6383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.583350][ T6383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.601610][ T6383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.626947][ T6383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.654174][ T6383] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 129.685088][ T6391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.702160][ T6391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.712905][ T6391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.728616][ T6391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.738923][ T6391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.752181][ T6391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.764816][ T6391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.779090][ T6391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.792376][ T6391] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 129.804231][ T6383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.821924][ T6383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.832192][ T6383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.849806][ T6383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.862652][ T6383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.873782][ T6383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.891497][ T6383] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 129.965490][ T6391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.017137][ T6391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.035059][ T6391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.050682][ T6391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.066216][ T6391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.077714][ T6391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.088300][ T6391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.104557][ T6391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.143952][ T6391] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 130.162635][ T6383] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.209697][ T6383] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.258926][ T6383] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.280567][ T6383] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.311980][ T6848] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: invalid value (129) [ 130.324118][ T6852] netlink: 4 bytes leftover after parsing attributes in process `syz.2.438'. [ 130.429220][ T6391] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.461141][ T6391] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.484101][ T6391] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.505607][ T6391] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.533913][ T6852] bridge3: entered promiscuous mode [ 130.542262][ T6852] vlan2: entered promiscuous mode [ 130.552348][ T6852] bridge3: port 1(vlan2) entered blocking state [ 130.560566][ T6852] bridge3: port 1(vlan2) entered disabled state [ 130.570195][ T6852] vlan2: entered allmulticast mode [ 130.575507][ T6852] bridge3: entered allmulticast mode [ 130.585011][ T6852] vlan2: left allmulticast mode [ 130.590461][ T6852] bridge3: left allmulticast mode [ 130.602289][ T6852] bridge3: left promiscuous mode [ 131.012558][ T2800] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 131.045740][ T2800] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 131.155262][ T3906] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 131.193817][ T2800] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 131.197953][ T3906] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 131.241418][ T2800] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 131.364641][ T6882] netlink: 'syz.2.443': attribute type 4 has an invalid length. [ 131.453287][ T6884] netlink: 'syz.2.443': attribute type 4 has an invalid length. [ 131.465301][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 131.501951][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 131.722031][ T6900] sctp: [Deprecated]: syz.4.447 (pid 6900) Use of int in maxseg socket option. [ 131.722031][ T6900] Use struct sctp_assoc_value instead [ 131.747237][ T6897] erspan0: entered promiscuous mode [ 131.810651][ T6897] erspan0: left promiscuous mode [ 131.924025][ T6908] __nla_validate_parse: 4 callbacks suppressed [ 131.924048][ T6908] netlink: 4 bytes leftover after parsing attributes in process `syz.3.328'. [ 131.957737][ T6913] netlink: 'syz.3.328': attribute type 10 has an invalid length. [ 132.053225][ T6913] batman_adv: batadv0: Adding interface: team0 [ 132.080705][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::ffff:172.20.20.170]:2. Sending cookies. [ 132.191369][ T6913] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 132.233219][ T6913] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 132.264005][ T6916] bond0: entered promiscuous mode [ 132.280179][ T6916] bond_slave_0: entered promiscuous mode [ 132.296997][ T6916] bond_slave_1: entered promiscuous mode [ 132.326049][ T6920] netlink: 4 bytes leftover after parsing attributes in process `syz.2.450'. [ 132.347937][ T6908] netlink: 'syz.3.328': attribute type 10 has an invalid length. [ 132.366135][ T6908] netlink: 2 bytes leftover after parsing attributes in process `syz.3.328'. [ 132.376680][ T6908] team0: entered promiscuous mode [ 132.393425][ T6908] team_slave_0: entered promiscuous mode [ 132.410093][ T6908] team_slave_1: entered promiscuous mode [ 132.432043][ T6908] 8021q: adding VLAN 0 to HW filter on device team0 [ 132.451591][ T6908] batman_adv: batadv0: Interface activated: team0 [ 132.491871][ T6908] batman_adv: batadv0: Interface deactivated: team0 [ 132.509126][ T6908] batman_adv: batadv0: Removing interface: team0 [ 132.527813][ T6908] bridge0: port 3(team0) entered blocking state [ 132.536495][ T6908] bridge0: port 3(team0) entered disabled state [ 132.583174][ T6908] team0: entered allmulticast mode [ 132.607839][ T6908] team_slave_0: entered allmulticast mode [ 132.635015][ T6908] team_slave_1: entered allmulticast mode [ 132.653730][ T6908] bridge0: port 3(team0) entered blocking state [ 132.660238][ T6908] bridge0: port 3(team0) entered forwarding state [ 132.670594][ T6927] netlink: 12 bytes leftover after parsing attributes in process `syz.2.450'. [ 132.742348][ T6929] bridge4: entered promiscuous mode [ 132.772102][ T6929] vlan2: entered promiscuous mode [ 132.833362][ T6929] bridge4: port 1(vlan2) entered blocking state [ 132.881545][ T6929] bridge4: port 1(vlan2) entered disabled state [ 132.900773][ T6929] vlan2: entered allmulticast mode [ 132.915845][ T6929] bridge4: entered allmulticast mode [ 132.943301][ T6929] vlan2: left allmulticast mode [ 132.946866][ T6960] netlink: 4 bytes leftover after parsing attributes in process `syz.3.458'. [ 132.955201][ T6929] bridge4: left allmulticast mode [ 132.988573][ T6929] bridge4: left promiscuous mode [ 133.068926][ T6930] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 133.076784][ T6930] IPv6: NLM_F_CREATE should be set when creating new route [ 133.155712][ T6959] netlink: 'syz.4.459': attribute type 4 has an invalid length. [ 133.167445][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.273454][ T6962] netlink: 'syz.4.459': attribute type 4 has an invalid length. [ 133.723050][ T6989] netlink: 20 bytes leftover after parsing attributes in process `syz.1.465'. [ 133.804869][ T6989] netlink: 4 bytes leftover after parsing attributes in process `syz.1.465'. [ 133.848567][ T6989] netlink: 12 bytes leftover after parsing attributes in process `syz.1.465'. [ 134.139496][ T7016] netlink: 'syz.3.471': attribute type 1 has an invalid length. [ 134.562478][ T7038] Bluetooth: MGMT ver 1.22 [ 134.687032][ T7039] netlink: 28 bytes leftover after parsing attributes in process `syz.0.478'. [ 134.738551][ T7039] netlink: 24 bytes leftover after parsing attributes in process `syz.0.478'. [ 134.940878][ T7055] netlink: 'syz.1.482': attribute type 16 has an invalid length. [ 135.561954][ T7083] netlink: 'syz.0.490': attribute type 4 has an invalid length. [ 135.625774][ T7088] netlink: 'syz.0.490': attribute type 4 has an invalid length. [ 136.473400][ T7118] netlink: 'syz.1.498': attribute type 21 has an invalid length. [ 136.506831][ T7118] netlink: 'syz.1.498': attribute type 20 has an invalid length. [ 136.536647][ T7124] netlink: 'syz.2.496': attribute type 10 has an invalid length. [ 136.650047][ T7124] team0: Port device dummy0 added [ 137.363401][ T7164] tipc: Resetting bearer [ 137.478194][ T7172] erspan0: entered promiscuous mode [ 137.526344][ T7172] erspan0: left promiscuous mode [ 137.662655][ T7177] __nla_validate_parse: 7 callbacks suppressed [ 137.662676][ T7177] netlink: 4 bytes leftover after parsing attributes in process `syz.2.513'. [ 137.708409][ T7180] netlink: 12 bytes leftover after parsing attributes in process `syz.2.513'. [ 137.869571][ T7184] netlink: 1 bytes leftover after parsing attributes in process `syz.1.516'. [ 137.886454][ T7184] netlink: 1 bytes leftover after parsing attributes in process `syz.1.516'. [ 137.897640][ T7188] netlink: 16 bytes leftover after parsing attributes in process `syz.4.515'. [ 137.922258][ T7184] netlink: 4 bytes leftover after parsing attributes in process `syz.1.516'. [ 137.968779][ T7189] netlink: 'syz.3.517': attribute type 3 has an invalid length. [ 137.976985][ T7189] netlink: 'syz.3.517': attribute type 11 has an invalid length. [ 137.997387][ T7189] netlink: 128512 bytes leftover after parsing attributes in process `syz.3.517'. [ 138.084258][ T7195] netlink: 4 bytes leftover after parsing attributes in process `syz.2.513'. [ 138.335780][ T7203] netlink: 'syz.3.520': attribute type 8 has an invalid length. [ 138.584806][ T7216] netlink: 132 bytes leftover after parsing attributes in process `syz.3.525'. [ 138.633043][ T7221] netlink: 4 bytes leftover after parsing attributes in process `syz.0.527'. [ 138.700048][ T7223] netlink: 'syz.1.528': attribute type 1 has an invalid length. [ 138.779617][ T7221] bridge3: entered promiscuous mode [ 138.803760][ T7221] vlan0: entered promiscuous mode [ 138.822834][ T7221] bridge3: port 1(vlan0) entered blocking state [ 138.855654][ T7221] bridge3: port 1(vlan0) entered disabled state [ 138.862516][ T7221] vlan0: entered allmulticast mode [ 138.870376][ T7221] bridge3: entered allmulticast mode [ 138.899789][ T7221] vlan0: left allmulticast mode [ 138.931605][ T7221] bridge3: left allmulticast mode [ 138.978503][ T7221] bridge3: left promiscuous mode [ 139.052792][ T7233] netlink: 'syz.3.531': attribute type 3 has an invalid length. [ 139.104555][ T7233] netlink: 'syz.3.531': attribute type 11 has an invalid length. [ 140.445899][ T4490] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 140.460345][ T4490] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 140.469669][ T4490] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 140.482990][ T4490] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 140.502636][ T4490] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 140.510478][ T4490] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 140.690916][ T80] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.813922][ T7296] bridge2: entered promiscuous mode [ 140.829688][ T7296] vlan2: entered promiscuous mode [ 140.866257][ T7296] bridge2: port 1(vlan2) entered blocking state [ 140.880618][ T7296] bridge2: port 1(vlan2) entered disabled state [ 140.889873][ T7296] vlan2: entered allmulticast mode [ 140.895402][ T7296] bridge2: entered allmulticast mode [ 140.915319][ T7296] vlan2: left allmulticast mode [ 140.922342][ T7296] bridge2: left allmulticast mode [ 140.934691][ T7296] bridge2: left promiscuous mode [ 140.973957][ T7291] netlink: 'syz.0.546': attribute type 4 has an invalid length. [ 140.998183][ T7294] netlink: 'syz.0.546': attribute type 4 has an invalid length. [ 141.130217][ T80] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.483248][ T80] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.522289][ T29] audit: type=1800 audit(1719504218.559:9): pid=7317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.551" name="memory.events" dev="sda1" ino=1952 res=0 errno=0 [ 141.555101][ T29] audit: type=1804 audit(1719504218.559:10): pid=7317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.551" name="/root/syzkaller.w2Z27i/131/memory.events" dev="sda1" ino=1952 res=1 errno=0 [ 141.611327][ T29] audit: type=1804 audit(1719504218.559:11): pid=7317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.551" name="/root/syzkaller.w2Z27i/131/memory.events" dev="sda1" ino=1952 res=1 errno=0 [ 141.621826][ T7314] netlink: 'syz.0.553': attribute type 4 has an invalid length. [ 141.667290][ T29] audit: type=1804 audit(1719504218.559:12): pid=7317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.551" name="/root/syzkaller.w2Z27i/131/memory.events" dev="sda1" ino=1952 res=1 errno=0 [ 141.746589][ T29] audit: type=1804 audit(1719504218.579:13): pid=7317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.551" name="/root/syzkaller.w2Z27i/131/memory.events" dev="sda1" ino=1952 res=1 errno=0 [ 141.774239][ T7318] netlink: 'syz.0.553': attribute type 4 has an invalid length. [ 141.774293][ T29] audit: type=1804 audit(1719504218.579:14): pid=7317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.551" name="/root/syzkaller.w2Z27i/131/memory.events" dev="sda1" ino=1952 res=1 errno=0 [ 141.861511][ T80] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.083533][ T7337] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 142.131296][ T7339] vxlan0: entered allmulticast mode [ 142.187956][ T7334] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 142.298762][ T7286] chnl_net:caif_netlink_parms(): no params data found [ 142.445001][ T7347] bridge1: entered promiscuous mode [ 142.451724][ T7347] vlan2: entered promiscuous mode [ 142.463361][ T7347] bridge1: port 1(vlan2) entered blocking state [ 142.472844][ T7347] bridge1: port 1(vlan2) entered disabled state [ 142.483392][ T7347] vlan2: entered allmulticast mode [ 142.494305][ T7347] bridge1: entered allmulticast mode [ 142.514065][ T7347] vlan2: left allmulticast mode [ 142.557290][ T7347] bridge1: left allmulticast mode [ 142.580716][ T7347] bridge1: left promiscuous mode [ 142.598480][ T4490] Bluetooth: hci0: command tx timeout [ 142.702154][ T80] bridge_slave_1: left allmulticast mode [ 142.721266][ T80] bridge_slave_1: left promiscuous mode [ 142.741866][ T80] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.876829][ T80] bridge_slave_0: left allmulticast mode [ 142.882546][ T80] bridge_slave_0: left promiscuous mode [ 142.903785][ T80] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.226291][ T7378] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 143.451955][ T7383] __nla_validate_parse: 10 callbacks suppressed [ 143.451980][ T7383] netlink: 24 bytes leftover after parsing attributes in process `syz.0.568'. [ 143.750929][ T7381] netlink: 8 bytes leftover after parsing attributes in process `syz.0.568'. [ 144.317620][ T80] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 144.366121][ T80] bond_slave_0: left promiscuous mode [ 144.407282][ T80] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 144.431313][ T80] bond_slave_1: left promiscuous mode [ 144.455825][ T80] bond0 (unregistering): Released all slaves [ 144.478371][ T7405] netlink: 16 bytes leftover after parsing attributes in process `syz.2.576'. [ 144.538954][ T7375] netlink: 24 bytes leftover after parsing attributes in process `syz.3.567'. [ 144.683594][ T4490] Bluetooth: hci0: command tx timeout [ 144.711984][ T7406] wg2: entered promiscuous mode [ 144.737493][ T7406] wg2: entered allmulticast mode [ 144.785218][ T7410] netlink: 8 bytes leftover after parsing attributes in process `syz.2.577'. [ 144.794493][ T7410] block nbd0: not configured, cannot reconfigure [ 145.147279][ T7286] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.175900][ T7286] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.206464][ T7286] bridge_slave_0: entered allmulticast mode [ 145.214198][ T7286] bridge_slave_0: entered promiscuous mode [ 145.347080][ T7286] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.354340][ T7286] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.408714][ T7286] bridge_slave_1: entered allmulticast mode [ 145.453349][ T7286] bridge_slave_1: entered promiscuous mode [ 145.614949][ T7436] netlink: 'syz.0.584': attribute type 10 has an invalid length. [ 145.627287][ T7436] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 145.656927][ T7436] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 145.718885][ T7436] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 145.995580][ T7451] vlan2: entered promiscuous mode [ 146.011124][ T7451] macvtap0: entered promiscuous mode [ 146.018397][ T7451] vlan2: entered allmulticast mode [ 146.023699][ T7451] macvtap0: entered allmulticast mode [ 146.031485][ T7451] veth0_macvtap: entered allmulticast mode [ 146.057749][ T7451] macvtap0: left allmulticast mode [ 146.064130][ T7451] veth0_macvtap: left allmulticast mode [ 146.077225][ T7451] macvtap0: left promiscuous mode [ 146.111952][ T7461] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 146.165862][ T7286] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 146.196408][ T80] hsr_slave_0: left promiscuous mode [ 146.225441][ T80] hsr_slave_1: left promiscuous mode [ 146.249475][ T80] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 146.265080][ T80] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 146.288873][ T80] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 146.315161][ T80] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 146.370656][ T80] veth1_macvtap: left promiscuous mode [ 146.376274][ T80] veth0_macvtap: left promiscuous mode [ 146.385212][ T80] veth1_vlan: left promiscuous mode [ 146.391233][ T80] veth0_vlan: left promiscuous mode [ 146.757076][ T4490] Bluetooth: hci0: command tx timeout [ 147.015916][ T80] team0 (unregistering): Port device team_slave_1 removed [ 147.062461][ T80] team0 (unregistering): Port device team_slave_0 removed [ 147.512747][ T7455] netlink: 24 bytes leftover after parsing attributes in process `syz.0.588'. [ 147.562909][ T7286] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 147.741727][ T7286] team0: Port device team_slave_0 added [ 147.801123][ T7286] team0: Port device team_slave_1 added [ 147.836965][ T29] audit: type=1107 audit(1719504224.869:15): pid=7478 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='ÿϹÆûò0V‹èªÇ]¶•Á˜çêr½­¿{±« [ 147.836965][ T29] _EèK«õ¸=ßsÆýŽµ'ç˜á`ª[À‘“*n³.C•¥ÝBƒ~·mÎz¢ À6ÏàìáPwzU•síq^Š_ã©™¤*9÷ä4ß÷¥û [ 147.836965][ T29] #Å @rT! ð¹”j¥PÙ‹è`eñæŸÆ׳oÁ®ä÷.«)ïU¡D%µ³6TÎ;ÊèšÎÒ¼’(ë[s&§„€Ô×óå~2~Ì­xSdê,2†/C­D¥ µGô™‚¢µ¡¦&ÿÕ=¶x©è Ž>Œ¬!0e‰nø½–??“¤ÿåtoèéòÅt½^— º—O>´–ÕOo„\2µxdþ†À$ª“yƒiý$ÈÖLÞÁB±’çLc š¼‰Ì3cð±[8(Á/|HlB /µ(_µxK,Ll-d€¨˜¼_Ÿåƒ­WãBf º³»Å¶ÛŒ3iÝ/xK:†Ž3éJ8ÌEæX!}ËšÜ18¾u"Ó¼ê“VEL£9·ÃC†êèuÑì5”*ÈH`­h¤ÂÒÍ|ˆsŠ‹·^Qï‚H\(Å\FäEþn ]¼…©N8ö>?j,—]½ÃÆû¹›Õ¦wpåÑY­Ž.RŠB:ÀŒößòŽ°Ž\RT(Úþ7ÒóXº´(]ècÐbÂú£hÇÖ3 ×a°öŽ<úœ¼1Û ø-b ¥0a‹FkàòËO=HIá9!mk¢ [ 147.836965][ T29] €òìÑcQkĬÜ7b Ôp«Bï}W­~#ð7òÚµ¥"#)[jÜU/Ña¨ºe [ 147.891669][ T7486] netlink: 129384 bytes leftover after parsing attributes in process `syz.0.595'. [ 148.039282][ T7490] netlink: 5920 bytes leftover after parsing attributes in process `syz.2.593'. [ 148.065280][ T7490] netlink: 12 bytes leftover after parsing attributes in process `syz.2.593'. [ 148.086318][ T7490] netlink: 5920 bytes leftover after parsing attributes in process `syz.2.593'. [ 148.247688][ T7286] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 148.254706][ T7286] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.290856][ T29] audit: type=1804 audit(1719504225.309:16): pid=7497 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.599" name="/root/syzkaller.kM7LqH/165/cgroup.controllers" dev="sda1" ino=1965 res=1 errno=0 [ 148.378219][ T7286] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 148.476256][ T7286] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 148.547233][ T7286] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.626861][ T7286] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 148.937958][ T7286] hsr_slave_0: entered promiscuous mode [ 148.963318][ T7286] hsr_slave_1: entered promiscuous mode [ 149.147034][ T7521] netlink: 104 bytes leftover after parsing attributes in process `syz.4.603'. [ 149.460007][ T7543] netlink: 'syz.0.607': attribute type 1 has an invalid length. [ 149.741033][ T7554] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 149.775697][ T7546] netlink: 24 bytes leftover after parsing attributes in process `syz.2.611'. [ 149.806328][ T7560] netlink: 'syz.4.610': attribute type 4 has an invalid length. [ 149.930912][ T7548] netlink: 'syz.4.610': attribute type 4 has an invalid length. [ 150.166002][ T7564] syzkaller1: entered promiscuous mode [ 150.187016][ T7564] syzkaller1: entered allmulticast mode [ 150.499303][ T7576] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 150.661523][ T7589] trusted_key: syz.0.618 sent an empty control message without MSG_MORE. [ 150.755620][ T7286] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 150.799784][ T7286] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 150.974140][ T7591] netlink: 104 bytes leftover after parsing attributes in process `syz.2.619'. [ 150.983662][ T7286] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 151.049583][ T7286] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 151.515254][ T7286] 8021q: adding VLAN 0 to HW filter on device bond0 [ 151.597485][ T7286] 8021q: adding VLAN 0 to HW filter on device team0 [ 151.643005][ T5140] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.650235][ T5140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 151.875221][ T5140] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.882535][ T5140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 152.584845][ T7646] netlink: 'syz.4.630': attribute type 9 has an invalid length. [ 152.611402][ T7646] netlink: 'syz.4.630': attribute type 7 has an invalid length. [ 152.632665][ T7646] netlink: 'syz.4.630': attribute type 8 has an invalid length. [ 152.644140][ T7286] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 152.832487][ T7286] veth0_vlan: entered promiscuous mode [ 152.879781][ T7286] veth1_vlan: entered promiscuous mode [ 153.012135][ T7655] netlink: 4 bytes leftover after parsing attributes in process `syz.4.632'. [ 153.037095][ T7286] veth0_macvtap: entered promiscuous mode [ 153.079405][ T7286] veth1_macvtap: entered promiscuous mode [ 153.115951][ T7655] netlink: 4 bytes leftover after parsing attributes in process `syz.4.632'. [ 153.178059][ T7286] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.198386][ T7286] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.215557][ T7286] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.247755][ T7286] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.300546][ T7286] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.337882][ T7286] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.391627][ T7286] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 153.522419][ T7286] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 153.552662][ T7680] netlink: 'syz.2.636': attribute type 9 has an invalid length. [ 153.555595][ T7286] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.575618][ T7680] netlink: 'syz.2.636': attribute type 7 has an invalid length. [ 153.592897][ T7286] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 153.595041][ T7680] netlink: 'syz.2.636': attribute type 8 has an invalid length. [ 153.619971][ T7286] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.646903][ T7286] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 153.675222][ T7286] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.701797][ T7286] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 153.733107][ T7286] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.754929][ T7286] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 153.861467][ T7286] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.907051][ T7286] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.948982][ T7286] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.002668][ T7286] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.217347][ T7686] netlink: 104 bytes leftover after parsing attributes in process `syz.2.637'. [ 154.596090][ T7710] netlink: 'syz.3.641': attribute type 9 has an invalid length. [ 154.604217][ T7710] netlink: 'syz.3.641': attribute type 7 has an invalid length. [ 154.629093][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 154.635035][ T7710] netlink: 'syz.3.641': attribute type 8 has an invalid length. [ 154.666685][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 154.696391][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 154.705084][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 155.350255][ T7734] netlink: 24 bytes leftover after parsing attributes in process `syz.3.645'. [ 155.550630][ T7745] netlink: 44 bytes leftover after parsing attributes in process `syz.2.648'. [ 155.619474][ T7745] netlink: 'syz.2.648': attribute type 1 has an invalid length. [ 155.723125][ T7752] netlink: 4 bytes leftover after parsing attributes in process `syz.4.651'. [ 155.848939][ T7752] netlink: 12 bytes leftover after parsing attributes in process `syz.4.651'. [ 156.090297][ T7752] bridge3: entered promiscuous mode [ 156.131754][ T7752] vlan2: entered promiscuous mode [ 156.173236][ T7752] bridge3: port 1(vlan2) entered blocking state [ 156.219713][ T7752] bridge3: port 1(vlan2) entered disabled state [ 156.278812][ T7752] vlan2: entered allmulticast mode [ 156.287515][ T7752] bridge3: entered allmulticast mode [ 156.328371][ T7752] vlan2: left allmulticast mode [ 156.380812][ T7752] bridge3: left allmulticast mode [ 156.404660][ T7752] bridge3: left promiscuous mode [ 156.553665][ T7773] netlink: 4 bytes leftover after parsing attributes in process `syz.0.655'. [ 156.571220][ T7776] netlink: 12 bytes leftover after parsing attributes in process `syz.0.655'. [ 156.621930][ T7775] netlink: 'syz.1.656': attribute type 4 has an invalid length. [ 156.703023][ T7782] bridge4: entered promiscuous mode [ 156.739974][ T7782] vlan0: entered promiscuous mode [ 156.762897][ T7782] bridge4: port 1(vlan0) entered blocking state [ 156.779043][ T7782] bridge4: port 1(vlan0) entered disabled state [ 156.799671][ T7782] vlan0: entered allmulticast mode [ 156.820570][ T7782] bridge4: entered allmulticast mode [ 156.854395][ T7782] vlan0: left allmulticast mode [ 156.881508][ T7782] bridge4: left allmulticast mode [ 156.899552][ T7782] bridge4: left promiscuous mode [ 156.925554][ T7803] netlink: 'syz.2.661': attribute type 3 has an invalid length. [ 157.014282][ T7779] netlink: 'syz.1.656': attribute type 4 has an invalid length. [ 157.041337][ T7783] netlink: 'syz.3.657': attribute type 4 has an invalid length. [ 157.120309][ T7786] netlink: 'syz.3.657': attribute type 4 has an invalid length. [ 157.387430][ T7818] netlink: 'syz.3.664': attribute type 9 has an invalid length. [ 157.484808][ T7825] netlink: 24 bytes leftover after parsing attributes in process `syz.2.665'. [ 157.683528][ T7822] netlink: 4 bytes leftover after parsing attributes in process `syz.1.667'. [ 157.702387][ T7829] netlink: 12 bytes leftover after parsing attributes in process `syz.1.667'. [ 157.868432][ T7832] vlan2: entered promiscuous mode [ 157.908923][ T7832] caif0: entered promiscuous mode [ 158.017074][ T7832] caif0: left promiscuous mode [ 158.657751][ T7857] bridge4: entered promiscuous mode [ 158.702280][ T7857] vlan2: entered promiscuous mode [ 158.748015][ T7857] bridge4: port 1(vlan2) entered blocking state [ 158.754443][ T7857] bridge4: port 1(vlan2) entered disabled state [ 158.826961][ T7857] vlan2: entered allmulticast mode [ 158.856668][ T7857] bridge4: entered allmulticast mode [ 158.876102][ T7857] vlan2: left allmulticast mode [ 158.884711][ T7857] bridge4: left allmulticast mode [ 158.909460][ T7857] bridge4: left promiscuous mode [ 158.992832][ T7872] bridge0: port 4(gretap0) entered blocking state [ 159.026741][ T7872] bridge0: port 4(gretap0) entered disabled state [ 159.042379][ T7872] gretap0: entered allmulticast mode [ 159.068177][ T7872] gretap0: entered promiscuous mode [ 159.085101][ T7872] bridge0: port 4(gretap0) entered blocking state [ 159.092144][ T7872] bridge0: port 4(gretap0) entered forwarding state [ 159.109575][ T7868] gretap0: left allmulticast mode [ 159.114757][ T7868] gretap0: left promiscuous mode [ 159.135181][ T7868] bridge0: port 4(gretap0) entered disabled state [ 160.089520][ T7913] __nla_validate_parse: 5 callbacks suppressed [ 160.089543][ T7913] netlink: 4 bytes leftover after parsing attributes in process `syz.3.692'. [ 161.173731][ T7936] validate_nla: 7 callbacks suppressed [ 161.173753][ T7936] netlink: 'syz.1.701': attribute type 9 has an invalid length. [ 161.181543][ T7933] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 161.201300][ T7936] netlink: 'syz.1.701': attribute type 7 has an invalid length. [ 161.212118][ T7936] netlink: 'syz.1.701': attribute type 8 has an invalid length. [ 161.272677][ T7933] batadv1: entered promiscuous mode [ 161.291399][ T7933] batadv1: entered allmulticast mode [ 161.303451][ T7933] team0: Port device batadv1 added [ 161.316343][ T7931] netlink: 'syz.2.699': attribute type 4 has an invalid length. [ 161.425671][ T7934] netlink: 'syz.2.699': attribute type 4 has an invalid length. [ 161.538146][ T7947] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 161.589778][ T7947] netlink: 'syz.3.704': attribute type 10 has an invalid length. [ 161.616251][ T7947] netlink: 40 bytes leftover after parsing attributes in process `syz.3.704'. [ 161.649039][ T57] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 161.659606][ T57] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 161.672163][ T7947] batman_adv: batadv0: Adding interface: vlan1 [ 161.686982][ T7947] batman_adv: batadv0: The MTU of interface vlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 161.765074][ T7947] batman_adv: batadv0: Interface activated: vlan1 [ 162.114132][ T7963] netlink: 4 bytes leftover after parsing attributes in process `syz.2.709'. [ 162.176774][ T7963] netlink: 12 bytes leftover after parsing attributes in process `syz.2.709'. [ 162.283049][ T7965] bridge5: entered promiscuous mode [ 162.290243][ T7965] vlan2: entered promiscuous mode [ 162.316085][ T7970] netlink: 4 bytes leftover after parsing attributes in process `syz.3.707'. [ 162.325699][ T7965] bridge5: port 1(vlan2) entered blocking state [ 162.361592][ T7965] bridge5: port 1(vlan2) entered disabled state [ 162.408897][ T7965] vlan2: entered allmulticast mode [ 162.420080][ T7965] bridge5: entered allmulticast mode [ 162.443396][ T7965] vlan2: left allmulticast mode [ 162.472625][ T7965] bridge5: left allmulticast mode [ 162.493769][ T7965] bridge5: left promiscuous mode [ 163.022609][ T7979] Bluetooth: MGMT ver 1.22 [ 163.532060][ T7990] syzkaller0: entered promiscuous mode [ 163.538299][ T7990] syzkaller0: entered allmulticast mode [ 163.546401][ T7993] netlink: 'syz.3.716': attribute type 4 has an invalid length. [ 163.589114][ T7995] netlink: 'syz.3.716': attribute type 4 has an invalid length. [ 163.861048][ T8003] netlink: 80 bytes leftover after parsing attributes in process `syz.3.718'. [ 164.236400][ T8003] netlink: 68 bytes leftover after parsing attributes in process `syz.3.718'. [ 165.956155][ T8000] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.965136][ T8000] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.008582][ T8002] netlink: 'syz.3.718': attribute type 16 has an invalid length. [ 166.172786][ T8016] tun0: tun_chr_ioctl cmd 1074025680 [ 166.251387][ T8021] netlink: 4 bytes leftover after parsing attributes in process `syz.2.722'. [ 166.351582][ T8021] netlink: 12 bytes leftover after parsing attributes in process `syz.2.722'. [ 166.370050][ T8024] netlink: 8 bytes leftover after parsing attributes in process `syz.0.725'. [ 166.604855][ T8021] bridge6: entered promiscuous mode [ 166.684014][ T8021] vlan2: entered promiscuous mode [ 166.727473][ T8021] bridge6: port 1(vlan2) entered blocking state [ 166.825853][ T8021] bridge6: port 1(vlan2) entered disabled state [ 166.866985][ T8021] vlan2: entered allmulticast mode [ 166.898492][ T8021] bridge6: entered allmulticast mode [ 166.948291][ T8021] vlan2: left allmulticast mode [ 166.953267][ T8021] bridge6: left allmulticast mode [ 166.996001][ T8021] bridge6: left promiscuous mode [ 167.091681][ T8052] netlink: 134744 bytes leftover after parsing attributes in process `syz.4.733'. [ 167.103962][ T8034] netlink: 'syz.0.728': attribute type 4 has an invalid length. [ 167.139769][ T8035] netlink: 'syz.0.728': attribute type 4 has an invalid length. [ 167.205770][ T8053] bridge0: port 3(team0) entered disabled state [ 167.212731][ T8053] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.220640][ T8053] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.444487][ T8058] netlink: 80 bytes leftover after parsing attributes in process `syz.0.734'. [ 167.545580][ T8055] netlink: 'syz.0.734': attribute type 16 has an invalid length. [ 167.583661][ T8055] netlink: 68 bytes leftover after parsing attributes in process `syz.0.734'. [ 167.792420][ T8062] FAULT_INJECTION: forcing a failure. [ 167.792420][ T8062] name failslab, interval 1, probability 0, space 0, times 1 [ 167.811560][ T8062] CPU: 0 PID: 8062 Comm: syz.0.736 Not tainted 6.10.0-rc4-syzkaller-00945-gf261aa15b2ca #0 [ 167.821604][ T8062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 167.831715][ T8062] Call Trace: [ 167.835043][ T8062] [ 167.838014][ T8062] dump_stack_lvl+0x241/0x360 [ 167.842784][ T8062] ? __pfx_dump_stack_lvl+0x10/0x10 [ 167.848034][ T8062] ? __pfx__printk+0x10/0x10 [ 167.852654][ T8062] ? ref_tracker_alloc+0x332/0x490 [ 167.857807][ T8062] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 167.863309][ T8062] should_fail_ex+0x3b0/0x4e0 [ 167.868097][ T8062] ? skb_clone+0x20c/0x390 [ 167.872530][ T8062] should_failslab+0x9/0x20 [ 167.877055][ T8062] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 167.882452][ T8062] skb_clone+0x20c/0x390 [ 167.886725][ T8062] __netlink_deliver_tap+0x3cc/0x7c0 [ 167.892046][ T8062] ? netlink_deliver_tap+0x2e/0x1b0 [ 167.897256][ T8062] netlink_deliver_tap+0x19d/0x1b0 [ 167.902385][ T8062] netlink_sendskb+0x68/0x140 [ 167.907173][ T8062] netlink_unicast+0x39d/0x990 [ 167.911955][ T8062] ? __asan_memcpy+0x40/0x70 [ 167.916571][ T8062] ? __pfx_netlink_unicast+0x10/0x10 [ 167.921983][ T8062] netlink_rcv_skb+0x262/0x430 [ 167.926763][ T8062] ? __pfx_genl_rcv_msg+0x10/0x10 [ 167.931891][ T8062] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 167.937208][ T8062] ? __netlink_deliver_tap+0x77e/0x7c0 [ 167.942726][ T8062] genl_rcv+0x28/0x40 [ 167.946734][ T8062] netlink_unicast+0x7f0/0x990 [ 167.951624][ T8062] ? __pfx_netlink_unicast+0x10/0x10 [ 167.956932][ T8062] ? __virt_addr_valid+0x183/0x520 [ 167.962062][ T8062] ? __check_object_size+0x49c/0x900 [ 167.967454][ T8062] ? bpf_lsm_netlink_send+0x9/0x10 [ 167.972590][ T8062] netlink_sendmsg+0x8e4/0xcb0 [ 167.977387][ T8062] ? __pfx_netlink_sendmsg+0x10/0x10 [ 167.982712][ T8062] ? __import_iovec+0x536/0x820 [ 167.987578][ T8062] ? aa_sock_msg_perm+0x91/0x160 [ 167.992538][ T8062] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 167.997835][ T8062] ? security_socket_sendmsg+0x87/0xb0 [ 168.003314][ T8062] ? __pfx_netlink_sendmsg+0x10/0x10 [ 168.008644][ T8062] __sock_sendmsg+0x221/0x270 [ 168.013428][ T8062] ____sys_sendmsg+0x525/0x7d0 [ 168.018220][ T8062] ? __pfx_____sys_sendmsg+0x10/0x10 [ 168.023564][ T8062] __sys_sendmsg+0x2b0/0x3a0 [ 168.028200][ T8062] ? __pfx___sys_sendmsg+0x10/0x10 [ 168.033330][ T8062] ? vfs_write+0x7c4/0xc90 [ 168.037807][ T8062] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 168.044151][ T8062] ? do_syscall_64+0x100/0x230 [ 168.048945][ T8062] ? do_syscall_64+0xb6/0x230 [ 168.053640][ T8062] do_syscall_64+0xf3/0x230 [ 168.058161][ T8062] ? clear_bhb_loop+0x35/0x90 [ 168.062849][ T8062] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.068775][ T8062] RIP: 0033:0x7f9beed75ae9 [ 168.073215][ T8062] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 168.092838][ T8062] RSP: 002b:00007f9befa66048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 168.101279][ T8062] RAX: ffffffffffffffda RBX: 00007f9beef03fa0 RCX: 00007f9beed75ae9 [ 168.109278][ T8062] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000003 [ 168.117274][ T8062] RBP: 00007f9befa660a0 R08: 0000000000000000 R09: 0000000000000000 [ 168.125263][ T8062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 168.133249][ T8062] R13: 000000000000000b R14: 00007f9beef03fa0 R15: 00007ffdcfc040f8 [ 168.141256][ T8062] [ 168.327486][ T8072] netlink: 8 bytes leftover after parsing attributes in process `syz.3.738'. [ 169.027105][ T8099] netlink: 4 bytes leftover after parsing attributes in process `syz.0.749'. [ 169.483624][ T8109] netlink: 8 bytes leftover after parsing attributes in process `syz.2.752'. [ 169.575189][ T8111] unknown channel width for channel at 909000KHz? [ 169.773944][ T8116] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 169.781387][ T8116] IPv6: NLM_F_CREATE should be set when creating new route [ 170.034782][ T8125] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 170.473334][ T8141] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 170.568619][ T8141] team0: Device ipvlan2 is already an upper device of the team interface [ 170.760379][ T8152] netlink: 'syz.0.765': attribute type 4 has an invalid length. [ 170.827494][ T8155] netlink: 'syz.0.765': attribute type 4 has an invalid length. [ 171.178126][ T8170] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.185945][ T8170] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.234104][ T8169] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 171.241480][ T8169] IPv6: NLM_F_CREATE should be set when creating new route [ 171.267656][ T8174] veth1_vlan: left promiscuous mode [ 171.321054][ T8174] netlink: 'syz.0.769': attribute type 1 has an invalid length. [ 171.381620][ T8174] netlink: 'syz.0.769': attribute type 2 has an invalid length. [ 171.421961][ T8178] netlink: 'syz.4.771': attribute type 4 has an invalid length. [ 171.463327][ T8174] netlink: 112 bytes leftover after parsing attributes in process `syz.0.769'. [ 171.477190][ T8174] tipc: Started in network mode [ 171.496735][ T8174] tipc: Node identity aaaaaaaaaa0c, cluster identity 4711 [ 171.525983][ T8174] tipc: Enabled bearer , priority 16 [ 171.541390][ T8180] netlink: 'syz.4.771': attribute type 4 has an invalid length. [ 171.661299][ T8185] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 171.885902][ T8187] netlink: 'syz.0.774': attribute type 9 has an invalid length. [ 171.914143][ T8190] netlink: 4 bytes leftover after parsing attributes in process `syz.4.776'. [ 172.190183][ T8200] validate_nla: 2 callbacks suppressed [ 172.190206][ T8200] netlink: 'syz.0.780': attribute type 4 has an invalid length. [ 172.334776][ T8203] netlink: 'syz.0.780': attribute type 4 has an invalid length. [ 172.401900][ T8212] netlink: 28 bytes leftover after parsing attributes in process `syz.2.784'. [ 172.453432][ T8212] No such timeout policy "syz0" [ 172.467458][ T8214] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 172.647004][ T5142] tipc: Node number set to 10922666 [ 172.960426][ T8245] netlink: 'syz.1.792': attribute type 4 has an invalid length. [ 173.027871][ T8245] tipc: Failed to remove unknown binding: 66,1,1/0:688578642/688578644 [ 173.047200][ T8245] tipc: Failed to remove unknown binding: 66,1,1/0:688578642/688578644 [ 173.875265][ T8258] netlink: 'syz.0.798': attribute type 4 has an invalid length. [ 174.019916][ T8260] netlink: 'syz.0.798': attribute type 4 has an invalid length. [ 174.138032][ T8262] netlink: 36 bytes leftover after parsing attributes in process `syz.3.800'. [ 174.317966][ T8268] netlink: 24 bytes leftover after parsing attributes in process `syz.4.801'. [ 174.487771][ T8270] netlink: 4 bytes leftover after parsing attributes in process `syz.2.802'. [ 174.566791][ T8272] netlink: 12 bytes leftover after parsing attributes in process `syz.2.802'. [ 175.000613][ T8274] bridge7: entered promiscuous mode [ 175.051698][ T8274] vlan2: entered promiscuous mode [ 175.080038][ T8287] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 175.161947][ T8274] bridge7: port 1(vlan2) entered blocking state [ 175.223825][ T8274] bridge7: port 1(vlan2) entered disabled state [ 175.294763][ T8274] vlan2: entered allmulticast mode [ 175.334897][ T8274] bridge7: entered allmulticast mode [ 175.365577][ T8274] vlan2: left allmulticast mode [ 175.385430][ T8274] bridge7: left allmulticast mode [ 175.425528][ T8274] bridge7: left promiscuous mode [ 175.564362][ T8283] netlink: 4 bytes leftover after parsing attributes in process `syz.3.806'. [ 175.798889][ T8301] netlink: 20 bytes leftover after parsing attributes in process `syz.3.812'. [ 175.874019][ T8306] netlink: 'syz.1.815': attribute type 12 has an invalid length. [ 176.482234][ T8330] netlink: 'syz.0.820': attribute type 4 has an invalid length. [ 176.621422][ T8333] netlink: 'syz.0.820': attribute type 4 has an invalid length. [ 176.754220][ T8338] netlink: 8 bytes leftover after parsing attributes in process `syz.4.821'. [ 176.932728][ T8346] netlink: 4 bytes leftover after parsing attributes in process `syz.0.824'. [ 176.972462][ T8346] netlink: 12 bytes leftover after parsing attributes in process `syz.0.824'. [ 177.021586][ T8346] bridge5: entered promiscuous mode [ 177.027531][ T8346] vlan0: entered promiscuous mode [ 177.034825][ T8346] bridge5: port 1(vlan0) entered blocking state [ 177.059966][ T8346] bridge5: port 1(vlan0) entered disabled state [ 177.075399][ T8346] vlan0: entered allmulticast mode [ 177.093109][ T8346] bridge5: entered allmulticast mode [ 177.153606][ T8346] vlan0: left allmulticast mode [ 177.204922][ T8346] bridge5: left allmulticast mode [ 177.254753][ T8346] bridge5: left promiscuous mode [ 177.709518][ T8360] IPv6: Can't replace route, no match found [ 178.381209][ T8389] netlink: 'syz.4.838': attribute type 4 has an invalid length. [ 178.438032][ T8392] netlink: 'syz.4.838': attribute type 4 has an invalid length. [ 178.501533][ T8400] netlink: 168 bytes leftover after parsing attributes in process `syz.1.839'. [ 178.709093][ T8405] netlink: 12 bytes leftover after parsing attributes in process `syz.2.841'. [ 178.722840][ T8406] sctp: [Deprecated]: syz.4.842 (pid 8406) Use of int in max_burst socket option. [ 178.722840][ T8406] Use struct sctp_assoc_value instead [ 179.255545][ T8416] netlink: 1 bytes leftover after parsing attributes in process `syz.4.845'. [ 179.265742][ T8416] netlink: 1 bytes leftover after parsing attributes in process `syz.4.845'. [ 179.348316][ T8416] netlink: 4 bytes leftover after parsing attributes in process `syz.4.845'. [ 179.540690][ T8425] xt_TCPMSS: Only works on TCP SYN packets [ 179.907495][ T8433] netlink: 8 bytes leftover after parsing attributes in process `syz.3.852'. [ 180.194590][ T8445] netlink: 4 bytes leftover after parsing attributes in process `syz.2.856'. [ 180.228945][ T8454] IPv6: Can't replace route, no match found [ 181.194103][ T8490] netlink: 'syz.4.871': attribute type 4 has an invalid length. [ 181.291615][ T8492] netlink: 'syz.4.871': attribute type 4 has an invalid length. [ 182.902402][ T8566] __nla_validate_parse: 8 callbacks suppressed [ 182.902424][ T8566] netlink: 4 bytes leftover after parsing attributes in process `syz.2.894'. [ 183.847935][ T8609] netlink: 12 bytes leftover after parsing attributes in process `syz.0.910'. [ 184.170061][ T8614] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 184.966282][ T8641] netlink: 'syz.3.924': attribute type 4 has an invalid length. [ 185.051710][ T8644] netlink: 'syz.3.924': attribute type 4 has an invalid length. [ 185.107969][ T8647] netlink: 292 bytes leftover after parsing attributes in process `syz.4.926'. [ 185.338422][ T8654] netlink: 8 bytes leftover after parsing attributes in process `syz.1.923'. [ 185.374579][ T8654] netlink: 8 bytes leftover after parsing attributes in process `syz.1.923'. [ 185.815640][ T8676] netlink: 1 bytes leftover after parsing attributes in process `syz.1.935'. [ 185.865920][ T8676] netlink: 1 bytes leftover after parsing attributes in process `syz.1.935'. [ 185.913460][ T8676] netlink: 4 bytes leftover after parsing attributes in process `syz.1.935'. [ 186.040469][ T8695] netlink: 4 bytes leftover after parsing attributes in process `syz.0.938'. [ 186.320236][ T8701] lo speed is unknown, defaulting to 1000 [ 186.341373][ T8701] lo speed is unknown, defaulting to 1000 [ 186.379218][ T8701] lo speed is unknown, defaulting to 1000 [ 186.405808][ T8703] netlink: 'syz.1.941': attribute type 1 has an invalid length. [ 186.433562][ T8703] netlink: 224 bytes leftover after parsing attributes in process `syz.1.941'. [ 186.473555][ T8701] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 186.587570][ T8701] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 186.695135][ T8701] lo speed is unknown, defaulting to 1000 [ 186.715143][ T8701] lo speed is unknown, defaulting to 1000 [ 186.907419][ T8701] lo speed is unknown, defaulting to 1000 [ 186.985783][ T8701] lo speed is unknown, defaulting to 1000 [ 187.015923][ T8701] lo speed is unknown, defaulting to 1000 [ 187.038342][ T8701] lo speed is unknown, defaulting to 1000 [ 187.304760][ T8721] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 188.179436][ T8749] __nla_validate_parse: 1 callbacks suppressed [ 188.179460][ T8749] netlink: 4 bytes leftover after parsing attributes in process `syz.0.953'. [ 188.267464][ T8751] netlink: 'syz.3.954': attribute type 4 has an invalid length. [ 188.331272][ T8751] netlink: 'syz.3.954': attribute type 4 has an invalid length. [ 188.353006][ T8756] netlink: 'syz.1.956': attribute type 1 has an invalid length. [ 188.361273][ T8756] netlink: 224 bytes leftover after parsing attributes in process `syz.1.956'. [ 188.455160][ T8758] netlink: 'syz.1.957': attribute type 9 has an invalid length. [ 188.463742][ T8758] netlink: 'syz.1.957': attribute type 7 has an invalid length. [ 188.496752][ T8758] netlink: 'syz.1.957': attribute type 8 has an invalid length. [ 189.098505][ T8789] lo: Caught tx_queue_len zero misconfig [ 189.193908][ T8789] xt_NFQUEUE: number of total queues is 0 [ 189.693800][ T8809] netlink: 60 bytes leftover after parsing attributes in process `syz.1.973'. [ 189.724451][ T8808] netlink: 60 bytes leftover after parsing attributes in process `syz.1.973'. [ 189.938176][ T8823] netlink: 'syz.4.976': attribute type 4 has an invalid length. [ 190.002150][ T8827] netlink: 'syz.4.976': attribute type 4 has an invalid length. [ 190.102016][ T29] audit: type=1804 audit(1719504267.139:17): pid=8833 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.979" name="/root/syzkaller.kM7LqH/243/cgroup.controllers" dev="sda1" ino=1973 res=1 errno=0 [ 190.152088][ T8833] netlink: 28 bytes leftover after parsing attributes in process `syz.0.979'. [ 190.163485][ T8833] netlink: 28 bytes leftover after parsing attributes in process `syz.0.979'. [ 190.701243][ T8857] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 190.723600][ T8857] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 190.948217][ T8863] netlink: 'syz.1.986': attribute type 4 has an invalid length. [ 190.977312][ T8868] netlink: 24 bytes leftover after parsing attributes in process `syz.3.987'. [ 191.153260][ T8867] netlink: 'syz.1.986': attribute type 4 has an invalid length. [ 191.168050][ T5086] block nbd64: NBD_DISCONNECT [ 191.216232][ T45] lo speed is unknown, defaulting to 1000 [ 191.216553][ T5142] lo speed is unknown, defaulting to 1000 [ 191.313864][ T8879] sctp: [Deprecated]: syz.2.989 (pid 8879) Use of struct sctp_assoc_value in delayed_ack socket option. [ 191.313864][ T8879] Use struct sctp_sack_info instead [ 191.508453][ T8886] netlink: 12 bytes leftover after parsing attributes in process `syz.3.992'. [ 191.714325][ T8893] xt_l2tp: missing protocol rule (udp|l2tpip) [ 191.760633][ T8899] netlink: 12 bytes leftover after parsing attributes in process `syz.1.998'. [ 191.777608][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 191.784414][ T8899] netlink: 12 bytes leftover after parsing attributes in process `syz.1.998'. [ 191.815965][ T8893] xt_CT: You must specify a L4 protocol and not use inversions on it [ 191.860065][ T8901] xt_l2tp: missing protocol rule (udp|l2tpip) [ 192.030823][ T8899] syzkaller0: entered promiscuous mode [ 192.072332][ T8899] syzkaller0: entered allmulticast mode [ 192.131848][ T8914] netlink: 'syz.3.1000': attribute type 9 has an invalid length. [ 192.159755][ T8914] netlink: 'syz.3.1000': attribute type 7 has an invalid length. [ 192.186138][ T8914] netlink: 'syz.3.1000': attribute type 8 has an invalid length. [ 194.669642][ T8931] netlink: 'syz.4.1005': attribute type 4 has an invalid length. [ 194.688638][ T8934] netlink: 'syz.4.1005': attribute type 4 has an invalid length. [ 194.987667][ T8972] netlink: 'syz.1.1012': attribute type 1 has an invalid length. [ 195.011635][ T8972] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1012'. [ 195.046161][ T8971] lo speed is unknown, defaulting to 1000 [ 195.290867][ T8990] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1017'. [ 195.528470][ T8993] lo speed is unknown, defaulting to 1000 [ 195.721122][ T9002] netlink: 'syz.3.1021': attribute type 9 has an invalid length. [ 195.743427][ T9002] netlink: 'syz.3.1021': attribute type 7 has an invalid length. [ 195.763475][ T9002] netlink: 'syz.3.1021': attribute type 8 has an invalid length. [ 195.961707][ T9008] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1023'. [ 196.082953][ T9008] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1023'. [ 196.571505][ T9011] syzkaller0: entered promiscuous mode [ 196.579251][ T9011] syzkaller0: entered allmulticast mode [ 196.590173][ T9026] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1028'. [ 196.629022][ T9024] netlink: 'syz.1.1027': attribute type 4 has an invalid length. [ 196.673217][ T9026] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1028'. [ 196.686797][ T53] Bluetooth: hci2: command 0x0406 tx timeout [ 196.697006][ T5101] Bluetooth: hci3: command 0x0406 tx timeout [ 198.609612][ T5139] lo speed is unknown, defaulting to 1000 [ 198.609630][ T9027] netlink: 'syz.1.1027': attribute type 4 has an invalid length. [ 198.649458][ T9030] bridge6: entered promiscuous mode [ 198.654832][ T9030] vlan0: entered promiscuous mode [ 198.675189][ T9030] bridge6: port 1(vlan0) entered blocking state [ 198.702664][ T9030] bridge6: port 1(vlan0) entered disabled state [ 198.740059][ T9030] vlan0: entered allmulticast mode [ 198.753629][ T9030] bridge6: entered allmulticast mode [ 198.798932][ T9030] vlan0: left allmulticast mode [ 198.803850][ T9030] bridge6: left allmulticast mode [ 198.854542][ T9030] bridge6: left promiscuous mode [ 198.905524][ T9045] netlink: 'syz.3.1033': attribute type 9 has an invalid length. [ 198.931011][ T9045] netlink: 'syz.3.1033': attribute type 7 has an invalid length. [ 198.939348][ T9045] netlink: 'syz.3.1033': attribute type 8 has an invalid length. [ 198.960163][ T5144] lo speed is unknown, defaulting to 1000 [ 199.018470][ T9048] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1034'. [ 199.176293][ T9049] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1036'. [ 199.216128][ T9052] netlink: 'syz.4.1038': attribute type 4 has an invalid length. [ 199.270575][ T9056] netlink: 'syz.4.1038': attribute type 4 has an invalid length. [ 199.579369][ T9069] xt_ecn: cannot match TCP bits for non-tcp packets [ 199.974362][ T9084] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1049'. [ 199.992990][ T9084] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1049'. [ 200.134707][ T9088] bridge7: entered promiscuous mode [ 200.174718][ T9088] vlan0: entered promiscuous mode [ 200.214286][ T9088] bridge7: port 1(vlan0) entered blocking state [ 200.225939][ T9088] bridge7: port 1(vlan0) entered disabled state [ 200.291972][ T9088] vlan0: entered allmulticast mode [ 200.305988][ T9088] bridge7: entered allmulticast mode [ 200.353744][ T9088] vlan0: left allmulticast mode [ 200.370938][ T9088] bridge7: left allmulticast mode [ 200.406400][ T9088] bridge7: left promiscuous mode [ 200.972801][ T9120] Bluetooth: MGMT ver 1.22 [ 200.999287][ T9120] Bluetooth: hci3: service_discovery: too big uuid_count value 65535 [ 201.180001][ T9126] validate_nla: 2 callbacks suppressed [ 201.180024][ T9126] netlink: 'syz.3.1059': attribute type 4 has an invalid length. [ 201.226362][ T9135] netlink: 'syz.0.1061': attribute type 9 has an invalid length. [ 201.245832][ T9135] netlink: 'syz.0.1061': attribute type 7 has an invalid length. [ 201.264184][ T9135] netlink: 'syz.0.1061': attribute type 8 has an invalid length. [ 201.319316][ T9132] netlink: 'syz.3.1059': attribute type 4 has an invalid length. [ 201.410050][ T9140] netlink: 'syz.1.1063': attribute type 10 has an invalid length. [ 201.447336][ T9140] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 201.588784][ T9146] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1066'. [ 202.344024][ T9175] netlink: 'syz.0.1077': attribute type 4 has an invalid length. [ 202.431977][ T9180] netlink: 'syz.0.1077': attribute type 4 has an invalid length. [ 202.505649][ T9184] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1080'. [ 202.715782][ T9189] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1082'. [ 202.803292][ T9199] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 203.076094][ T9211] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1086'. [ 203.098980][ T9210] vlan2: entered promiscuous mode [ 203.124810][ T9210] vlan2: entered allmulticast mode [ 203.169729][ T9215] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1089'. [ 203.183827][ T9215] IPVS: set_ctl: invalid protocol: 0 127.0.0.1:20003 [ 203.483721][ T9220] netlink: 'syz.1.1091': attribute type 4 has an invalid length. [ 203.573815][ T9221] netlink: 'syz.1.1091': attribute type 4 has an invalid length. [ 203.652224][ T25] lo speed is unknown, defaulting to 1000 [ 203.652234][ T5139] lo speed is unknown, defaulting to 1000 [ 203.674837][ T29] audit: type=1804 audit(1719504280.709:18): pid=9230 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1095" name="/root/syzkaller.YL1sx3/141/cgroup.controllers" dev="sda1" ino=1978 res=1 errno=0 [ 204.075665][ T9249] netlink: 116 bytes leftover after parsing attributes in process `syz.0.1098'. [ 204.155478][ T9251] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1101'. [ 204.213204][ T9251] IPVS: set_ctl: invalid protocol: 0 127.0.0.1:20003 [ 204.233727][ T9254] netlink: 9352 bytes leftover after parsing attributes in process `syz.2.1102'. [ 204.266789][ T9254] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1102'. [ 205.145468][ T9288] 8021q: VLANs not supported on lo [ 205.253696][ T9292] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1116'. [ 205.341578][ T9294] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 205.820072][ T9309] 8021q: adding VLAN 0 to HW filter on device bond0 [ 205.859465][ T9309] team0: Port device bond0 added [ 206.495983][ T9343] validate_nla: 4 callbacks suppressed [ 206.496009][ T9343] netlink: 'syz.0.1129': attribute type 4 has an invalid length. [ 206.543880][ T9346] netlink: 'syz.1.1130': attribute type 9 has an invalid length. [ 206.557064][ T9346] netlink: 'syz.1.1130': attribute type 7 has an invalid length. [ 206.570763][ T9346] netlink: 'syz.1.1130': attribute type 8 has an invalid length. [ 206.583891][ T9343] netlink: 'syz.0.1129': attribute type 4 has an invalid length. [ 207.015588][ T9358] netlink: 'syz.0.1134': attribute type 4 has an invalid length. [ 207.059780][ T9358] netlink: 'syz.0.1134': attribute type 4 has an invalid length. [ 207.483584][ T9373] netlink: 'syz.0.1139': attribute type 1 has an invalid length. [ 207.511370][ T9373] __nla_validate_parse: 1 callbacks suppressed [ 207.511392][ T9373] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1139'. [ 207.537665][ T9373] NCSI netlink: No device for ifindex 0 [ 207.597347][ T9373] netlink: 'syz.0.1139': attribute type 10 has an invalid length. [ 207.646293][ T9373] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 207.763578][ T4490] Bluetooth: hci1: link tx timeout [ 207.769478][ T4490] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 207.954063][ T9387] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6 [ 208.194618][ T9394] netlink: 'syz.2.1146': attribute type 2 has an invalid length. [ 208.293042][ T9396] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 208.598281][ T9404] syzkaller0: entered promiscuous mode [ 208.603955][ T9404] syzkaller0: entered allmulticast mode [ 208.636154][ T9414] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1151'. [ 209.131877][ T9427] IPv4: Oversized IP packet from 172.20.20.24 [ 209.140553][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 209.147292][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 209.805922][ T4490] Bluetooth: hci1: command 0x0406 tx timeout [ 210.953142][ T9421] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1153'. [ 211.383453][ T9437] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1157'. [ 211.403321][ T9453] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1160'. [ 211.444035][ T9453] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1160'. [ 211.522948][ T9455] validate_nla: 8 callbacks suppressed [ 211.522972][ T9455] netlink: 'syz.1.1162': attribute type 4 has an invalid length. [ 211.537532][ T9459] netlink: 'syz.2.1163': attribute type 9 has an invalid length. [ 211.537563][ T9459] netlink: 'syz.2.1163': attribute type 7 has an invalid length. [ 211.537579][ T9459] netlink: 'syz.2.1163': attribute type 8 has an invalid length. [ 211.702794][ T9457] netlink: 'syz.1.1162': attribute type 4 has an invalid length. [ 211.775035][ T5144] lo speed is unknown, defaulting to 1000 [ 211.781162][ T5205] lo speed is unknown, defaulting to 1000 [ 211.813029][ T9467] netlink: 'syz.2.1166': attribute type 4 has an invalid length. [ 211.839730][ T9470] netlink: 'syz.3.1167': attribute type 9 has an invalid length. [ 211.865247][ T9470] netlink: 'syz.3.1167': attribute type 7 has an invalid length. [ 211.899947][ T9470] netlink: 'syz.3.1167': attribute type 8 has an invalid length. [ 211.914933][ T9471] netlink: 'syz.2.1166': attribute type 4 has an invalid length. [ 212.040197][ T4490] Bluetooth: hci4: command 0x0406 tx timeout [ 212.075342][ T9477] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1168'. [ 212.184051][ T9483] dccp_invalid_packet: P.Data Offset(144) too large [ 212.368720][ T29] audit: type=1804 audit(1719504289.409:19): pid=9490 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1174" name="/root/syzkaller.kM7LqH/289/cgroup.controllers" dev="sda1" ino=1976 res=1 errno=0 [ 212.394114][ T9492] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1170'. [ 212.465038][ T5205] lo speed is unknown, defaulting to 1000 [ 212.496095][ T25] lo speed is unknown, defaulting to 1000 [ 213.102796][ T9518] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1181'. [ 213.327691][ T9534] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1188'. [ 213.346247][ T9534] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1188'. [ 213.486793][ T29] audit: type=1804 audit(1719504290.519:20): pid=9537 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1190" name="/root/syzkaller.YL1sx3/156/cgroup.controllers" dev="sda1" ino=1952 res=1 errno=0 [ 213.602267][ T9539] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1191'. [ 213.615113][ T9534] syzkaller0: entered promiscuous mode [ 213.631378][ T9534] syzkaller0: entered allmulticast mode [ 213.658198][ T9544] netlink: zone id is out of range [ 213.664239][ T9544] netlink: zone id is out of range [ 213.706163][ T9544] netlink: set zone limit has 4 unknown bytes [ 216.015816][ T9553] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1195'. [ 216.180547][ T5142] lo speed is unknown, defaulting to 1000 [ 216.186926][ T25] lo speed is unknown, defaulting to 1000 [ 216.463475][ T29] audit: type=1804 audit(1719504293.499:21): pid=9585 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1205" name="/root/syzkaller.SbbGuF/109/cgroup.controllers" dev="sda1" ino=1972 res=1 errno=0 [ 216.542036][ T9588] validate_nla: 12 callbacks suppressed [ 216.542060][ T9588] netlink: 'syz.4.1207': attribute type 4 has an invalid length. [ 216.615389][ T9593] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1204'. [ 216.716148][ T9588] netlink: 'syz.4.1207': attribute type 4 has an invalid length. [ 216.739653][ T9600] netlink: 'syz.2.1210': attribute type 4 has an invalid length. [ 216.774603][ T9600] netlink: 'syz.2.1210': attribute type 4 has an invalid length. [ 216.887303][ T9606] netlink: 'syz.0.1211': attribute type 2 has an invalid length. [ 216.921633][ T9609] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1213'. [ 216.932027][ T9606] netlink: 'syz.0.1211': attribute type 1 has an invalid length. [ 216.947063][ T9606] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1211'. [ 216.965394][ T9609] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1213'. [ 217.108884][ T9618] bridge5: entered promiscuous mode [ 217.114360][ T9618] vlan2: entered promiscuous mode [ 217.138425][ T9618] bridge5: port 1(vlan2) entered blocking state [ 217.157827][ T9618] bridge5: port 1(vlan2) entered disabled state [ 217.172739][ T9618] vlan2: entered allmulticast mode [ 217.191209][ T9618] bridge5: entered allmulticast mode [ 217.200139][ T9618] vlan2: left allmulticast mode [ 217.209012][ T9618] bridge5: left allmulticast mode [ 217.219190][ T9618] bridge5: left promiscuous mode [ 217.264754][ T9617] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1212'. [ 217.277853][ T9619] netlink: 'syz.3.1215': attribute type 4 has an invalid length. [ 217.305020][ T9623] netlink: 'syz.3.1215': attribute type 4 has an invalid length. [ 217.637591][ T9634] netlink: 'syz.0.1219': attribute type 10 has an invalid length. [ 217.671447][ T9634] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 217.800768][ T9652] IPVS: sync thread started: state = BACKUP, mcast_ifn = batadv0, syncid = 0, id = 0 [ 217.814409][ T9650] IPVS: stopping backup sync thread 9652 ... [ 217.904636][ T29] audit: type=1804 audit(1719504294.939:22): pid=9651 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1223" name="/root/syzkaller.SbbGuF/113/cgroup.controllers" dev="sda1" ino=1978 res=1 errno=0 [ 218.109893][ T9663] __nla_validate_parse: 2 callbacks suppressed [ 218.109915][ T9663] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1227'. [ 218.392967][ T9674] netlink: 'syz.4.1229': attribute type 4 has an invalid length. [ 218.463753][ T9681] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1233'. [ 218.522565][ T9681] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1233'. [ 218.599986][ T9689] bridge2: entered promiscuous mode [ 218.616022][ T9689] vlan2: entered promiscuous mode [ 218.629157][ T9689] bridge2: port 1(vlan2) entered blocking state [ 218.646882][ T9689] bridge2: port 1(vlan2) entered disabled state [ 218.653458][ T9689] vlan2: entered allmulticast mode [ 218.709001][ T9689] bridge2: entered allmulticast mode [ 218.761529][ T9689] vlan2: left allmulticast mode [ 218.793709][ T9689] bridge2: left allmulticast mode [ 218.833047][ T9689] bridge2: left promiscuous mode [ 218.840748][ T9695] xt_TPROXY: Can be used only with -p tcp or -p udp [ 218.956770][ T9703] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1239'. [ 219.458987][ T9724] pimreg: entered allmulticast mode [ 219.475528][ T9726] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1247'. [ 219.553083][ T9731] dccp_v6_rcv: dropped packet with invalid checksum [ 220.019348][ T9748] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1253'. [ 220.038730][ T9748] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1253'. [ 220.144384][ T9748] bridge8: entered promiscuous mode [ 220.165946][ T9748] vlan0: entered promiscuous mode [ 220.191249][ T9748] bridge8: port 1(vlan0) entered blocking state [ 220.246608][ T9748] bridge8: port 1(vlan0) entered disabled state [ 220.310921][ T9748] vlan0: entered allmulticast mode [ 220.316217][ T9748] bridge8: entered allmulticast mode [ 220.410716][ T9748] vlan0: left allmulticast mode [ 220.430353][ T9748] bridge8: left allmulticast mode [ 220.453730][ T9748] bridge8: left promiscuous mode [ 220.517032][ T9764] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1256'. [ 220.553211][ T9771] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1261'. [ 220.605935][ T45] IPVS: starting estimator thread 0... [ 220.747300][ T9776] IPVS: using max 17 ests per chain, 40800 per kthread [ 221.134317][ T9802] batadv_slave_1: entered promiscuous mode [ 221.169984][ T9801] batadv_slave_1: left promiscuous mode [ 221.353054][ T9813] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1274'. [ 221.474686][ T9819] batman_adv: batadv0: adding TT local entry 4a:c8:93:75:00:00 to non-existent VLAN 2358 [ 221.476521][ T9813] bridge6: entered promiscuous mode [ 221.498203][ T9813] vlan2: entered promiscuous mode [ 221.524533][ T9813] bridge6: port 1(vlan2) entered blocking state [ 221.541940][ T9813] bridge6: port 1(vlan2) entered disabled state [ 221.558867][ T9813] vlan2: entered allmulticast mode [ 221.564062][ T9813] bridge6: entered allmulticast mode [ 221.623725][ T9813] vlan2: left allmulticast mode [ 221.645292][ T9813] bridge6: left allmulticast mode [ 221.683276][ T9813] bridge6: left promiscuous mode [ 221.715835][ T9835] validate_nla: 7 callbacks suppressed [ 221.715860][ T9835] netlink: 'syz.0.1281': attribute type 9 has an invalid length. [ 221.742394][ T9815] netlink: 'syz.3.1275': attribute type 4 has an invalid length. [ 221.742491][ T9835] netlink: 'syz.0.1281': attribute type 7 has an invalid length. [ 221.761099][ T9835] netlink: 'syz.0.1281': attribute type 8 has an invalid length. [ 221.772468][ T9823] netlink: 'syz.3.1275': attribute type 4 has an invalid length. [ 222.247661][ T9859] netlink: 'syz.2.1286': attribute type 1 has an invalid length. [ 222.709002][ T9881] netlink: 'syz.3.1294': attribute type 4 has an invalid length. [ 222.814006][ T9882] netlink: 'syz.3.1294': attribute type 4 has an invalid length. [ 223.524173][ T9930] netlink: 'syz.0.1309': attribute type 13 has an invalid length. [ 223.812471][ T9941] netlink: 'syz.1.1314': attribute type 4 has an invalid length. [ 223.830340][ T9945] netlink: set zone limit has 4 unknown bytes [ 223.938055][ T5144] lo speed is unknown, defaulting to 1000 [ 223.941353][ T5142] lo speed is unknown, defaulting to 1000 [ 224.698182][ T9981] __nla_validate_parse: 2 callbacks suppressed [ 224.698205][ T9981] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1330'. [ 224.724364][ T9981] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1330'. [ 224.774953][ T9981] bridge9: entered promiscuous mode [ 224.805165][ T9981] vlan2: entered promiscuous mode [ 224.854180][ T9981] bridge9: port 1(vlan2) entered blocking state [ 224.882620][ T9981] bridge9: port 1(vlan2) entered disabled state [ 224.890921][ T9981] vlan2: entered allmulticast mode [ 224.896357][ T9981] bridge9: entered allmulticast mode [ 224.995151][ T9981] vlan2: left allmulticast mode [ 225.028448][T10001] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 225.063705][ T9981] bridge9: left allmulticast mode [ 225.092639][ T9981] bridge9: left promiscuous mode [ 225.202685][ T5144] lo speed is unknown, defaulting to 1000 [ 225.242817][ T45] lo speed is unknown, defaulting to 1000 [ 225.450755][T10004] syzkaller0: entered promiscuous mode [ 225.502831][T10004] syzkaller0: entered allmulticast mode [ 225.823679][T10037] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1346'. [ 225.857404][T10016] lo speed is unknown, defaulting to 1000 [ 228.086290][T10050] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1349'. [ 228.096271][T10052] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1349'. [ 228.115513][T10049] validate_nla: 7 callbacks suppressed [ 228.115533][T10049] netlink: 'syz.3.1350': attribute type 4 has an invalid length. [ 228.188363][T10056] bridge7: entered promiscuous mode [ 228.204734][T10056] vlan2: entered promiscuous mode [ 228.215624][T10056] bridge7: port 1(vlan2) entered blocking state [ 228.224612][T10056] bridge7: port 1(vlan2) entered disabled state [ 228.231859][T10069] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1352'. [ 228.233525][T10056] vlan2: entered allmulticast mode [ 228.247755][T10056] bridge7: entered allmulticast mode [ 228.255273][T10056] vlan2: left allmulticast mode [ 228.260381][T10056] bridge7: left allmulticast mode [ 228.267542][T10056] bridge7: left promiscuous mode [ 228.331617][T10051] netlink: 'syz.3.1350': attribute type 4 has an invalid length. [ 228.345498][T10057] netlink: 'syz.1.1351': attribute type 4 has an invalid length. [ 228.403529][T10058] netlink: 'syz.1.1351': attribute type 4 has an invalid length. [ 228.577477][ T1163] lo speed is unknown, defaulting to 1000 [ 228.579206][ T5140] lo speed is unknown, defaulting to 1000 [ 228.639062][T10073] netlink: 'syz.3.1354': attribute type 4 has an invalid length. [ 228.763303][T10075] netlink: 'syz.3.1354': attribute type 4 has an invalid length. [ 229.101315][T10096] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1362'. [ 229.190657][T10098] netlink: 'syz.1.1363': attribute type 4 has an invalid length. [ 229.238765][T10100] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1365'. [ 229.307769][ T5144] lo speed is unknown, defaulting to 1000 [ 229.314940][T10098] netlink: 'syz.1.1363': attribute type 4 has an invalid length. [ 229.377394][ T1163] lo speed is unknown, defaulting to 1000 [ 229.675987][T10126] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1369'. [ 229.757155][T10126] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1369'. [ 229.857650][T10132] netlink: 'syz.3.1372': attribute type 4 has an invalid length. [ 229.935349][T10140] bridge9: entered promiscuous mode [ 229.994509][T10140] vlan2: entered promiscuous mode [ 230.035517][T10140] bridge9: port 1(vlan2) entered blocking state [ 230.094968][T10140] bridge9: port 1(vlan2) entered disabled state [ 230.132076][T10140] vlan2: entered allmulticast mode [ 230.166846][T10140] bridge9: entered allmulticast mode [ 230.184845][T10140] vlan2: left allmulticast mode [ 230.201411][T10140] bridge9: left allmulticast mode [ 230.225274][T10140] bridge9: left promiscuous mode [ 230.296230][T10138] netlink: 'syz.3.1372': attribute type 4 has an invalid length. [ 230.460314][T10167] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 230.555043][T10166] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 230.890920][T10177] syz.0.1380: vmalloc error: size 8392704, failed to allocated page array size 16392, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 230.919768][T10177] CPU: 1 PID: 10177 Comm: syz.0.1380 Not tainted 6.10.0-rc4-syzkaller-00945-gf261aa15b2ca #0 [ 230.929990][T10177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 230.940056][T10177] Call Trace: [ 230.943344][T10177] [ 230.946371][T10177] dump_stack_lvl+0x241/0x360 [ 230.951075][T10177] ? __pfx_dump_stack_lvl+0x10/0x10 [ 230.956293][T10177] ? __pfx__printk+0x10/0x10 [ 230.960906][T10177] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 230.967375][T10177] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 230.973907][T10177] warn_alloc+0x278/0x410 [ 230.978275][T10177] ? __pfx_warn_alloc+0x10/0x10 [ 230.983179][T10177] ? xskq_create+0xb6/0x170 [ 230.987725][T10177] ? __get_vm_area_node+0x23d/0x270 [ 230.992949][T10177] __vmalloc_node_range_noprof+0x69f/0x1460 [ 230.998878][T10177] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 231.005222][T10177] ? __kasan_kmalloc+0x98/0xb0 [ 231.010018][T10177] ? xskq_create+0x54/0x170 [ 231.014626][T10177] vmalloc_user_noprof+0x74/0x80 [ 231.019577][T10177] ? xskq_create+0xb6/0x170 [ 231.024095][T10177] xskq_create+0xb6/0x170 [ 231.028565][T10177] xsk_init_queue+0xa1/0x100 [ 231.033180][T10177] xsk_setsockopt+0x4ea/0x950 [ 231.037882][T10177] ? __pfx_xsk_setsockopt+0x10/0x10 [ 231.043134][T10177] ? __pfx_lock_acquire+0x10/0x10 [ 231.048350][T10177] ? aa_sock_opt_perm+0x79/0x120 [ 231.053397][T10177] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 231.059047][T10177] ? security_socket_setsockopt+0x87/0xb0 [ 231.064784][T10177] ? __pfx_xsk_setsockopt+0x10/0x10 [ 231.069997][T10177] do_sock_setsockopt+0x3af/0x720 [ 231.075140][T10177] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 231.080747][T10177] ? __fget_files+0x29/0x470 [ 231.085365][T10177] ? __fget_files+0x3f6/0x470 [ 231.090076][T10177] __sys_setsockopt+0x1ae/0x250 [ 231.094959][T10177] __x64_sys_setsockopt+0xb5/0xd0 [ 231.100004][T10177] do_syscall_64+0xf3/0x230 [ 231.104527][T10177] ? clear_bhb_loop+0x35/0x90 [ 231.109218][T10177] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.115251][T10177] RIP: 0033:0x7f9beed75ae9 [ 231.119675][T10177] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 231.139304][T10177] RSP: 002b:00007f9befa66048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 231.147735][T10177] RAX: ffffffffffffffda RBX: 00007f9beef03fa0 RCX: 00007f9beed75ae9 [ 231.155744][T10177] RDX: 0000000000000005 RSI: 000000000000011b RDI: 000000000000000c [ 231.163725][T10177] RBP: 00007f9beedf6756 R08: 000000000000002c R09: 0000000000000000 [ 231.171717][T10177] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000 [ 231.179802][T10177] R13: 000000000000000b R14: 00007f9beef03fa0 R15: 00007ffdcfc040f8 [ 231.187812][T10177] [ 231.209570][T10177] Mem-Info: [ 231.213600][T10177] active_anon:4112 inactive_anon:0 isolated_anon:0 [ 231.213600][T10177] active_file:1804 inactive_file:38327 isolated_file:0 [ 231.213600][T10177] unevictable:768 dirty:371 writeback:0 [ 231.213600][T10177] slab_reclaimable:9450 slab_unreclaimable:99157 [ 231.213600][T10177] mapped:13640 shmem:1262 pagetables:763 [ 231.213600][T10177] sec_pagetables:0 bounce:0 [ 231.213600][T10177] kernel_misc_reclaimable:0 [ 231.213600][T10177] free:1404507 free_pcp:1753 free_cma:0 [ 231.272174][T10177] Node 0 active_anon:16504kB inactive_anon:0kB active_file:7216kB inactive_file:153228kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:54516kB dirty:1564kB writeback:0kB shmem:3512kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10192kB pagetables:2988kB sec_pagetables:0kB all_unreclaimable? no [ 231.334271][T10177] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:80kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:8kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 231.373874][T10177] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 231.411834][T10177] lowmem_reserve[]: 0 2571 2571 0 0 [ 231.421617][T10177] Node 0 DMA32 free:1661724kB boost:0kB min:35108kB low:43884kB high:52660kB reserved_highatomic:0KB active_anon:16460kB inactive_anon:0kB active_file:7216kB inactive_file:152924kB unevictable:1536kB writepending:1564kB present:3129332kB managed:2659872kB mlocked:0kB bounce:0kB free_pcp:1644kB local_pcp:716kB free_cma:0kB [ 231.457400][T10177] lowmem_reserve[]: 0 0 0 0 0 [ 231.462323][T10177] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:304kB unevictable:0kB writepending:0kB present:1048576kB managed:360kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 231.491795][T10177] lowmem_reserve[]: 0 0 0 0 0 [ 231.496736][T10177] Node 1 Normal free:3945976kB boost:0kB min:54788kB low:68484kB high:82180kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:80kB unevictable:1536kB writepending:8kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 231.526225][T10177] lowmem_reserve[]: 0 0 0 0 0 [ 231.534726][T10177] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 231.542083][T10203] netlink: 1 bytes leftover after parsing attributes in process `syz.1.1388'. [ 231.555257][T10177] Node 0 DMA32: 350*4kB (UME) 111*8kB (UE) 167*16kB (UME) 294*32kB (UME) 110*64kB (UME) 58*128kB (UME) 17*256kB (UME) 4*512kB (UM) 5*1024kB (ME) 2*2048kB (M) 395*4096kB (UM) = 1662368kB [ 231.582441][T10177] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 231.595123][T10177] Node 1 Normal: 4*4kB (UM) 7*8kB (UM) 7*16kB (UM) 10*32kB (UM) 10*64kB (UM) 5*128kB (UM) 5*256kB (U) 5*512kB (UM) 4*1024kB (U) 2*2048kB (U) 960*4096kB (M) = 3945976kB [ 231.613948][T10177] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 231.626814][T10203] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1388'. [ 231.635982][T10177] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 231.649639][T10177] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 231.659285][T10177] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 231.672592][T10177] 41408 total pagecache pages [ 231.679238][T10177] 0 pages in swap cache [ 231.683593][T10177] Free swap = 124996kB [ 231.693248][T10177] Total swap = 124996kB [ 231.697669][T10177] 2097051 pages RAM [ 231.701515][T10177] 0 pages HighMem/MovableOnly [ 231.706252][T10177] 400873 pages reserved [ 231.711105][T10177] 0 pages cma reserved [ 231.751942][T10192] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1385'. [ 231.784869][T10195] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1385'. [ 231.865591][T10197] bridge10: entered promiscuous mode [ 231.889959][T10197] vlan2: entered promiscuous mode [ 231.901209][T10197] bridge10: port 1(vlan2) entered blocking state [ 231.912318][T10197] bridge10: port 1(vlan2) entered disabled state [ 231.919522][T10197] vlan2: entered allmulticast mode [ 231.924701][T10197] bridge10: entered allmulticast mode [ 231.932550][T10197] vlan2: left allmulticast mode [ 231.937973][T10197] bridge10: left allmulticast mode [ 231.944524][T10197] bridge10: left promiscuous mode [ 231.980804][T10206] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1390'. [ 231.990647][T10208] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1390'. [ 232.033402][T10212] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1389'. [ 232.065135][T10210] bridge10: entered promiscuous mode [ 232.084942][T10210] vlan2: entered promiscuous mode [ 232.105279][T10210] bridge10: port 1(vlan2) entered blocking state [ 232.157516][T10210] bridge10: port 1(vlan2) entered disabled state [ 232.188420][T10210] vlan2: entered allmulticast mode [ 232.232003][T10210] bridge10: entered allmulticast mode [ 232.297643][T10210] vlan2: left allmulticast mode [ 232.302588][T10210] bridge10: left allmulticast mode [ 232.354892][T10210] bridge10: left promiscuous mode [ 232.978945][T10252] No such timeout policy "syz0" [ 233.504885][T10276] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1407'. [ 233.748173][T10273] lo speed is unknown, defaulting to 1000 [ 233.923523][T10287] validate_nla: 6 callbacks suppressed [ 233.923547][T10287] netlink: 'syz.2.1413': attribute type 9 has an invalid length. [ 234.000296][T10287] netlink: 'syz.2.1413': attribute type 7 has an invalid length. [ 234.019068][T10287] netlink: 'syz.2.1413': attribute type 8 has an invalid length. [ 234.037461][T10286] bridge0: port 3(macvlan3) entered blocking state [ 234.071531][T10286] bridge0: port 3(macvlan3) entered disabled state [ 234.091856][T10286] macvlan3: entered allmulticast mode [ 234.116979][T10286] macvlan3: entered promiscuous mode [ 234.145606][T10291] netlink: 'syz.1.1416': attribute type 4 has an invalid length. [ 234.232259][T10293] netlink: 'syz.1.1416': attribute type 4 has an invalid length. [ 234.319626][ T5144] lo speed is unknown, defaulting to 1000 [ 234.326957][ T5142] lo speed is unknown, defaulting to 1000 [ 234.346003][T10304] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 234.378601][T10304] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 234.750025][T10320] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 234.775737][T10320] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 234.789516][T10320] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 234.895068][T10322] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1426'. [ 235.019131][T10326] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1427'. [ 235.093823][T10328] netlink: 'syz.3.1428': attribute type 9 has an invalid length. [ 235.102395][T10328] netlink: 'syz.3.1428': attribute type 7 has an invalid length. [ 235.113806][T10328] netlink: 'syz.3.1428': attribute type 8 has an invalid length. [ 235.496345][T10337] netlink: 'syz.3.1431': attribute type 4 has an invalid length. [ 235.504492][T10340] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1432'. [ 235.504889][T10340] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1432'. [ 235.587468][T10339] netlink: 'syz.3.1431': attribute type 4 has an invalid length. [ 235.630143][T10346] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1434'. [ 235.675290][T10346] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1434'. [ 235.777524][T10346] bridge11: entered promiscuous mode [ 235.795356][T10346] vlan2: entered promiscuous mode [ 235.842260][T10346] bridge11: port 1(vlan2) entered blocking state [ 235.881875][T10346] bridge11: port 1(vlan2) entered disabled state [ 235.903429][T10346] vlan2: entered allmulticast mode [ 235.915445][T10346] bridge11: entered allmulticast mode [ 235.926161][T10346] vlan2: left allmulticast mode [ 235.938995][T10346] bridge11: left allmulticast mode [ 235.994206][T10346] bridge11: left promiscuous mode [ 236.340608][T10374] dummy0: entered promiscuous mode [ 236.376353][T10374] batadv_slave_0: entered promiscuous mode [ 236.492602][T10383] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1446'. [ 236.602892][ T4490] Bluetooth: hci1: command 0x0406 tx timeout [ 236.671056][T10391] sctp: [Deprecated]: syz.2.1448 (pid 10391) Use of int in max_burst socket option. [ 236.671056][T10391] Use struct sctp_assoc_value instead [ 236.773183][T10398] sctp: [Deprecated]: syz.1.1450 (pid 10398) Use of int in maxseg socket option. [ 236.773183][T10398] Use struct sctp_assoc_value instead [ 237.142471][T10410] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1457'. [ 237.160637][T10414] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1456'. [ 237.207580][T10410] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1457'. [ 237.364232][T10420] bridge12: entered promiscuous mode [ 237.423861][T10420] vlan2: entered promiscuous mode [ 237.432965][T10420] bridge12: port 1(vlan2) entered blocking state [ 237.470853][T10420] bridge12: port 1(vlan2) entered disabled state [ 237.482830][T10420] vlan2: entered allmulticast mode [ 237.488706][T10420] bridge12: entered allmulticast mode [ 237.501868][T10420] vlan2: left allmulticast mode [ 237.507579][T10420] bridge12: left allmulticast mode [ 237.516907][T10420] bridge12: left promiscuous mode [ 237.573621][T10424] bridge3: entered promiscuous mode [ 237.579466][T10424] vlan2: entered promiscuous mode [ 237.585727][T10424] bridge3: port 1(vlan2) entered blocking state [ 237.595785][T10424] bridge3: port 1(vlan2) entered disabled state [ 237.604601][T10424] vlan2: entered allmulticast mode [ 237.611095][T10424] bridge3: entered allmulticast mode [ 237.620298][T10424] vlan2: left allmulticast mode [ 237.625187][T10424] bridge3: left allmulticast mode [ 237.634050][T10424] bridge3: left promiscuous mode [ 237.992629][T10440] lo speed is unknown, defaulting to 1000 [ 237.995063][T10444] sch_tbf: burst 0 is lower than device veth1_to_bridge mtu (1514) ! [ 238.056404][T10444] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 238.064734][T10450] sctp: [Deprecated]: syz.4.1464 (pid 10450) Use of int in maxseg socket option. [ 238.064734][T10450] Use struct sctp_assoc_value instead [ 238.329993][T10458] tipc: Started in network mode [ 238.335106][T10458] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 238.354333][T10458] tipc: Enabled bearer , priority 10 [ 238.640352][ T1163] lo speed is unknown, defaulting to 1000 [ 238.677052][ T53] Bluetooth: hci1: command 0x0406 tx timeout [ 238.681638][ T5205] lo speed is unknown, defaulting to 1000 [ 238.930414][T10476] bridge4: entered promiscuous mode [ 238.937105][T10476] vlan2: entered promiscuous mode [ 238.951767][T10476] bridge4: port 1(vlan2) entered blocking state [ 238.968555][T10476] bridge4: port 1(vlan2) entered disabled state [ 238.992630][T10476] vlan2: entered allmulticast mode [ 239.034588][T10476] bridge4: entered allmulticast mode [ 239.063876][T10476] vlan2: left allmulticast mode [ 239.082002][T10476] bridge4: left allmulticast mode [ 239.096337][T10476] bridge4: left promiscuous mode [ 239.479597][ T5142] tipc: Node number set to 11578026 [ 239.961871][ T4490] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 239.974130][ T4490] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 239.987283][ T4490] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 240.003128][ T4490] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 240.012711][ T4490] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 240.020412][ T4490] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 240.120653][T10511] validate_nla: 16 callbacks suppressed [ 240.120677][T10511] netlink: 'syz.1.1485': attribute type 4 has an invalid length. [ 240.207145][T10513] netlink: 'syz.1.1485': attribute type 4 has an invalid length. [ 240.274453][T10507] lo speed is unknown, defaulting to 1000 [ 240.282576][ T5205] lo speed is unknown, defaulting to 1000 [ 240.282632][T10514] netlink: 'syz.4.1486': attribute type 4 has an invalid length. [ 240.322010][ T25] lo speed is unknown, defaulting to 1000 [ 240.397492][T10515] netlink: 'syz.4.1486': attribute type 4 has an invalid length. [ 240.759161][T10507] chnl_net:caif_netlink_parms(): no params data found [ 240.914074][T10527] syz.3.1490: vmalloc error: size 16781312, failed to allocated page array size 32776, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 240.932886][T10527] CPU: 0 PID: 10527 Comm: syz.3.1490 Not tainted 6.10.0-rc4-syzkaller-00945-gf261aa15b2ca #0 [ 240.943091][T10527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 240.953189][T10527] Call Trace: [ 240.956508][T10527] [ 240.959475][T10527] dump_stack_lvl+0x241/0x360 [ 240.964207][T10527] ? __pfx_dump_stack_lvl+0x10/0x10 [ 240.969465][T10527] ? __pfx__printk+0x10/0x10 [ 240.974111][T10527] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 240.980584][T10527] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 240.987150][T10527] warn_alloc+0x278/0x410 [ 240.991547][T10527] ? __pfx_warn_alloc+0x10/0x10 [ 240.996460][T10527] ? xskq_create+0xb6/0x170 [ 241.001020][T10527] ? __get_vm_area_node+0x23d/0x270 [ 241.006271][T10527] __vmalloc_node_range_noprof+0x69f/0x1460 [ 241.012248][T10527] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 241.018637][T10527] ? __kasan_kmalloc+0x98/0xb0 [ 241.023456][T10527] ? xskq_create+0x54/0x170 [ 241.028026][T10527] vmalloc_user_noprof+0x74/0x80 [ 241.033023][T10527] ? xskq_create+0xb6/0x170 [ 241.037579][T10527] xskq_create+0xb6/0x170 [ 241.041969][T10527] xsk_init_queue+0xa1/0x100 [ 241.046631][T10527] xsk_setsockopt+0x598/0x950 [ 241.051453][T10527] ? __pfx_xsk_setsockopt+0x10/0x10 [ 241.056803][T10527] ? __pfx_lock_acquire+0x10/0x10 [ 241.061877][T10527] ? aa_sock_opt_perm+0x79/0x120 [ 241.066894][T10527] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 241.072490][T10527] ? security_socket_setsockopt+0x87/0xb0 [ 241.078265][T10527] ? __pfx_xsk_setsockopt+0x10/0x10 [ 241.083607][T10527] do_sock_setsockopt+0x3af/0x720 [ 241.088699][T10527] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 241.094383][T10527] ? __fget_files+0x29/0x470 [ 241.099054][T10527] ? __fget_files+0x3f6/0x470 [ 241.103838][T10527] __sys_setsockopt+0x1ae/0x250 [ 241.108760][T10527] __x64_sys_setsockopt+0xb5/0xd0 [ 241.113867][T10527] do_syscall_64+0xf3/0x230 [ 241.118411][T10527] ? clear_bhb_loop+0x35/0x90 [ 241.123130][T10527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.129066][T10527] RIP: 0033:0x7f490d975ae9 [ 241.133517][T10527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 241.153140][T10527] RSP: 002b:00007f490e7f3048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 241.161582][T10527] RAX: ffffffffffffffda RBX: 00007f490db03fa0 RCX: 00007f490d975ae9 [ 241.169602][T10527] RDX: 0000000000000003 RSI: 000000000000011b RDI: 0000000000000004 [ 241.177622][T10527] RBP: 00007f490d9f6756 R08: 0000000000000004 R09: 0000000000000000 [ 241.185637][T10527] R10: 00000000200001c0 R11: 0000000000000246 R12: 0000000000000000 [ 241.193635][T10527] R13: 000000000000000b R14: 00007f490db03fa0 R15: 00007ffc91eeafd8 [ 241.201673][T10527] [ 241.221571][T10527] Mem-Info: [ 241.224825][T10527] active_anon:4081 inactive_anon:0 isolated_anon:0 [ 241.224825][T10527] active_file:1804 inactive_file:38371 isolated_file:0 [ 241.224825][T10527] unevictable:768 dirty:310 writeback:0 [ 241.224825][T10527] slab_reclaimable:9480 slab_unreclaimable:100009 [ 241.224825][T10527] mapped:13619 shmem:1263 pagetables:711 [ 241.224825][T10527] sec_pagetables:0 bounce:0 [ 241.224825][T10527] kernel_misc_reclaimable:0 [ 241.224825][T10527] free:1402735 free_pcp:1095 free_cma:0 [ 241.307925][T10507] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.326191][T10542] __nla_validate_parse: 5 callbacks suppressed [ 241.326212][T10542] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1492'. [ 241.344175][T10507] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.357522][T10507] bridge_slave_0: entered allmulticast mode [ 241.382408][T10542] openvswitch: netlink: Tunnel attr 8192 out of range max 16 [ 241.390782][T10527] Node 0 active_anon:16136kB inactive_anon:0kB active_file:7216kB inactive_file:153312kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:54496kB dirty:1160kB writeback:0kB shmem:3516kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10024kB pagetables:2868kB sec_pagetables:0kB all_unreclaimable? no [ 241.392051][T10507] bridge_slave_0: entered promiscuous mode [ 241.453194][T10507] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.464818][T10507] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.465883][T10550] netlink: 'syz.1.1494': attribute type 9 has an invalid length. [ 241.504471][T10507] bridge_slave_1: entered allmulticast mode [ 241.508331][T10550] netlink: 'syz.1.1494': attribute type 7 has an invalid length. [ 241.516150][T10507] bridge_slave_1: entered promiscuous mode [ 241.518765][T10527] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:80kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:8kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 241.565125][T10550] netlink: 'syz.1.1494': attribute type 8 has an invalid length. [ 241.646643][T10527] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 241.703411][T10527] lowmem_reserve[]: 0 2571 2571 0 0 [ 241.720011][T10527] Node 0 DMA32 free:1650960kB boost:0kB min:35108kB low:43884kB high:52660kB reserved_highatomic:0KB active_anon:16292kB inactive_anon:0kB active_file:7216kB inactive_file:153008kB unevictable:1536kB writepending:1160kB present:3129332kB managed:2659872kB mlocked:0kB bounce:0kB free_pcp:2444kB local_pcp:1352kB free_cma:0kB [ 241.722830][T10507] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 241.761014][T10527] lowmem_reserve[]: 0 0 0 0 0 [ 241.765818][T10527] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:304kB unevictable:0kB writepending:0kB present:1048576kB managed:360kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 241.790494][T10507] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 241.867344][T10527] lowmem_reserve[]: 0 0 0 0 0 [ 241.872330][T10527] Node 1 Normal free:3945220kB boost:0kB min:54788kB low:68484kB high:82180kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:80kB unevictable:1536kB writepending:8kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:748kB local_pcp:248kB free_cma:0kB [ 241.915892][T10527] lowmem_reserve[]: 0 0 0 0 0 [ 241.971471][T10527] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 242.037414][T10527] Node 0 DMA32: 2*4kB (UE) 8*8kB (UME) 98*16kB (ME) 84*32kB (ME) 52*64kB (UME) 35*128kB (ME) 17*256kB (UME) 9*512kB (UM) 7*1024kB (UME) 2*2048kB (M) 395*4096kB (UM) = 1650280kB [ 242.059281][T10507] team0: Port device team_slave_0 added [ 242.091224][T10507] team0: Port device team_slave_1 added [ 242.113263][T10527] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 242.127165][ T4490] Bluetooth: hci4: command tx timeout [ 242.191663][T10527] Node 1 Normal: 3*4kB (UM) 3*8kB (UM) 2*16kB (M) 2*32kB (M) 4*64kB (UM) 5*128kB (UM) 5*256kB (U) 5*512kB (UM) 4*1024kB (U) 2*2048kB (U) 960*4096kB (M) = 3945220kB [ 242.269701][T10527] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 242.286851][T10507] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 242.303179][T10507] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 242.331062][T10527] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 242.340677][T10527] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 242.360278][T10527] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 242.376710][T10507] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 242.396830][T10527] 41404 total pagecache pages [ 242.406605][T10527] 0 pages in swap cache [ 242.410944][T10527] Free swap = 124996kB [ 242.425510][T10527] Total swap = 124996kB [ 242.430759][T10577] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1500'. [ 242.435720][T10527] 2097051 pages RAM [ 242.466270][T10527] 0 pages HighMem/MovableOnly [ 242.467013][T10577] 0·: renamed from hsr0 (while UP) [ 242.474199][T10586] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1501'. [ 242.487574][T10527] 400873 pages reserved [ 242.493564][T10527] 0 pages cma reserved [ 242.515425][T10577] 0·: entered allmulticast mode [ 242.525486][T10577] hsr_slave_0: entered allmulticast mode [ 242.556583][T10577] hsr_slave_1: entered allmulticast mode [ 242.562920][T10577] A link change request failed with some changes committed already. Interface 70· may have been left with an inconsistent configuration, please check. [ 242.615603][T10507] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 242.639982][T10507] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 242.674096][T10507] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 242.894017][T10507] hsr_slave_0: entered promiscuous mode [ 242.940369][T10507] hsr_slave_1: entered promiscuous mode [ 243.354961][T10614] netlink: 'syz.3.1506': attribute type 9 has an invalid length. [ 243.390508][T10614] netlink: 'syz.3.1506': attribute type 7 has an invalid length. [ 243.419962][T10614] netlink: 'syz.3.1506': attribute type 8 has an invalid length. [ 243.781014][T10507] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 243.975584][T10507] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.179896][T10507] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.196927][ T4490] Bluetooth: hci4: command tx timeout [ 244.369127][T10507] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.787813][T10507] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 244.830541][T10507] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 244.873707][T10507] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 244.887567][T10507] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 244.912785][T10662] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1522'. [ 245.273856][T10507] 8021q: adding VLAN 0 to HW filter on device bond0 [ 245.358303][T10679] tipc: Can't bind to reserved service type 0 [ 245.400914][T10507] 8021q: adding VLAN 0 to HW filter on device team0 [ 245.449391][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.456663][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 245.468507][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.475700][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 245.501792][T10683] validate_nla: 7 callbacks suppressed [ 245.501814][T10683] netlink: 'syz.4.1530': attribute type 9 has an invalid length. [ 245.523627][T10683] netlink: 'syz.4.1530': attribute type 7 has an invalid length. [ 245.538795][T10683] netlink: 'syz.4.1530': attribute type 8 has an invalid length. [ 245.625297][T10677] lo speed is unknown, defaulting to 1000 [ 245.699357][T10507] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 245.827483][T10688] netlink: 'syz.1.1533': attribute type 4 has an invalid length. [ 245.876391][T10692] netlink: 'syz.3.1534': attribute type 4 has an invalid length. [ 245.973526][T10694] netlink: 'syz.1.1533': attribute type 4 has an invalid length. [ 246.003961][T10700] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1532'. [ 246.038658][ T5144] lo speed is unknown, defaulting to 1000 [ 246.040788][T10695] netlink: 'syz.3.1534': attribute type 4 has an invalid length. [ 246.115603][ T5205] lo speed is unknown, defaulting to 1000 [ 246.276975][ T4490] Bluetooth: hci4: command tx timeout [ 246.500623][T10507] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 246.702978][T10710] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1537'. [ 246.725347][T10710] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1537'. [ 246.804997][T10507] veth0_vlan: entered promiscuous mode [ 246.850268][T10710] bridge3: entered promiscuous mode [ 246.875621][T10710] vlan2: entered promiscuous mode [ 246.882670][T10710] bridge3: port 1(vlan2) entered blocking state [ 246.913349][T10710] bridge3: port 1(vlan2) entered disabled state [ 246.939547][T10710] vlan2: entered allmulticast mode [ 246.971237][T10710] bridge3: entered allmulticast mode [ 247.025937][T10710] vlan2: left allmulticast mode [ 247.056190][T10710] bridge3: left allmulticast mode [ 247.088470][T10710] bridge3: left promiscuous mode [ 247.245518][T10719] netlink: zone id is out of range [ 247.304478][T10719] netlink: zone id is out of range [ 247.338309][T10719] netlink: zone id is out of range [ 247.379192][T10719] netlink: set zone limit has 4 unknown bytes [ 247.440897][T10721] netlink: 'syz.3.1541': attribute type 9 has an invalid length. [ 247.472904][T10507] veth1_vlan: entered promiscuous mode [ 247.477407][T10721] netlink: 'syz.3.1541': attribute type 7 has an invalid length. [ 247.486373][T10721] netlink: 'syz.3.1541': attribute type 8 has an invalid length. [ 247.710324][T10507] veth0_macvtap: entered promiscuous mode [ 247.739299][T10507] veth1_macvtap: entered promiscuous mode [ 247.789505][T10507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.843159][T10507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.871572][T10507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.899530][T10507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.919811][T10507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.941068][T10507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.957935][T10507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.970690][T10507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.983597][T10507] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 248.079752][T10507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 248.109427][T10739] netlink: 892 bytes leftover after parsing attributes in process `syz.1.1547'. [ 248.127626][T10507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.146943][T10507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 248.159237][T10507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.172693][T10507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 248.188312][T10507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.226564][T10507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 248.250244][T10507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.270030][T10507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 248.295381][T10507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.324035][T10507] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 248.358731][T10507] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.359265][ T53] Bluetooth: hci4: command tx timeout [ 248.381863][T10507] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.392450][T10507] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.409778][T10507] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.658544][ T80] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 248.721699][ T80] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 248.931388][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 248.943955][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 249.175289][T10763] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1477'. [ 249.657892][T10780] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1559'. [ 249.830252][T10785] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1563'. [ 249.856602][T10785] openvswitch: netlink: IP tunnel attribute has 3056 unknown bytes. [ 249.963189][T10789] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1565'. [ 250.328259][T10803] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1570'. [ 250.413562][T10803] netlink: 19 bytes leftover after parsing attributes in process `syz.4.1570'. [ 250.459550][T10803] caif0: entered allmulticast mode [ 250.489450][T10800] lo speed is unknown, defaulting to 1000 [ 250.748316][T10811] validate_nla: 8 callbacks suppressed [ 250.748339][T10811] netlink: 'syz.2.1573': attribute type 4 has an invalid length. [ 250.906050][T10813] netlink: 'syz.2.1573': attribute type 4 has an invalid length. [ 251.009339][T10822] netlink: 'syz.4.1575': attribute type 9 has an invalid length. [ 251.017383][T10822] netlink: 'syz.4.1575': attribute type 7 has an invalid length. [ 251.025144][T10822] netlink: 'syz.4.1575': attribute type 8 has an invalid length. [ 251.087270][T10821] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1576'. [ 252.254987][ T29] audit: type=1804 audit(1719504329.269:23): pid=10854 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1583" name="/root/syzkaller.YL1sx3/238/cgroup.controllers" dev="sda1" ino=1977 res=1 errno=0 [ 252.313261][T10859] syzkaller0: entered promiscuous mode [ 252.319412][T10859] syzkaller0: entered allmulticast mode [ 252.369675][T10870] netlink: 'syz.0.1589': attribute type 4 has an invalid length. [ 252.420120][T10859] __nla_validate_parse: 2 callbacks suppressed [ 252.420144][T10859] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1585'. [ 252.478658][T10872] netlink: 'syz.0.1589': attribute type 4 has an invalid length. [ 252.702877][T10874] netlink: 'syz.3.1590': attribute type 4 has an invalid length. [ 252.763900][T10874] netlink: 'syz.3.1590': attribute type 4 has an invalid length. [ 255.246770][T10894] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1596'. [ 255.263374][T10879] lo speed is unknown, defaulting to 1000 [ 256.255040][T10954] netlink: 'syz.2.1616': attribute type 9 has an invalid length. [ 256.265098][T10954] netlink: 'syz.2.1616': attribute type 7 has an invalid length. [ 256.285491][T10954] netlink: 'syz.2.1616': attribute type 8 has an invalid length. [ 256.331095][T10956] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1615'. [ 256.970663][T10988] vlan2: entered promiscuous mode [ 256.991242][T10988] gretap0: entered promiscuous mode [ 257.002421][T10988] gretap0: left promiscuous mode [ 257.310020][T10999] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1629'. [ 257.332878][T10999] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1629'. [ 257.404215][T11005] bridge4: entered promiscuous mode [ 257.447186][T11005] vlan2: entered promiscuous mode [ 257.472103][T11005] bridge4: port 1(vlan2) entered blocking state [ 257.507852][T11005] bridge4: port 1(vlan2) entered disabled state [ 257.539082][T11005] vlan2: entered allmulticast mode [ 257.601456][T11005] bridge4: entered allmulticast mode [ 257.690409][T11005] vlan2: left allmulticast mode [ 257.701731][T11005] bridge4: left allmulticast mode [ 257.719290][T11005] bridge4: left promiscuous mode [ 257.781866][T11003] lo speed is unknown, defaulting to 1000 [ 257.787009][T11014] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1633'. [ 258.157643][ T29] audit: type=1804 audit(1719504335.189:24): pid=11016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1632" name="/root/syzkaller.w2Z27i/330/cgroup.controllers" dev="sda1" ino=1977 res=1 errno=0 [ 258.943103][T11054] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1645'. [ 258.953024][T11052] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1644'. [ 259.074370][ T5142] IPVS: starting estimator thread 0... [ 259.197134][T11058] IPVS: using max 18 ests per chain, 43200 per kthread [ 259.307050][T11063] netlink: 'syz.2.1649': attribute type 4 has an invalid length. [ 259.348443][T11063] netlink: 'syz.2.1649': attribute type 4 has an invalid length. [ 259.701692][T11083] netlink: 208 bytes leftover after parsing attributes in process `syz.4.1656'. [ 259.880376][T11082] lo speed is unknown, defaulting to 1000 [ 259.961029][T11093] netlink: 'syz.0.1658': attribute type 1 has an invalid length. [ 260.248214][T11102] xt_TCPMSS: Only works on TCP SYN packets [ 260.254373][ T29] audit: type=1804 audit(1719504337.279:25): pid=11102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1661" name="/root/syzkaller.SbbGuF/231/cgroup.controllers" dev="sda1" ino=1955 res=1 errno=0 [ 260.343705][T11107] netlink: 'syz.2.1663': attribute type 4 has an invalid length. [ 260.413056][T11111] netlink: 'syz.2.1663': attribute type 4 has an invalid length. [ 260.557253][T11117] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1665'. [ 260.600274][T11117] lo speed is unknown, defaulting to 1000 [ 260.957035][T11127] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 261.168000][T11132] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1670'. [ 261.425688][T11135] netlink: 'syz.3.1673': attribute type 4 has an invalid length. [ 261.537803][T11135] netlink: 'syz.3.1673': attribute type 4 has an invalid length. [ 261.583473][T11142] netlink: 'syz.0.1675': attribute type 9 has an invalid length. [ 261.604667][T11142] netlink: 'syz.0.1675': attribute type 7 has an invalid length. [ 261.623978][T11142] netlink: 'syz.0.1675': attribute type 8 has an invalid length. [ 261.689864][T11145] netlink: 'syz.2.1678': attribute type 4 has an invalid length. [ 261.756330][T11145] netlink: 'syz.2.1678': attribute type 4 has an invalid length. [ 261.906933][T11150] lo speed is unknown, defaulting to 1000 [ 261.993728][T11157] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1681'. [ 262.086720][T11157] workqueue: Failed to create a rescuer kthread for wq "nbd64-recv": -EINTR [ 262.088649][T11157] block (null): Could not allocate knbd recv work queue. [ 262.149149][T11157] nbd: failed to add new device [ 262.458525][T11174] netlink: 'syz.4.1685': attribute type 2 has an invalid length. [ 262.753039][T11185] netlink: 'syz.2.1690': attribute type 9 has an invalid length. [ 262.776844][T11185] netlink: 'syz.2.1690': attribute type 7 has an invalid length. [ 263.108931][ T29] audit: type=1804 audit(1719504340.149:26): pid=11169 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1684" name="/root/syzkaller.AmjMkz/21/cgroup.controllers" dev="sda1" ino=1974 res=1 errno=0 [ 263.238491][T11198] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1693'. [ 263.449287][T11207] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1699'. [ 264.020248][T11239] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1706'. [ 264.302787][ T51] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.424854][T11248] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1709'. [ 264.446902][T11252] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1709'. [ 264.567222][T11254] bridge13: entered promiscuous mode [ 264.595965][T11254] vlan2: entered promiscuous mode [ 264.626309][T11254] bridge13: port 1(vlan2) entered blocking state [ 264.646821][T11254] bridge13: port 1(vlan2) entered disabled state [ 264.666198][T11254] vlan2: entered allmulticast mode [ 264.706870][T11254] bridge13: entered allmulticast mode [ 264.730972][T11254] vlan2: left allmulticast mode [ 264.735997][T11254] bridge13: left allmulticast mode [ 264.787838][T11254] bridge13: left promiscuous mode [ 264.908075][T11272] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000193: 0000 [#1] PREEMPT SMP KASAN PTI [ 264.920731][T11272] KASAN: null-ptr-deref in range [0x0000000000000c98-0x0000000000000c9f] [ 264.929184][T11272] CPU: 1 PID: 11272 Comm: syz.0.1720 Not tainted 6.10.0-rc4-syzkaller-00945-gf261aa15b2ca #0 [ 264.939402][T11272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 264.949502][T11272] RIP: 0010:coalesce_fill_reply+0xcc/0x1b70 [ 264.955544][T11272] Code: e8 19 2c f9 f7 4c 89 f0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 e3 f1 5e f8 bb 98 0c 00 00 49 03 1e 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 c5 f1 5e f8 48 8b 03 48 89 44 24 [ 264.975192][T11272] RSP: 0018:ffffc9000315eee0 EFLAGS: 00010206 [ 264.981310][T11272] RAX: 0000000000000193 RBX: 0000000000000c98 RCX: 0000000000040000 [ 264.989622][T11272] RDX: ffffc90014cb3000 RSI: 00000000000015e7 RDI: 00000000000015e8 [ 264.997634][T11272] RBP: ffffc9000315f118 R08: ffffffff899bb137 R09: 006e75745f7a7973 [ 265.005963][T11272] R10: dffffc0000000000 R11: ffffffff899cf860 R12: ffffffff899cf860 [ 265.014066][T11272] R13: dffffc0000000000 R14: ffff88805b5e7b80 R15: ffff88802c189b40 [ 265.022082][T11272] FS: 00007fb7604916c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 265.031057][T11272] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 265.037771][T11272] CR2: 0000001b3351dff8 CR3: 0000000072ae8000 CR4: 00000000003506f0 [ 265.045789][T11272] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 265.053794][T11272] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 265.061803][T11272] Call Trace: [ 265.065115][T11272] [ 265.068076][T11272] ? __die_body+0x88/0xe0 [ 265.072541][T11272] ? die_addr+0x108/0x140 [ 265.076933][T11272] ? exc_general_protection+0x3dd/0x5d0 [ 265.082541][T11272] ? asm_exc_general_protection+0x26/0x30 [ 265.088319][T11272] ? __pfx_coalesce_fill_reply+0x10/0x10 [ 265.088601][ T4490] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 265.093985][T11272] ? __pfx_coalesce_fill_reply+0x10/0x10 [ 265.094029][T11272] ? ethnl_default_dumpit+0x517/0xb30 [ 265.101746][ T4490] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 265.106595][T11272] ? coalesce_fill_reply+0xcc/0x1b70 [ 265.106645][T11272] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 265.112754][ T4490] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 265.119186][T11272] ? __pfx_coalesce_fill_reply+0x10/0x10 [ 265.119231][T11272] ? rcu_is_watching+0x15/0xb0 [ 265.119258][T11272] ? trace_contention_end+0x3c/0x120 [ 265.119293][T11272] ? nla_put+0x131/0x1e0 [ 265.119320][T11272] ? __asan_memcpy+0x40/0x70 [ 265.119346][T11272] ? nla_put+0x131/0x1e0 [ 265.119374][T11272] ? ethnl_fill_reply_header+0x295/0x3c0 [ 265.119400][T11272] ? __pfx_netdev_run_todo+0x10/0x10 [ 265.119436][T11272] ? __pfx_ethnl_fill_reply_header+0x10/0x10 [ 265.119462][T11272] ? ethnl_ops_complete+0xba/0xd0 [ 265.119487][T11272] ? coalesce_prepare_data+0x175/0x1e0 [ 265.119520][T11272] ? __pfx_coalesce_fill_reply+0x10/0x10 [ 265.119554][T11272] ? ethnl_default_dumpit+0x83/0xb30 [ 265.119580][T11272] ethnl_default_dumpit+0x5ac/0xb30 [ 265.119608][T11272] ? ethnl_default_dumpit+0x83/0xb30 [ 265.119641][T11272] genl_dumpit+0x107/0x1a0 [ 265.119677][T11272] netlink_dump+0x647/0xd80 [ 265.119700][T11272] ? ethnl_default_start+0x33a/0x560 [ 265.119734][T11272] ? __pfx_netlink_dump+0x10/0x10 [ 265.119770][T11272] ? genl_start+0x597/0x6d0 [ 265.119807][T11272] __netlink_dump_start+0x59f/0x780 [ 265.119845][T11272] genl_rcv_msg+0x88c/0xec0 [ 265.119875][T11272] ? mark_lock+0x9a/0x350 [ 265.131316][ T4490] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 265.138663][T11272] ? __pfx_genl_rcv_msg+0x10/0x10 [ 265.138709][T11272] ? __pfx_genl_start+0x10/0x10 [ 265.138740][T11272] ? __pfx_genl_dumpit+0x10/0x10 [ 265.145183][ T4490] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 265.149102][T11272] ? __pfx_genl_done+0x10/0x10 [ 265.149149][T11272] ? __pfx_lock_acquire+0x10/0x10 [ 265.154953][ T4490] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 265.158632][T11272] ? __pfx_ethnl_default_start+0x10/0x10 [ 265.158664][T11272] ? __pfx_ethnl_default_dumpit+0x10/0x10 [ 265.262052][T11287] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1725'. [ 265.266187][T11272] ? __pfx_ethnl_default_done+0x10/0x10 [ 265.266227][T11272] ? __pfx___might_resched+0x10/0x10 [ 265.331196][T11272] netlink_rcv_skb+0x1e3/0x430 [ 265.335990][T11272] ? __pfx_genl_rcv_msg+0x10/0x10 [ 265.341056][T11272] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 265.346470][T11272] ? __netlink_deliver_tap+0x77e/0x7c0 [ 265.351974][T11272] genl_rcv+0x28/0x40 [ 265.355968][T11272] netlink_unicast+0x7f0/0x990 [ 265.360749][T11272] ? __pfx_netlink_unicast+0x10/0x10 [ 265.366045][T11272] ? __virt_addr_valid+0x183/0x520 [ 265.371184][T11272] ? __check_object_size+0x49c/0x900 [ 265.376493][T11272] ? bpf_lsm_netlink_send+0x9/0x10 [ 265.381645][T11272] netlink_sendmsg+0x8e4/0xcb0 [ 265.386545][T11272] ? __pfx_netlink_sendmsg+0x10/0x10 [ 265.391858][T11272] ? __import_iovec+0x536/0x820 [ 265.396715][T11272] ? aa_sock_msg_perm+0x91/0x160 [ 265.401675][T11272] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 265.406984][T11272] ? security_socket_sendmsg+0x87/0xb0 [ 265.412498][T11272] ? __pfx_netlink_sendmsg+0x10/0x10 [ 265.417818][T11272] __sock_sendmsg+0x221/0x270 [ 265.422531][T11272] ____sys_sendmsg+0x525/0x7d0 [ 265.427311][T11272] ? __pfx_____sys_sendmsg+0x10/0x10 [ 265.432713][T11272] __sys_sendmsg+0x2b0/0x3a0 [ 265.437336][T11272] ? __pfx___sys_sendmsg+0x10/0x10 [ 265.442491][T11272] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 265.448433][T11272] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 265.454769][T11272] ? do_syscall_64+0x100/0x230 [ 265.459570][T11272] ? do_syscall_64+0xb6/0x230 [ 265.464271][T11272] do_syscall_64+0xf3/0x230 [ 265.468789][T11272] ? clear_bhb_loop+0x35/0x90 [ 265.473483][T11272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.479406][T11272] RIP: 0033:0x7fb75f775ae9 [ 265.483920][T11272] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.503590][T11272] RSP: 002b:00007fb760491048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 265.512019][T11272] RAX: ffffffffffffffda RBX: 00007fb75f903fa0 RCX: 00007fb75f775ae9 [ 265.520038][T11272] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 265.528017][T11272] RBP: 00007fb75f7f6756 R08: 0000000000000000 R09: 0000000000000000 [ 265.535997][T11272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 265.543984][T11272] R13: 000000000000000b R14: 00007fb75f903fa0 R15: 00007ffe8c4d26c8 [ 265.551970][T11272] [ 265.554987][T11272] Modules linked in: [ 265.567680][T11272] ---[ end trace 0000000000000000 ]--- [ 265.573227][T11272] RIP: 0010:coalesce_fill_reply+0xcc/0x1b70 [ 265.574981][ T51] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.579276][T11272] Code: e8 19 2c f9 f7 4c 89 f0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 e3 f1 5e f8 bb 98 0c 00 00 49 03 1e 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 c5 f1 5e f8 48 8b 03 48 89 44 24 [ 265.579301][T11272] RSP: 0018:ffffc9000315eee0 EFLAGS: 00010206 [ 265.579327][T11272] RAX: 0000000000000193 RBX: 0000000000000c98 RCX: 0000000000040000 [ 265.579344][T11272] RDX: ffffc90014cb3000 RSI: 00000000000015e7 RDI: 00000000000015e8 [ 265.579362][T11272] RBP: ffffc9000315f118 R08: ffffffff899bb137 R09: 006e75745f7a7973 [ 265.579381][T11272] R10: dffffc0000000000 R11: ffffffff899cf860 R12: ffffffff899cf860 [ 265.579400][T11272] R13: dffffc0000000000 R14: ffff88805b5e7b80 R15: ffff88802c189b40 [ 265.579419][T11272] FS: 00007fb7604916c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 265.579440][T11272] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 265.579456][T11272] CR2: 0000001b3351dff8 CR3: 0000000072ae8000 CR4: 00000000003506f0 [ 265.579478][T11272] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 265.579493][T11272] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 265.579511][T11272] Kernel panic - not syncing: Fatal exception [ 265.579757][T11272] Kernel Offset: disabled