last executing test programs: 39.072938946s ago: executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x3, 0x0) setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000000)=0x7f, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 38.90470988s ago: executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00'}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2, 0x0, 0x0, @prog_id}, 0x20) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@cgroup=r0, r1, 0x2, 0x0, 0x4000, @prog_id}, 0x20) 38.822613244s ago: executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-generic\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x5}, 0x48) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000001dc0)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-clmulni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$inet_sctp(r2, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f00000000c0)="b6", 0x1}], 0x1}, 0x14f916e07fbb522e) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000001180)=ANY=[@ANYBLOB="20000000041401050000000000000000080001000000000008003d00ffffffff35ff90c9a35548dc931c1b22bba9a064799ca14fbe45f148775c5d5271357fd5ba5998550c02fb26ff2876fcc14b38c5dec598a482a432ea69c619e76885e1cdea6fc2f6eeb9105826bfd1286052d7ddd8eb6a348640581e379b07c9c136a88432da541da81378bfb0302ecc08"], 0x20}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000380)={'wlan0\x00'}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x63, &(0x7f0000001100)={&(0x7f0000001140)=ANY=[@ANYRESHEX=r3], 0xf8}, 0x1, 0x0, 0x0, 0x8840}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='percpu_alloc_percpu\x00'}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000069117200000000008510000002000000850000000002000095000000000000009500a50500000000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x27, 0xffffffffffffffff, 0x6}, 0x90) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="1c0000001e0081064e81f782db44b9040202080006007c09e8fe08a1", 0x1c}], 0x1}, 0x0) 26.811969098s ago: executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-generic\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x5}, 0x48) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000001dc0)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-clmulni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$inet_sctp(r2, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f00000000c0)="b6", 0x1}], 0x1}, 0x14f916e07fbb522e) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000001180)=ANY=[@ANYBLOB="20000000041401050000000000000000080001000000000008003d00ffffffff35ff90c9a35548dc931c1b22bba9a064799ca14fbe45f148775c5d5271357fd5ba5998550c02fb26ff2876fcc14b38c5dec598a482a432ea69c619e76885e1cdea6fc2f6eeb9105826bfd1286052d7ddd8eb6a348640581e379b07c9c136a88432da541da81378bfb0302ecc08"], 0x20}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000380)={'wlan0\x00'}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x63, &(0x7f0000001100)={&(0x7f0000001140)=ANY=[@ANYRESHEX=r3], 0xf8}, 0x1, 0x0, 0x0, 0x8840}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='percpu_alloc_percpu\x00'}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000069117200000000008510000002000000850000000002000095000000000000009500a50500000000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x27, 0xffffffffffffffff, 0x6}, 0x90) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="1c0000001e0081064e81f782db44b9040202080006007c09e8fe08a1", 0x1c}], 0x1}, 0x0) 12.514533841s ago: executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-generic\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x5}, 0x48) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000001dc0)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-clmulni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$inet_sctp(r2, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f00000000c0)="b6", 0x1}], 0x1}, 0x14f916e07fbb522e) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000001180)=ANY=[@ANYBLOB="20000000041401050000000000000000080001000000000008003d00ffffffff35ff90c9a35548dc931c1b22bba9a064799ca14fbe45f148775c5d5271357fd5ba5998550c02fb26ff2876fcc14b38c5dec598a482a432ea69c619e76885e1cdea6fc2f6eeb9105826bfd1286052d7ddd8eb6a348640581e379b07c9c136a88432da541da81378bfb0302ecc08"], 0x20}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000380)={'wlan0\x00'}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x63, &(0x7f0000001100)={&(0x7f0000001140)=ANY=[@ANYRESHEX=r3], 0xf8}, 0x1, 0x0, 0x0, 0x8840}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='percpu_alloc_percpu\x00'}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000069117200000000008510000002000000850000000002000095000000000000009500a50500000000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x27, 0xffffffffffffffff, 0x6}, 0x90) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="1c0000001e0081064e81f782db44b9040202080006007c09e8fe08a1", 0x1c}], 0x1}, 0x0) 2.234284168s ago: executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$netlink(r1, 0x10e, 0x3, &(0x7f0000000200)=""/47, &(0x7f0000000240)=0x2f) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r3=>0x0}) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000040016800400149015b0b06f69"], 0x28}}, 0x0) r4 = socket$key(0xf, 0x3, 0x2) setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x8) pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x0, 0x3938700}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000340)={'ip_vti0\x00', &(0x7f0000001740)={'ip_vti0\x00', <r5=>r3, 0x7800, 0x20, 0x80, 0x0, {{0x14, 0x4, 0x3, 0x2, 0x50, 0x64, 0x0, 0x3, 0x29, 0x0, @multicast2, @dev={0xac, 0x14, 0x14, 0xa}, {[@timestamp_addr={0x44, 0xc, 0x40, 0x1, 0x2, [{@private=0xa010102, 0x8000}]}, @timestamp_prespec={0x44, 0xc, 0x44, 0x3, 0x4, [{@broadcast}]}, @end, @timestamp_addr={0x44, 0x14, 0x4e, 0x1, 0x1, [{@rand_addr=0x64010100, 0x6e}, {@local, 0x8}]}, @lsrr={0x83, 0xf, 0x39, [@rand_addr=0x64010102, @remote, @multicast2]}]}}}}}) sendmsg$nl_route(r1, &(0x7f0000001540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001500)={&(0x7f0000001640)=ANY=[@ANYBLOB="240000005200080029bd7000fcdbdf251c08000600c700000008000100", @ANYRES32=r5, @ANYBLOB="aaeef3ed62ff1343ed5bc7d4bbf934fb1836e0db3dccf81fc369c8b7ca3d21601cff265af4a9d63eb2630d8aca49d4218bdaecee4e31620568fb24b2401f28e33ff7d172882dcf0463de446f2d8f952234541600eae09c364916c778884bf9d0d9b3de26f82c1d6999a98068dfe9c45a0e8146b2cac16da51a65bae33a226722e6db54080b3c74f707c962a21c19f5220a9c88b9286a562019b13152ec4e291655e8ea4d22600e46ca93c8c74b06e0e7e9f83cdcfdf3bed2"], 0x24}, 0x1, 0x0, 0x0, 0x40001}, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r6 = socket$rds(0x15, 0x5, 0x0) bind$rds(r6, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) socket$inet_smc(0x2b, 0x1, 0x0) sendmsg$rds(r6, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0) r7 = socket(0x400000000010, 0x3, 0x0) write(r7, &(0x7f0000000040)="0a03000019002551075c0165ff0ffc02802000030004000500e1000cee020f001a000000", 0x33a) sendmsg$key(r4, &(0x7f00005f5000)={0x0, 0x0, 0x0}, 0x0) accept$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000080)=0x14) ppoll(&(0x7f0000000140)=[{0xffffffffffffffff, 0x8}, {r4}], 0x2, &(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)={[0x20]}, 0x8) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000008c00bf60d3"], &(0x7f00000001c0)='GPL\x00'}, 0x90) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x0, &(0x7f0000000480)=""/4096, &(0x7f0000000280)=0x1000) r8 = openat$cgroup_ro(r2, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r8, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r8, 0x0) r9 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r9, 0x84, 0x7b, &(0x7f0000000140), &(0x7f0000000180)=0x8) bind$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x3, @none, 0x0, 0x2}, 0xe) shutdown(0xffffffffffffffff, 0x0) 1.660274644s ago: executing program 4: ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_STATISTICS(r2, 0x11b, 0x8, 0x0, &(0x7f0000000040)) 1.477990178s ago: executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000880)={'bridge_slave_0\x00', <r1=>0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000001c000701080000000000000007000000", @ANYRES32=<r3=>r1, @ANYBLOB="e04f00000a000200aaaaaaaaaa0c"], 0x28}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x4888, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c00000010000304000000000000000000007400", @ANYRES32=r3, @ANYBLOB="08000000000000000a000100"], 0x2c}}, 0x0) 1.472220645s ago: executing program 4: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffffffffffff99, &(0x7f0000000080)=[{&(0x7f00000000c0)="e03f030010000b05d25a806c8c6f94f90324fc601000010020000000053582fb8f51c18fffd99b8e8bc137153e37", 0x33fe0}], 0x1}, 0x40040) 1.253876314s ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x0, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1d}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$cgroup_int(r0, &(0x7f0000000000), 0xffffff6a) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000010900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a320000000070000000060a010400000000000000000100000008000b4000000000400004803c0001800b000100736f636b657400002c000280080002400000000d080001400000000108000300000000f408000300000000e0080003000000009e0900010073797a30"], 0x140}}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x4030582b, &(0x7f0000000300)={0x1100, 0x0, 0x0, 0x2a40}) ioctl$FS_IOC_RESVSP(r0, 0x40305828, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000012c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a900d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a3c0db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0000000"], &(0x7f0000000100)='GPL\x00'}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000002380)={0x3, 0x8, &(0x7f0000002340)=ANY=[@ANYRES32=r2], &(0x7f0000000100)='GPL\x00', 0xfffffffc, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, 0x1d, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2}, 0x90) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000001940), 0x0) r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff}) sendfile(r5, r4, 0x0, 0x5) recvmsg(r4, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000000280)=""/4096, 0x1000}], 0x1}, 0x0) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$bt_hci(r6, 0x84, 0x10, &(0x7f0000000080)=""/4057, &(0x7f0000001140)=0xfd9) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000001100), 0x8) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00'}) ioctl$FIBMAP(r0, 0x4030582a, &(0x7f0000000080)) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r8, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) 1.232172634s ago: executing program 4: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x67b}]}, 0x10) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$bt_hci(r0, 0x84, 0xd, &(0x7f0000001f00)=""/4062, &(0x7f00000004c0)=0x744) 1.134749477s ago: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) socket$inet(0x2, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x8, &(0x7f00000002c0)={&(0x7f0000000540)=@newtaction={0x48, 0x31, 0x1, 0x0, 0x0, {0x0, 0x0, 0x11}, [{0x34, 0x1, [@m_police={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x3}, {0xc}}}]}]}, 0x48}}, 0x0) 985.10697ms ago: executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000080)="390000001300090468fe0700000000000000ff3f04000000480100100000000004002b000a00010014a4ee1ee438d2fd000000000000007208", 0x39}], 0x1) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000040)="3900000013000318680907070000000f0000ff3f04000000170a001700000000040037000d00030001362564aa58b9a64411f6bbf44dc48f57", 0x39}], 0x1) 881.366882ms ago: executing program 1: r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x1}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x2}, 0x10) r3 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r3, &(0x7f00000006c0)=@name={0x1e, 0x2, 0x0, {{0x42, 0x10000001}}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f00000001c0)={0x42, 0x4}, 0x10) sendmsg$tipc(r2, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10, 0x0}, 0x0) 811.722685ms ago: executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-generic\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x5}, 0x48) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000001dc0)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-clmulni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$inet_sctp(r2, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f00000000c0)="b6", 0x1}], 0x1}, 0x14f916e07fbb522e) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000001180)=ANY=[@ANYBLOB="20000000041401050000000000000000080001000000000008003d00ffffffff35ff90c9a35548dc931c1b22bba9a064799ca14fbe45f148775c5d5271357fd5ba5998550c02fb26ff2876fcc14b38c5dec598a482a432ea69c619e76885e1cdea6fc2f6eeb9105826bfd1286052d7ddd8eb6a348640581e379b07c9c136a88432da541da81378bfb0302ecc08"], 0x20}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000380)={'wlan0\x00'}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x63, &(0x7f0000001100)={&(0x7f0000001140)=ANY=[@ANYRESHEX=r3], 0xf8}, 0x1, 0x0, 0x0, 0x8840}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='percpu_alloc_percpu\x00'}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000069117200000000008510000002000000850000000002000095000000000000009500a50500000000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x27, 0xffffffffffffffff, 0x6}, 0x90) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="1c0000001e0081064e81f782db44b9040202080006007c09e8fe08a1", 0x1c}], 0x1}, 0x0) 739.598816ms ago: executing program 2: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4) sendto$inet6(r0, &(0x7f0000000140)='g', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) shutdown(r0, 0x1) sendmsg$inet6(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000001c0)='=', 0x1}], 0x1}, 0x0) 707.471687ms ago: executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x2, &(0x7f0000000040)=0xad3, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000003c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f00000002c0)=0x7, 0x4) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x5, 0x4) bind$inet6(r0, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) r2 = epoll_create1(0x0) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000100)={0x30000000}) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={r3}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFBR(r5, 0x8940, &(0x7f0000000b80)=@generic={0x2}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_es_insert_delayed_block\x00', r4}, 0x10) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x4, 0x4, 0x4}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000006007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000001000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000005000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='ext4_es_insert_delayed_block\x00', r7}, 0x10) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0) write$cgroup_int(r8, &(0x7f0000000100), 0x1001) 666.712085ms ago: executing program 0: r0 = socket$unix(0x1, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r1=>0x0}) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r2, &(0x7f0000000000), 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000080000000000000000000a1400000010"], 0x28}}, 0x0) r3 = socket(0x0, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', <r5=>0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x4, "00000000000000000400004f00"}}}]}, 0x48}}, 0x0) sendmmsg$inet6(r3, &(0x7f0000001e80)=[{{&(0x7f0000000080)={0xa, 0x4e24, 0x1ff, @private2}, 0x1c, &(0x7f00000000c0)=[{&(0x7f0000000200)="506671b59db1f2daddf56339f18f3ebba37441bca0fea0b573387359b01cf1882cd292c0fa98e45c35f97aad2733c5aa830a2a2377aa00990788ee09442bbdff03b480cbe257deb008df0240a25b935462d86bb806c6822173f8ac1cf375f926dd2bed5323234b87443649bdeadb4b735c2c23165ca457f62ac3aea54a18ee98e2f8699e77463c1fa6a263eb0aa709e80699a8b217d5837a05da", 0x9a}, {&(0x7f00000002c0)="95b2b9c481f0df04bae618df205534224964c325ce903c0a0f3adaef625c23fb9eceb8c4a03d7246654d5bbc50475907d7e7ffb5274a2a723089baba1a72ff033e81027f8384cf0802ae2b9f6467727be6d43666d615658dbf4b1f9e38045f31616d19a818d51c4e535fefa8c24235fe92ebfef6fe02906c136966025873b041091451b822988f4914ff3a9b45e54a156825014d85b842a0a423cc3a9d8862d3f2635ab063df028f6670a10a2fa2bb02fb20c181298a618b16453affd920a439655a3bab0322d16c83cc2af39c05d86cdf93686f09442a846cf8a4425409", 0xde}], 0x2, &(0x7f0000000600)=[@hoplimit_2292={{0x14, 0x29, 0x8, 0x1ff}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x578c}}, @pktinfo={{0x24, 0x29, 0x32, {@private0={0xfc, 0x0, '\x00', 0x1}, r1}}}, @rthdr_2292={{0x48, 0x29, 0x39, {0x2c, 0x6, 0x2, 0x9, 0x0, [@private0={0xfc, 0x0, '\x00', 0x1}, @mcast1, @mcast2]}}}, @dontfrag={{0x14}}, @hoplimit={{0x14, 0x29, 0x34, 0x1}}, @rthdr={{0xa8, 0x29, 0x39, {0x33, 0x12, 0x1, 0x7, 0x0, [@local, @ipv4={'\x00', '\xff\xff', @local}, @local, @private0, @dev={0xfe, 0x80, '\x00', 0x41}, @private0, @rand_addr=' \x01\x00', @empty, @mcast1]}}}, @rthdrdstopts={{0x30, 0x29, 0x37, {0x33, 0x2, '\x00', [@hao={0xc9, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @pad1]}}}, @rthdr_2292={{0x58, 0x29, 0x39, {0x0, 0x8, 0x1, 0x9, 0x0, [@mcast1, @mcast2, @local, @remote]}}}], 0x200}}, {{&(0x7f00000003c0)={0xa, 0x4e21, 0x7, @private1, 0x7f}, 0x1c, &(0x7f0000000540)=[{&(0x7f0000000400)="36899cb69b7a6edccd63bd9ec72291ed83d3d7ee11b3da957027f3de28137df1222f631311337721feafecbfc2d00c393f6367f6b5f55d67bf3a01ca3ec269c92e9dbd02302f4d0249a126e65954c8c6fe15d5341b0d1355c78171ae6a1f5716bee6b51033a610f47eaa1949428864e170488a934c7f15d2880e", 0x7a}, {&(0x7f0000000480)="7d1c57ba521b010bdc797811f87ac8f8178741fd5d05db3d8fb6bba30aa5a86acd51bf6e735c3ca9cb987f96f1b7e002f0ef71552aa07fc9b62280032112011ef2044d5dd2fb6624733d79491bab1f89ef95fc0341e0473c834d93f2ac39337aab74ed8471189b3ea83d6b05831d9d6851704a49b1563bc213b80cce5dbf", 0x7e}, {&(0x7f0000000840)="bb2bb34cd96f766419144c4c34f1aba3488e186f8efce8fce78884e639d9ec1a81819645160deda49ed98c6e29834b3c7ce3f37ba313541a48c9da21487b08d7cf47d48548b20b1d1a5fb544f2446be3e53603cb261fd52392a7b2ac802876bfc569d12eb79137162ed4d7f10cd339816592169807594a98004b9f81cceab5c6548ed50d4d62ff2c127e42925332beea75c0990e5b168962a21073d5da2390250f14272834e731935483ac86936d21d18359723e03a8b949e66a2e272c78c1c2ee3e4fcc83aa9b7660059aea7b6cd3ed671f1ea1f2fc94292809d0fbb71f4fd4c12f533933580f5f445fcffc9fc0481b7345e6d5103c2bd638", 0xf9}, {&(0x7f0000000500)="6d38095ea1c022849d78aa8953582ef177f7a4a6766dd1e54d03492c8866302fcc144ccdb627123caf737bc32af483451a80007e", 0x34}, {&(0x7f0000000d00)="d87ce66458f4faacff644a6adbcb13c82e3a784a5e692204918a3f8808ebb7b9d180c5f6e903907e4063d641da5d1cbfa081c29a44ff600b704a484a08ad483da81cc94412ac9efbcad035e6b67287c279ab188dc2bafffa8c408fbac2ff94f13c0302585d93d2b8445c91f528b4a35e56108b45d665ebb199bc347858ec0d29fd5d4ff544e81b051d34fd8d79e7413f284f374ec93e641547706f0125a45e86d960d02ab148e914a324f9e9ef45217139a2fdd90da13a024ac4af37d615bf8d581571e8c51ae76a75a40a8d9adbe1b94311b907c455cf8630146f29f8d0f7ebc303662ecd09567941f296e9a8f4d43fcc4c727687a5d182db4e5603e1caba68f383ecf6c8571da0bc79952c746b67136b74bb8fa1c3fa7dc99ccd9bda2615c51f69fc8b036b387fc318fc3844339f039241f6290ffe4fddb3310e798968768b4e9c69be82cc8446444a3762cc89438e54b6096de3eb390d254d1b71629a6603658dff33d68c9420430749668a09d4193aef0f2072bc4916ab88c875db5eb86f8576e6aed87e189732c232f43dc2bd3be18e95662418c00d11f16d7ff20cfed9468299cf4f15dde6e232263555b47a6cd43c5ffd3d2f8b7b67d5e3e45fb0de30cc502c607b1d150fdc6e54d546eb3de7c14047043c49c66dfde3c6db10f34d1fbdebcb03ed2f83f6b3a9d63217371fc46e6d9fdc8fd2a441f5adc58451c8137531c9e09b9e9175cd3afb9e2ac5111df49b4c934b3a282619407dc2b09fba523d24a79f91c7373d2eeb02a62c3c9a499962971486de5b9929f7babda3afb1048551958a23b2762e7ea9c87ddc30b17bb23bc1172ce97650ca61c54ab6466edc1c0b3a1a6262de9738726fb7f73c7663953dddd75e9df89026aa8290515241c3a699ffe5f923033b8a7981c9a2d3f71e58f047102aae398988e27a0c3aa185006658aad3a713c2148add46d724f17ace77855f0f5c8a4e0f692672ede835e9a5b76fd794bc910fe8cfd7f8ca0c98020e3541589603c566ceaecb11e6adc154153a4510368bed584ee4a1fb7040c35233756ff43a94415244cb6723aafbd676bef9243f97502578e64766ef96b5c9733a4d182fa2ed3dd993c091e9327540849e760a0c34586621939cbe4a0a5d8c8174954fddae64e696be6d435b2b9ffc33850c9dc9c6e19035d5db1c8da4669783f0d0d1c30c11c883f90acdffcb5fa7ea196f3627b7e08307160d43f6f1bf21ad824791c6cabc265c5b61d53f0a921e513b82fe3a68dac9d677533fa7bbd584f14555e79029f5f772e0efbc88fa530b49836cf4590592f7327fced21addd9c4e514541c6217b7934cd039d7f9b83abf587d33058593e6e81f6f537170d977f20903dfa67ff70779da2593579f6ea56a507294ab27076f81defe0071fe0523707f8ff6c9da775aa4ad6560d50f7a634cc12c7af809c489aa1f3827fd8e58ffaf50e39235843cd480b1f34d1d49d3f565a8a3079e448f1e0b52e9702ee5bf79607d6c5fb7511170a22d8f917f84261b50daa132811ae09c936a8d7217198d43d61cf7f47a3ca556b43576ca88e211f52eaaf9229ab25eaba33d5033056b2a9170c4dfb4bbc973f209aa20568a05a7917a73eba6ef315791f3648b46637b6c462c67eb9d1a13c0473663ff6f0efc4a6a86887796eb71b3db6c25f189b73a652a0486fcbf2e0c85ef0847fde1931dd02348a1021f8f37c57a952b8442a88ff1f5b022edbb10dde330de78451ad502c12bb9b5af9cdf8b781a0ab5649f142142419d89a962dbbb52b5a80b66e17a7e39a7a970e5e8a19d818a1db83742a7ad346cdd1a39b1d908654ed8b9885f99ea768de955075269ca40cde46880cb46e8556cf874dde55f34485585da01b481149380cd76b8b170eddcfec8f011318cf0c4e96d84501026bbaf22efd736f595c11563ba95151c34128ccbce9a7cdcb91f97db6968f811513ca09c8436fee21d38e16a160e3be9c1f022d9149c46dea195623312ef093a849e953e28b2d2cea18f1a687ab2748866e0f5517c0b3e1cfcb263e1ee77594959f7837b5f652fbf8883990c151df532e7e5ed09f61e5440d785ddf2d1cae894e559f3ebd6f18c5982b3210f47eba5ecf579b7ac0656cc85c190d7461dfe0b962d09816f8deaa420280e744d8a21f69ebbe14e49e828d938fb5857fd8dbdc5024ab95414d6edf20f3c5fe7f3c45a4d3e366dee4d6e470cfacf72626997ed35add261d1baa809fbd86bb48ec0bd6a08890c67a4c93383da72b3873804005d6c818ce74781ab2e51e740075310aa9afe4819eb44594128ff3383eec1c5b49d284ba070e70c7dc2e89a268d14fd830d709656e15babee6da72cc8dcb142e7826ef23ad360c406a32ec663c7b0b30db4218a54653a28a9b625e9e82fd3f18572a7eec40c36a986f3d5c6fe0ea8918ce79af3fbb8a226b9af99352bb2140ad1f4d2b1fc5ad8f6b41775df467f165766bc71d8c53debe7506237f0d4eefa4e763288bfffb6c1ee0f06c5db810bfb5ecf9495f608e1e4ed957f735b5b8d3978d386e024aa41d05691e5096d55cc7b9f9e8fdc55390f33ea3f5b309b9f2d549716b2165e1b199dccc6b361e2fd919d1c1f468a15394a7bdc6f0da90ff9adf52b4a66cce3455e1c4dd4996555f0ec2ee175e6450e1f0d71653ae371f8947574302be34bd8507f3a1d13ca87981efa7bab1abcf09216e13ecb74fd8e2e827cfa0d7261f2cfca9e36e085ef2228415b5d7eb89f34dee017d129b518d5bbb727b01e385dc5484504872a00dfabbaabfd938d869a8edb0051d7054403d08fe595ea12fa85f9ec309c54265db892b66d0c1d2a180cdd94a11e33ec93faf61774a9b229466ff6f6765a7b13992231d97fef577401ebbaeea0f5073ef94d22c18ee5ede9d628ddefee8c5d4353c53efcdef49a4e96c9b8c70a974bc775e626e1f232be4c6a8723c2ae2cfb09dbccb4b24ec13c9b82bb9e0bd8d3c6a42293382372d4d7bb1b2addb71ebbba09c6132ed11d6efb7f4d410488c493a80575aed261ad47eabb9f3ae88fc7732248522cf3ad587c68398b792282453ecda86520c4570a81631398506ac2f3e89be6d570d6fae2103db7787beafe376f6869646062d5b0795f5ddb2521c0c528987d58070016c20a385bb836a5df338a5dc852ff132fa96cc2472baee62f4be85e55c82c9df61cfa936d1f6a1b4fcd8b48439404e45a921f4e04ad87ff186702e33a8fc1c159de245dc0de68f94b5bb18324c9bf0b190852e0dce7a8d97ffad69f8d31cf1420d037767ad1701cd9a791b217f3ecfa69aff3fe6b42687ab521e28effdeebc56c60098a2408dc5fe9ff99144c6c12bc89a1480fb3ce0b7b9dc199c1d6abe76fba2e6e32a64fb021e69802a850883a6f895e56e6cf062d65afca95e93aea7f1c282d29e7894b7b8f229ffa5d62a383c892dbac137eeba1d73d9be30a945cc602c1e8a89d82592265a30d6ec40bf37e7fd0a7d83c871e455e2f5d54bc3c03c9b652c2de5ad443213340ce378dd261c9ff958b373b633f040ff65e6ea77092d99731292417dd041b40fc108ab3d352565a2073170705cf113ae6ee046cce33b62d25b5f09e06a4e165df2f392b9953647c78818f43951ea3b03f4fe2db8304757ab7179be067767583dad0d2dce390025ffab6ba4971ffcb5c4d75fcb70fcf85a26875cc1e177820fc1cd355ce22fad50239161332d194ffd2d6437badae6e9dec3c79f8bd119e88f91b93c9d7bb24cda9fd9f1c5708cf2d9f0f72f646fc15c6364e7df9a57c98bff56f47155c5f2011610e5bec7551116f3e3e4f9b04382f583616531748963a89adb01162872d2795ea7596c063b8ad37da835ec8778b1f214f9d3ea3578ac822cd23c3065932ebd52b649aac9af90f2cb1fab4f180e0ff54775711f370c7dd618654342b160c905731a2b28d38b02d6ede34e4ac70884329503d31b0ce7f80b9107155566ed02e958bdd9e154d7a2bc6a22b07c8b684a0537a3f83baebfcccc482e3c9adab2d8317a42323d9e30c165ca4cfc22f27a40f2ef97cf4492868dc1a1a2ad8bd3f4c13b3df3588c3d1cc9e7739641eb7905ee4bb2ee15e73d310398d4b2e87c7a0766d7ab6f48f5ad4a4b97808f4f23256098b38ee7a3416962979ec0647a0240d39e9102fe6417c64e8e513741752d6153b4ae67dc118e5107e2d71583dd763e7704bece2d75f63cb16a1b5276f49d2383215974f19e3c967b369ce1d7385071800c58eaaaef425725eb82ed298b9ad4144b108fe588d8136e5759f4f50f412542463c7e7520425715c69b49f22383fbf72d39319194b500f91d39312eba2a8b76306c2f9f8156e38ecc5dfe96ec51193719ae5e84ebbf9ea919b5e077063949a184d9fe80576bf1d2a00dbbae051711e3d071a49ce483bb7e7285759b55976027afb6a4e6c93fc4ff77a1701092e458b720241d9952526ca75ad0457689d4a50e3c36134b070a108f1b3e9cd9b11624ba4ece731cd8f6fc24b193d52d9c7cf15e70cea32a4357e8896f4d6397c445834dcbf8b79a4b26094dc09e230486d20f80f114d2094d44ab6a47e00479cb98511560d37285ccf1c746a9f9bd1ba38218e5c00bf95ef353bd236e008de8f69cc042ec6fcdc28a799a20a1dad9e19ae160c61551317594403d34755b4dd9eecf84b837d99de3a6a4dbbabe51764b084bf6de708bd08afdaae08bcc9ad1671b41a33d6855660389b6df8010f9203ad751f437e47c54a82fb56f3f9be4c59bb61e3759a6cc4f7faf9e787fa8b8730ee0c687daf9438bdfb5b80ebe555068b3d61cafe45a44ba7801d617ccfb18a88565f9c15ba088e1e77ab73a0f63c4f305e3054cef0373da1b86a5b9ed4b636cd9649bc90cebc910a55a7727cd8a8be0c1508ef732516056627ee5de664b10f00113a84a5488f9fc10168832c335442464efffd7edccb3f2e7e07a85bf032ca2ece6359fc7fd0c42cb7b6a3c02ee2a78fc3ed8e2b1995ee3aca06cc654b22e7507fb47605ed3ff5e21ea50c81871e92c5f0efc3525748d3d42f3e558201b9adf2b502d468966f5f703d9e35645c610d86ae82bcf2837e57d6eb784162718be7209c79cc1af9653005545d0dcbb02fe12bbd5ab663f587451ed804313c69980d9d4dcdb508d8615316fc1f6b43f0af2ba9682eccdb5142ad52084c6b12be7867f22ee6192d05089d44bcee564e41af9bf94e68f20eb0a0f0dcda7195053c5543c093f3cb6c1c902043187888869eb070171f0867f998e9055f53905f5aa4300173668b0a6a6f8f6472f9233d55617bb2182e57c6f7a7896934e72833f9da37acabe3994fe1423e00ef9f200f9a0fd9ff663f31aefee8660292bc2778efda6b3581579302763703c7936f488e625a215b6395d8e952c579b89a947e39e98b694eda3210e7d363a46867a979f5fa01010049ab3a132a76ce98bc405a139f03f732c8bed01119f34214470c274a77427a697689687dfbe1f54158aceeff18e85ecefbd9d36718b9089e9e62dbd779911d76ab8a4518398572408e8049da17290714db2e289bb3e30f4b5d2cb75428db6c8fd8a6491af0b35c68d6e02ae7575ed4b2486e6dac715575ea72d830648fc388aeff21776865d8e0871a3dffff821226e05f238786168ed1a601bbd37c44afaabb3fd5308a4f0ebb37e58f5ba00c06ec040978cb6c81ff36a7e0df5ac829362a680bdb38673f197fdfb95afbbee45045a796affbc17dba7971573a2fa4519799784a894706288c3d69ef81cc2ff31469216d9d", 0x1000}], 0x5, &(0x7f0000000940)=[@hoplimit_2292={{0x14, 0x29, 0x8, 0xa38}}, @tclass={{0x14, 0x29, 0x43, 0x9}}], 0x30}}, {{&(0x7f0000000980)={0xa, 0x4e22, 0x34dc, @private2={0xfc, 0x2, '\x00', 0x1}, 0xfffffe01}, 0x1c, &(0x7f0000000a40)=[{&(0x7f00000009c0)="de4dd88c969a29cbe82b006e6a3ad6d760fdb87087367a23beea9d26be608dddcdddb85ed9323e0f2bad5eaeafa9e5e37e2db6ad3678378ec35eeb1b1e323be537d66e19c6b3c28c2b5173641355e361bd33eef5988740006fa325d1a2f89b93c277096ccd28d026fbccd77f41c72cf78439a843f0323dcf488ef062", 0x7c}], 0x1, 0x0, 0xb0}}, {{&(0x7f0000000b40)={0xa, 0x4e23, 0x20, @loopback, 0x30}, 0x1c, &(0x7f0000001d00)=[{&(0x7f0000000b80)="ba4b9922e2361285a4ea7894362812d1039f", 0x12}, {&(0x7f0000000bc0)="f5adb72cde89b8c3342d7675ec26dc3be6b7f68d60c0145333e4f3716cde37a1fbf1855556cfd2708963c8f48747d3b25fdb3388ba65c188247e41a123d84055b12eabff4c936f040e614683f25e21e55c411d391694cf6e4508973b0dab3206def6553bd9430a3d8bab963af69e4f83fdeb9e7cb040e51004b407bb78cd13bf6df84718fd7129a346e6a4995067a24fc1a74cef433340de11ecc082df1ebb3d07b66eea54c01edb2e920b62ebb2b704238d2c780c72670d7d64575300f7306593837520804d242d842b0dc0959864de38f33d", 0xd3}], 0x2, &(0x7f0000001d40)=[@hoplimit_2292={{0x14}}, @tclass={{0x14, 0x29, 0x43, 0xa6}}, @hopopts={{0x20, 0x29, 0x36, {0x2, 0x0, '\x00', [@padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x7}}, @dontfrag={{0x14, 0x29, 0x3e, 0x7}}, @dstopts_2292={{0x60, 0x29, 0x4, {0x2, 0x8, '\x00', [@calipso={0x7, 0x38, {0x1, 0xc, 0x3f, 0x1ff, [0x70, 0x4, 0x7ff, 0x9, 0x4ac4, 0x5]}}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x88}, @enc_lim={0x4, 0x1, 0x6}]}}}, @dstopts_2292={{0x28, 0x29, 0x4, {0x32, 0x1, '\x00', [@enc_lim={0x4, 0x1, 0x20}, @jumbo={0xc2, 0x4, 0x7}, @jumbo={0xc2, 0x4, 0x1000}]}}}, @tclass={{0x14, 0x29, 0x43, 0x80}}], 0x120}}], 0x4, 0x4000) sendmsg$can_bcm(r2, &(0x7f00000005c0)={&(0x7f0000000180)={0x1d, r1}, 0x10, &(0x7f00000001c0)={&(0x7f0000000cc0)=ANY=[@ANYBLOB, @ANYRES64=0x0, @ANYRES64=0xea60, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x38}, 0x2}, 0x0) r6 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c) listen(r6, 0x80080400) accept(r6, 0x0, &(0x7f0000000000)) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff) r9 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r9, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r9, 0x10f, 0x87, &(0x7f00000000c0)={0x42}, 0x10) sendmsg$TIPC_CMD_GET_NODES(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, r8, 0x1, 0x0, 0x0, {{}, {0x0, 0x6}}}, 0xfd53}}, 0x0) r10 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r10, &(0x7f0000e5c000)={0x2, 0x4e20, @remote}, 0x10) 410.971253ms ago: executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000002d00000085000000500000009500000000000000ac4ed1f05edbf68833674a316d7f4569822b4045cdc5fe3a20f5c8f661d31ddf7d987f3e4f6866d24c7319eb106cecbe6a94a214e1f3905ad9b19b583d0d2bb1454c0c96e79eed4e088632754f52c26e81780a75528dc33fa9b0417b856aa96c4b91ebd0e6510da0a7dea282989e2a84655598cee1d26de40690280c623e412ee3f6841d88d5685d7b4ee2d7f876545e36b5ec25a90461e7ec7a6b300d0a70cc24118baea3d1faa4764db5e0c8a340bfe32282d861ed318ee6a9c14061024493abaee51a81d5d722688ec05777b49d01e6467b8eaf738978e767686c06ba1d04efadf622149950e571a080f812b08b867df1dca55ac242f4e0c03373ce117e2c9a9b41342b3feaefbdc2fe1202dac22ebf30461a5ee7753dd0f2876a75b89eb07b065bd017dadb8e63a60416f5687b05f15fd4b0c26aca16da993ff79ac7107fd1dd81cdd1ba8dcd99de2b7e385c1d02cdb00bf5e2812b9d90ba838c4a7fb9e54d44454e3060850cf9737c3f3e8ba9bc3768a2498b937ff31277593bc9e1456a5b3d258db6011e1e274c7b7a30552b0e914a50a16068afd08064cc16ac036159ae3c871ea5962b36205da33d29b8a83fa0049ec421a4c9d0c650a60687009bed7a8c0ee5b17bdeaf93c71e9d7ecdfffb42d4ba2012206f28cc7871a660e5efd7df407898805673fede7519f5f2a4c36a07ec87d9bface2114be4b0d5dc7e1c8fa94725c05d34eb05d64c70778e7a756878f92e656e72b83ccf2acdd649a8e86fe00ef1bfa037328afd546896fae17a"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x42) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='ext4_sync_file_enter\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000240), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xf, 0x13, r3, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x42400) 341.996921ms ago: executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) write$cgroup_subtree(r0, &(0x7f0000000600)=ANY=[], 0xda00) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) 334.033781ms ago: executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="2400000018000100000000000000000002000000000000070000000008001e80"], 0x24}}, 0x0) 278.090776ms ago: executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0xd, &(0x7f0000000000)={&(0x7f0000000ac0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x16}]}, @NFT_MSG_NEWSETELEM={0x50, 0xc, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x28, 0x3, 0x0, 0x1, [{0x24, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x20, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x1a, 0x1, "10c4e3257eaa66a5725a38cd58d26115453baa910be0"}]}]}]}]}], {0x14, 0x10}}, 0xd4}}, 0x0) 203.097818ms ago: executing program 1: bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$kcm(0x10, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, 0x0, 0x38}, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000002c0)={r1}, 0x69) 157.620589ms ago: executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000005c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x20, 0x0, 0x0, 0xfffff034}, {0x6}]}, 0x10) sendmmsg$unix(r0, &(0x7f0000002c80)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000002c0)="04001b42", 0x4}], 0x1}}], 0x1, 0x0) 141.45512ms ago: executing program 4: r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x3, [@typedef={0x1}]}, {0x0, [0x5f]}}, 0x0, 0x27}, 0x20) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x0, 0x1}, 0x48) 105.554133ms ago: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000740)=@newlink={0x40, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0xe403}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_DPORT={0x6}, @IFLA_IPTUN_ENCAP_SPORT={0x6}]}}}]}, 0x40}}, 0x0) 14.007464ms ago: executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x6) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000001c0)='illinois\x00', 0x9) sendto$inet(r0, &(0x7f0000000180)='{', 0x1, 0x0, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000000e40)=[{{0x0, 0x0, &(0x7f0000001cc0)=[{&(0x7f0000000940)="014bb6a68759182ab7e144f718ee0b9d487461d1891d71f57a540210b1b32e260da68c9e5042f43d8e39a995d58933e84e8f3166bcc26b57e038599805becad925bd3f30fe3ab8f293da067003b56ad9b15655", 0x53}, {&(0x7f0000002240)="d51bea8a3a04d260ddb6a37b69751f4fc9b43c211d9dccf8de698ab41303e10068ea5deb65e3a8e78dce6207179f92118585938a4509c5fb36a6519358da1cffd32cec80da48998b2a98c0bbec29a972cb61bed21830a974b9e0303beea60607d728888c6ffbfc04446df912c9e5f02ddc1000c77480edb8a30e9badfe45fbfe26f1aeff4e9a6b61762060c40c99a293a8403760985ae64734abda01e8ede5a55d675385f6c3477a76fa39e9c4214f943d638ea03f71b9c191678e7519fb352d4055b4055985107dc10b2b6b9fc4fe45d8fbf03230c055255370089eb08e9f58ecdb24cf8c10cae443053f1ac8561c1978582c1e4a29315b7cc3af05f98a220d60e58686479f664c60972633472fb111d584b9936462af095f5c8d3e8a4874c61ad02ce53007cd66d834014fa8ec8e5728a0994332654728861b628c5fe798c9f4ef20707f67cbdde77fb1245c9e2604010fd7bfec7e62e3d7c5c9dd42363493d5c7c11c6e11d35a0cda192caceb59868b11371617df594be36ff2ef4729b1a154b936a467ccf5062b5f2d8512f0fcf5a7f1b4ee14d8a84b29818d3952bac0127c53725bc5a7d04eb21d7d0315d19af0767cd2cc5e1cef880efa3d6c748126b1a13c9b946a702da3b5bbc73d4038268ceb3f72f2b2655055917c7bef03805989a2021d584eb4cee5d35c869fb8e62f3c33c2dec68f0394a92d47a7703c39828a4b97a040f1eac15756f52217720632eb9b4c1985e56cf5f9191fea6494955b5d1588d5584dd775a63f33329d22a0d5c93538d9ee44e6785618e4427b5993de07d9ed20bd894bedc81b1a244abac867452ffe6761d813d9d0e91156f5a0bbbafc20eb9a11c4bedf40997a4033536186fe4711e8deba3b09b1c4968f2d2f8eecc270e8fc9dfac0c6e61a45770a8fd9ce415eb4fde150681a0602370f61293b3727e8437bad2dc82bad7df2865f2eefcf2193718f37ad63d2e3e93c7962fb2c8c743b258b8b6e1c892fe258c70f1bd87119fe0841c85b2133f5070c075165ae02c2a20310155829d0b25068c5833b364d7e9a3fc18d1ec7c675f1408889a61302cad962b6b334fb0390ad5d6e8d9d8b8ca48648d58ad67e0aa466316c918ccec0eed937dfb1abab53bee56a3b12a73373414f52730bf5eab605458b8a2893db3459f5ba0519a2fcc91648d1e22cc2f8c1a4590866ff0fcabb5b58fe0ad175ad5660060c6ae6bba76a8bca1f1dd5dcd6c72bb684ae013f603a6710449e2551cc8f81d97fff7373c83e9c26b9cb7cc727a0ce73f719e687a1e2e6c5e6371abee61562092b2f0241e94d027cd1d7f127a330264758c3e2790aafaa5ea14f258632f0dff9525d0e9a903b97adc77eb0968e02543557949d5ec92864490f055803a163825115202022a704a3e7f75431030603bbf9476bdc0a5e5430e0", 0x3f9}], 0x2}}, {{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000500)="9b9ffa26f4cb5171be632cdfd9a71ff9ed099e18b36a34d2a17950e0989d7c024fd3cbb14a0fd95d60b2b03e6642192be3902f01d756951c1bc7003ed2070f38b02a30c94a1d16ca530e9578d07134cfddbc2f367283c7fbd3741a95993d4f42826e1e", 0x63}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0) 11.331225ms ago: executing program 4: bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280\x00'}, 0x58) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) r1 = epoll_create(0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) write(r3, &(0x7f0000000240)="aefc00001a0025f00385bc04fef7681d020b49ff708800008003280008021000ac0a1410bc71176a36ede498534108e58342fa94a235a2a441f9", 0xfcae) r4 = accept4$rose(r3, &(0x7f0000000040)=@full={0xb, @dev, @default, 0x0, [@rose, @remote, @bcast, @default, @null, @bcast]}, &(0x7f0000000140)=0x40, 0x800) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r5}, 0x10) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff}) socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000880)=@bpf_lsm={0x9, 0x6, &(0x7f0000000140)=@framed={{0x18, 0x4}, [@initr0, @jmp={0x4, 0x1, 0x3, 0x4, 0x0, 0xffffffffffffffe0}]}, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r6, &(0x7f0000000000)=ANY=[], 0xfffffecc) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="d6e3fe7782", @ANYRESOCT], 0x18}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x0, 0x32, 0x0, 0xa}, 0x20) r7 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r7, 0x0, 0x60, &(0x7f0000000440)={'filter\x00', 0x104, 0x4, 0x3e8, 0x100, 0x0, 0x0, 0x300, 0x300, 0x300, 0x4, 0x0, {[{{@arp={@remote, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local={0x2, 0x80, 0xc2, 0x7}}, {@mac=@link_local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'pimreg1\x00', 'erspan0\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x4}}}, {{@uncond, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x2}}}, {{@arp={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {@mac=@remote}, {@mac=@multicast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_vlan\x00', 'ipvlan1\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x4}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x438) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x90000008}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x10001, 0x9, 0x1}, 0x48) 1.145307ms ago: executing program 0: socket$xdp(0x2c, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0}) socket(0x0, 0x0, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000005c0)={0xb0, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x72, 0xe, {{{}, {}, @device_b, @device_b}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ibss_ssid}, @val, @val={0x3, 0x1}, @void, @void, @val={0x5, 0x3}, @void, @val={0x2a, 0x1}, @void, @val={0x2d, 0x1a}, @val={0x72, 0x6}, @val={0x71, 0x7}, @val={0x76, 0x6}}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0xb0}}, 0x0) 0s ago: executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f000000a240)=@newlink={0x40, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0xffff}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_OFLAGS={0x6}]}}}]}, 0x40}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.133' (ED25519) to the list of known hosts. 2024/06/20 11:26:21 fuzzer started 2024/06/20 11:26:21 dialing manager at 10.128.0.169:30016 [ 53.758439][ T5086] cgroup: Unknown subsys name 'net' [ 53.937978][ T5086] cgroup: Unknown subsys name 'rlimit' 2024/06/20 11:26:23 starting 5 executor processes [ 55.037899][ T5087] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 55.693540][ T5109] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 55.702172][ T5109] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 55.710673][ T5109] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 55.726791][ T5113] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 55.737240][ T5116] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 55.744901][ T5116] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 55.752907][ T5119] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 55.752980][ T5116] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 55.768299][ T5117] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 55.769143][ T5116] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 55.776657][ T5119] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 55.783960][ T5116] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 55.800665][ T5117] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 55.808707][ T5119] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 55.821817][ T4487] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 55.822751][ T5119] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 55.830119][ T4487] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 55.837160][ T5119] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 55.843303][ T4487] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 55.850736][ T5119] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 55.860685][ T4487] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 55.872006][ T4487] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 55.872226][ T5119] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 55.879677][ T4487] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 55.929019][ T5113] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 55.937827][ T5113] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 55.947249][ T5113] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 55.955810][ T5113] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 55.963544][ T5113] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 55.971197][ T5113] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 56.461699][ T5122] chnl_net:caif_netlink_parms(): no params data found [ 56.533122][ T5110] chnl_net:caif_netlink_parms(): no params data found [ 56.597531][ T5111] chnl_net:caif_netlink_parms(): no params data found [ 56.650210][ T5114] chnl_net:caif_netlink_parms(): no params data found [ 56.722346][ T5122] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.730350][ T5122] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.738436][ T5122] bridge_slave_0: entered allmulticast mode [ 56.745689][ T5122] bridge_slave_0: entered promiscuous mode [ 56.758038][ T5122] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.765963][ T5122] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.773107][ T5122] bridge_slave_1: entered allmulticast mode [ 56.780176][ T5122] bridge_slave_1: entered promiscuous mode [ 56.809927][ T5106] chnl_net:caif_netlink_parms(): no params data found [ 56.882178][ T5110] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.889561][ T5110] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.897249][ T5110] bridge_slave_0: entered allmulticast mode [ 56.907017][ T5110] bridge_slave_0: entered promiscuous mode [ 56.921777][ T5110] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.929254][ T5110] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.939032][ T5110] bridge_slave_1: entered allmulticast mode [ 56.945915][ T5110] bridge_slave_1: entered promiscuous mode [ 56.956338][ T5122] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.974857][ T5122] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.047618][ T5111] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.058503][ T5111] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.066174][ T5111] bridge_slave_0: entered allmulticast mode [ 57.072847][ T5111] bridge_slave_0: entered promiscuous mode [ 57.081794][ T5111] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.089002][ T5111] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.096389][ T5111] bridge_slave_1: entered allmulticast mode [ 57.103110][ T5111] bridge_slave_1: entered promiscuous mode [ 57.116546][ T5110] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.166053][ T5110] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.202436][ T5122] team0: Port device team_slave_0 added [ 57.211172][ T5122] team0: Port device team_slave_1 added [ 57.244046][ T5114] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.251152][ T5114] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.259107][ T5114] bridge_slave_0: entered allmulticast mode [ 57.266055][ T5114] bridge_slave_0: entered promiscuous mode [ 57.274509][ T5114] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.281750][ T5114] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.289046][ T5114] bridge_slave_1: entered allmulticast mode [ 57.295995][ T5114] bridge_slave_1: entered promiscuous mode [ 57.323574][ T5111] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.337420][ T5111] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.359827][ T5110] team0: Port device team_slave_0 added [ 57.385308][ T5122] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 57.392275][ T5122] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.421816][ T5122] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.457147][ T5106] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.464422][ T5106] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.471593][ T5106] bridge_slave_0: entered allmulticast mode [ 57.478949][ T5106] bridge_slave_0: entered promiscuous mode [ 57.488743][ T5110] team0: Port device team_slave_1 added [ 57.503625][ T5114] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.516470][ T5114] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.526193][ T5122] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.533147][ T5122] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.559418][ T5122] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.594395][ T5111] team0: Port device team_slave_0 added [ 57.600667][ T5106] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.608304][ T5106] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.615927][ T5106] bridge_slave_1: entered allmulticast mode [ 57.622632][ T5106] bridge_slave_1: entered promiscuous mode [ 57.671682][ T5114] team0: Port device team_slave_0 added [ 57.679786][ T5111] team0: Port device team_slave_1 added [ 57.741344][ T5114] team0: Port device team_slave_1 added [ 57.749343][ T5111] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 57.756598][ T5111] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.782863][ T5111] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.807700][ T5110] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 57.816080][ T5110] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.842549][ T5110] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.856640][ T5110] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.863614][ T5110] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.889767][ T5110] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.894699][ T5113] Bluetooth: hci0: command tx timeout [ 57.900609][ T4487] Bluetooth: hci1: command tx timeout [ 57.930978][ T5111] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.937997][ T5111] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.964335][ T5111] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.975024][ T4487] Bluetooth: hci2: command tx timeout [ 57.980749][ T4487] Bluetooth: hci3: command tx timeout [ 57.983039][ T5106] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.000000][ T5106] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.021506][ T5122] hsr_slave_0: entered promiscuous mode [ 58.027899][ T5122] hsr_slave_1: entered promiscuous mode [ 58.048887][ T5114] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.056158][ T4487] Bluetooth: hci4: command tx timeout [ 58.060554][ T5114] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.088463][ T5114] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.123191][ T5106] team0: Port device team_slave_0 added [ 58.142774][ T5114] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.149871][ T5114] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.175859][ T5114] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.207372][ T5106] team0: Port device team_slave_1 added [ 58.253411][ T5110] hsr_slave_0: entered promiscuous mode [ 58.260240][ T5110] hsr_slave_1: entered promiscuous mode [ 58.267691][ T5110] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 58.275776][ T5110] Cannot create hsr debugfs directory [ 58.306559][ T5111] hsr_slave_0: entered promiscuous mode [ 58.312977][ T5111] hsr_slave_1: entered promiscuous mode [ 58.319738][ T5111] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 58.327357][ T5111] Cannot create hsr debugfs directory [ 58.378997][ T5106] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.386228][ T5106] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.414203][ T5106] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.457623][ T5114] hsr_slave_0: entered promiscuous mode [ 58.464476][ T5114] hsr_slave_1: entered promiscuous mode [ 58.470602][ T5114] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 58.478468][ T5114] Cannot create hsr debugfs directory [ 58.494385][ T5106] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.501448][ T5106] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.527643][ T5106] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.678658][ T5106] hsr_slave_0: entered promiscuous mode [ 58.687974][ T5106] hsr_slave_1: entered promiscuous mode [ 58.699133][ T5106] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 58.707461][ T5106] Cannot create hsr debugfs directory [ 58.993628][ T5122] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 59.006857][ T5122] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 59.028254][ T5122] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 59.040342][ T5122] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 59.112783][ T5110] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 59.125660][ T5110] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 59.138783][ T5110] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 59.149213][ T5110] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 59.246500][ T5111] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 59.267922][ T5111] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 59.302197][ T5111] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 59.312297][ T5111] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 59.370861][ T5114] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 59.390338][ T5114] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 59.401338][ T5114] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 59.428064][ T5122] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.436332][ T5114] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 59.530828][ T5122] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.560273][ T5106] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 59.598327][ T5159] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.605645][ T5159] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.617206][ T5106] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 59.629119][ T5106] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 59.641711][ T5106] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 59.659029][ T5110] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.689366][ T5160] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.696594][ T5160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.723509][ T5110] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.792483][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.799654][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.826416][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.833522][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.867639][ T5111] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.958594][ T5111] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.976583][ T4487] Bluetooth: hci1: command tx timeout [ 59.976591][ T5113] Bluetooth: hci0: command tx timeout [ 59.993648][ T5114] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.043416][ T5160] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.050643][ T5160] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.058407][ T4487] Bluetooth: hci3: command tx timeout [ 60.058606][ T5113] Bluetooth: hci2: command tx timeout [ 60.081780][ T5160] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.088984][ T5160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.134232][ T5113] Bluetooth: hci4: command tx timeout [ 60.181643][ T5114] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.230677][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.237815][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.275098][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.282273][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.389190][ T5122] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.413398][ T5106] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.481672][ T5114] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 60.511197][ T5106] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.571040][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.578265][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.603282][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.610484][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.637531][ T5110] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.663570][ T5122] veth0_vlan: entered promiscuous mode [ 60.710258][ T5122] veth1_vlan: entered promiscuous mode [ 60.782050][ T5122] veth0_macvtap: entered promiscuous mode [ 60.794717][ T5111] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.822195][ T5106] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 60.837278][ T5106] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 60.882206][ T5122] veth1_macvtap: entered promiscuous mode [ 61.000735][ T5114] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.030981][ T5122] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.070731][ T5122] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.159501][ T5122] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.169969][ T5122] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.179690][ T5122] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.188733][ T5122] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.213391][ T5106] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.236410][ T5111] veth0_vlan: entered promiscuous mode [ 61.292254][ T5114] veth0_vlan: entered promiscuous mode [ 61.306152][ T5111] veth1_vlan: entered promiscuous mode [ 61.322295][ T5110] veth0_vlan: entered promiscuous mode [ 61.343759][ T5114] veth1_vlan: entered promiscuous mode [ 61.373460][ T5110] veth1_vlan: entered promiscuous mode [ 61.417111][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.434181][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.512701][ T5110] veth0_macvtap: entered promiscuous mode [ 61.522588][ T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.526790][ T5106] veth0_vlan: entered promiscuous mode [ 61.536862][ T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.552306][ T5110] veth1_macvtap: entered promiscuous mode [ 61.573320][ T5114] veth0_macvtap: entered promiscuous mode [ 61.592243][ T5114] veth1_macvtap: entered promiscuous mode [ 61.604485][ T5111] veth0_macvtap: entered promiscuous mode [ 61.626858][ T5106] veth1_vlan: entered promiscuous mode [ 61.671532][ T5110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.682693][ T5110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.698163][ T5110] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.707526][ T5114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.718380][ T5114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.728664][ T5114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.739792][ T5114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.751399][ T5114] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.763946][ T5114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.774629][ T5114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.787346][ T5114] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.808049][ T5111] veth1_macvtap: entered promiscuous mode [ 61.822350][ T5110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.834930][ T5110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.845739][ T5110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.856495][ T5110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.870106][ T5110] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.887220][ T5110] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.907796][ T5110] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.918605][ T5110] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.927414][ T5110] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.951401][ T5114] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.970432][ T5114] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.980180][ T5114] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.998737][ T5114] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.048188][ T5111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.058947][ T5113] Bluetooth: hci1: command tx timeout [ 62.064251][ T5113] Bluetooth: hci0: command tx timeout [ 62.066928][ T5111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.080522][ T5111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.092544][ T5111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.102503][ T5111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.113537][ T5111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.125319][ T5111] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.136444][ T5113] Bluetooth: hci3: command tx timeout [ 62.141845][ T4487] Bluetooth: hci2: command tx timeout [ 62.146845][ T5106] veth0_macvtap: entered promiscuous mode [ 62.163176][ T5192] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.2'. [ 62.172901][ T5192] tipc: Invalid UDP bearer configuration [ 62.172949][ T5192] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media [ 62.195181][ T5106] veth1_macvtap: entered promiscuous mode [ 62.214208][ T4487] Bluetooth: hci4: command tx timeout [ 62.223925][ T5111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.237411][ T5111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.249660][ T5111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.260471][ T5111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.270436][ T5111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.281329][ T5111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.293027][ T5111] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.334312][ T5111] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.343089][ T5111] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.352153][ T5111] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.361436][ T5111] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.401533][ T5106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.441276][ T5106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.458739][ T5106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.470688][ T5106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.480948][ T5106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.493604][ T5106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.504324][ T5106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.515232][ T5106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.528046][ T5106] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.559016][ T5106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.570570][ T5106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.580930][ T5106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.593496][ T5106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.603434][ T5106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.616957][ T5106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.627506][ T5106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.640262][ T5106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.652038][ T5106] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.697457][ T5106] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.710508][ T5106] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.719415][ T5106] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.728972][ T5106] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.757625][ T5200] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 62.813618][ T1256] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.852479][ T1256] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.883053][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.912941][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.947247][ T1256] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.967540][ T1256] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.053512][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.072226][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.114414][ T5211] trusted_key: syz-executor.3 sent an empty control message without MSG_MORE. [ 63.222520][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.254800][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.268476][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.279674][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.393061][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.416837][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.486226][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.517048][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.134585][ T4487] Bluetooth: hci0: command tx timeout [ 64.134783][ T5113] Bluetooth: hci1: command tx timeout [ 64.214439][ T5113] Bluetooth: hci2: command tx timeout [ 64.225778][ T5113] Bluetooth: hci3: command tx timeout [ 64.292595][ T5251] netlink: 68 bytes leftover after parsing attributes in process `syz-executor.3'. [ 64.302922][ T5113] Bluetooth: hci4: command tx timeout [ 64.336571][ T5251] netlink: 68 bytes leftover after parsing attributes in process `syz-executor.3'. [ 64.434647][ T5257] syz-executor.1 uses obsolete (PF_INET,SOCK_PACKET) [ 64.672970][ T5264] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.2'. [ 64.683646][ T5264] tipc: Invalid UDP bearer configuration [ 64.684072][ T5264] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media [ 64.702914][ T5267] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 64.723876][ T5267] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 65.335773][ T5291] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 65.384931][ T5298] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00bb with DS=0x1 [ 66.755220][ T5350] Illegal XDP return value 4294967262 on prog (id 15) dev N/A, expect packet loss! [ 67.509488][ T5399] xt_CT: You must specify a L4 protocol and not use inversions on it [ 67.635424][ T5405] openvswitch: netlink: Unknown key attributes 1 [ 67.765586][ T29] audit: type=1804 audit(1718882795.742:2): pid=5407 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir185438766/syzkaller.ue0lOi/22/cgroup.controllers" dev="sda1" ino=1964 res=1 errno=0 [ 67.828197][ T5407] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 67.831556][ T5417] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 67.897857][ T5410] Unsupported ieee802154 address type: 0 [ 68.398183][ T5438] openvswitch: netlink: Unknown key attributes 1 [ 68.681473][ T5450] syz-executor.3 uses old SIOCAX25GETINFO [ 68.705240][ T5451] tipc: Failed to remove unknown binding: 66,1,1/0:1260821247/1260821249 [ 68.742302][ T5451] tipc: Failed to remove unknown binding: 66,1,1/0:1260821247/1260821249 [ 68.762463][ T5451] tipc: Failed to remove unknown binding: 66,1,1/0:1260821247/1260821249 [ 69.036613][ T5464] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 69.492252][ T29] audit: type=1804 audit(1718882797.462:3): pid=5488 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir1605557488/syzkaller.LYdpwb/27/cgroup.controllers" dev="sda1" ino=1944 res=1 errno=0 [ 69.501806][ T5488] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 69.556098][ T5495] Unsupported ieee802154 address type: 0 [ 70.277090][ T5537] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 70.355221][ T5539] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 70.378464][ T5541] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 70.387949][ T5541] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 70.397206][ T5541] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 70.407494][ T5541] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 70.442582][ T5541] Zero length message leads to an empty skb [ 70.443944][ T5544] openvswitch: netlink: Unknown key attributes 1 [ 70.828593][ T29] audit: type=1804 audit(1718882798.802:4): pid=5562 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1606313620/syzkaller.TH7cM7/47/cgroup.controllers" dev="sda1" ino=1960 res=1 errno=0 [ 70.847541][ T5562] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 70.902503][ T5565] Unsupported ieee802154 address type: 0 [ 71.745038][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.751631][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.039490][ T5570] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.0'. [ 72.405433][ T5602] Bluetooth: MGMT ver 1.22 [ 72.463315][ T5602] ipvlan2: entered promiscuous mode [ 72.470198][ T5602] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 72.654906][ T5617] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 72.697003][ T5624] Bluetooth: MGMT ver 1.22 [ 72.924387][ T5639] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 73.016668][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 73.025593][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 73.034046][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 73.126845][ T5647] tipc: Failed to remove unknown binding: 66,1,1/0:3910077789/3910077791 [ 73.153117][ T5647] tipc: Failed to remove unknown binding: 66,1,1/0:3910077789/3910077791 [ 73.175321][ T45] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 73.185230][ T5647] tipc: Failed to remove unknown binding: 66,1,1/0:3910077789/3910077791 [ 73.195623][ T5650] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 73.354733][ T5162] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 73.661015][ T45] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 73.750396][ T5678] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 73.760487][ T5682] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 73.839161][ T5690] sock: sock_set_timeout: `syz-executor.2' (pid 5690) tries to set negative timeout [ 73.972422][ T5697] netlink: 'syz-executor.0': attribute type 39 has an invalid length. [ 74.020112][ T5700] syz-executor.2[5700] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 74.020267][ T5700] syz-executor.2[5700] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 74.176749][ T5707] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.1'. [ 74.227952][ T5707] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.1'. [ 74.292639][ T5707] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.1'. [ 74.355816][ T5716] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 74.384038][ T5716] netlink: 130984 bytes leftover after parsing attributes in process `syz-executor.1'. [ 74.411795][ T5707] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.1'. [ 74.516806][ T5724] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 74.962510][ T5751] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.2'. [ 74.996751][ T5751] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.2'. [ 75.037968][ T5751] netlink: 'syz-executor.2': attribute type 3 has an invalid length. [ 75.583227][ T5208] net_ratelimit: 15 callbacks suppressed [ 75.583246][ T5208] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 75.600757][ T5162] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 75.613194][ T784] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 75.815706][ T5159] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 75.919261][ T5758] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 76.204888][ T5834] x_tables: duplicate underflow at hook 2 [ 76.637744][ T5849] netlink: 'syz-executor.2': attribute type 11 has an invalid length. [ 76.749341][ T5855] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 76.758133][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 76.844402][ T5862] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 76.852773][ T5862] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 76.914297][ T5107] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 77.549834][ T5896] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 77.561337][ T5890] bond1: entered promiscuous mode [ 77.650218][ T5897] bond0: (slave bond_slave_0): Releasing backup interface [ 77.732730][ T5897] bond_slave_0: entered promiscuous mode [ 77.766816][ T5897] bond1: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.024642][ T5890] __nla_validate_parse: 10 callbacks suppressed [ 78.024662][ T5890] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 78.124432][ T5890] bond1 (unregistering): (slave bond_slave_0): Releasing backup interface [ 78.189880][ T5890] bond_slave_0: left promiscuous mode [ 78.219900][ T5890] bond1 (unregistering): Released all slaves [ 78.552111][ T5936] xt_HMARK: spi-set and port-set can't be combined [ 78.874387][ T5957] netlink: 'syz-executor.1': attribute type 11 has an invalid length. [ 78.882634][ T5957] netlink: 256 bytes leftover after parsing attributes in process `syz-executor.1'. [ 80.279670][ T6056] bond_slave_0: entered promiscuous mode [ 80.285737][ T6056] bond_slave_1: entered promiscuous mode [ 80.300386][ T6056] macsec1: entered promiscuous mode [ 80.305943][ T6056] bond0: entered promiscuous mode [ 80.311541][ T6056] macsec1: entered allmulticast mode [ 80.322948][ T6056] bond0: entered allmulticast mode [ 80.328823][ T6056] bond_slave_0: entered allmulticast mode [ 80.342630][ T6056] bond_slave_1: entered allmulticast mode [ 80.358853][ T6056] bond0: left allmulticast mode [ 80.363931][ T6056] bond_slave_0: left allmulticast mode [ 80.369590][ T6056] bond_slave_1: left allmulticast mode [ 80.393946][ T6056] bond0: left promiscuous mode [ 80.401719][ T6056] bond_slave_0: left promiscuous mode [ 80.407252][ T6056] bond_slave_1: left promiscuous mode [ 80.505094][ T6069] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 80.701015][ T5107] net_ratelimit: 50 callbacks suppressed [ 80.701033][ T5107] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 80.715513][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 80.808093][ T6089] netlink: 'syz-executor.4': attribute type 22 has an invalid length. [ 81.065560][ T6101] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 81.074492][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 81.104254][ T5107] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 81.124781][ T6106] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 81.151637][ T6106] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 81.186673][ T6106] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 81.234833][ T6101] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 81.254551][ T6101] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 81.468719][ T6115] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 81.981808][ T1759] cfg80211: failed to load regulatory.db [ 82.300183][ T29] audit: type=1804 audit(1718882810.272:5): pid=6143 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir1605557488/syzkaller.LYdpwb/78/cgroup.controllers" dev="sda1" ino=1964 res=1 errno=0 [ 82.318188][ T6143] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 82.364467][ T6144] Unsupported ieee802154 address type: 0 [ 82.956518][ T6164] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 82.991972][ T6166] netlink: 'syz-executor.0': attribute type 22 has an invalid length. [ 83.117508][ T6172] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.3'. [ 83.154945][ T6172] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.3'. [ 83.183249][ T6172] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.3'. [ 83.213990][ T6172] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.3'. [ 83.266972][ T6179] netlink: 'syz-executor.3': attribute type 3 has an invalid length. [ 83.290881][ T6179] netlink: 130984 bytes leftover after parsing attributes in process `syz-executor.3'. [ 83.634700][ T29] audit: type=1804 audit(1718882811.602:6): pid=6187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir185438766/syzkaller.ue0lOi/76/cgroup.controllers" dev="sda1" ino=1951 res=1 errno=0 [ 83.708965][ T6187] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 83.721167][ T6196] vlan2: entered promiscuous mode [ 83.737383][ T6196] veth0_to_hsr: entered promiscuous mode [ 83.754445][ T6192] Unsupported ieee802154 address type: 0 [ 83.772426][ T6196] veth0_to_hsr: left promiscuous mode [ 83.872030][ T6198] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 83.985141][ T5107] IPVS: starting estimator thread 0... [ 84.084424][ T6203] IPVS: using max 19 ests per chain, 45600 per kthread [ 84.383352][ T6214] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.4'. [ 84.404163][ T6214] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.4'. [ 84.421584][ T6214] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.4'. [ 84.453672][ T6214] netlink: 'syz-executor.4': attribute type 3 has an invalid length. [ 84.582224][ T6223] ip_vti0: entered promiscuous mode [ 84.604005][ T6223] vlan2: entered promiscuous mode [ 84.618611][ T6223] vlan2: entered allmulticast mode [ 84.632403][ T6223] ip_vti0: entered allmulticast mode [ 84.659880][ T6223] ip_vti0: left allmulticast mode [ 84.679169][ T6223] ip_vti0: left promiscuous mode [ 85.814582][ T1759] net_ratelimit: 64 callbacks suppressed [ 85.814602][ T1759] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 86.114993][ T6286] tipc: Started in network mode [ 86.131852][ T6286] tipc: Node identity , cluster identity 4711 [ 86.154957][ T6286] tipc: Failed to set node id, please configure manually [ 86.162169][ T6286] tipc: Enabling of bearer <udp:s> rejected, failed to enable media [ 86.301458][ T45] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 86.455842][ T784] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 86.572224][ T6309] vlan2: entered promiscuous mode [ 86.592027][ T6309] veth0_to_hsr: entered promiscuous mode [ 86.617133][ T6309] veth0_to_hsr: left promiscuous mode [ 87.010397][ T6326] tipc: Started in network mode [ 87.040220][ T6326] tipc: Node identity , cluster identity 4711 [ 87.050347][ T6326] tipc: Failed to set node id, please configure manually [ 87.079647][ T6326] tipc: Enabling of bearer <udp:s> rejected, failed to enable media [ 87.100076][ T5216] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 87.344882][ T5107] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 87.413964][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 87.626813][ T6360] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 87.736155][ T5107] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 87.744554][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 87.753415][ T1759] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 87.761973][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 87.815141][ T6373] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 88.008441][ T6381] bond0: option ad_select: unable to set because the bond device is up [ 88.022045][ T2837] bond0: (slave bond_slave_0): interface is now down [ 88.058317][ T2837] bond0: (slave bond_slave_1): interface is now down [ 88.081532][ T2837] bond0: now running without any active interface! [ 88.159502][ T6383] __nla_validate_parse: 8 callbacks suppressed [ 88.159524][ T6383] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 88.543213][ T6401] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 88.554125][ T6402] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 88.572501][ T6402] netlink: 616 bytes leftover after parsing attributes in process `syz-executor.2'. [ 88.627898][ T6401] warning: `syz-executor.1' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 89.106325][ T6422] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 89.705555][ T6448] ip_vti0: entered promiscuous mode [ 89.711050][ T6448] vlan2: entered promiscuous mode [ 89.731333][ T6448] vlan2: entered allmulticast mode [ 89.746023][ T6448] ip_vti0: entered allmulticast mode [ 89.777632][ T6448] ip_vti0: left allmulticast mode [ 89.787477][ T6448] ip_vti0: left promiscuous mode [ 90.015534][ T6457] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 90.380318][ T6475] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 90.580151][ T6480] tipc: Failed to remove unknown binding: 66,1,1/0:3181621435/3181621437 [ 90.599388][ T6480] tipc: Failed to remove unknown binding: 66,1,1/0:3181621435/3181621437 [ 90.608420][ T6480] tipc: Failed to remove unknown binding: 66,1,1/0:3181621435/3181621437 [ 90.850637][ T6494] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.3'. [ 90.943950][ T5208] net_ratelimit: 5 callbacks suppressed [ 90.943969][ T5208] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 91.173888][ T6512] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 91.215391][ T6512] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 91.275832][ T6517] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 91.331613][ T6512] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 91.400459][ T6512] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 91.494101][ T6523] ieee802154 phy0 wpan0: encryption failed: -22 [ 91.501694][ T5107] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 91.581429][ T5208] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 91.591372][ T6529] netlink: 'syz-executor.3': attribute type 11 has an invalid length. [ 91.894455][ T5208] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 92.124532][ T6554] ieee802154 phy0 wpan0: encryption failed: -22 [ 92.227792][ T5216] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 92.534651][ T5107] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 93.089556][ T6605] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 93.129859][ T6605] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 93.218057][ T6610] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 93.272016][ T6605] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 93.310026][ T6611] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 93.339989][ T6615] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 93.348445][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 93.401294][ T6615] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 93.414150][ T6615] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 93.483207][ T6621] ieee802154 phy0 wpan0: encryption failed: -22 [ 93.504383][ T6620] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 93.560828][ T6620] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 95.042008][ T6693] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 95.155623][ T6695] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 95.169546][ T6684] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 95.445320][ T6711] rose0: tun_chr_ioctl cmd 1074025677 [ 95.450910][ T6711] rose0: linktype set to 6 [ 95.713575][ T6723] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 95.783470][ T4487] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 95.793268][ T4487] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 95.803004][ T4487] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 95.824340][ T4487] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 95.835416][ T4487] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 95.842879][ T4487] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 95.961357][ T6741] hsr0: entered promiscuous mode [ 96.031259][ T6741] hsr_slave_0: left promiscuous mode [ 96.050798][ T6741] hsr_slave_1: left promiscuous mode [ 96.158809][ T6741] hsr0 (unregistering): left promiscuous mode [ 96.308276][ T6757] rose0: tun_chr_ioctl cmd 1074025677 [ 96.317913][ T6757] rose0: linktype set to 6 [ 96.409150][ T6726] chnl_net:caif_netlink_parms(): no params data found [ 96.458988][ T6761] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 96.565077][ T6773] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 96.631133][ T6726] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.647987][ T6726] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.657083][ T6726] bridge_slave_0: entered allmulticast mode [ 96.665457][ T6726] bridge_slave_0: entered promiscuous mode [ 96.678021][ T6726] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.685556][ T6726] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.703257][ T6726] bridge_slave_1: entered allmulticast mode [ 96.710684][ T5107] net_ratelimit: 48 callbacks suppressed [ 96.710701][ T5107] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 96.737391][ T6726] bridge_slave_1: entered promiscuous mode [ 96.779217][ T6787] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'. [ 96.803324][ T6726] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.819751][ T6726] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.825678][ T6789] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 96.908946][ T6726] team0: Port device team_slave_0 added [ 96.929741][ T6726] team0: Port device team_slave_1 added [ 96.972344][ T6796] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 96.982319][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 97.062205][ T6726] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.076841][ T6726] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.111457][ T6726] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.124237][ T6802] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 97.135078][ T6798] netlink: 'syz-executor.4': attribute type 7 has an invalid length. [ 97.143240][ T6798] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 97.182840][ T6801] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 97.203832][ T6801] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 97.260653][ T6726] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.284717][ T6726] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.360117][ T6726] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.503031][ T6726] hsr_slave_0: entered promiscuous mode [ 97.534643][ T6726] hsr_slave_1: entered promiscuous mode [ 97.573822][ T6726] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 97.590574][ T6726] Cannot create hsr debugfs directory [ 97.735399][ T45] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 97.894392][ T4487] Bluetooth: hci4: command tx timeout [ 97.976720][ T6843] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 97.982342][ T6849] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 97.995827][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 98.014810][ T6843] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 98.186004][ T6726] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.295171][ T5162] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 98.378848][ T6726] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.507304][ T6726] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.621048][ T6726] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.775374][ T5159] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 98.952928][ T6892] __nla_validate_parse: 6 callbacks suppressed [ 98.952947][ T6892] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'. [ 98.955894][ T6894] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 98.961780][ T6726] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 99.018676][ T6726] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 99.064791][ T6726] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 99.118657][ T6726] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 99.407964][ T6726] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.469621][ T6726] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.543765][ T5216] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.550928][ T5216] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.585285][ T5216] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.592475][ T5216] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.811602][ T6935] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 99.820828][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 99.974256][ T4487] Bluetooth: hci4: command tx timeout [ 100.132134][ T6726] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.231175][ T6726] veth0_vlan: entered promiscuous mode [ 100.276952][ T6726] veth1_vlan: entered promiscuous mode [ 100.349296][ T6726] veth0_macvtap: entered promiscuous mode [ 100.379051][ T6726] veth1_macvtap: entered promiscuous mode [ 100.434026][ T6726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 100.463763][ T6726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.493906][ T6726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 100.507436][ T6726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.519499][ T6726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 100.530143][ T6726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.540464][ T6726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 100.551160][ T6726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.588144][ T6726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 100.630104][ T6726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.660778][ T6726] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.733309][ T6726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 100.772098][ T6726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.802065][ T6726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 100.823561][ T6726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.848355][ T6978] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 100.858576][ T6726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 100.858601][ T6726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.858612][ T6726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 100.858625][ T6726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.858637][ T6726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 100.858650][ T6726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.860198][ T6726] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.987933][ T6726] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.008849][ T6726] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.033788][ T6726] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.052816][ T6726] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.084582][ T6987] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 101.153000][ T6987] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 101.219672][ T2837] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.235572][ T2837] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.282965][ T2837] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.303782][ T2837] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.914983][ T7032] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 101.955795][ T7026] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.2'. [ 102.055406][ T4487] Bluetooth: hci4: command tx timeout [ 102.111392][ T7038] veth0_vlan: entered allmulticast mode [ 102.363392][ T7052] net_ratelimit: 7 callbacks suppressed [ 102.363410][ T7052] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 102.378412][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 102.540036][ T7063] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 102.650626][ T7066] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 102.689309][ T7063] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 102.840864][ T7083] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 103.453568][ T7118] veth0_vlan: entered allmulticast mode [ 104.133914][ T5113] Bluetooth: hci4: command tx timeout [ 104.374448][ T5216] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 104.521144][ T7158] __nla_validate_parse: 4 callbacks suppressed [ 104.521332][ T7158] netlink: 27 bytes leftover after parsing attributes in process `syz-executor.0'. [ 104.574470][ T7158] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.0'. [ 104.763394][ T7166] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 104.916008][ T7172] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 105.023876][ T5162] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 105.106421][ T7180] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.3'. [ 105.645156][ T7199] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check. [ 105.766334][ T7210] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 105.800593][ T7210] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 105.820174][ T7210] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 105.916545][ T7209] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 105.958685][ T7209] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 106.214646][ T5113] Bluetooth: hci4: command 0x0405 tx timeout [ 106.565955][ T7251] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 106.983509][ T7268] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD [ 107.365878][ T7282] netlink: 27 bytes leftover after parsing attributes in process `syz-executor.3'. [ 107.390833][ T7282] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.3'. [ 107.416239][ T7281] net_ratelimit: 1 callbacks suppressed [ 107.416252][ T7281] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check. [ 107.557431][ T7286] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.1'. [ 108.734327][ T7317] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.0'. [ 108.931517][ T7324] TCP: MD5 Hash mismatch for [fe80::bb].0->[ff02::1].20002 [SP.]L3 index 0 [ 109.122133][ T7335] netlink: 'syz-executor.1': attribute type 21 has an invalid length. [ 109.879917][ T7365] netlink: 'syz-executor.2': attribute type 11 has an invalid length. [ 110.057329][ T7377] __nla_validate_parse: 3 callbacks suppressed [ 110.057355][ T7377] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 110.088173][ T7377] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 110.110610][ T7377] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 256 - 0 [ 110.119562][ T7377] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 256 - 0 [ 110.128659][ T7377] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 256 - 0 [ 110.138962][ T7377] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 256 - 0 [ 110.156008][ T7377] vxlan0: entered promiscuous mode [ 110.370640][ T7393] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 110.385235][ T7393] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 110.393530][ T7393] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 110.400597][ T7396] netlink: 830 bytes leftover after parsing attributes in process `syz-executor.2'. [ 110.495372][ T7391] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 110.522097][ T7391] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 110.775029][ T784] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 110.890275][ T7414] netlink: 'syz-executor.0': attribute type 27 has an invalid length. [ 110.918965][ T7414] netlink: 152 bytes leftover after parsing attributes in process `syz-executor.0'. [ 110.939709][ T7414] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 111.114891][ T7422] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 111.478849][ T7439] IPv6: NLM_F_CREATE should be specified when creating new route [ 111.513872][ T7439] netlink: 1 bytes leftover after parsing attributes in process `syz-executor.2'. [ 111.905029][ T5113] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 111.920979][ T5113] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 111.935338][ T5113] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 111.944600][ T5113] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 111.952716][ T5113] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 111.960238][ T5113] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 112.029530][ T7469] netlink: 'syz-executor.4': attribute type 5 has an invalid length. [ 112.568570][ T7482] syzkaller0: entered promiscuous mode [ 112.591044][ T7482] syzkaller0: entered allmulticast mode [ 112.779478][ T7462] chnl_net:caif_netlink_parms(): no params data found [ 113.136920][ T7500] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 113.407239][ T7515] xt_CONNSECMARK: invalid mode: 0 [ 114.066915][ T4487] Bluetooth: hci3: command tx timeout [ 114.546163][ T7515] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.589311][ T7527] netlink: 1 bytes leftover after parsing attributes in process `syz-executor.2'. [ 114.690679][ T7462] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.698317][ T7462] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.706620][ T7462] bridge_slave_0: entered allmulticast mode [ 114.715593][ T7462] bridge_slave_0: entered promiscuous mode [ 114.725725][ T7462] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.733724][ T7462] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.741001][ T7462] bridge_slave_1: entered allmulticast mode [ 114.750397][ T7462] bridge_slave_1: entered promiscuous mode [ 114.871574][ T7462] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 114.901574][ T7462] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 114.978118][ T7548] netlink: 'syz-executor.1': attribute type 5 has an invalid length. [ 115.063355][ T7462] team0: Port device team_slave_0 added [ 115.105045][ T7462] team0: Port device team_slave_1 added [ 115.258492][ T7462] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 115.266898][ T7462] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 115.319166][ T7462] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 115.340948][ T7462] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 115.349606][ T7462] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 115.383338][ T7462] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 115.424746][ T29] audit: type=1804 audit(1718882843.392:7): pid=7570 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir185438766/syzkaller.ue0lOi/171/cgroup.controllers" dev="sda1" ino=1956 res=1 errno=0 [ 115.480062][ T7462] hsr_slave_0: entered promiscuous mode [ 115.487503][ T7462] hsr_slave_1: entered promiscuous mode [ 115.496489][ T7462] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 115.508334][ T7462] Cannot create hsr debugfs directory [ 115.743946][ T7580] netlink: 'syz-executor.0': attribute type 5 has an invalid length. [ 116.088527][ T7462] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 116.133963][ T5113] Bluetooth: hci3: command tx timeout [ 116.140044][ T7462] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.296484][ T7462] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 116.316806][ T7462] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.527384][ T7462] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 116.561432][ T7462] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.721602][ T7628] netlink: 'syz-executor.4': attribute type 2 has an invalid length. [ 116.722647][ T7462] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 116.768746][ T7462] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.939761][ T7644] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 117.087222][ T7651] net_ratelimit: 4 callbacks suppressed [ 117.087239][ T7651] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 117.111905][ T7462] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 117.157023][ T7462] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 117.227687][ T7462] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 117.283597][ T7462] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 117.364938][ T7663] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 117.387276][ T7663] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.4'. [ 117.582775][ T7462] 8021q: adding VLAN 0 to HW filter on device bond0 [ 117.635937][ T7462] 8021q: adding VLAN 0 to HW filter on device team0 [ 117.675361][ T7675] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 117.693988][ T5107] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.701193][ T5107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.733564][ T5107] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.740797][ T5107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 118.111082][ T7692] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 118.214948][ T5113] Bluetooth: hci3: command 0x040f tx timeout [ 118.275453][ T7462] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 118.478949][ T7462] veth0_vlan: entered promiscuous mode [ 118.532512][ T7462] veth1_vlan: entered promiscuous mode [ 118.787159][ T7718] syzkaller0: entered promiscuous mode [ 118.800494][ T7718] syzkaller0: entered allmulticast mode [ 118.828870][ T7462] veth0_macvtap: entered promiscuous mode [ 118.882574][ T7462] veth1_macvtap: entered promiscuous mode [ 118.952620][ T7462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.974161][ T7462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.991348][ T7462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 119.020862][ T7462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.039232][ T7462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 119.073150][ T7462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.091903][ T7462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 119.116891][ T7462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.133566][ T7462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 119.153800][ T7462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.172293][ T7462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 119.192482][ T7462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.214637][ T7462] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 119.353293][ T7748] netlink: 80 bytes leftover after parsing attributes in process `syz-executor.1'. [ 119.389826][ T7748] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.1'. [ 119.420950][ T7751] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 120.305832][ T4487] Bluetooth: hci3: command 0x040f tx timeout [ 120.379229][ T5162] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 120.628904][ T7754] IPVS: Error connecting to the multicast addr [ 120.650746][ T7462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 120.709331][ T7462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.739515][ T7462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 120.771295][ T7462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.807504][ T7462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 120.838204][ T7462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.870582][ T7462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 120.891479][ T7462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.911462][ T7462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 120.935644][ T7462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.958943][ T7462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 120.980134][ T7462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.005595][ T7462] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 121.040240][ T7462] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.100366][ T7462] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.109215][ T7462] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.124016][ T7462] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.353857][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.361725][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.393678][ T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.407676][ T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.431606][ T7798] netlink: 'syz-executor.4': attribute type 3 has an invalid length. [ 121.485125][ T7800] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 121.746370][ T7808] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 121.957774][ T7818] netlink: 'syz-executor.4': attribute type 62 has an invalid length. [ 122.439391][ T7830] bridge0: entered promiscuous mode [ 122.481206][ T7830] bridge0: entered allmulticast mode [ 122.534505][ T7830] ebt_among: wrong size: 1048 against expected 1006634004, rounded to 1006634008 [ 122.651920][ T5113] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 122.666083][ T5113] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 122.676739][ T5113] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 122.692091][ T5113] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 122.705879][ T5113] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 122.726565][ T5113] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 122.889856][ T7841] netlink: 156 bytes leftover after parsing attributes in process `syz-executor.0'. [ 123.000900][ T64] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.409845][ T64] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.515619][ T4487] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 123.528237][ T4487] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 123.531137][ T64] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.548089][ T4487] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 123.559987][ T4487] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 123.569364][ T4487] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 123.580076][ T4487] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 123.590428][ T7838] chnl_net:caif_netlink_parms(): no params data found [ 123.673090][ T64] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.985529][ T7838] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.013344][ T7838] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.044425][ T7838] bridge_slave_0: entered allmulticast mode [ 124.068954][ T7838] bridge_slave_0: entered promiscuous mode [ 124.086424][ T7838] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.093584][ T7838] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.118283][ T7838] bridge_slave_1: entered allmulticast mode [ 124.131080][ T7838] bridge_slave_1: entered promiscuous mode [ 124.158651][ T7880] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.0'. [ 124.316301][ T7838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 124.342834][ T7838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 124.446261][ T64] bridge_slave_1: left allmulticast mode [ 124.452287][ T64] bridge_slave_1: left promiscuous mode [ 124.477557][ T64] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.503170][ T64] bridge_slave_0: left allmulticast mode [ 124.514539][ T64] bridge_slave_0: left promiscuous mode [ 124.528733][ T64] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.708176][ T7910] netlink: 156 bytes leftover after parsing attributes in process `syz-executor.1'. [ 124.774157][ T5113] Bluetooth: hci2: command tx timeout [ 125.093237][ T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 125.108031][ T64] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 125.119734][ T64] bond0 (unregistering): Released all slaves [ 125.142678][ T7838] team0: Port device team_slave_0 added [ 125.150730][ T7901] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 125.159191][ T7916] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.1'. [ 125.172764][ T7919] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 125.301069][ T7838] team0: Port device team_slave_1 added [ 125.514692][ T7838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 125.521695][ T7838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 125.563848][ T7838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 125.654609][ T5113] Bluetooth: hci3: command tx timeout [ 125.674247][ T7838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 125.681266][ T7838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 125.733770][ T7838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 125.762579][ T7940] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 125.852696][ T7943] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 125.862231][ T7945] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 125.988895][ T64] hsr_slave_0: left promiscuous mode [ 125.999703][ T64] hsr_slave_1: left promiscuous mode [ 126.022651][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 126.031248][ T64] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 126.047066][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 126.056331][ T64] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 126.083649][ T64] veth1_macvtap: left promiscuous mode [ 126.089973][ T64] veth0_macvtap: left promiscuous mode [ 126.115577][ T64] veth1_vlan: left promiscuous mode [ 126.122084][ T64] veth0_vlan: left promiscuous mode [ 126.857446][ T5113] Bluetooth: hci2: command tx timeout [ 126.984972][ T64] team0 (unregistering): Port device team_slave_1 removed [ 127.052385][ T64] team0 (unregistering): Port device team_slave_0 removed [ 127.481402][ T7838] hsr_slave_0: entered promiscuous mode [ 127.492255][ T7838] hsr_slave_1: entered promiscuous mode [ 127.501374][ T7838] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 127.513912][ T7838] Cannot create hsr debugfs directory [ 127.519746][ T7967] netlink: 'syz-executor.2': attribute type 21 has an invalid length. [ 127.535057][ T7967] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.2'. [ 127.550219][ T7967] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 127.560586][ T7995] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 127.621883][ T7868] chnl_net:caif_netlink_parms(): no params data found [ 127.734324][ T5113] Bluetooth: hci3: command tx timeout [ 127.826512][ T8009] ipt_REJECT: ECHOREPLY no longer supported. [ 127.967869][ T8009] netlink: 'syz-executor.1': attribute type 8 has an invalid length. [ 128.003361][ T8009] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 128.235426][ T7868] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.242696][ T7868] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.250944][ T7868] bridge_slave_0: entered allmulticast mode [ 128.261096][ T7868] bridge_slave_0: entered promiscuous mode [ 128.285138][ T8011] netlink: 1300 bytes leftover after parsing attributes in process `syz-executor.1'. [ 128.314922][ T7868] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.322159][ T7868] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.336561][ T7868] bridge_slave_1: entered allmulticast mode [ 128.345586][ T7868] bridge_slave_1: entered promiscuous mode [ 128.359147][ T8034] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 128.374776][ T8034] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 128.392036][ T8034] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 128.412735][ T8034] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 128.424432][ T8034] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 128.445890][ T8034] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 128.479807][ T7868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 128.512126][ T7868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 128.514705][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 128.530148][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 128.538898][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 128.626499][ T7868] team0: Port device team_slave_0 added [ 128.706548][ T7838] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 256 - 0 [ 128.718737][ T7838] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.758236][ T7868] team0: Port device team_slave_1 added [ 128.793048][ T8045] netlink: 'syz-executor.2': attribute type 21 has an invalid length. [ 128.809960][ T8045] netlink: 164 bytes leftover after parsing attributes in process `syz-executor.2'. [ 128.849625][ T7838] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 256 - 0 [ 128.873100][ T7838] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.921413][ T8045] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'. [ 128.931952][ T8045] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'. [ 128.944630][ T5113] Bluetooth: hci2: command tx timeout [ 128.954491][ T7868] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 128.972087][ T7868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 129.055175][ T7868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 129.077993][ T7868] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 129.087098][ T7868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 129.123513][ T7868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 129.178114][ T7838] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 256 - 0 [ 129.203004][ T7838] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.248127][ T8064] veth1_macvtap: left promiscuous mode [ 129.317640][ T7838] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 256 - 0 [ 129.345425][ T7838] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.400189][ T7868] hsr_slave_0: entered promiscuous mode [ 129.412221][ T7868] hsr_slave_1: entered promiscuous mode [ 129.421559][ T7868] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 129.429648][ T7868] Cannot create hsr debugfs directory [ 129.700802][ T7838] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 129.738779][ T7838] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 129.752962][ T7838] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 129.763865][ T7838] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 129.824817][ T5113] Bluetooth: hci3: command tx timeout [ 129.946692][ T7838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 130.024948][ T7838] 8021q: adding VLAN 0 to HW filter on device team0 [ 130.072776][ T5162] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.079930][ T5162] bridge0: port 1(bridge_slave_0) entered forwarding state [ 130.144624][ T5216] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.151791][ T5216] bridge0: port 2(bridge_slave_1) entered forwarding state [ 130.182805][ T8071] syz-executor.1 (8071) used greatest stack depth: 17984 bytes left [ 130.277126][ T7868] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 130.321371][ T7868] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 130.366768][ T7868] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 130.406074][ T7868] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 130.451029][ T7838] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 130.499103][ T8090] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 130.579963][ T8090] pim6reg1: entered promiscuous mode [ 130.603975][ T8090] pim6reg1: entered allmulticast mode [ 130.728713][ T8102] ipt_REJECT: ECHOREPLY no longer supported. [ 130.802616][ T8102] netlink: 'syz-executor.1': attribute type 8 has an invalid length. [ 130.957024][ T7868] 8021q: adding VLAN 0 to HW filter on device bond0 [ 130.999792][ T7838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 131.016560][ T5113] Bluetooth: hci2: command tx timeout [ 131.051072][ T8114] netlink: 1300 bytes leftover after parsing attributes in process `syz-executor.1'. [ 131.097904][ T7868] 8021q: adding VLAN 0 to HW filter on device team0 [ 131.155207][ T5162] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.162389][ T5162] bridge0: port 1(bridge_slave_0) entered forwarding state [ 131.342779][ T8117] syzkaller0: entered promiscuous mode [ 131.358671][ T8117] syzkaller0: entered allmulticast mode [ 131.375983][ T5162] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.383139][ T5162] bridge0: port 2(bridge_slave_1) entered forwarding state [ 131.905723][ T5113] Bluetooth: hci3: command tx timeout [ 132.908611][ T8133] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 133.055936][ T8141] net_ratelimit: 191 callbacks suppressed [ 133.055954][ T8141] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 133.057971][ T7868] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 133.062506][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 133.165550][ T7838] veth0_vlan: entered promiscuous mode [ 133.181617][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.225892][ T7838] veth1_vlan: entered promiscuous mode [ 133.376178][ T7838] veth0_macvtap: entered promiscuous mode [ 133.409177][ T7838] veth1_macvtap: entered promiscuous mode [ 133.466197][ T7838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 133.499084][ T7838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.513841][ T7838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 133.535247][ T7838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.554427][ T7838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 133.575363][ T7838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.594387][ T7838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 133.613833][ T7838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.626271][ T7838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 133.640340][ T7838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.662489][ T7838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 133.683219][ T7838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.711816][ T7838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 133.743432][ T7838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 133.757874][ T7838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.767844][ T7838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 133.778605][ T7838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.809688][ T7838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 133.831550][ T7838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.841464][ T7838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 133.852309][ T7838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.862833][ T7838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 133.877968][ T7838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.888041][ T7838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 133.905902][ T7838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.918995][ T7838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 133.927724][ T8165] netlink: 'syz-executor.0': attribute type 21 has an invalid length. [ 133.937630][ T8165] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.0'. [ 133.947187][ T8165] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 133.983102][ T7838] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.000548][ T7838] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.014989][ T7838] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.042454][ T7838] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.106378][ T7868] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 134.364438][ T1256] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.369682][ T7868] veth0_vlan: entered promiscuous mode [ 134.386580][ T1256] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.429693][ T7868] veth1_vlan: entered promiscuous mode [ 134.506733][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.529694][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.593181][ T7868] veth0_macvtap: entered promiscuous mode [ 134.636443][ T7868] veth1_macvtap: entered promiscuous mode [ 134.691769][ T7868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 134.727463][ T7868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 134.758002][ T7868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 134.793212][ T7868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 134.825988][ T7868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 134.854106][ T7868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 134.886680][ T7868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 134.922942][ T7868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 134.963662][ T7868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 135.005006][ T7868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.042608][ T7868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 135.082218][ T7868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.117762][ T7868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 135.153942][ T7868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.187747][ T7868] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 135.264809][ T7868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 135.304026][ T7868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.358890][ T7868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 135.375482][ T7868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.398449][ T7868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 135.422764][ T7868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.465225][ T7868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 135.487125][ T7868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.519480][ T7868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 135.537574][ T7868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.552849][ T7868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 135.587365][ T7868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.598485][ T7868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 135.610010][ T7868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.622890][ T7868] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 135.683664][ T7868] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.695283][ T7868] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.705413][ T7868] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.715071][ T7868] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.861203][ T29] audit: type=1804 audit(1718882863.832:8): pid=8236 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir1756578224/syzkaller.hR8JaY/4/cgroup.controllers" dev="sda1" ino=1961 res=1 errno=0 [ 135.880702][ T8237] team0: Failed to send options change via netlink (err -105) [ 135.914884][ T8237] team0: Failed to send port change of device team_slave_0 via netlink (err -105) [ 135.935758][ T8237] team0: Port device team_slave_0 removed [ 136.103641][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 136.123324][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 136.219464][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 136.240134][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 136.388245][ T8267] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 136.397942][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 136.817191][ T29] audit: type=1800 audit(1718882864.792:9): pid=8179 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.2" name="memory.events" dev="sda1" ino=1955 res=0 errno=0 [ 136.980242][ T8257] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.301268][ T8277] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.0'. [ 137.328651][ T8277] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 137.348695][ T8257] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.550938][ T8257] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.722617][ T8257] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.818509][ T4487] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 137.828791][ T4487] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 137.838880][ T4487] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 137.850590][ T4487] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 137.861404][ T4487] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 137.869739][ T4487] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 137.923233][ T8301] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 138.012268][ T8307] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.1'. [ 138.112898][ T8257] bridge_slave_1: left allmulticast mode [ 138.119298][ T8257] bridge_slave_1: left promiscuous mode [ 138.126121][ T8257] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.138869][ T8311] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 138.150752][ T8257] bridge_slave_0: left allmulticast mode [ 138.156758][ T8257] bridge_slave_0: left promiscuous mode [ 138.162777][ T8257] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.359956][ T8257] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 139.417687][ T8257] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 139.456025][ T8257] bond0 (unregistering): Released all slaves [ 139.483060][ T8327] tipc: Started in network mode [ 139.488598][ T8327] tipc: Node identity 66663a2034380a73, cluster identity 4711 [ 139.497189][ T8327] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media [ 139.513420][ T8329] netlink: 16126 bytes leftover after parsing attributes in process `syz-executor.1'. [ 139.544387][ T8329] netlink: 105116 bytes leftover after parsing attributes in process `syz-executor.1'. [ 139.575124][ T784] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 139.927855][ T8257] hsr_slave_0: left promiscuous mode [ 139.964999][ T8257] hsr_slave_1: left promiscuous mode [ 139.974639][ T4487] Bluetooth: hci3: command tx timeout [ 139.993353][ T8257] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 140.003825][ T8257] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 140.029225][ T8257] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 140.063178][ T8257] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 140.166104][ T8257] veth1_macvtap: left promiscuous mode [ 140.171850][ T8257] veth0_macvtap: left promiscuous mode [ 140.178329][ T8257] veth1_vlan: left promiscuous mode [ 140.195114][ T8257] veth0_vlan: left promiscuous mode [ 140.202013][ T8377] netlink: 'syz-executor.2': attribute type 7 has an invalid length. [ 140.214219][ T8377] netlink: 'syz-executor.2': attribute type 8 has an invalid length. [ 140.222332][ T8377] netlink: 224 bytes leftover after parsing attributes in process `syz-executor.2'. [ 140.481212][ T8395] netlink: 19 bytes leftover after parsing attributes in process `syz-executor.0'. [ 141.041241][ T8257] team0 (unregistering): Port device team_slave_1 removed [ 141.082781][ T8257] team0 (unregistering): Port device team_slave_0 removed [ 141.457186][ T8375] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 141.467273][ T8389] netlink: 'syz-executor.1': attribute type 34 has an invalid length. [ 141.528865][ T8295] chnl_net:caif_netlink_parms(): no params data found [ 141.772035][ T8426] netlink: 'syz-executor.0': attribute type 21 has an invalid length. [ 141.794657][ T8426] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.0'. [ 141.816912][ T8295] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.819938][ T8430] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 141.825682][ T8295] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.845114][ T8295] bridge_slave_0: entered allmulticast mode [ 141.852574][ T8295] bridge_slave_0: entered promiscuous mode [ 141.885530][ T8295] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.904268][ T8295] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.914335][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 141.948505][ T8295] bridge_slave_1: entered allmulticast mode [ 141.975902][ T8295] bridge_slave_1: entered promiscuous mode [ 142.054292][ T4487] Bluetooth: hci3: command tx timeout [ 142.063508][ T8433] netlink: 68 bytes leftover after parsing attributes in process `syz-executor.0'. [ 142.101438][ T8295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 142.153598][ T8295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 142.265617][ T8295] team0: Port device team_slave_0 added [ 142.286478][ T8295] team0: Port device team_slave_1 added [ 142.371952][ T8295] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 142.398103][ T8295] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 142.430334][ T8295] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 142.446832][ T8295] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 142.463966][ T8295] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 142.522557][ T8295] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 142.622300][ T29] audit: type=1804 audit(1718882870.582:10): pid=8453 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2802221483/syzkaller.9qM1Fk/117/cgroup.controllers" dev="sda1" ino=1959 res=1 errno=0 [ 142.727996][ T8447] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 142.752049][ T8295] hsr_slave_0: entered promiscuous mode [ 142.759844][ T8450] netlink: 'syz-executor.4': attribute type 7 has an invalid length. [ 142.770598][ T8450] netlink: 'syz-executor.4': attribute type 8 has an invalid length. [ 142.781264][ T8295] hsr_slave_1: entered promiscuous mode [ 142.790793][ T8450] netlink: 224 bytes leftover after parsing attributes in process `syz-executor.4'. [ 142.803201][ T8295] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 142.812713][ T8295] Cannot create hsr debugfs directory [ 142.853984][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 143.787277][ T8295] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 143.808189][ T8295] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 143.827449][ T8295] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 143.848990][ T8295] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 143.860949][ T8499] netlink: 'syz-executor.1': attribute type 7 has an invalid length. [ 143.884770][ T8499] netlink: 'syz-executor.1': attribute type 8 has an invalid length. [ 144.020348][ T8295] 8021q: adding VLAN 0 to HW filter on device bond0 [ 144.050302][ T8295] 8021q: adding VLAN 0 to HW filter on device team0 [ 144.067897][ T5208] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.076104][ T5208] bridge0: port 1(bridge_slave_0) entered forwarding state [ 144.105745][ T784] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.112924][ T784] bridge0: port 2(bridge_slave_1) entered forwarding state [ 144.144531][ T4487] Bluetooth: hci3: command tx timeout [ 144.326818][ T29] audit: type=1804 audit(1718882872.302:11): pid=8513 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir1756578224/syzkaller.hR8JaY/30/cgroup.controllers" dev="sda1" ino=1961 res=1 errno=0 [ 144.386746][ T8295] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 144.526426][ T8295] veth0_vlan: entered promiscuous mode [ 144.576269][ T8295] veth1_vlan: entered promiscuous mode [ 144.586454][ T8518] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 144.700238][ T8295] veth0_macvtap: entered promiscuous mode [ 144.748714][ T8295] veth1_macvtap: entered promiscuous mode [ 144.813975][ T8295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 144.835316][ T8295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 144.865109][ T8295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 144.891718][ T8295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 144.912029][ T8295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 144.925368][ T8295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 144.948692][ T8295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 144.974318][ T8295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 144.995640][ T8295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 145.013475][ T8295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.035497][ T8295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 145.055601][ T8295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.073353][ T8295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 145.084518][ T8295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.115457][ T8295] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 145.177318][ T8295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 145.226222][ T8295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.259427][ T8295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 145.292171][ T8295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.312569][ T8295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 145.341372][ T8295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.354891][ T8295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 145.368406][ T8295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.378458][ T8295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 145.390556][ T8295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.401779][ T8295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 145.413447][ T8295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.424447][ T8295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 145.437009][ T8295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.457035][ T8295] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 145.526000][ T8295] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.547401][ T8295] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.564319][ T8295] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.577210][ T8295] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.599685][ T8551] __nla_validate_parse: 2 callbacks suppressed [ 145.599703][ T8551] netlink: 256 bytes leftover after parsing attributes in process `syz-executor.4'. [ 145.630823][ T8551] unsupported nlmsg_type 40 [ 145.679345][ T8551] team0: Port device vlan2 added [ 145.698812][ T8553] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 145.706544][ T8553] IPv6: NLM_F_CREATE should be set when creating new route [ 145.713810][ T8553] IPv6: NLM_F_CREATE should be set when creating new route [ 145.780756][ T2812] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 145.799752][ T2812] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 145.885898][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 145.906366][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 146.186630][ T8577] netlink: 'syz-executor.4': attribute type 3 has an invalid length. [ 146.327488][ T8585] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 146.367079][ T8585] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 146.380018][ T8585] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 146.467711][ T8591] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 146.525493][ T8591] netlink: 157116 bytes leftover after parsing attributes in process `syz-executor.0'. [ 146.839081][ T8611] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 146.931990][ T8611] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 147.126741][ T8630] netlink: 105120 bytes leftover after parsing attributes in process `syz-executor.4'. [ 147.145047][ T8630] netlink: 16126 bytes leftover after parsing attributes in process `syz-executor.4'. [ 147.498066][ T8644] netlink: 766 bytes leftover after parsing attributes in process `syz-executor.4'. [ 147.595933][ T8651] syz-executor.2[8651] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 147.596072][ T8651] syz-executor.2[8651] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 148.043601][ T8657] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.090911][ T8660] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 148.116578][ T8635] netlink: 'syz-executor.1': attribute type 15 has an invalid length. [ 148.134009][ T8660] netlink: 157116 bytes leftover after parsing attributes in process `syz-executor.4'. [ 148.307817][ T8668] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 148.390110][ T8673] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 148.485498][ T8676] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.0'. [ 148.499859][ T8676] gretap0: entered promiscuous mode [ 148.548517][ T8676] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.0'. [ 148.572918][ T8676] 0�X��D: renamed from gretap0 [ 148.593563][ T8676] 0�X��D: left promiscuous mode [ 148.600231][ T8676] 0�X��D: entered allmulticast mode [ 148.619964][ T8676] A link change request failed with some changes committed already. Interface 60�X��D may have been left with an inconsistent configuration, please check. [ 148.845828][ T8681] syz-executor.1[8681] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 148.845973][ T8681] syz-executor.1[8681] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 148.869406][ T8257] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.991039][ T8683] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 149.001249][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 149.017218][ T8683] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 149.031917][ T8682] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 149.044813][ T8682] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 149.175576][ T5216] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 149.464504][ T8707] netlink: 'syz-executor.4': attribute type 16 has an invalid length. [ 149.631569][ T5113] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 149.681236][ T5113] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 149.690251][ T5113] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 149.700947][ T5113] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 149.734826][ T5113] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 149.745518][ T5113] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 149.767829][ T5113] ================================================================== [ 149.775927][ T5113] BUG: KASAN: double-free in hci_req_sync_complete+0xe7/0x290 [ 149.783438][ T5113] Free of addr ffff8880629a4c80 by task kworker/u9:3/5113 [ 149.790555][ T5113] [ 149.792891][ T5113] CPU: 1 PID: 5113 Comm: kworker/u9:3 Not tainted 6.10.0-rc3-syzkaller-00163-g8851346912a1 #0 [ 149.803142][ T5113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 149.813219][ T5113] Workqueue: hci3 hci_rx_work [ 149.817947][ T5113] Call Trace: [ 149.821243][ T5113] <TASK> [ 149.824186][ T5113] dump_stack_lvl+0x241/0x360 [ 149.828882][ T5113] ? __pfx_dump_stack_lvl+0x10/0x10 [ 149.834098][ T5113] ? __pfx__printk+0x10/0x10 [ 149.838705][ T5113] ? _printk+0xd5/0x120 [ 149.842877][ T5113] ? __virt_addr_valid+0x183/0x520 [ 149.848012][ T5113] ? __virt_addr_valid+0x183/0x520 [ 149.853139][ T5113] print_report+0x169/0x550 [ 149.857655][ T5113] ? __virt_addr_valid+0x183/0x520 [ 149.862782][ T5113] ? __virt_addr_valid+0x183/0x520 [ 149.867912][ T5113] ? __virt_addr_valid+0x44e/0x520 [ 149.873040][ T5113] ? __phys_addr+0xba/0x170 [ 149.877562][ T5113] ? hci_req_sync_complete+0xe7/0x290 [ 149.882949][ T5113] kasan_report_invalid_free+0x11a/0x140 [ 149.888598][ T5113] ? hci_req_sync_complete+0xe7/0x290 [ 149.893992][ T5113] ? hci_req_sync_complete+0xe7/0x290 [ 149.899379][ T5113] poison_slab_object+0xf4/0x150 [ 149.904340][ T5113] ? hci_req_sync_complete+0xe7/0x290 [ 149.909730][ T5113] __kasan_slab_free+0x37/0x60 [ 149.914504][ T5113] kmem_cache_free+0x145/0x350 [ 149.919281][ T5113] hci_req_sync_complete+0xe7/0x290 [ 149.924501][ T5113] hci_event_packet+0xc71/0x1540 [ 149.929546][ T5113] ? __pfx_hci_cmd_complete_evt+0x10/0x10 [ 149.935309][ T5113] ? __pfx_hci_event_packet+0x10/0x10 [ 149.940699][ T5113] ? do_raw_spin_unlock+0x13c/0x8b0 [ 149.945957][ T5113] ? __pfx_hci_req_sync_complete+0x10/0x10 [ 149.951790][ T5113] ? hci_send_to_monitor+0xd8/0x7f0 [ 149.957012][ T5113] ? kcov_remote_start+0x9e/0x7e0 [ 149.962051][ T5113] hci_rx_work+0x3e8/0xca0 [ 149.966489][ T5113] ? process_scheduled_works+0x945/0x1830 [ 149.972219][ T5113] process_scheduled_works+0xa2c/0x1830 [ 149.977790][ T5113] ? __pfx_process_scheduled_works+0x10/0x10 [ 149.983787][ T5113] ? assign_work+0x364/0x3d0 [ 149.988390][ T5113] worker_thread+0x86d/0xd70 [ 149.993008][ T5113] ? __kthread_parkme+0x169/0x1d0 [ 149.998054][ T5113] ? __pfx_worker_thread+0x10/0x10 [ 150.003181][ T5113] kthread+0x2f0/0x390 [ 150.007273][ T5113] ? __pfx_worker_thread+0x10/0x10 [ 150.012402][ T5113] ? __pfx_kthread+0x10/0x10 [ 150.017012][ T5113] ret_from_fork+0x4b/0x80 [ 150.021450][ T5113] ? __pfx_kthread+0x10/0x10 [ 150.026056][ T5113] ret_from_fork_asm+0x1a/0x30 [ 150.030850][ T5113] </TASK> [ 150.033876][ T5113] [ 150.036200][ T5113] Allocated by task 5113: [ 150.040531][ T5113] kasan_save_track+0x3f/0x80 [ 150.045221][ T5113] __kasan_slab_alloc+0x66/0x80 [ 150.050080][ T5113] kmem_cache_alloc_noprof+0x135/0x2a0 [ 150.055549][ T5113] skb_clone+0x20c/0x390 [ 150.059812][ T5113] hci_cmd_work+0x29e/0x670 [ 150.064326][ T5113] process_scheduled_works+0xa2c/0x1830 [ 150.069881][ T5113] worker_thread+0x86d/0xd70 [ 150.074482][ T5113] kthread+0x2f0/0x390 [ 150.078557][ T5113] ret_from_fork+0x4b/0x80 [ 150.082981][ T5113] ret_from_fork_asm+0x1a/0x30 [ 150.087758][ T5113] [ 150.090086][ T5113] Freed by task 8717: [ 150.094063][ T5113] kasan_save_track+0x3f/0x80 [ 150.098749][ T5113] kasan_save_free_info+0x40/0x50 [ 150.103785][ T5113] poison_slab_object+0xe0/0x150 [ 150.108731][ T5113] __kasan_slab_free+0x37/0x60 [ 150.113516][ T5113] kmem_cache_free+0x145/0x350 [ 150.118301][ T5113] __hci_req_sync+0x62f/0x950 [ 150.122998][ T5113] hci_req_sync+0xa9/0xd0 [ 150.127349][ T5113] hci_dev_cmd+0x4c5/0xa50 [ 150.131779][ T5113] sock_do_ioctl+0x158/0x460 [ 150.136391][ T5113] sock_ioctl+0x629/0x8e0 [ 150.140740][ T5113] __se_sys_ioctl+0xfc/0x170 [ 150.145349][ T5113] do_syscall_64+0xf3/0x230 [ 150.149868][ T5113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.155782][ T5113] [ 150.156726][ T8717] chnl_net:caif_netlink_parms(): no params data found [ 150.158098][ T5113] The buggy address belongs to the object at ffff8880629a4c80 [ 150.158098][ T5113] which belongs to the cache skbuff_head_cache of size 240 [ 150.179443][ T5113] The buggy address is located 0 bytes inside of [ 150.179443][ T5113] 240-byte region [ffff8880629a4c80, ffff8880629a4d70) [ 150.192563][ T5113] [ 150.194892][ T5113] The buggy address belongs to the physical page: [ 150.201321][ T5113] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x629a4 [ 150.210099][ T5113] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 150.217672][ T5113] page_type: 0xffffefff(slab) [ 150.222363][ T5113] raw: 00fff00000000000 ffff888018ae0780 0000000000000000 dead000000000001 [ 150.230964][ T5113] raw: 0000000000000000 00000000800c000c 00000001ffffefff 0000000000000000 [ 150.239556][ T5113] page dumped because: kasan: bad access detected [ 150.245989][ T5113] page_owner tracks the page as allocated [ 150.251714][ T5113] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 6501, tgid 6497 (syz-executor.4), ts 91114943059, free_ts 81344197669 [ 150.272576][ T5113] post_alloc_hook+0x1f3/0x230 [ 150.277368][ T5113] get_page_from_freelist+0x2e43/0x2f00 [ 150.282937][ T5113] __alloc_pages_noprof+0x256/0x6c0 [ 150.288157][ T5113] alloc_slab_page+0x5f/0x120 [ 150.292843][ T5113] allocate_slab+0x5a/0x2f0 [ 150.297355][ T5113] ___slab_alloc+0xcd1/0x14b0 [ 150.302038][ T5113] kmem_cache_alloc_bulk_noprof+0x202/0x770 [ 150.307937][ T5113] bpf_test_run_xdp_live+0x1774/0x1e60 [ 150.313407][ T5113] bpf_prog_test_run_xdp+0x80e/0x11b0 [ 150.318788][ T5113] bpf_prog_test_run+0x33a/0x3b0 [ 150.323729][ T5113] __sys_bpf+0x48d/0x810 [ 150.327979][ T5113] __x64_sys_bpf+0x7c/0x90 [ 150.332406][ T5113] do_syscall_64+0xf3/0x230 [ 150.336922][ T5113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.342829][ T5113] page last free pid 6109 tgid 6109 stack trace: [ 150.349163][ T5113] free_unref_page+0xd22/0xea0 [ 150.353938][ T5113] __put_partials+0xeb/0x130 [ 150.358539][ T5113] put_cpu_partial+0x17c/0x250 [ 150.363309][ T5113] __slab_free+0x2ea/0x3d0 [ 150.367734][ T5113] qlist_free_all+0x9e/0x140 [ 150.372334][ T5113] kasan_quarantine_reduce+0x14f/0x170 [ 150.377803][ T5113] __kasan_slab_alloc+0x23/0x80 [ 150.382671][ T5113] kmem_cache_alloc_noprof+0x135/0x2a0 [ 150.388157][ T5113] getname_flags+0xbd/0x4f0 [ 150.392678][ T5113] __x64_sys_symlinkat+0x7c/0xb0 [ 150.397632][ T5113] do_syscall_64+0xf3/0x230 [ 150.402154][ T5113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.408064][ T5113] [ 150.410387][ T5113] Memory state around the buggy address: [ 150.416016][ T5113] ffff8880629a4b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 150.424082][ T5113] ffff8880629a4c00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 150.432155][ T5113] >ffff8880629a4c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 150.440221][ T5113] ^ [ 150.444290][ T5113] ffff8880629a4d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 150.452361][ T5113] ffff8880629a4d80: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 150.460424][ T5113] ================================================================== 2024/06/20 11:27:58 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 150.504537][ T5113] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 150.511763][ T5113] CPU: 1 PID: 5113 Comm: kworker/u9:3 Not tainted 6.10.0-rc3-syzkaller-00163-g8851346912a1 #0 [ 150.522019][ T5113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 150.532091][ T5113] Workqueue: hci3 hci_rx_work [ 150.536801][ T5113] Call Trace: [ 150.540085][ T5113] <TASK> [ 150.543018][ T5113] dump_stack_lvl+0x241/0x360 [ 150.547715][ T5113] ? __pfx_dump_stack_lvl+0x10/0x10 [ 150.552935][ T5113] ? __pfx__printk+0x10/0x10 [ 150.557541][ T5113] ? preempt_schedule+0xe1/0xf0 [ 150.562490][ T5113] ? vscnprintf+0x5d/0x90 [ 150.566837][ T5113] panic+0x349/0x860 [ 150.570748][ T5113] ? check_panic_on_warn+0x21/0xb0 [ 150.575875][ T5113] ? __pfx_panic+0x10/0x10 [ 150.580309][ T5113] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 150.586307][ T5113] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 150.592632][ T5113] ? print_report+0x502/0x550 [ 150.597305][ T5113] check_panic_on_warn+0x86/0xb0 [ 150.602244][ T5113] ? hci_req_sync_complete+0xe7/0x290 [ 150.607609][ T5113] end_report+0x77/0x160 [ 150.611841][ T5113] kasan_report_invalid_free+0x12a/0x140 [ 150.617466][ T5113] ? hci_req_sync_complete+0xe7/0x290 [ 150.622831][ T5113] ? hci_req_sync_complete+0xe7/0x290 [ 150.628194][ T5113] poison_slab_object+0xf4/0x150 [ 150.633125][ T5113] ? hci_req_sync_complete+0xe7/0x290 [ 150.638750][ T5113] __kasan_slab_free+0x37/0x60 [ 150.643500][ T5113] kmem_cache_free+0x145/0x350 [ 150.648252][ T5113] hci_req_sync_complete+0xe7/0x290 [ 150.653448][ T5113] hci_event_packet+0xc71/0x1540 [ 150.658380][ T5113] ? __pfx_hci_cmd_complete_evt+0x10/0x10 [ 150.664098][ T5113] ? __pfx_hci_event_packet+0x10/0x10 [ 150.669462][ T5113] ? do_raw_spin_unlock+0x13c/0x8b0 [ 150.674652][ T5113] ? __pfx_hci_req_sync_complete+0x10/0x10 [ 150.680452][ T5113] ? hci_send_to_monitor+0xd8/0x7f0 [ 150.685648][ T5113] ? kcov_remote_start+0x9e/0x7e0 [ 150.690672][ T5113] hci_rx_work+0x3e8/0xca0 [ 150.695103][ T5113] ? process_scheduled_works+0x945/0x1830 [ 150.700816][ T5113] process_scheduled_works+0xa2c/0x1830 [ 150.706364][ T5113] ? __pfx_process_scheduled_works+0x10/0x10 [ 150.712334][ T5113] ? assign_work+0x364/0x3d0 [ 150.716911][ T5113] worker_thread+0x86d/0xd70 [ 150.721494][ T5113] ? __kthread_parkme+0x169/0x1d0 [ 150.726511][ T5113] ? __pfx_worker_thread+0x10/0x10 [ 150.731611][ T5113] kthread+0x2f0/0x390 [ 150.735686][ T5113] ? __pfx_worker_thread+0x10/0x10 [ 150.740788][ T5113] ? __pfx_kthread+0x10/0x10 [ 150.745370][ T5113] ret_from_fork+0x4b/0x80 [ 150.749777][ T5113] ? __pfx_kthread+0x10/0x10 [ 150.754367][ T5113] ret_from_fork_asm+0x1a/0x30 [ 150.759219][ T5113] </TASK> [ 150.762486][ T5113] Kernel Offset: disabled [ 150.766800][ T5113] Rebooting in 86400 seconds..