last executing test programs:

3.33645274s ago: executing program 1 (id=2853):
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xfffffffe, 0x7fe2, 0x1}, 0x48)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r1, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000003c0)='dctcp-reno\x00', 0xb)
getsockopt$inet_mreqn(r1, 0x11c, 0x0, 0x0, 0x0)
setsockopt$inet_mtu(r1, 0x0, 0xa, 0x0, 0x0)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r0, &(0x7f0000000380), 0x20000000}, 0x20)
syz_emit_ethernet(0x46, &(0x7f00000000c0)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000210", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x2, 0x0, 0x0, 0x0, 0x0, 0x9}}}}}}, 0x0)
bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000000)={r0, &(0x7f0000000180), 0x0}, 0x20)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f0000000ac0)=ANY=[@ANYBLOB="850000002e0000003500000000000000850000002a000000950000000000000003000000271e3503200ffa95a2c8c037c5a142dfa8d76287066c5197fabd5f9810e81af8b737129a9934d839cd34d5aeed8d38e65cb6e22ff5dde54704d255a2350ea7c09c4f42a5f0a8320e12822c45c0f8612c10b1000000270140761f5c26e991c9b5fb1fb3d3712c7e93363af3166a32d95455bb755a2dd576099d17104f860c4867a7b6393e366c6386d5ec7209d031f40f3012e9576e51a7f550afc852003bf3e4195cc037102124d85cece74c6949e129890152213c8b2759a07e6d067a97f5fe47fe5f17fdab800f4104dbaba46aa43a8a5b1e5c6d1d224f64be6cdf78d81caf8b60d00ffd43a37ac34d7f47ef04eb7e293344cd575c2236826578a653b4a146f9aa4a9779f8555eaea768c0f2c221c110ef4b253d110ee27882388780d928cf95846be6277c043725cdb8c5324812696a623cd8a4f8dc8d00000000000052087b5efabf8496b9a951667d510ba0e37b56c0ebfafda342682fb98c1452b6512d2af72744419af53e5309ec91d83cf4fbd775d9c07d8d591a4dac60ff000000b78863e629b3b200000000000000000000000000000000000000cbc100003174c87ee545867a3126af7a8b20744e00000000000000000000000000000000ca4737fed0fa81f29ad592a24d6d9334b3e9cafc9cb05c1dcfe37d9a0a66bf8d0a4a585734b3ca74013efb27474cc4d47b51d5d0fbe88af5e6d638394b9e69cbbd2e63e0ffc04c115171e5d40f6dbd667eb94c8041a516a45efe30e50624cb9696df98b0f072df716c466cfc268e8b9e7aa0e222780209da656c8a657d3acec98a79d358db8398c8358cd009d6920d84a59ff9f529fb3f28cf8e5ea6f7acfde54573b9ae57f2b7dcd922d0a1f4150ddb16d325be630f0ced0acc1b281ced175b17c74d0e3e0dc8a467384b510be02b3f65809243a73fc55530bd59c8cbcd3fe06608d8608298652b9a5df012ffb9f6c4255552f23761ef4b8cf70300000000000000038b64a8eaf58a3ab1ba7076c4d1a91a323a1a5d2ef14242a25db2b058155b8d0c2b55a1abe68571290c840c7cfe1589c9395c4a18d032c9cdfb442965d39bcd0802000000000000f693a36350002593fae312bef86194ddf640c4e8b8a44ef8281c2c99b21e02e38837f6fb3a571be399d8cb323c6bfdc8525636ef4ccdf25844e0b0a38d54a42f4b35d2e036eb462f53eb3a828f49eadf42a436250830a5ebc3554ee69df02a0400b4d4c471061da1fce12a2499bd6a20493798043b0f6141c7cc20374302ada4b4bfeb6ab656facee346b48f4a5dbb1e0a05b7f1ba3e1caa02081492d400320a53763f0a73999184693b0790ceca57d279e2b44ac32ac23f7d2a1d3c8d57a03b91a45276757fbde7f42cb68e8c6bc40642000000004764688856ab2ebd425c7045827a0addb640cda1e09ae1c8c1080f5766e91853bee772245404a68fa1f56ed6654f49f5aa3cdcea075f6a3e7aa7b6b9fd51fc511d646c611c621e90b87b9f8ce8b5029546f7bf0170635d33b726ae28cb7186459349ab00bbbf460132ba1161adb73a44e599ea8957390e390ce20888e9b1aa190a68cffeb0b2a6bbc5d80154d71b9101aa061013b908e4181360eb30da544f1bd26d4cb9f9bd764b6e63b2acf56167805b27adba7c046954b36f65670eb2023f3b6b7862241303b4ab4903510df3289b482cfd20808e0c37af4cb04a41e7a0c1b378722aab678a35b67f2abc557b914498c563ca1f05bed23425f9275938cac4425b23b739597bad91d0f7c8ef5bebd70ea59ae640d3bd7aa7afaafaea0b0ccf3d55575f031026e12fa418c8a1d75290596808bc11ce8a5b0a266ecfb7f346e645f82dcdd0db762abbbf0dfc4a35bfca44ff2750639840b3f09014788fb13e4616987eb84ed9870e5f8fa0bbf61d3ee5cd2c790f1269514e63dd4a964c2e8b0a98a15aa4e8e77837a2d9dcac69baf73d18a8470a40666edbb4ae6f8f5c723fc9b65e6115f78c457fbfb88f5c5e2c5442d822b83de644bb8327f2d22191ec4a4a1e620ee4579d32c2d62b3bad98a8e23c8d71d95d98d81703e272a0b38c060000004864aded440148349f47e79efb5e50362309aac10e6b6cb6e3d33241519a30ceb75bcf5438105e6b5bee641708d54f07ef6ecf7fe08e39547c9527a5f5d500cfac299a"], &(0x7f0000000140)='GPL\x00', 0x0, 0xe0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffc1a}, 0x15)
socketpair(0x23, 0x800, 0xffffffff, &(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000240)={<r6=>0x0, 0x25, "c4bd014dde8dbefdb9f5eee6db68148d770213ec31e4e8117ebf98ef4ccf35d1350ee6e724"}, &(0x7f0000000080)=0x2d)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r7, 0x29, 0x36, &(0x7f0000000580)=ANY=[@ANYRES16=r2, @ANYRES32=r1, @ANYBLOB, @ANYRESHEX=r5, @ANYRES16=r6, @ANYRESHEX=r1, @ANYRES8, @ANYBLOB='$M\x00\x00'], 0x8)
sendto$inet6(r7, &(0x7f0000000000)="01028000", 0x4, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4, &(0x7f0000000040)=0x4, 0x4)
setsockopt$inet6_int(r7, 0x29, 0x3, &(0x7f0000000140)=0x10001, 0x4)
socket$inet6(0xa, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f0000000100)={r6, 0xfe00}, 0x8)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r3, 0xfffff000, 0x31, 0x0, &(0x7f00000000c0)="61df712bc884fed5722780b6c2a7", 0x0, 0x8000}, 0x28)

2.940832757s ago: executing program 1 (id=2858):
unshare(0x68060200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x8031, 0xffffffffffffffff, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x108)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="900000001000370400"/20, @ANYRES32=0x0, @ANYBLOB="8b04040000000000700012800b00010067656e6576650000600002800500040001000000140007"], 0x90}}, 0x0)

2.41291209s ago: executing program 4 (id=2868):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
close(r0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000080)=0x400000001, 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0x22, &(0x7f0000356000)=0x1, 0x4)
connect$inet6(r1, &(0x7f0000000340)={0xa, 0x0, 0x0, @empty}, 0x1c)
sendmmsg(r1, &(0x7f00000002c0)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000300)=';', 0x1}], 0x1}}], 0x1, 0x2400005c)

2.224080203s ago: executing program 4 (id=2870):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x4000000000080002, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
bind$packet(r1, &(0x7f0000000d00)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @dev}, 0x14)
recvmsg$unix(r1, &(0x7f0000000340)={&(0x7f00000002c0)=@abs, 0x6e, &(0x7f0000000200)=[{&(0x7f0000000440)=""/121, 0x79}, {&(0x7f0000000080)=""/57, 0x39}], 0x2, &(0x7f00000004c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r4=>0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x140}, 0x12120)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_FSSETXATTR(r5, 0x401c5820, &(0x7f0000000140)={0x20})
write$cgroup_int(r5, &(0x7f0000000040), 0xfea0)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000600)='ext4_es_find_extent_range_exit\x00', r6}, 0x10)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_cpus\x00', 0x275a, 0x0)
write$cgroup_int(r7, &(0x7f0000000380), 0x101bf)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000780)={0x5, &(0x7f0000000740)=[{0x3f, 0x1, 0x81}, {0xbc22, 0x9, 0x0, 0x9}, {0x1, 0x80, 0x4, 0x589b}, {0x7, 0x7, 0x5, 0x1}, {0x7f, 0x9, 0x8, 0x7fc0}]}, 0x10)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c)
ioctl$EXT4_IOC_MOVE_EXT(r7, 0xc028660f, &(0x7f0000000000)={0x2880008, r5})
write$tun(r5, &(0x7f0000000640)=ANY=[], 0x161)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
write$binfmt_misc(r8, &(0x7f0000000000)=ANY=[], 0xfffffecc)
sendmsg$AUDIT_TTY_SET(r8, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x18, 0x3f9, 0x2, 0x70bd2c, 0x25dfdbfd, {0x0, 0x1}, ["", "", "", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x4000000}, 0x10)
socket$packet(0x11, 0x3, 0x300)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1)

1.434047238s ago: executing program 1 (id=2878):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c00000011000000000000000000000007000000fa75a8", @ANYRES32=0x0, @ANYBLOB="00000000000000000c001a80080005"], 0x2c}}, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4)
recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000000)=0x7f, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

1.378391504s ago: executing program 0 (id=2880):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x4, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000dd0a000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0x8}, 0x90)
sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x3a)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r2, &(0x7f0000000080)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00('], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=@newqdisc={0x3c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x4}, @TCA_RATE={0x6}, @TCA_EGRESS_BLOCK={0x8}]}, 0x3c}}, 0x0)
pipe(&(0x7f0000000280))
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="18010000210000000000000000"], &(0x7f0000000000)='GPL\x00'}, 0x90)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r4, 0x107, 0x16, &(0x7f00000000c0)={0x0, 0x0}, 0x10)
close(r4)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0xfff9, @none}, 0xe)
sendmmsg$inet6(r0, &(0x7f0000000800)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f00000002c0)=[{0x0}], 0x1, &(0x7f0000000380)=[@hoplimit_2292={{0x14}}], 0x18}}], 0x1, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
socket$nl_xfrm(0x10, 0x3, 0x6)
pipe(&(0x7f0000001780)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001c80)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = gettid()
r10 = gettid()
sendmsg$unix(r8, &(0x7f0000001fc0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001e80)=[@cred={{0x1c, 0x1, 0x2, {r9, 0x0, 0xee00}}}, @rights={{0x14, 0x1, 0x1, [r7]}}, @rights={{0x14, 0x1, 0x1, [r6]}}, @cred={{0x1c, 0x1, 0x2, {r10}}}], 0x70}, 0x0)

1.286852365s ago: executing program 2 (id=2881):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r0, 0x89fb, &(0x7f0000000180)={'sit0\x00', &(0x7f0000000080)={@private0, @loopback, 0xf, 0x20}})

1.219567343s ago: executing program 1 (id=2882):
r0 = socket$inet6(0xa, 0x80803, 0x88)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000340)={'syztnl2\x00', &(0x7f00000002c0)={'syztnl1\x00', <r2=>0x0, 0x29, 0x0, 0x4, 0x0, 0x2a, @remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0xc2f, 0x9}})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000400)={'syztnl1\x00', 0x0})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000440)={'ip_vti0\x00', &(0x7f00000005c0)={'erspan0\x00', <r3=>0x0, 0x7800, 0x700, 0x94d, 0x80000001, {{0x1a, 0x4, 0x2, 0x5, 0x68, 0x64, 0x0, 0x0, 0x29, 0x0, @loopback, @multicast2, {[@ssrr={0x89, 0xb, 0x83, [@local, @empty]}, @timestamp_prespec={0x44, 0xc, 0x21, 0x3, 0x5, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x9}]}, @timestamp={0x44, 0x8, 0x20, 0x0, 0x3, [0x0]}, @timestamp={0x44, 0x14, 0xa1, 0x0, 0x1, [0x7f, 0x9, 0x0, 0x4]}, @rr={0x7, 0x1b, 0x0, [@rand_addr=0x64010100, @multicast1, @dev={0xac, 0x14, 0x14, 0x24}, @loopback, @remote, @multicast1]}, @ra={0x94, 0x4, 0x1}]}}}}})
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_INITIAL_QUANTUM={0x8}, @TCA_FQ_QUANTUM={0x8}]}}]}, 0x40}}, 0x0)
r7 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00', <r8=>0x0})
sendto$packet(r7, 0x0, 0x0, 0x10040050, &(0x7f0000000100)={0x11, 0x9, r8, 0x1, 0x2, 0x6, @broadcast}, 0x14)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000980)={&(0x7f0000000740)=ANY=[@ANYBLOB='\x00\x00 \x00', @ANYRES16=0x0, @ANYBLOB="00022bbd7000fedbdf250400000074000180140002006970766c616e3000000000000000000014000200766972745f776966693000000000000008000100", @ANYRES32=0x0, @ANYBLOB="140002006970365f767469300000000000000000140002007465616d5f736c6176655f30000000000800030003000000080003000000000008000100", @ANYRESDEC, @ANYBLOB="1c00018008000100", @ANYRES32=0x0, @ANYBLOB="080003000200000008000100", @ANYRES32=0x0, @ANYBLOB="3c0001801400020076657468315f766c616e000000000000080003006698b8801400020076657468315f746f5f6261746164760008000100", @ANYRES32, @ANYBLOB="640001801400020064756d6d79300000000000000000000008000100", @ANYRES32, @ANYBLOB="140002007663616e3000000000000000000000001400020067656e6576653000000000000000000008000100", @ANYRES32=r2, @ANYBLOB="1400020076657468305f766c616e00000000000040000180140002000000000000000000000000000000000008000100", @ANYRES32, @ANYBLOB="08000300010000000800030001000000080003000300000008000100", @ANYRES32=0x0, @ANYBLOB="2c000180080003000000000008000100", @ANYRES32=r3, @ANYBLOB="0800030002000000080003000200000008000100", @ANYRES32=r6, @ANYBLOB="5c00018008000100", @ANYRES32=r8, @ANYBLOB="1400020067726574617030000000000000000000080003000200000014000200697036746e6c30000000000000000000080003000200000008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRESDEC, @ANYBLOB], 0x20c}, 0x1, 0x0, 0x0, 0x1}, 0x800)

1.209282959s ago: executing program 4 (id=2883):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x34, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY={0xc, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x34}}, 0x0)

1.097732745s ago: executing program 0 (id=2884):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)={0x28, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_FRAME_COUNTER={0x8}]}, 0x28}}, 0x0)

1.057050988s ago: executing program 2 (id=2885):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1)
sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x80, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_COOKIE={0xc}, @NL80211_ATTR_COOKIE={0xc}, @NL80211_ATTR_COOKIE={0xc}, @NL80211_ATTR_COOKIE={0xc}, @NL80211_ATTR_COOKIE={0xc}, @NL80211_ATTR_COOKIE={0xc}, @NL80211_ATTR_COOKIE={0xc}, @NL80211_ATTR_COOKIE={0xc}]}, 0x80}}, 0x0)

1.02716322s ago: executing program 3 (id=2886):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_NF_CALL_IPTABLES={0x5, 0x24, 0x1}]}}}]}, 0x3c}}, 0x0)

966.432461ms ago: executing program 4 (id=2887):
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={<r0=>0x0, <r1=>0x0})
ppoll(&(0x7f0000000100)=[{r1, 0x80}], 0x1, 0x0, 0x0, 0x0)
close(r0)

945.268597ms ago: executing program 1 (id=2888):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x40000000000f9)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)="01", 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
bind$can_raw(0xffffffffffffffff, 0x0, 0x0)

904.727113ms ago: executing program 0 (id=2889):
socket$nl_crypto(0x10, 0x3, 0x15)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r3 = accept(r0, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0)
close(r2)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000780)='cpuset.effective_cpus\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

856.672327ms ago: executing program 3 (id=2890):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r1, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32)
connect$pppl2tp(r0, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x1, 0x3}}, 0x26)
getsockopt$bt_BT_SECURITY(r0, 0x111, 0x3, 0x0, 0x20000000)

762.202218ms ago: executing program 4 (id=2891):
socket(0x10, 0x803, 0x0)
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x10, &(0x7f0000000f80)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00', r3}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000ac0)={{r2}, &(0x7f0000000a40), &(0x7f0000000a80)='%ps    \x00'}, 0x20)
setsockopt$sock_int(r0, 0x1, 0x3e, &(0x7f00000000c0)=0x7, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000002fc0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001380)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_TABLE={0x8}]}, 0x24}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vlan1\x00'})
socket$rxrpc(0x21, 0x2, 0xa)
r5 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_INIT(r5, 0x29, 0xc8, &(0x7f0000000340), 0x4)
setsockopt$MRT6_ADD_MIF(r5, 0x29, 0xca, &(0x7f0000000000)={0x0, 0x1}, 0xc)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x0, 0x2, 0x3, 0x0, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r6}, 0x38)
close(r5)

713.161486ms ago: executing program 1 (id=2892):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x7)
sendmmsg$alg(r0, &(0x7f0000000d40)=[{0x20000000, 0xff00, 0x0, 0x0, &(0x7f0000000140)=[@assoc={0x18, 0x29, 0x34}], 0x18}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
socket$alg(0x26, 0x5, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1d, 0x8, 0x9, 0x9, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x0, 0xfffffffd}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newtaction={0x4c, 0x1e, 0x109, 0x0, 0x0, {}, [{0x38, 0x1, [@m_mirred={0x34, 0x0, 0x0, 0x0, {{0xb, 0x9}, {0x4, 0xe}, {0x6, 0x6, "6ed0"}, {0xc}, {0xc, 0x8, {0x1}}}}]}]}, 0x4c}, 0x1, 0x2b1e}, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x1106, &(0x7f0000000d00)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6007000010d03aff00000000000000000000000000000001ff0200000000000000000000000000010401907800000004681fe6f8000416ff00000000000000000000000000000000ff0100000000000000000000000000010002040102000000fe8000000000000000000000000000aa1d020000000000000001000108000000000000000004013f0001000101000000620b000000000000000100c910fe88000000000000000000000000010105020001c204000000040738000000000c0937060080ffffffffffff7f00000000000000ffff00000000000004000000000000000000000000000000010000000000000000010000000000b2d27ca7f94cc4b4c1704b8f68b6b15a4b5a0855fd3e4169ba5212963c69bdd1a901423ae4c116c276f57e2adce0d682e86384ad6b3fb136fe1a3903be81858cfcfd7f7a4b6fa9e3a3a5dd41b8f9914fe7ebdaf7fe9f9ea728a0f929278af0a0c8bb576b35524feb717a808f448c4d5f2f3bd4e8aa0287d60b84419143f164aeb50916a77f02abc910b33f16653166be7d55b6113647fdf1b9c269be97a2f88322ab59b63b36c01f6c3235d314391bb4bc17944c8350eb36a43df02a06e5a57030cd5e41f25ede9e0668ddf70db1a5fd6b78bca995f37342ac4df50149a8b93a037c41ca3c1c17e9894f09aa6a6371c691e54a204c697f6e1b781efd15df6528ff0f7490d229e60ca251c404f692c902f79f067198e2067360f93528cc675698f40ab3bfddc2b655a39e5e5f261ec3cb935a53da7c7afa87f72e59093b5f25593d0de1b4c41a57bfbc05dd79eb384eed442e7bed67e74ae91916f8ca72110b5a860999734853d8463512a6ca340f7c52a94625a3f32c7ee52cdb4a37bb9d3249b035c4cb40402c2f97e93061773c9aa802a55b545606c36bd0ca82c3334e5173c27f3e06d7e4b3ea722a8567dcbd6d08586ca4e5f109ff88834e5308c46e79e5827f907c857a9a9941f769c9d49232c12c341bf182c2c579eea403e3d322133b0d739e91b243a12c023e8f70d2ef52dcbd38b1bb9b2e3edfa1e6e8548a3ee77211d73dcc6d0524a922d4af127c926f0c781a527d3cb29e41a035be66d8baf81131fda37436b190718171d35d13c620f9ff5ce24d7ed46c651adfb253f89a4e4b50c55301df1b480385753d510b07338fb927cd8c9fe09c270b5722a13b430b00c0c0d5743a2b9b0b5965a66181236b56b58e5f97b289bc939848a8e233f2e12554ec810a6509eff5daaa06271791201bac35e2300bf1772b4ad0edeee3fdc897a58120a6c3ffea6711ad0b3abdc49d385e9d773da5768bdb8a6b53adf2cd5d36c3b0d7da3741f5710203dd979512cda92156673b7e0d51a51d8388adba3840e7ca42dc9bf32d8cd52c2dbb68143ae19090c385d4d8b0345bef6cfd2613ca72758716eeecf15b4eab11d7bafd8ea5f3a489a623c01d583bc8e713ffb6f821029fd9d75c45db1b50a5aa7d2dcc187eb76489eea63867aaf33dbf76731d06cd00237641261f6a95bef5b423891cb66961e0319be59f6a5e89637ca3735331712f329e2db7a0b685ed3e78cf5b1834054502a0c6326e57419ffc058e8d72c8d7bc6061694e3d5969df6031f6a8ce00f7be7480a7c6fd855f91e62434b441873dea5e298eeaa74b63b13431284ad92731ea0cc5216e878e0de8047e0a787d4cc91f2341f811bf917ebcc1ee303588bd6e20067ce853cb06b526214d4d3b9835c75b7edee522a87bab3de88f4ee4ffe954e0438c269732a2b7995c9faef1eeb666ada410cfc95cb88c9aa78575d3dae380d2cbe22cfbdff6f1e4d1f964df7e6b088a75241922a93bb8f27dbf51dcd3482ae32fd4f5c9de08a0943f49ae6001ee2bb9c5d8277f597c09d7f67c4ee6450c59a9be5c27fcc14da9745fdb9c78135b9edb72b76e6853a48f08ac372bb6f0e5a07da84df1abf45354c78d74373634d32d1677ff433a6820e7b2206ed9eca138e9d0bbbd43b6cc12c5cef940e349a0694f430f3ad3a8a619cd63175c6186bf49bacca385f71a8987e78abc8b53ca851c3232aacd9b95a9b229194169246bf9a1b820d4b2a18fc3494e11540a9613697a9e9474f3fdf3b9d5f6ab01cc5375532a56e208b3c1162e9af3d787b97c3cc8fdb2ec86c4adcc5a318c1eaa0aaae9afb2539e0c41870c6fd244672512d822c6a741b6957bb9063221eb62e6d5d6fc759039b2abcc8c54a1b68c5d100047ff960c8912ae71b090bd0c9476c16d0416753bd0bc4a895dfc5809b164c6637974fa107fce31d44a14ed1d9b548637959906b84e426519db2f85acdf57efbf36e1af12e8405780aa36860fa4f9720aa2034eb28b919f66a67ca21214247296e1f6f26e390c47fce4622062d0bb821dc9000009ca3074aa1f731304a330dfbbcfb5b73078ed6ad13d98d00f7425038ce66cfe8a6234d271ff09edea52261ecff69734d05d18813e01dee82d29ae424bb26513603913151cb9fb781866dccf358094fc9014b40c969d6961914b2708b0035563f9e8beb1a733345b6819909db482283578d277e00453469eed8e0655564860df34c748337ecf850de8470caf34116f323cebb89091ee34d04df374ed5ee547e9ebedcc9fd409e33274a5f1156f5ff2cddbe874cc1953bab5e4a458e93b3753587ae24ab05dcf2a0adf016d4deb1714050e43c4677e3c856a3d9e5c17409b0a2adaf517144d49893e27a4e343206ba3f17a6c506ac7e6fff8abea0ba1c07d27024b18f8686ef9a5b0c9d730971e96dd5b9ee53de8e3127317a20c4f680a72c09b58ae213b5b7c31eb25d6019a3ac31a3f2ca1da3415ab682ad49d7295f8bc98d01da119d5c5f4cef0aefb22ee269452ce63a4484de9c55f14467b7d3930bb3fdeb75db83a03b027f0481c08b25b7a8972962b938b4d3ddde784825bfac1207bcaed98a72981941690ecffe310ec69b2db7dc93c3b3172885a039348d803a96499881ff36c52a81dcec3247b2e699aad449bd773914ca16414bf934ffcc0590ea52179f4b55326c28dfa4cc96bc25dfdfb9a3178c66a63024bf641e84324e88ca53fc0ef90f3d3de3bf69bae5d5f3f3216b3eca489c4dd0695d39d65514737e1dfc237b6d9c8c43f09a910b06e1a357737811a49ccb383e6c34c1d5e672db89c96aae14a56c312981ff7fafc0f9fec21d2839805a1e59203418f1e480c3d3d11cdcbbe4041db924d7b3ef90f0976eeaf060a2ae816b9271530c1697d40b826955c999318f36d5cd864b7775a3909e6737057a5c88a779b8136656e209499c87914d5cbfd048b572ac839aba12bf159544c280619e52b607c44b99a412ec2517d131490de58f52ceaa1c0e0637e5998a6f5ae3d2b8a0abb09ae1aea2d2b31bffea62d59891bc480fccd2e5030047ee98e86779859f9099ac4b01b00a220b4223d32c2e264f696ef70eb9302f11c54931ac891f851807f27a42b2f6b880c42a7281d037f8c7992a7107b3ac5b3d5b03a04bcc73603d02d837924ad01faeca56e8ef219cccaa79cde8dc6c4b96b4a7e42beabd96e48c992497dd6be54123caba917fbc89aac52eb6ed12ae573626977e12f8c3a1b280827da8af965499ad0869ef1fb1f0293570f5fd8de08f2019cd695813441d77cfb05e0737b7107df65abc981cb1e78e02406a886a60c66095b57b408a5b5b0ff13aff381ff65ab4099e7892972ed41dcded9f9512b3fdb8967c21520e1b75ddec71d5440311c3e19943998765d5367772f3a31ac52cb229d89a6bb3295d2c0e5d658a167814f894af224fab37c1e1ec2db8d202ab1b0fe118e8a66febafbff1d95681e49747fdcdbf4c6b92ca2e88564a4289cf66750aa99f2a7f0ecc3f47611d81bf6bcd00f8ac1732ebee02536bcec57f6ef107370766dbc4aa26928239293350b9f298407adfd8f320be7fd6cc8fe3c9d718473716cb1727cddbfcae76c237130f203a5c84bc4a9a058c0f1c3f1f5f1cc66e3340a15b7b505fed5731569ce46daf62324fc67592e55722b2b168c2e3f0e9e006b756d167f52cc9b0463241ac5b60aea16c5557346996981d363f6f1daa6fd6ebff975b4b7879690349cd6579606ee2a1295bd1c418e5871ba75d0504b23f6b9f8a87778237aad09cd021bf1eecbbc6711c0ecb6365120cf0760d0c4702e836aa12df0b43c4b7847dc823803ed3c0a64e44cf12cd3e0077a124bda5712c253bf0a54e25a348d6cafdae0140f6e60324b11527dd6cbb1a697191d7d91d55917c3eb203f8e405dbd4458be90b6f5f2bba02c74139721de87d42c0a888929247c8bbd86f9c951224dd379f5be498864419cb3dffa79f419a5fac24a74e5b519416d3e6a7b2174e4a4158728c7c12274458a903604025d2493f0ef40e0116b2468bce7de67b1d870131e05995e55c1898b74bebf87aac22869c7639e107606348834d08927bfea27c8f5bcef8cfe18b531f7d30994453b557991af362f2d67f6decd32049659f2d70f8cb391f1cb562c97712a0088dd23ecfb782745e33ff89751627478ca470eeb59c685b760e37363af82cf4c6e899cc575eb341d5f16dde68d36a3c0d559efe801e9317029a175670384dc496e7694cd03c9024157434a9f0c841633f0067d86e33b69d90254ea77c19913746b32b23b10396377806c43151d6c502b85a22187dd42d02b281ef2486ef00a9962ed900b4ff0bcfe5a63711a5aa9ed5e78ec21e40569ef395b4d00acd5117cc92cee5032c4ca4c44141eb81284b9fb07a3c04cff8ebc1482d3151c0a4eecc494dbf6e3e358108bcd989bf2320dffe62b71fa269fe734afd0c181a7f8382dfc1b4dd15f43e7bab8ade47dcb7f996501e9c04a4b392beca7190576085d1903c9995ec4ae65033aa23fbf31daf42c03e698170730ef8800dc4b60a9f502826828caeb10e0776c2d297ca93b8a71d16f7b450125113255a9880a75f51dcc10a0cb60dc17e7485abb5e01c075c56b20fb2d53c191f141d6d0cc1d33460e06071e4503ea27589d56eb9c399d73826de162c60329a77d2b82ecbc9b7b6da84e7901b8425858832801f08eaa833ae045077845edf3977bfcba2ad0d00ec8c3a4656cfb6b34439dc77c1f866dcb31a61870c032bc576d4b0d761d88ddfa091074b3b02d0f9ec59fd3d4bac69c0bfc3a98950b73bd5e2d1930b7d106491616ff34cec1dee0a56513cc9aaa7e23b6779ae8657698783cc1b604596fe27f6e07f2110a2a9c06eb1e6edf291b2c872a709b711a01e1314a3735c18308d4019481ba6569ebc36e43d92f9ab7eb9eecc266dd7d3752f14f89d638a96d281cb67ac2f0bb68a578108b3c7b8ac405dfb838ddecfc9943a561baceeff7d40d4d4fcd17a25ddd4bfbb531e47eecbafd16af5c2bde60697b960f4af912b263dca3fc1d11d632f0b1af348cc56df217b70a1cb2585436841dc18e9c474184123360b84cf8a1e3cae4c2b46487647ec6bc6c27145868d0287c9fec72b1ca8103e5f989c1b6a968b283359dee0aa95c47da9408493e1f2de004dbb2b1bf4c7d16a4e5eebafd45a889a0a4d6abef39682073cf61ad88315addbc1f57ccc64a193589e3da70b72370f9e240c5668cf47bcea6b4f79e271a76ca053240c7371dfc9b3e9d009d467be95dde96bd282e1b8dd20ed56d9c87b3c7654f1734686a7917ce67bc606e695e15ab346d3f21e919206326d5013446418a206a8e395ad775a7776b1ee52e403b05ff63dc04266833f232774c0c81a80bcf60c4e412bd61d406ec96497758522d60c8914682202b707edf8d584c37a783a8a16cf7b05a9ef8c29b9fc28011cf2464d64f7d9da584909c3f7035212d1264c2dff838834655c93a4f92da9f6d225e6fef6d7f8913ca4f216c9f1f97fd44238bcb78865f456c362b4904750f76f28c982f9947330b34e84e6da44f68299a434d21ce8e986d26ebf392f044dd29702c97c6d927549b6a8ec739bcf7af0c17cf93312c9f9832b29a6b985683af00af9bce27f814d005670bf2b662daa8fdd8df10f5d19bf5eb415fd25ed958ec849cbc8289432fbc9a7c3613c14d8a72d70852c48c43acaa01d7ed739046a5440926574bb4bd717957c8b69fc2a4f34955c9b15506e194273b5b2ab7fa0779e18e3b0e"], 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e23}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23}, 0x10)
ioctl$sock_inet_SIOCGIFADDR(r1, 0x8915, &(0x7f0000000080)={'vlan0\x00', {0x2, 0x0, @remote}})
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000600), 0x4)
sendto$inet(r1, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03859bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b037511bf746bec66ba", 0x2acf, 0x11, 0x0, 0x27)
setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002240)={'filter\x00', 0x7, 0x4, 0x418, 0x220, 0x0, 0x0, 0x330, 0x330, 0x330, 0x4, &(0x7f00000001c0), {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@broadcast, @empty, @local, @private=0xa010102, 0x0, 0x1}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@random="420850369715", @multicast2, @rand_addr=0x64010100, 0x1, 0xffffffff}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@broadcast, @mac=@local, @private=0xa010101, @empty, 0xf, 0x1fffffffe}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x468)

692.483964ms ago: executing program 3 (id=2893):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000007c0)='syzkaller\x00'}, 0xf2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)={@cgroup, 0xffffffffffffffff, 0x37}, 0x20)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x0, 0x1}, 0x8}, 0x90)
write$binfmt_script(r1, &(0x7f0000000100), 0xfecc)
unshare(0x22020400)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000000c0)={@map}, 0x10)

681.33263ms ago: executing program 2 (id=2894):
unshare(0x20040600)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x12, &(0x7f0000000500), 0x4)

645.791304ms ago: executing program 0 (id=2895):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000600)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=r2, @ANYBLOB="2d000e0080000000ffffffffffff0802110000000802110000000000000000000000000064000000250300000000000008000c006400000008000d000000000008003500061000"], 0x64}}, 0x0)

548.697445ms ago: executing program 2 (id=2896):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r0, 0x89fb, &(0x7f0000000180)={'sit0\x00', &(0x7f0000000080)={@private0, @loopback, 0xf, 0x20}})

452.37501ms ago: executing program 4 (id=2897):
unshare(0x68060200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x8031, 0xffffffffffffffff, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x108)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="900000001000370400"/20, @ANYRES32=0x0, @ANYBLOB="8b04040000000000700012800b00010067656e6576650000600002800500040001000000140007"], 0x90}}, 0x0)

448.361583ms ago: executing program 3 (id=2898):
r0 = socket$key(0xf, 0x3, 0x2)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
setsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x4, 0x0, 0x0)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$inet6(0xa, 0x3, 0x88)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@remote, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000001e40)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r3, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)

427.907852ms ago: executing program 0 (id=2899):
r0 = socket$inet6(0xa, 0x80803, 0x88)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000340)={'syztnl2\x00', &(0x7f00000002c0)={'syztnl1\x00', <r2=>0x0, 0x29, 0x0, 0x4, 0x0, 0x2a, @remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0xc2f, 0x9}})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000400)={'syztnl1\x00', 0x0})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000440)={'ip_vti0\x00', &(0x7f00000005c0)={'erspan0\x00', <r3=>0x0, 0x7800, 0x700, 0x94d, 0x80000001, {{0x1a, 0x4, 0x2, 0x5, 0x68, 0x64, 0x0, 0x0, 0x29, 0x0, @loopback, @multicast2, {[@ssrr={0x89, 0xb, 0x83, [@local, @empty]}, @timestamp_prespec={0x44, 0xc, 0x21, 0x3, 0x5, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x9}]}, @timestamp={0x44, 0x8, 0x20, 0x0, 0x3, [0x0]}, @timestamp={0x44, 0x14, 0xa1, 0x0, 0x1, [0x7f, 0x9, 0x0, 0x4]}, @rr={0x7, 0x1b, 0x0, [@rand_addr=0x64010100, @multicast1, @dev={0xac, 0x14, 0x14, 0x24}, @loopback, @remote, @multicast1]}, @ra={0x94, 0x4, 0x1}]}}}}})
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_INITIAL_QUANTUM={0x8}, @TCA_FQ_QUANTUM={0x8}]}}]}, 0x40}}, 0x0)
r7 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00', <r8=>0x0})
sendto$packet(r7, 0x0, 0x0, 0x10040050, &(0x7f0000000100)={0x11, 0x9, r8, 0x1, 0x2, 0x6, @broadcast}, 0x14)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000980)={&(0x7f0000000740)=ANY=[@ANYBLOB='\x00\x00 \x00', @ANYRES16=0x0, @ANYBLOB="00022bbd7000fedbdf250400000074000180140002006970766c616e3000000000000000000014000200766972745f776966693000000000000008000100", @ANYRES32=0x0, @ANYBLOB="140002006970365f767469300000000000000000140002007465616d5f736c6176655f30000000000800030003000000080003000000000008000100", @ANYRESDEC, @ANYBLOB="1c00018008000100", @ANYRES32=0x0, @ANYBLOB="080003000200000008000100", @ANYRES32=0x0, @ANYBLOB="3c0001801400020076657468315f766c616e000000000000080003006698b8801400020076657468315f746f5f6261746164760008000100", @ANYRES32, @ANYBLOB="640001801400020064756d6d79300000000000000000000008000100", @ANYRES32, @ANYBLOB="140002007663616e3000000000000000000000001400020067656e6576653000000000000000000008000100", @ANYRES32=r2, @ANYBLOB="1400020076657468305f766c616e00000000000040000180140002000000000000000000000000000000000008000100", @ANYRES32, @ANYBLOB="08000300010000000800030001000000080003000300000008000100", @ANYRES32=0x0, @ANYBLOB="2c000180080003000000000008000100", @ANYRES32=r3, @ANYBLOB="0800030002000000080003000200000008000100", @ANYRES32=r6, @ANYBLOB="5c00018008000100", @ANYRES32=r8, @ANYBLOB="1400020067726574617030000000000000000000080003000200000014000200697036746e6c30000000000000000000080003000200000008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRESDEC, @ANYBLOB], 0x20c}, 0x1, 0x0, 0x0, 0x1}, 0x800)

380.38144ms ago: executing program 2 (id=2900):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000700)='memory.events\x00', 0x26e1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000))
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x0, 0x0, 0x0, 0x9}, 0x48)
ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000040)=ANY=[])

264.945752ms ago: executing program 3 (id=2901):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'vlan1\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000200)={'vxcan1\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f0000000100)={0x1d, r6}, 0x18)
sendmsg$can_j1939(r5, &(0x7f00000002c0)={&(0x7f00000000c0)={0x1d, 0x0, 0x0, {0x0, 0x1ee}}, 0x18, &(0x7f00000004c0)={&(0x7f0000000140)='\x00', 0x8}}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r8}, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r10, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x0, 0x3}, 0x10)
r11 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r11, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r11, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r11, &(0x7f00000002c0)={&(0x7f0000000000), 0x4a, 0x0}, 0x0)
sendmsg$NL80211_CMD_RELOAD_REGDB(r9, &(0x7f0000007c80)={0x0, 0x0, &(0x7f0000007c40)={&(0x7f0000007c00)={0x14, 0x0, 0x3a14550a05f4e177}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r9)
r12 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r9)
sendmsg$BATADV_CMD_GET_MESH(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x14, r12, 0xb01}, 0x14}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x4, 0x5, 0x8}}]}, {0x0, [0x30, 0x5f]}}, &(0x7f0000000940)=""/4096, 0x34, 0x1000, 0x0, 0x1}, 0x20)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r9)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x11}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_CT_DIRECTION={0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r13=>0x0})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r3, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000840)={0x50, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r13}, @void}}, [@NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x888e}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_FRAME={0x1c, 0x33, @data_frame={@msdu=@type10={{}, {}, @from_mac, @device_b, @broadcast}, @a_msdu}}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}]}, 0x50}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=@newlink={0x20, 0x10, 0x100, 0x400000, 0xfff, {0x0, 0x0, 0x0, r2, 0x4055, 0x24a0}}, 0x20}}, 0x20040411)

196.226482ms ago: executing program 2 (id=2902):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000), 0x200000, 0x1000}, 0x1c)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'ipvlan0\x00', <r2=>0x0})
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10)
recvmmsg(r0, &(0x7f0000006f00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

131.718072ms ago: executing program 0 (id=2903):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r1, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32)
connect$pppl2tp(r0, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x1, 0x3}}, 0x26)
getsockopt$bt_BT_SECURITY(r0, 0x111, 0x3, 0x0, 0x20000000)

0s ago: executing program 3 (id=2904):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000d40)={0x6, 0x8, &(0x7f0000000b40)=@raw=[@cb_func, @kfunc, @tail_call], &(0x7f0000000bc0)='syzkaller\x00', 0x6, 0x10, &(0x7f0000000c00)=""/16}, 0x90)

kernel console output (not intermixed with test programs):

: Cannot add at group 4294967294 (only 8 groups)
[  105.732223][ T6158] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
[  106.189724][ T6185] xt_CT: You must specify a L4 protocol and not use inversions on it
[  106.304424][ T6196] netlink: 32 bytes leftover after parsing attributes in process `syz.1.329'.
[  107.488134][ T6255] netlink: 'syz.4.350': attribute type 11 has an invalid length.
[  107.526512][ T6255] netlink: 'syz.4.350': attribute type 11 has an invalid length.
[  108.947902][ T6317] netlink: 24 bytes leftover after parsing attributes in process `syz.2.377'.
[  109.428279][ T6331] Cannot find del_set index 0 as target
[  110.776701][ T4493] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  110.793267][ T4493] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  110.803691][ T4493] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  110.813831][ T4493] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  110.824723][ T4493] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  110.832256][ T4493] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  110.869324][ T5107] syz-executor (5107) used greatest stack depth: 19216 bytes left
[  110.980767][   T35] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  111.256363][   T35] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  111.473642][   T35] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  111.602510][ T6406] netlink: 'syz.1.414': attribute type 11 has an invalid length.
[  111.648594][   T35] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  111.691240][ T6412] netlink: 'syz.1.414': attribute type 11 has an invalid length.
[  112.015004][ T6414] Cannot find del_set index 0 as target
[  112.120465][   T35] bridge_slave_1: left allmulticast mode
[  112.131611][   T35] bridge_slave_1: left promiscuous mode
[  112.144586][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  112.178112][   T35] bridge_slave_0: left allmulticast mode
[  112.207353][   T35] bridge_slave_0: left promiscuous mode
[  112.240762][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  112.791427][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  112.801075][   T35] bond_slave_0: left allmulticast mode
[  112.810173][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  112.822354][   T35] bond_slave_1: left allmulticast mode
[  112.835873][   T35] bond0 (unregistering): Released all slaves
[  112.875511][ T6448] netlink: 24 bytes leftover after parsing attributes in process `syz.2.428'.
[  112.919784][ T6458] syzkaller0: entered promiscuous mode
[  112.945378][ T4493] Bluetooth: hci4: command tx timeout
[  112.953022][ T6458] syzkaller0: entered allmulticast mode
[  113.004018][ T6374] chnl_net:caif_netlink_parms(): no params data found
[  113.710985][ T6495] netlink: 12 bytes leftover after parsing attributes in process `syz.2.443'.
[  113.789964][ T6374] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.816763][ T6374] bridge0: port 1(bridge_slave_0) entered disabled state
[  113.840549][ T6374] bridge_slave_0: entered allmulticast mode
[  113.854651][ T6374] bridge_slave_0: entered promiscuous mode
[  113.894918][   T35] hsr_slave_0: left promiscuous mode
[  113.945187][   T35] hsr_slave_1: left promiscuous mode
[  113.953595][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  113.964861][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  113.981605][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  114.006649][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  114.054496][   T35] veth1_macvtap: left promiscuous mode
[  114.061965][   T35] veth0_macvtap: left promiscuous mode
[  114.068354][   T35] veth1_vlan: left promiscuous mode
[  114.073825][   T35] veth0_vlan: left promiscuous mode
[  115.025310][ T4493] Bluetooth: hci4: command tx timeout
[  115.033813][   T35] team0 (unregistering): Port device team_slave_1 removed
[  115.123154][   T35] team0 (unregistering): Port device team_slave_0 removed
[  115.561253][ T6374] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.568741][ T6374] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.577902][ T6374] bridge_slave_1: entered allmulticast mode
[  115.585470][ T6374] bridge_slave_1: entered promiscuous mode
[  115.594104][ T6514] bond_slave_0: entered promiscuous mode
[  115.600120][ T6514] bond_slave_1: entered promiscuous mode
[  115.607882][ T6527] tc_dump_action: action bad kind
[  115.613691][ T6553] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  115.728172][ T6514] bond_slave_0: left promiscuous mode
[  115.736693][ T6514] bond_slave_1: left promiscuous mode
[  115.776568][ T6374] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  115.814961][ T6374] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  115.942968][ T6374] team0: Port device team_slave_0 added
[  115.978455][ T6374] team0: Port device team_slave_1 added
[  116.092163][ T6374] batman_adv: batadv0: Adding interface: batadv_slave_0
[  116.110046][ T6374] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  116.181362][ T6374] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  116.203136][ T6374] batman_adv: batadv0: Adding interface: batadv_slave_1
[  116.230477][ T6374] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  116.285123][ T6374] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  116.313738][ T6592] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  116.473489][ T6374] hsr_slave_0: entered promiscuous mode
[  116.501494][ T6374] hsr_slave_1: entered promiscuous mode
[  116.520752][ T6597] bond_slave_0: entered promiscuous mode
[  116.526541][ T6597] bond_slave_1: entered promiscuous mode
[  116.620438][ T6596] bond_slave_0: left promiscuous mode
[  116.626904][ T6596] bond_slave_1: left promiscuous mode
[  117.105364][ T4493] Bluetooth: hci4: command tx timeout
[  117.880917][ T6632] netlink: 4 bytes leftover after parsing attributes in process `syz.0.503'.
[  117.938846][ T6635] netlink: 'syz.0.503': attribute type 10 has an invalid length.
[  117.957496][ T6629] xt_cluster: you have exceeded the maximum number of cluster nodes (4294967295 > 32)
[  117.993217][ T6635] bond0: (slave bond_slave_0): Releasing backup interface
[  118.061041][ T6374] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  118.131836][ T6374] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  118.241411][ T6374] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  118.286888][ T6374] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  118.351141][ T5100] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  118.360750][ T5100] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  118.371959][ T5100] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  118.384800][ T5100] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  118.393011][ T5100] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  118.412008][ T5100] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  118.518765][ T2462] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.635546][ T2462] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.730914][ T6661] openvswitch: netlink: Missing key (keys=8040, expected=200000)
[  118.764815][ T2462] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.905992][ T2462] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.185243][ T5100] Bluetooth: hci4: command tx timeout
[  119.238284][ T6374] 8021q: adding VLAN 0 to HW filter on device bond0
[  119.371812][ T6679] netlink: 168 bytes leftover after parsing attributes in process `syz.3.521'.
[  119.392711][ T2462] bridge_slave_1: left allmulticast mode
[  119.405466][ T6679] netlink: 24 bytes leftover after parsing attributes in process `syz.3.521'.
[  119.411941][ T2462] bridge_slave_1: left promiscuous mode
[  119.426790][ T2462] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.456056][ T2462] bridge_slave_0: left allmulticast mode
[  119.461765][ T2462] bridge_slave_0: left promiscuous mode
[  119.478108][ T2462] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.693066][ T6688] openvswitch: netlink: Missing key (keys=8040, expected=200000)
[  120.179151][ T2462] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  120.192705][ T2462] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  120.211436][ T2462] bond0 (unregistering): Released all slaves
[  120.366267][ T2462] ɶƣ0GCTw
�: left promiscuous mode
[  120.465603][ T5100] Bluetooth: hci2: command tx timeout
[  120.532271][ T6374] 8021q: adding VLAN 0 to HW filter on device team0
[  120.565805][ T2462] ɶƣ0GC�: left promiscuous mode
[  120.649676][ T5144] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.656930][ T5144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  120.719681][ T6645] chnl_net:caif_netlink_parms(): no params data found
[  120.743992][ T5147] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.751309][ T5147] bridge0: port 2(bridge_slave_1) entered forwarding state
[  120.859814][ T6710] netlink: 12 bytes leftover after parsing attributes in process `syz.3.531'.
[  120.889388][ T6706] netlink: 256 bytes leftover after parsing attributes in process `syz.2.532'.
[  121.001619][ T6706] IPv6: Can't replace route, no match found
[  121.167838][ T6645] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.187025][ T6645] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.194294][ T6645] bridge_slave_0: entered allmulticast mode
[  121.203977][ T6645] bridge_slave_0: entered promiscuous mode
[  121.223601][ T2462] hsr_slave_0: left promiscuous mode
[  121.231404][ T2462] hsr_slave_1: left promiscuous mode
[  121.237876][ T2462] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  121.246321][ T2462] batman_adv: batadv0: Removing interface: batadv_slave_0
[  121.254570][ T2462] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  121.263631][ T2462] batman_adv: batadv0: Removing interface: batadv_slave_1
[  121.277171][ T2462] batman_adv: batadv0: Interface deactivated: macvtap1
[  121.284154][ T2462] batman_adv: batadv0: Removing interface: macvtap1
[  121.327418][ T2462] dummy0: left promiscuous mode
[  121.334003][ T2462] veth1_macvtap: left promiscuous mode
[  121.340081][ T2462] veth0_macvtap: left promiscuous mode
[  121.346127][ T2462] veth1_vlan: left promiscuous mode
[  121.351581][ T2462] veth0_vlan: left promiscuous mode
[  122.381731][ T6744] netlink: 256 bytes leftover after parsing attributes in process `syz.0.542'.
[  122.545652][ T5100] Bluetooth: hci2: command tx timeout
[  122.552674][ T2462] team0 (unregistering): Port device team_slave_1 removed
[  122.635631][ T2462] team0 (unregistering): Port device team_slave_0 removed
[  123.083652][ T6645] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.092744][ T6645] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.104323][ T6645] bridge_slave_1: entered allmulticast mode
[  123.113513][ T6645] bridge_slave_1: entered promiscuous mode
[  123.138115][ T6739] ip6gretap0: entered promiscuous mode
[  123.144733][ T6739] batadv_slave_0: entered promiscuous mode
[  123.153495][ T6744] IPv6: Can't replace route, no match found
[  123.172474][ T6749] syzkaller0: entered promiscuous mode
[  123.178498][ T6749] syzkaller0: entered allmulticast mode
[  123.412912][ T6645] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  123.458624][ T6645] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  123.481316][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  123.652200][ T6645] team0: Port device team_slave_0 added
[  123.688453][ T6645] team0: Port device team_slave_1 added
[  123.794553][ T6775] xt_cluster: you have exceeded the maximum number of cluster nodes (4294967295 > 32)
[  123.818905][ T6645] batman_adv: batadv0: Adding interface: batadv_slave_0
[  123.839233][ T6645] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  123.867774][ T6782] openvswitch: netlink: Missing key (keys=8040, expected=200000)
[  123.885450][ T6775] netlink: 4 bytes leftover after parsing attributes in process `syz.3.549'.
[  123.909528][ T6645] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  123.923087][ T6645] batman_adv: batadv0: Adding interface: batadv_slave_1
[  123.943711][ T6645] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  123.977549][ T6645] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  124.012440][ T6779] netlink: 'syz.3.549': attribute type 10 has an invalid length.
[  124.023850][ T6779] bond0: (slave bond_slave_0): Releasing backup interface
[  124.220157][ T6798] netlink: 'syz.3.556': attribute type 3 has an invalid length.
[  124.234200][ T6789] netlink: 256 bytes leftover after parsing attributes in process `syz.0.553'.
[  124.319627][ T6645] hsr_slave_0: entered promiscuous mode
[  124.336538][ T6645] hsr_slave_1: entered promiscuous mode
[  124.353332][ T6645] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  124.374952][ T6645] Cannot create hsr debugfs directory
[  124.382655][ T6789] IPv6: Can't replace route, no match found
[  124.557744][ T6811] ip6gretap0: entered promiscuous mode
[  124.573803][ T6811] batadv_slave_0: entered promiscuous mode
[  124.583459][ T6811] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  124.591361][ T6811] Cannot create hsr debugfs directory
[  124.632298][ T5100] Bluetooth: hci2: command tx timeout
[  124.669588][ T6374] 8021q: adding VLAN 0 to HW filter on device batadv0
[  124.848185][ T6824] netlink: 32 bytes leftover after parsing attributes in process `syz.3.568'.
[  125.492226][ T6374] veth0_vlan: entered promiscuous mode
[  125.552242][ T6374] veth1_vlan: entered promiscuous mode
[  125.600822][ T6645] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  125.643357][ T6645] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  125.674422][ T6645] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  125.716744][ T6645] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  125.813903][ T6374] veth0_macvtap: entered promiscuous mode
[  125.868596][ T6374] veth1_macvtap: entered promiscuous mode
[  125.959723][ T6374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  125.993248][ T6374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.015336][ T6374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  126.055221][ T6374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.081571][ T6374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  126.100179][ T6374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.111957][ T6374] batman_adv: batadv0: Interface activated: batadv_slave_0
[  126.161639][ T6374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  126.187669][ T6374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.200896][ T6374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  126.225423][ T6374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.244575][ T6374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  126.255891][ T6856] netlink: 32 bytes leftover after parsing attributes in process `syz.0.580'.
[  126.263415][ T6374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.287080][ T6374] batman_adv: batadv0: Interface activated: batadv_slave_1
[  126.316616][ T6374] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  126.336299][ T6374] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  126.356549][ T6374] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  126.373826][ T6374] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  126.676185][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.684048][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.705448][ T5100] Bluetooth: hci2: command tx timeout
[  126.749793][ T6645] 8021q: adding VLAN 0 to HW filter on device bond0
[  126.770630][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.805062][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.813170][ T6645] 8021q: adding VLAN 0 to HW filter on device team0
[  126.867392][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  126.883168][ T5144] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.890418][ T5144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  126.920292][ T5144] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.927521][ T5144] bridge0: port 2(bridge_slave_1) entered forwarding state
[  127.102608][ T6645] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  127.124354][ T6645] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  127.370460][ T6894] netlink: 8 bytes leftover after parsing attributes in process `syz.3.593'.
[  127.390486][ T6894] netlink: 56 bytes leftover after parsing attributes in process `syz.3.593'.
[  127.629532][ T6904] bridge0: entered promiscuous mode
[  127.651079][ T6645] 8021q: adding VLAN 0 to HW filter on device batadv0
[  127.699202][ T6903] bridge0: left promiscuous mode
[  127.862263][ T6645] veth0_vlan: entered promiscuous mode
[  127.919640][ T6645] veth1_vlan: entered promiscuous mode
[  127.981586][ T6913] cannot load conntrack support for proto=3
[  128.024037][ T6645] veth0_macvtap: entered promiscuous mode
[  128.066590][ T6645] veth1_macvtap: entered promiscuous mode
[  128.110162][ T6920] IPv6: Can't replace route, no match found
[  128.129060][ T6645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.150951][ T6645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.174436][ T6645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.202425][ T6645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.215472][ T6645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.226923][ T6645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.237236][ T6645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.248759][ T6645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.262878][ T6645] batman_adv: batadv0: Interface activated: batadv_slave_0
[  128.293641][ T6645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  128.311087][ T6645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.330641][ T6645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  128.341614][ T6645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.355403][ T6645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  128.366323][ T6645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.377519][ T6645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  128.391504][ T6645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.404708][ T6645] batman_adv: batadv0: Interface activated: batadv_slave_1
[  128.420254][ T6645] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  128.440590][ T6645] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  128.451207][ T6645] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  128.465092][ T6645] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  128.731273][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.747798][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.806437][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.833193][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.456770][ T6968] bridge0: entered promiscuous mode
[  129.483883][ T6966] bridge0: left promiscuous mode
[  129.790200][   T29] audit: type=1804 audit(1719331603.719:2): pid=6977 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.625" name="/root/syzkaller.03joIX/4/cgroup.controllers" dev="sda1" ino=1974 res=1 errno=0
[  130.186826][ T7004] netlink: 40 bytes leftover after parsing attributes in process `syz.4.637'.
[  130.503416][ T7023] cannot load conntrack support for proto=3
[  130.513947][   T29] audit: type=1804 audit(1719331604.439:3): pid=7017 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.645" name="/root/syzkaller.DVN1gR/102/cgroup.controllers" dev="sda1" ino=1973 res=1 errno=0
[  130.606040][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  131.761502][ T7070] netlink: 8 bytes leftover after parsing attributes in process `syz.2.656'.
[  131.781561][ T7073] netlink: 'syz.4.665': attribute type 11 has an invalid length.
[  131.793150][ T7070] netlink: 56 bytes leftover after parsing attributes in process `syz.2.656'.
[  132.454747][ T7107] netlink: 'syz.1.681': attribute type 11 has an invalid length.
[  132.491167][ T7111] netlink: 12 bytes leftover after parsing attributes in process `syz.2.683'.
[  133.028723][ T1246] ieee802154 phy1 wpan1: encryption failed: -22
[  133.228277][ T7138] netlink: 12 bytes leftover after parsing attributes in process `syz.2.695'.
[  133.875505][ T7173] netlink: 12 bytes leftover after parsing attributes in process `syz.1.709'.
[  134.457620][ T7207] netlink: 12 bytes leftover after parsing attributes in process `syz.4.725'.
[  134.696307][ T7217] netlink: 'syz.1.729': attribute type 11 has an invalid length.
[  135.095396][ T7239] netlink: 3 bytes leftover after parsing attributes in process `syz.4.740'.
[  135.249402][ T7251] netlink: 'syz.4.745': attribute type 11 has an invalid length.
[  136.399624][ T7308] netlink: 3 bytes leftover after parsing attributes in process `syz.1.773'.
[  136.912764][ T7339] netlink: 3 bytes leftover after parsing attributes in process `syz.0.787'.
[  137.914054][ T7402] netlink: 12 bytes leftover after parsing attributes in process `syz.2.816'.
[  138.283801][ T7424] netlink: 'syz.4.827': attribute type 25 has an invalid length.
[  138.303789][ T7424] netlink: 'syz.4.827': attribute type 8 has an invalid length.
[  138.673332][ T7449] netlink: 4 bytes leftover after parsing attributes in process `syz.1.838'.
[  138.782924][ T7455] netlink: 'syz.0.843': attribute type 25 has an invalid length.
[  138.796853][ T7455] netlink: 'syz.0.843': attribute type 8 has an invalid length.
[  139.161141][ T7479] netlink: 4 bytes leftover after parsing attributes in process `syz.3.854'.
[  139.252559][ T7486] netlink: 'syz.3.857': attribute type 25 has an invalid length.
[  139.262626][ T7486] netlink: 'syz.3.857': attribute type 8 has an invalid length.
[  139.611662][ T7503] netlink: 12 bytes leftover after parsing attributes in process `syz.3.865'.
[  139.632444][ T7503] netlink: 12 bytes leftover after parsing attributes in process `syz.3.865'.
[  139.754056][ T7508] netlink: 12 bytes leftover after parsing attributes in process `syz.2.867'.
[  139.785175][ T7508] netlink: 8 bytes leftover after parsing attributes in process `syz.2.867'.
[  139.800908][ T7503] syzkaller0: entered promiscuous mode
[  139.817447][ T7503] syzkaller0: entered allmulticast mode
[  141.524590][ T7532] netlink: 'syz.4.878': attribute type 6 has an invalid length.
[  141.535526][ T7532] netlink: 168 bytes leftover after parsing attributes in process `syz.4.878'.
[  141.545588][ T7536] netlink: 72 bytes leftover after parsing attributes in process `syz.2.880'.
[  142.012081][ T7568] netlink: 'syz.4.893': attribute type 6 has an invalid length.
[  142.028928][ T7568] netlink: 168 bytes leftover after parsing attributes in process `syz.4.893'.
[  142.053949][ T7572] netlink: 12 bytes leftover after parsing attributes in process `syz.2.895'.
[  142.058016][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  142.080050][ T7572] netlink: 12 bytes leftover after parsing attributes in process `syz.2.895'.
[  142.316956][ T7572] syzkaller0: entered promiscuous mode
[  142.327101][ T7572] syzkaller0: entered allmulticast mode
[  142.869915][ T7609] netlink: 12 bytes leftover after parsing attributes in process `syz.4.911'.
[  142.885171][ T7609] netlink: 8 bytes leftover after parsing attributes in process `syz.4.911'.
[  142.931428][ T7611] netlink: 'syz.1.912': attribute type 6 has an invalid length.
[  142.952823][ T7611] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.912'.
[  144.807820][ T7649] xt_TCPMSS: Only works on TCP SYN packets
[  144.896993][ T7652] netlink: 134312 bytes leftover after parsing attributes in process `syz.4.932'.
[  144.918560][ T7652] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  144.946588][ T7652] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  144.984369][ T7660] netlink: 8 bytes leftover after parsing attributes in process `syz.4.932'.
[  145.352639][ T7681] xt_TCPMSS: Only works on TCP SYN packets
[  145.847250][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  145.864376][ T7710] xt_TCPMSS: Only works on TCP SYN packets
[  146.471801][ T7737] xt_TCPMSS: Only works on TCP SYN packets
[  146.576899][ T7735] __nla_validate_parse: 2 callbacks suppressed
[  146.576919][ T7735] netlink: 4 bytes leftover after parsing attributes in process `syz.2.971'.
[  146.707032][    C1] vxcan0: j1939_xtp_rx_dat: no tx connection found
[  146.713690][    C1] vxcan0: j1939_xtp_rx_dat: no rx connection found
[  146.720380][    C1] vxcan0: j1939_xtp_rx_dat: no tx connection found
[  146.726948][    C1] vxcan0: j1939_xtp_rx_dat: no rx connection found
[  146.733586][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  146.741575][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  146.749675][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  146.757655][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  146.765728][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  146.773657][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  146.781743][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  146.789706][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  146.797810][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  146.805835][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  146.813870][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  146.821927][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  146.829994][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  146.838005][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  146.846073][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  146.854082][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  146.862157][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  146.870089][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  146.878135][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  146.886085][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  146.894277][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  146.902333][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  146.910344][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  146.918297][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  146.926369][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  146.934281][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  146.942329][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  146.950270][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  146.958354][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  146.966317][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  146.974420][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  146.982376][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  146.990512][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  146.998559][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.006622][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.014574][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.022623][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.030581][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.038749][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.046687][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.054685][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.062662][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.070681][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.078628][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.086645][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.094551][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.102625][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.110592][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.120994][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.128978][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.137049][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.144979][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.153073][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.161058][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.169142][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.177125][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.185191][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.193126][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.201210][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.209174][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.217254][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.225206][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.233246][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.241226][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.249305][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.257283][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.265341][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.273258][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.281341][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.289296][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.297388][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.305339][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.313371][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.321346][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.329407][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.337358][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.345428][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.353355][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.361407][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.369360][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.377433][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.385388][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.393425][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.401494][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.409566][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.417538][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.425603][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.433547][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.441999][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.450050][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.458126][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.466069][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.474128][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.482130][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.490227][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.498210][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.506317][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.514250][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.522333][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.530294][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.538385][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.546349][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.554395][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.562364][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.570431][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.578413][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.586505][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.594416][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.602467][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.610406][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.618505][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.626468][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.636141][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.644106][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.652184][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.660148][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.668267][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.676246][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.684242][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.692199][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.700256][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.708206][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.716318][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.724234][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.732353][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.740305][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.748391][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.756346][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.764418][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.772410][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.780491][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.788470][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.796540][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.804465][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.812552][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.820495][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.828554][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.836516][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.844797][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.852771][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.860788][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.868760][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.876810][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.884714][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.892760][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.900711][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.908819][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.916775][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.924827][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.932798][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.940921][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.948878][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.956938][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.964850][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.972895][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.980848][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  147.988913][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  147.996875][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  148.004868][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  148.012807][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  148.020830][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  148.028783][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  148.036856][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  148.044768][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  148.052873][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  148.060831][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  148.068920][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  148.076889][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  148.084928][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  148.092871][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  148.100920][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  148.108872][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  148.116953][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  148.124864][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  148.132900][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  148.140868][    C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  148.374876][ T7758] netlink: 60 bytes leftover after parsing attributes in process `syz.2.979'.
[  148.564207][ T7772] xt_TCPMSS: Only works on TCP SYN packets
[  148.605919][ T7775] netlink: 96 bytes leftover after parsing attributes in process `syz.1.987'.
[  148.895435][ T7793] netlink: 60 bytes leftover after parsing attributes in process `syz.1.996'.
[  149.570906][   T29] audit: type=1800 audit(1719331623.499:4): pid=7831 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1011" name="memory.events" dev="sda1" ino=1958 res=0 errno=0
[  149.593602][ T7832] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1010'.
[  149.661571][   T29] audit: type=1804 audit(1719331623.509:5): pid=7831 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1011" name="/root/syzkaller.aN2jkH/181/memory.events" dev="sda1" ino=1958 res=1 errno=0
[  149.736595][   T29] audit: type=1804 audit(1719331623.569:6): pid=7831 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1011" name="/root/syzkaller.aN2jkH/181/memory.events" dev="sda1" ino=1958 res=1 errno=0
[  150.528628][ T7880] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1033'.
[  150.856205][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  150.862723][ T7902] netlink: 'syz.4.1042': attribute type 1 has an invalid length.
[  150.962919][ T7902] bond1: (slave bridge1): Enslaving as a backup interface with an up link
[  150.988820][ T7902] bridge0: port 3(bond1) entered blocking state
[  150.995527][ T7902] bridge0: port 3(bond1) entered disabled state
[  151.002025][ T7902] bond1: entered allmulticast mode
[  151.009210][ T7902] bridge1: entered allmulticast mode
[  151.040842][ T7902] bond1: entered promiscuous mode
[  151.046072][ T7902] bridge1: entered promiscuous mode
[  151.490265][   T29] audit: type=1800 audit(1719331625.419:7): pid=7939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1058" name="memory.events" dev="sda1" ino=1972 res=0 errno=0
[  151.543014][   T29] audit: type=1804 audit(1719331625.419:8): pid=7939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1058" name="/root/syzkaller.ctIgQG/107/memory.events" dev="sda1" ino=1972 res=1 errno=0
[  151.600738][   T29] audit: type=1804 audit(1719331625.509:9): pid=7939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1058" name="/root/syzkaller.ctIgQG/107/memory.events" dev="sda1" ino=1972 res=1 errno=0
[  151.623636][ T7941] netlink: 'syz.2.1059': attribute type 1 has an invalid length.
[  151.747776][ T7946] bond1: (slave bridge2): Enslaving as a backup interface with an up link
[  151.757400][ T7941] bridge0: port 3(bond1) entered blocking state
[  151.763962][ T7941] bridge0: port 3(bond1) entered disabled state
[  151.772650][ T7941] bond1: entered allmulticast mode
[  151.778296][ T7941] bridge2: entered allmulticast mode
[  151.787285][ T7941] bond1: entered promiscuous mode
[  151.792444][ T7941] bridge2: entered promiscuous mode
[  153.458114][ T8025] netlink: 'syz.3.1091': attribute type 1 has an invalid length.
[  153.642062][ T8025] bond1: (slave bridge2): Enslaving as a backup interface with an up link
[  153.689571][ T8029] bridge0: port 3(bond1) entered blocking state
[  153.707540][ T8029] bridge0: port 3(bond1) entered disabled state
[  153.729642][ T8029] bond1: entered allmulticast mode
[  153.779491][ T8029] bridge2: entered allmulticast mode
[  153.828364][ T8029] bond1: entered promiscuous mode
[  153.848027][ T8029] bridge2: entered promiscuous mode
[  155.593744][ T8120] vlan2: entered promiscuous mode
[  156.136735][ T8149] netlink: 'syz.1.1141': attribute type 9 has an invalid length.
[  156.174441][ T8149] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.1141'.
[  156.533659][ T8167] syzkaller1: entered promiscuous mode
[  156.551949][ T8167] syzkaller1: entered allmulticast mode
[  156.723154][   T29] audit: type=1804 audit(1719331630.649:10): pid=8182 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1153" name="/root/syzkaller.ctIgQG/116/cgroup.controllers" dev="sda1" ino=1976 res=1 errno=0
[  156.743495][ T8179] vlan2: entered promiscuous mode
[  157.207771][ T8211] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1164'.
[  157.246675][ T8211] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  157.255895][ T8211] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  157.264746][ T8211] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  157.275366][ T8211] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  157.316236][ T8211] vxlan0: entered promiscuous mode
[  157.492345][ T8226] vlan2: entered promiscuous mode
[  157.625666][   T29] audit: type=1804 audit(1719331631.549:11): pid=8231 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1175" name="/root/syzkaller.DVN1gR/214/cgroup.controllers" dev="sda1" ino=1964 res=1 errno=0
[  157.710906][ T8234] ieee802154 phy1 wpan1: encryption failed: -22
[  157.826149][ T5100] Bluetooth: hci2: command tx timeout
[  157.917249][ T8247] Cannot find add_set index 0 as target
[  158.037610][ T8254] Bluetooth: MGMT ver 1.22
[  158.058967][ T8254] Bluetooth: hci3: invalid length 0, exp 2 for type 14
[  158.169221][   T29] audit: type=1804 audit(1719331632.099:12): pid=8260 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1187" name="/root/syzkaller.DVN1gR/218/cgroup.controllers" dev="sda1" ino=1952 res=1 errno=0
[  158.368659][ T8274] netlink: 'syz.0.1193': attribute type 2 has an invalid length.
[  158.369851][ T8277] SET target dimension over the limit!
[  158.693497][ T8292] netlink: 'syz.2.1198': attribute type 9 has an invalid length.
[  158.716387][ T8292] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1198'.
[  159.143938][   T29] audit: type=1804 audit(1719331633.069:13): pid=8311 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1203" name="/root/syzkaller.aN2jkH/218/cgroup.controllers" dev="sda1" ino=1977 res=1 errno=0
[  159.183432][ T8317] Cannot find add_set index 0 as target
[  159.638192][ T8339] netlink: 'syz.4.1215': attribute type 2 has an invalid length.
[  159.774880][ T8346] netlink: 'syz.2.1219': attribute type 2 has an invalid length.
[  159.790161][ T8345] Bluetooth: hci3: invalid length 0, exp 2 for type 14
[  159.986738][ T8355] dvmrp0: entered allmulticast mode
[  160.322072][ T8375] netlink: 'syz.2.1232': attribute type 2 has an invalid length.
[  160.337463][ T8376] Bluetooth: hci3: invalid length 0, exp 2 for type 14
[  160.344621][ T8377] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1231'.
[  160.907305][ T8399] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1243'.
[  161.283020][ T8420] netlink: 'syz.4.1254': attribute type 3 has an invalid length.
[  161.293774][ T8420] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1254'.
[  161.743958][ T8450] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1260'.
[  161.840588][ T8457] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1265'.
[  161.869489][ T8457] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  161.876824][ T8457] IPv6: NLM_F_CREATE should be set when creating new route
[  161.892496][ T8457] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  161.899852][ T8457] IPv6: NLM_F_CREATE should be set when creating new route
[  161.913041][ T8457] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1265'.
[  162.125310][ T8463] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1267'.
[  162.208777][ T8470] netlink: 'syz.4.1269': attribute type 3 has an invalid length.
[  162.218608][ T8470] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1269'.
[  162.362718][ T8463] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1267'.
[  162.379772][ T8476] tipc: Started in network mode
[  162.386429][ T8476] tipc: Node identity aaaaaaaaaa32, cluster identity 4711
[  162.394580][ T8476] tipc: Enabled bearer <eth:vlan0>, priority 10
[  162.571678][ T8480] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1274'.
[  162.763929][   T29] audit: type=1804 audit(1719331636.689:14): pid=8490 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1279" name="/root/syzkaller.03joIX/133/cgroup.controllers" dev="sda1" ino=1966 res=1 errno=0
[  162.926785][ T8501] tipc: Started in network mode
[  162.931727][ T8501] tipc: Node identity aaaaaaaaaa32, cluster identity 4711
[  162.948732][ T8501] tipc: Enabled bearer <eth:vlan0>, priority 10
[  163.213506][ T8517] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1291'.
[  163.317135][ T8525] netlink: 'syz.2.1295': attribute type 3 has an invalid length.
[  163.324924][ T8525] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1295'.
[  163.365898][ T8528] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  163.391217][   T29] audit: type=1804 audit(1719331637.319:15): pid=8523 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1294" name="/root/syzkaller.uWGAmF/222/cgroup.controllers" dev="sda1" ino=1957 res=1 errno=0
[  163.507326][  T784] tipc: Node number set to 10005162
[  163.898607][ T8556] netlink: 'syz.2.1308': attribute type 3 has an invalid length.
[  164.051725][   T29] audit: type=1804 audit(1719331637.979:16): pid=8559 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1310" name="/root/syzkaller.uWGAmF/225/cgroup.controllers" dev="sda1" ino=1961 res=1 errno=0
[  164.080930][   T45] tipc: Node number set to 10005162
[  164.584842][ T8601] No such timeout policy "syz0"
[  165.174007][ T8634] No such timeout policy "syz0"
[  165.352883][ T8647] netlink: 'syz.1.1344': attribute type 32 has an invalid length.
[  165.438526][ T8650] tipc: Started in network mode
[  165.443546][ T8650] tipc: Node identity aaaaaaaaaa32, cluster identity 4711
[  165.472827][ T8650] tipc: Enabled bearer <eth:vlan0>, priority 10
[  165.787145][ T8660] syzkaller0: entered promiscuous mode
[  165.792863][ T8660] syzkaller0: entered allmulticast mode
[  166.386038][ T5100] Bluetooth: hci2: command tx timeout
[  166.585227][ T5147] tipc: Node number set to 10005162
[  167.973073][ T8727] __nla_validate_parse: 8 callbacks suppressed
[  167.973095][ T8727] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1378'.
[  168.126102][ T8728] syzkaller0: entered promiscuous mode
[  168.146603][ T8728] syzkaller0: entered allmulticast mode
[  168.684278][ T8764] netlink: 'syz.2.1393': attribute type 32 has an invalid length.
[  168.692713][ T8764] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1393'.
[  170.016938][ T8786] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1404'.
[  170.288701][ T8800] Bluetooth: hci3: unsupported parameter 64512
[  170.315159][ T8800] Bluetooth: hci3: unsupported parameter 114
[  170.347608][ T8800] Bluetooth: hci3: unsupported parameter 64512
[  170.401585][ T8800] Bluetooth: hci3: unsupported parameter 114
[  170.516311][ T8817] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1419'.
[  170.911381][ T8835] netlink: 'syz.2.1428': attribute type 4 has an invalid length.
[  170.915398][ T8841] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1430'.
[  170.964045][ T8835] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  170.983979][ T8842] tipc: Started in network mode
[  170.990900][ T8842] tipc: Node identity , cluster identity 4711
[  171.011435][ T8842] tipc: Failed to set node id, please configure manually
[  171.028521][ T8842] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  171.036987][ T8844] netlink: 6 bytes leftover after parsing attributes in process `syz.3.1433'.
[  171.077555][ T8844] netlink: 6 bytes leftover after parsing attributes in process `syz.3.1433'.
[  171.107866][ T8844] netlink: 6 bytes leftover after parsing attributes in process `syz.3.1433'.
[  171.124884][ T8844] netlink: 6 bytes leftover after parsing attributes in process `syz.3.1433'.
[  171.237997][ T8854] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1437'.
[  171.760178][ T8874] Bluetooth: hci3: unsupported parameter 64512
[  171.782823][ T8874] Bluetooth: hci3: unsupported parameter 114
[  171.802204][ T8874] Bluetooth: hci3: unsupported parameter 64512
[  171.815115][ T8874] Bluetooth: hci3: unsupported parameter 114
[  172.107516][ T8897] netlink: 'syz.0.1457': attribute type 4 has an invalid length.
[  172.120142][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  172.144130][ T8897] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  172.346761][ T8912] Bluetooth: hci3: unsupported parameter 64512
[  172.352990][ T8912] Bluetooth: hci3: unsupported parameter 114
[  172.360938][ T8912] Bluetooth: hci3: unsupported parameter 64512
[  172.367668][ T8912] Bluetooth: hci3: unsupported parameter 114
[  173.524232][ T8986] Bluetooth: hci3: unsupported parameter 64512
[  173.538538][ T8986] Bluetooth: hci3: unsupported parameter 114
[  173.574479][ T8986] Bluetooth: hci3: unsupported parameter 64512
[  173.614094][ T8986] Bluetooth: hci3: unsupported parameter 114
[  173.875060][ T9006] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  174.114043][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  174.478014][ T9039] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  175.134096][ T9079] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  175.234399][ T9036] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  175.509125][ T9100] netlink: 'syz.1.1547': attribute type 5 has an invalid length.
[  175.684132][ T9112] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  175.730263][ T9116] bridge0: port 1(bridge_slave_0) entered disabled state
[  175.908295][ T9130] hsr_slave_0: left promiscuous mode
[  175.929478][ T9130] hsr_slave_1: left promiscuous mode
[  176.224224][ T9121] netlink: 'syz.2.1557': attribute type 10 has an invalid length.
[  176.270454][ T9121] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  176.298791][ T9146] syz.3.1565[9146] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  176.298965][ T9146] syz.3.1565[9146] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  176.676751][ T9120] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  176.997018][ T9182] __nla_validate_parse: 1 callbacks suppressed
[  176.997040][ T9182] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1582'.
[  177.240244][ T9195] netlink: 'syz.1.1586': attribute type 5 has an invalid length.
[  177.437626][ T9210] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1594'.
[  177.656171][ T9217] openvswitch: netlink: Missing key (keys=100000040, expected=2000)
[  177.686512][ T9217] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1596'.
[  177.949265][ T9230] netlink: 'syz.0.1603': attribute type 5 has an invalid length.
[  178.067676][ T9234] netlink: 'syz.0.1605': attribute type 3 has an invalid length.
[  178.092766][ T9193] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  178.243989][ T9239] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1608'.
[  178.272730][ T9239] bridge0: port 1(bridge_slave_0) entered blocking state
[  178.280938][ T9239] bridge0: port 1(bridge_slave_0) entered forwarding state
[  178.478478][   T29] audit: type=1804 audit(1719331652.409:17): pid=9239 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1608" name="/root/syzkaller.uWGAmF/277/cgroup.controllers" dev="sda1" ino=1957 res=1 errno=0
[  178.767460][ T9258] netlink: 'syz.0.1617': attribute type 3 has an invalid length.
[  179.257059][ T9283] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1628'.
[  179.389689][   T29] audit: type=1804 audit(1719331653.319:18): pid=9283 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1628" name="/root/syzkaller.aN2jkH/338/cgroup.controllers" dev="sda1" ino=1953 res=1 errno=0
[  179.509847][ T9294] syz.4.1633[9294] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  179.510027][ T9294] syz.4.1633[9294] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  179.602565][ T9259] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  179.970029][ T9296] netlink: 'syz.2.1634': attribute type 10 has an invalid length.
[  180.126412][ T9317] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1645'.
[  180.305196][   T29] audit: type=1804 audit(1719331654.229:19): pid=9317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1645" name="/root/syzkaller.03joIX/210/cgroup.controllers" dev="sda1" ino=1948 res=1 errno=0
[  180.389835][ T9332] netlink: 'syz.2.1650': attribute type 3 has an invalid length.
[  180.578161][ T9338] bridge0: port 1(bridge_slave_0) entered disabled state
[  180.737838][ T9348] hsr_slave_0: left promiscuous mode
[  180.762225][ T9348] hsr_slave_1: left promiscuous mode
[  180.778786][   T29] audit: type=1804 audit(1719331654.699:20): pid=9340 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1654" name="/root/syzkaller.uWGAmF/285/cgroup.controllers" dev="sda1" ino=1972 res=1 errno=0
[  181.092118][ T9327] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  181.304835][ T9362] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1663'.
[  181.315570][ T9359] syzkaller1: entered promiscuous mode
[  181.321087][ T9359] syzkaller1: entered allmulticast mode
[  181.461004][   T29] audit: type=1804 audit(1719331655.389:21): pid=9362 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1663" name="/root/syzkaller.aN2jkH/347/cgroup.controllers" dev="sda1" ino=1976 res=1 errno=0
[  181.784675][ T9382] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1670'.
[  182.049594][   T29] audit: type=1804 audit(1719331655.979:22): pid=9392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1676" name="/root/syzkaller.uWGAmF/289/cgroup.controllers" dev="sda1" ino=1969 res=1 errno=0
[  182.280428][ T9408] netlink: 'syz.0.1682': attribute type 11 has an invalid length.
[  182.370813][ T9412] sctp: [Deprecated]: syz.1.1684 (pid 9412) Use of int in max_burst socket option deprecated.
[  182.370813][ T9412] Use struct sctp_assoc_value instead
[  182.603006][ T9419] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1687'.
[  182.622776][ T9419] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1687'.
[  182.632155][ T9419] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1687'.
[  182.681526][ T9425] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1689'.
[  182.731068][ T9427] mac80211_hwsim hwsim20 wlan0: entered promiscuous mode
[  182.767873][ T9427] macvlan2: entered promiscuous mode
[  182.808871][ T9427] mac80211_hwsim hwsim20 wlan0: left promiscuous mode
[  183.061338][ T9435] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1692'.
[  183.206360][ T9442] netlink: 'syz.0.1696': attribute type 1 has an invalid length.
[  183.233468][ T9442] netlink: 512 bytes leftover after parsing attributes in process `syz.0.1696'.
[  183.272548][ T9442] netlink: 'syz.0.1696': attribute type 4 has an invalid length.
[  183.814916][ T9468] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 0 (only 8 groups)
[  184.014951][ T9464] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1705'.
[  184.029303][ T9464] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1705'.
[  184.041831][ T9464] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1705'.
[  184.051970][ T9471] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1707'.
[  184.143231][ T9476] mac80211_hwsim hwsim20 wlan0: entered promiscuous mode
[  184.160520][ T9476] macvlan2: entered promiscuous mode
[  184.192468][ T9476] mac80211_hwsim hwsim20 wlan0: left promiscuous mode
[  184.482701][ T9480] sctp: [Deprecated]: syz.4.1710 (pid 9480) Use of int in max_burst socket option deprecated.
[  184.482701][ T9480] Use struct sctp_assoc_value instead
[  184.960226][ T9509] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 0 (only 8 groups)
[  185.031106][ T9511] netlink: 'syz.2.1719': attribute type 1 has an invalid length.
[  185.046623][ T9511] netlink: 'syz.2.1719': attribute type 4 has an invalid length.
[  185.227243][ T9522] batman_adv: batadv0: adding TT local entry 4a:c8:93:75:00:00 to non-existent VLAN 2358
[  186.150341][ T9554] sctp: [Deprecated]: syz.1.1731 (pid 9554) Use of int in max_burst socket option deprecated.
[  186.150341][ T9554] Use struct sctp_assoc_value instead
[  186.273029][ T9561] trusted_key: syz.0.1738 sent an empty control message without MSG_MORE.
[  187.442026][   T29] audit: type=1804 audit(1719331661.369:23): pid=9603 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1756" name="/root/syzkaller.DVN1gR/324/cgroup.controllers" dev="sda1" ino=1978 res=1 errno=0
[  187.964821][ T9615] sctp: [Deprecated]: syz.3.1757 (pid 9615) Use of int in max_burst socket option deprecated.
[  187.964821][ T9615] Use struct sctp_assoc_value instead
[  188.519992][ T9631] netlink: 'syz.1.1766': attribute type 2 has an invalid length.
[  188.577965][ T9637] __nla_validate_parse: 5 callbacks suppressed
[  188.577988][ T9637] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1770'.
[  188.673159][ T9644] netlink: 'syz.2.1774': attribute type 1 has an invalid length.
[  188.682376][ T9644] netlink: 512 bytes leftover after parsing attributes in process `syz.2.1774'.
[  188.707520][ T9644] netlink: 'syz.2.1774': attribute type 4 has an invalid length.
[  188.939566][ T9651] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1777'.
[  189.134092][   T29] audit: type=1804 audit(1719331663.059:24): pid=9664 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1782" name="/root/syzkaller.DVN1gR/329/cgroup.controllers" dev="sda1" ino=1952 res=1 errno=0
[  189.576967][ T9676] tipc: Started in network mode
[  189.589554][ T9676] tipc: Node identity , cluster identity 4711
[  189.602410][ T9676] tipc: Failed to set node id, please configure manually
[  189.622902][ T9676] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  189.725491][ T9682] netlink: 6 bytes leftover after parsing attributes in process `syz.2.1788'.
[  189.760998][ T9682] netlink: 6 bytes leftover after parsing attributes in process `syz.2.1788'.
[  189.781401][ T9682] netlink: 6 bytes leftover after parsing attributes in process `syz.2.1788'.
[  189.803659][ T9682] netlink: 6 bytes leftover after parsing attributes in process `syz.2.1788'.
[  189.888812][ T9688] netlink: 'syz.1.1791': attribute type 2 has an invalid length.
[  191.665381][ T9698] netlink: 'syz.4.1796': attribute type 1 has an invalid length.
[  191.780747][ T9705] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  192.205640][ T9727] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1809'.
[  192.300878][ T9731] netlink: 'syz.1.1811': attribute type 1 has an invalid length.
[  192.562813][ T9739] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  192.620736][ T9738] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1817'.
[  192.853893][ T9754] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1822'.
[  192.879070][ T9756] ip6erspan0: entered promiscuous mode
[  193.482500][   T29] audit: type=1804 audit(1719331667.409:25): pid=9792 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1839" name="/root/syzkaller.uWGAmF/314/cgroup.controllers" dev="sda1" ino=1952 res=1 errno=0
[  194.067001][ T9818] __nla_validate_parse: 3 callbacks suppressed
[  194.067023][ T9818] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1846'.
[  194.386968][ T9823] netlink: 'syz.1.1848': attribute type 1 has an invalid length.
[  194.411402][ T9823] netlink: 512 bytes leftover after parsing attributes in process `syz.1.1848'.
[  194.449241][ T9824] netlink: 'syz.1.1848': attribute type 4 has an invalid length.
[  194.469989][ T1246] ieee802154 phy1 wpan1: encryption failed: -22
[  194.849298][ T9840] netlink: 'syz.3.1855': attribute type 1 has an invalid length.
[  194.974891][ T9847] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1857'.
[  195.165761][   T29] audit: type=1804 audit(1719331669.099:26): pid=9857 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1859" name="/root/syzkaller.uWGAmF/319/cgroup.controllers" dev="sda1" ino=1948 res=1 errno=0
[  195.527605][ T9874] netlink: 'syz.4.1867': attribute type 1 has an invalid length.
[  195.667339][ T9880] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1871'.
[  195.681230][ T9881] netlink: 'syz.4.1870': attribute type 5 has an invalid length.
[  195.694138][ T9881] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1870'.
[  196.054900][ T9892] netlink: 'syz.4.1876': attribute type 1 has an invalid length.
[  196.086948][ T9892] netlink: 512 bytes leftover after parsing attributes in process `syz.4.1876'.
[  196.116454][ T9895] netlink: 'syz.4.1876': attribute type 4 has an invalid length.
[  196.420505][ T9910] netlink: 'syz.2.1883': attribute type 5 has an invalid length.
[  196.433141][ T9910] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1883'.
[  196.611918][ T9919] netlink: 'syz.3.1887': attribute type 15 has an invalid length.
[  196.629719][ T9919] netlink: 666 bytes leftover after parsing attributes in process `syz.3.1887'.
[  196.723195][   T29] audit: type=1804 audit(1719331670.649:27): pid=9926 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1890" name="/root/syzkaller.DVN1gR/346/cgroup.controllers" dev="sda1" ino=1951 res=1 errno=0
[  196.969707][ T9941] netlink: 'syz.3.1897': attribute type 5 has an invalid length.
[  196.987767][ T9941] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1897'.
[  197.754711][ T4493] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  197.764417][ T4493] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  197.812265][ T4493] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  197.830934][ T4493] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  197.848952][ T4493] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  197.866607][ T4493] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  198.037964][   T35] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  198.214162][   T35] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  198.398353][   T35] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  198.430606][ T9999] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1925'.
[  198.533786][   T35] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  198.943126][ T9968] chnl_net:caif_netlink_parms(): no params data found
[  199.104010][   T35] bridge_slave_1: left allmulticast mode
[  199.110856][   T35] bridge_slave_1: left promiscuous mode
[  199.116836][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  199.132490][   T35] bridge_slave_0: left promiscuous mode
[  199.138425][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  199.665468][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  199.683264][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  199.698090][   T35] bond0 (unregistering): Released all slaves
[  199.766096][T10055] __nla_validate_parse: 1 callbacks suppressed
[  199.766119][T10055] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1946'.
[  199.843711][ T9968] bridge0: port 1(bridge_slave_0) entered blocking state
[  199.865718][ T9968] bridge0: port 1(bridge_slave_0) entered disabled state
[  199.885918][ T9968] bridge_slave_0: entered allmulticast mode
[  199.901173][ T9968] bridge_slave_0: entered promiscuous mode
[  199.907405][ T4493] Bluetooth: hci2: command tx timeout
[  199.924501][ T9968] bridge0: port 2(bridge_slave_1) entered blocking state
[  199.951431][ T9968] bridge0: port 2(bridge_slave_1) entered disabled state
[  199.959338][ T9968] bridge_slave_1: entered allmulticast mode
[  199.974766][ T9968] bridge_slave_1: entered promiscuous mode
[  200.147277][ T9968] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  200.201320][ T9968] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  200.463391][ T9968] team0: Port device team_slave_0 added
[  200.491415][ T9968] team0: Port device team_slave_1 added
[  200.534647][T10094] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1966'.
[  200.772318][ T9968] batman_adv: batadv0: Adding interface: batadv_slave_0
[  200.776290][T10111] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1970'.
[  200.792929][ T9968] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  200.833360][ T9968] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  200.870913][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  200.879257][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  200.928744][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  200.941027][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  200.985090][   T35] veth1_macvtap: left promiscuous mode
[  200.990705][   T35] veth0_macvtap: left promiscuous mode
[  201.006409][   T35] veth1_vlan: left promiscuous mode
[  201.011836][   T35] veth0_vlan: left promiscuous mode
[  201.673653][ T4493] Bluetooth: hci3: command 0x0406 tx timeout
[  201.673708][ T5108] Bluetooth: hci1: command 0x0406 tx timeout
[  201.888014][   T35] team0 (unregistering): Port device team_slave_1 removed
[  201.967570][   T35] team0 (unregistering): Port device team_slave_0 removed
[  201.985158][ T5111] Bluetooth: hci2: command tx timeout
[  202.590053][ T9968] batman_adv: batadv0: Adding interface: batadv_slave_1
[  202.611348][ T9968] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  202.654378][ T9968] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  202.896744][ T9968] hsr_slave_0: entered promiscuous mode
[  202.932861][ T9968] hsr_slave_1: entered promiscuous mode
[  202.951499][ T9968] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  202.963673][ T9968] Cannot create hsr debugfs directory
[  203.124119][T10138] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1980'.
[  203.165372][T10145] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1987'.
[  203.578309][T10164] dccp_invalid_packet: P.Data Offset(63) too large
[  203.715322][T10167] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1997'.
[  203.805429][T10170] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1999'.
[  203.858379][T10172] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2000'.
[  204.068158][ T5111] Bluetooth: hci2: command tx timeout
[  204.119013][ T9968] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  204.173515][ T9968] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  204.217752][ T9968] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  204.259530][ T9968] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  204.533887][ T9968] 8021q: adding VLAN 0 to HW filter on device bond0
[  204.587928][T10195] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2009'.
[  204.599445][ T9968] 8021q: adding VLAN 0 to HW filter on device team0
[  204.605896][T10197] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2012'.
[  204.631183][ T5146] bridge0: port 1(bridge_slave_0) entered blocking state
[  204.638471][ T5146] bridge0: port 1(bridge_slave_0) entered forwarding state
[  204.683201][ T5146] bridge0: port 2(bridge_slave_1) entered blocking state
[  204.690455][ T5146] bridge0: port 2(bridge_slave_1) entered forwarding state
[  205.346190][ T9968] 8021q: adding VLAN 0 to HW filter on device batadv0
[  205.570140][ T9968] veth0_vlan: entered promiscuous mode
[  205.595517][T10242] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  205.625925][ T9968] veth1_vlan: entered promiscuous mode
[  205.752366][T10247] validate_nla: 1 callbacks suppressed
[  205.752389][T10247] netlink: 'syz.2.2033': attribute type 1 has an invalid length.
[  205.797909][T10247] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2033'.
[  205.866432][ T9968] veth0_macvtap: entered promiscuous mode
[  205.908630][ T9968] veth1_macvtap: entered promiscuous mode
[  205.963194][ T9968] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  206.004645][ T9968] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  206.025058][ T9968] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  206.053234][ T9968] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  206.066945][ T9968] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  206.078334][ T9968] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  206.089214][ T9968] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  206.102216][ T9968] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  206.124013][ T9968] batman_adv: batadv0: Interface activated: batadv_slave_0
[  206.139823][T10252] netlink: 144 bytes leftover after parsing attributes in process `syz.4.2036'.
[  206.149107][ T5111] Bluetooth: hci2: command tx timeout
[  206.165558][T10255] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2037'.
[  206.200138][T10257] netlink: 103 bytes leftover after parsing attributes in process `syz.2.2038'.
[  206.238059][ T9968] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  206.274534][ T9968] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  206.305531][ T9968] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  206.340253][ T9968] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  206.343620][T10262] netlink: 'syz.3.2041': attribute type 13 has an invalid length.
[  206.365065][ T9968] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  206.371014][T10266] dccp_invalid_packet: P.Data Offset(63) too large
[  206.392098][ T9968] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  206.394625][T10267] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  206.421817][ T9968] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  206.457156][ T9968] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  206.481802][ T9968] batman_adv: batadv0: Interface activated: batadv_slave_1
[  206.532062][ T9968] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  206.567150][ T9968] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  206.571699][   T29] audit: type=1804 audit(1719331680.499:28): pid=10272 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2045" name="/root/syzkaller.ctIgQG/275/cgroup.controllers" dev="sda1" ino=1972 res=1 errno=0
[  206.584074][ T9968] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  206.618200][T10273] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2044'.
[  206.618541][ T9968] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  206.712840][T10267] tun0: tun_chr_ioctl cmd 2147767519
[  206.735710][T10274] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2040'.
[  206.822839][T10281] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2048'.
[  206.935804][ T2444] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  206.943766][ T2444] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  207.001003][T10284] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2050'.
[  207.016624][ T2444] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  207.031631][T10288] netlink: 'syz.2.2052': attribute type 13 has an invalid length.
[  207.044772][ T2444] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  207.131167][T10292] dccp_invalid_packet: P.Data Offset(63) too large
[  207.210843][T10296] netlink: 'syz.1.1903': attribute type 15 has an invalid length.
[  207.224456][T10296] netlink: 666 bytes leftover after parsing attributes in process `syz.1.1903'.
[  207.372168][T10306] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  207.385118][   T29] audit: type=1804 audit(1719331681.309:29): pid=10305 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2056" name="/root/syzkaller.DVN1gR/384/cgroup.controllers" dev="sda1" ino=1977 res=1 errno=0
[  207.464240][T10309] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2059'.
[  207.628211][T10316] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  208.489265][T10354] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  209.209804][T10389] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  209.873767][T10420] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  210.616534][T10454] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  210.851093][T10464] netlink: 'syz.2.2120': attribute type 3 has an invalid length.
[  210.869293][T10464] __nla_validate_parse: 6 callbacks suppressed
[  210.869314][T10464] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.2120'.
[  210.911098][T10468] netlink: 'syz.2.2120': attribute type 4 has an invalid length.
[  211.076610][T10468] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 0 (only 8 groups)
[  211.395263][T10479] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
[  211.891855][T10494] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2130'.
[  211.915559][ T5100] Bluetooth: hci0: command 0x0406 tx timeout
[  211.968695][T10495] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2131'.
[  212.012630][T10499] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2130'.
[  212.408797][T10507] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2136'.
[  212.959912][T10544] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  213.123705][T10538] tun0: tun_chr_ioctl cmd 2147767519
[  213.156898][T10538] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2149'.
[  214.087228][T10594] netlink: 'syz.1.2170': attribute type 2 has an invalid length.
[  214.164068][T10590] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2168'.
[  214.229735][T10602] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2174'.
[  214.273398][T10603] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2172'.
[  214.496803][T10611] nbd: socks must be embedded in a SOCK_ITEM attr
[  214.698027][T10627] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  214.972370][T10640] netlink: 'syz.2.2188': attribute type 10 has an invalid length.
[  215.000070][T10640] bridge0: port 2(bridge_slave_1) entered disabled state
[  215.008445][T10640] bridge0: port 1(bridge_slave_0) entered disabled state
[  215.137753][T10640] bridge0: port 2(bridge_slave_1) entered blocking state
[  215.145123][T10640] bridge0: port 2(bridge_slave_1) entered forwarding state
[  215.152985][T10640] bridge0: port 1(bridge_slave_0) entered blocking state
[  215.160304][T10640] bridge0: port 1(bridge_slave_0) entered forwarding state
[  215.200068][T10640] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  215.764693][T10634] syz.2.2188 (10634) used greatest stack depth: 18224 bytes left
[  215.872387][T10670] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2204'.
[  215.948726][T10672] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2206'.
[  216.007705][T10672] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2206'.
[  216.507265][T10700] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2218'.
[  216.522689][T10698] netlink: 'syz.1.2217': attribute type 3 has an invalid length.
[  216.536976][T10700] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2218'.
[  216.542866][T10698] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2217'.
[  216.683755][T10707] netlink: 'syz.1.2222': attribute type 3 has an invalid length.
[  216.701009][T10707] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.2222'.
[  216.735438][T10707] netlink: 'syz.1.2222': attribute type 4 has an invalid length.
[  216.848001][T10716] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 0 (only 8 groups)
[  217.010345][T10716] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
[  217.250587][T10735] nbd: socks must be embedded in a SOCK_ITEM attr
[  217.303632][T10733] bridge_slave_1: left allmulticast mode
[  217.340029][T10733] bridge_slave_1: left promiscuous mode
[  217.360119][T10733] bridge0: port 2(bridge_slave_1) entered disabled state
[  217.383824][T10733] netlink: 'syz.4.2230': attribute type 2 has an invalid length.
[  217.399348][T10733] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  217.973439][T10762] netlink: 'syz.0.2243': attribute type 3 has an invalid length.
[  217.994629][T10762] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2243'.
[  218.302796][T10775] bridge_slave_1: left allmulticast mode
[  218.335026][T10775] bridge_slave_1: left promiscuous mode
[  218.340903][T10775] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.375954][T10775] netlink: 'syz.1.2248': attribute type 2 has an invalid length.
[  218.395665][T10775] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  218.446539][T10779] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2251'.
[  218.767858][T10792] netlink: 'syz.1.2257': attribute type 3 has an invalid length.
[  218.790239][T10790] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2256'.
[  218.797914][T10792] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2257'.
[  219.082021][T10803] netlink: 'syz.2.2262': attribute type 1 has an invalid length.
[  219.118049][T10803] nbd: illegal input index 19464200
[  219.208356][T10807] block nbd0: not configured, cannot reconfigure
[  219.379280][T10819] netlink: 'syz.2.2270': attribute type 1 has an invalid length.
[  219.962437][T10846] block nbd0: not configured, cannot reconfigure
[  220.043006][T10849] batadv0: entered promiscuous mode
[  220.101086][T10849] veth0: entered promiscuous mode
[  220.128143][T10849] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  220.144911][T10849] Cannot create hsr debugfs directory
[  220.180852][T10853] dummy0: entered promiscuous mode
[  220.223844][T10853] dummy0: left promiscuous mode
[  220.313502][T10866] netlink: 'syz.4.2290': attribute type 1 has an invalid length.
[  220.321578][T10866] nbd: illegal input index 19464200
[  220.356997][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  220.385886][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  220.977583][T10898] __nla_validate_parse: 8 callbacks suppressed
[  220.977606][T10898] netlink: 9388 bytes leftover after parsing attributes in process `syz.1.2302'.
[  221.174673][T10906] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2303'.
[  221.692762][T10927] validate_nla: 2 callbacks suppressed
[  221.692783][T10927] netlink: 'syz.2.2314': attribute type 1 has an invalid length.
[  221.728513][T10927] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2314'.
[  222.542601][T10976] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2331'.
[  222.673737][T10979] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2336'.
[  222.996516][T10990] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2342'.
[  223.256337][ T5100] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  223.283434][ T5100] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  223.292525][ T5100] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  223.309901][ T5100] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  223.320449][ T5100] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  223.328123][ T5100] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  223.504238][T11011] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2350'.
[  223.563906][T11015] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2353'.
[  223.944900][T10998] chnl_net:caif_netlink_parms(): no params data found
[  224.141939][T11045] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2364'.
[  224.165213][ T5147] IPVS: starting estimator thread 0...
[  224.280201][T11056] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2367'.
[  224.293936][T10998] bridge0: port 1(bridge_slave_0) entered blocking state
[  224.295267][T11046] IPVS: using max 16 ests per chain, 38400 per kthread
[  224.301322][T10998] bridge0: port 1(bridge_slave_0) entered disabled state
[  224.327255][T10998] bridge_slave_0: entered allmulticast mode
[  224.336255][T10998] bridge_slave_0: entered promiscuous mode
[  224.350788][T10998] bridge0: port 2(bridge_slave_1) entered blocking state
[  224.395695][T10998] bridge0: port 2(bridge_slave_1) entered disabled state
[  224.403032][T10998] bridge_slave_1: entered allmulticast mode
[  224.449488][T10998] bridge_slave_1: entered promiscuous mode
[  224.547830][T10998] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  224.573648][T10998] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  224.650220][T10998] team0: Port device team_slave_0 added
[  224.702902][T10998] team0: Port device team_slave_1 added
[  224.782066][T10998] batman_adv: batadv0: Adding interface: batadv_slave_0
[  224.794623][T10998] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  224.821261][T10998] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  224.835326][T10998] batman_adv: batadv0: Adding interface: batadv_slave_1
[  224.842382][T10998] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  224.883824][T10998] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  225.047953][T10998] hsr_slave_0: entered promiscuous mode
[  225.065291][T10998] hsr_slave_1: entered promiscuous mode
[  225.086252][T10998] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  225.093856][T10998] Cannot create hsr debugfs directory
[  225.425446][ T5100] Bluetooth: hci0: command tx timeout
[  225.674180][T10998] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.787919][T10998] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.828507][ T5177] IPVS: starting estimator thread 0...
[  225.935371][T11110] IPVS: using max 17 ests per chain, 40800 per kthread
[  226.015794][T10998] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  226.177965][T10998] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  226.480014][T10998] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  226.533349][T10998] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  226.578257][T10998] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  226.604512][T10998] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  226.895504][T10998] 8021q: adding VLAN 0 to HW filter on device bond0
[  226.937943][T11166] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  226.945118][T11166] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  226.974447][T10998] 8021q: adding VLAN 0 to HW filter on device team0
[  227.044169][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[  227.051393][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[  227.069190][  T784] bridge0: port 2(bridge_slave_1) entered blocking state
[  227.076414][  T784] bridge0: port 2(bridge_slave_1) entered forwarding state
[  227.213813][T11182] xt_CONNSECMARK: invalid mode: 0
[  227.472745][T11197] __nla_validate_parse: 3 callbacks suppressed
[  227.472766][T11197] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2428'.
[  227.505382][ T5100] Bluetooth: hci0: command tx timeout
[  227.537145][T11199] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2427'.
[  227.647149][T10998] 8021q: adding VLAN 0 to HW filter on device batadv0
[  227.786536][T10998] veth0_vlan: entered promiscuous mode
[  227.808884][T10998] veth1_vlan: entered promiscuous mode
[  227.920402][T10998] veth0_macvtap: entered promiscuous mode
[  227.962284][T11217] pimreg: entered allmulticast mode
[  227.999604][T10998] veth1_macvtap: entered promiscuous mode
[  228.036512][T11217] pimreg: left allmulticast mode
[  228.110189][T10998] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  228.128504][T10998] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.143294][T10998] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  228.158226][T10998] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.171841][T10998] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  228.213341][T10998] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.227124][T10998] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  228.248267][T10998] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.278511][T10998] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  228.305016][T10998] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.328865][T10998] batman_adv: batadv0: Interface activated: batadv_slave_0
[  228.365607][T10998] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  228.384141][T10998] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.395578][T10998] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  228.420800][T10998] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.433962][T10998] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  228.465020][T10998] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.474890][T10998] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  228.491581][T10998] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.501581][T10998] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  228.512475][T10998] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.527172][T10998] batman_adv: batadv0: Interface activated: batadv_slave_1
[  228.567909][T10998] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  228.601257][T10998] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  228.625301][T10998] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  228.642919][T10998] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  228.857739][ T2460] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  228.892280][ T2460] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  228.946036][ T2460] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  228.977466][ T2460] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  229.139332][T11265] pim6reg: entered allmulticast mode
[  229.163711][T11265] pim6reg: left allmulticast mode
[  229.585429][ T5100] Bluetooth: hci0: command tx timeout
[  229.864587][T11308] bond_slave_0: entered promiscuous mode
[  229.870370][T11308] bond_slave_1: entered promiscuous mode
[  229.911983][T11308] macsec1: entered promiscuous mode
[  229.926037][T11308] bond0: entered promiscuous mode
[  229.931644][T11308] macsec1: entered allmulticast mode
[  229.951195][T11308] bond0: entered allmulticast mode
[  229.962407][T11308] bond_slave_0: entered allmulticast mode
[  229.970643][T11308] bond_slave_1: entered allmulticast mode
[  230.020502][T11308] bond0: left allmulticast mode
[  230.039308][T11308] bond_slave_0: left allmulticast mode
[  230.045216][T11308] bond_slave_1: left allmulticast mode
[  230.055410][T11308] bond0: left promiscuous mode
[  230.061719][T11308] bond_slave_0: left promiscuous mode
[  230.067245][T11308] bond_slave_1: left promiscuous mode
[  230.161431][T11323] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2484'.
[  230.714391][T11354] pimreg: entered allmulticast mode
[  230.730160][T11360] pimreg: left allmulticast mode
[  231.199840][T11387] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2513'.
[  231.520326][T11408] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2523'.
[  231.535339][T11412] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2525'.
[  231.665750][ T5100] Bluetooth: hci0: command tx timeout
[  232.089771][T11441] Bluetooth: MGMT ver 1.22
[  232.335579][   T29] audit: type=1804 audit(1719331706.269:30): pid=11454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2540" name="/root/syzkaller.DVN1gR/491/cgroup.controllers" dev="sda1" ino=1968 res=1 errno=0
[  232.429170][   T29] audit: type=1804 audit(1719331706.359:31): pid=11454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2540" name="/root/syzkaller.DVN1gR/491/cgroup.controllers" dev="sda1" ino=1968 res=1 errno=0
[  232.564411][T11466] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2548'.
[  232.970067][T11483] tipc: Can't bind to reserved service type 2
[  233.263130][T11502] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2562'.
[  233.664500][   T29] audit: type=1804 audit(1719331707.589:32): pid=11523 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2573" name="/root/syzkaller.rhWtAi/26/cgroup.controllers" dev="sda1" ino=1981 res=1 errno=0
[  233.790382][   T29] audit: type=1804 audit(1719331707.719:33): pid=11523 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2573" name="/root/syzkaller.rhWtAi/26/cgroup.controllers" dev="sda1" ino=1981 res=1 errno=0
[  234.050389][T11532] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2578'.
[  234.060066][T11536] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  234.074308][T11536] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  234.089292][T11535] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2576'.
[  234.334401][T11537] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2579'.
[  234.931052][T11573] macvlan2: entered promiscuous mode
[  234.944336][T11573] veth1_to_bond: entered promiscuous mode
[  234.973697][T11573] team0: Port device macvlan2 added
[  235.115309][T11584] netlink: 228 bytes leftover after parsing attributes in process `syz.2.2599'.
[  235.143317][T11584] netlink: 'syz.2.2599': attribute type 2 has an invalid length.
[  235.235232][   T29] audit: type=1804 audit(1719331709.159:34): pid=11585 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2598" name="/root/syzkaller.rhWtAi/30/cgroup.controllers" dev="sda1" ino=1975 res=1 errno=0
[  235.309784][   T29] audit: type=1804 audit(1719331709.239:35): pid=11588 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2598" name="/root/syzkaller.rhWtAi/30/cgroup.controllers" dev="sda1" ino=1975 res=1 errno=0
[  235.869243][ T5108] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  235.886585][ T5108] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  235.904648][ T5108] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  235.921366][ T5108] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  235.930714][ T5108] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  235.938227][ T5108] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  237.521142][ T5108] Bluetooth: hci4: command 0x0406 tx timeout
[  237.612593][T11611] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2607'.
[  237.767409][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  237.839682][T11611] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2607'.
[  237.986684][ T5100] Bluetooth: hci1: command tx timeout
[  238.016856][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.117385][T11625] EXT4-fs warning (device sda1): verify_group_input:167: Cannot read last block (281374)
[  238.297103][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.304014][ T5108] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  238.316824][ T5108] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  238.328652][ T5108] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  238.342662][ T5108] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  238.351437][ T5108] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  238.359369][ T5108] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  238.453832][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.611866][   T29] audit: type=1804 audit(1719331712.539:36): pid=11638 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2616" name="/root/syzkaller.aN2jkH/568/cgroup.controllers" dev="sda1" ino=1969 res=1 errno=0
[  238.714281][   T29] audit: type=1804 audit(1719331712.639:37): pid=11643 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2616" name="/root/syzkaller.aN2jkH/568/cgroup.controllers" dev="sda1" ino=1969 res=1 errno=0
[  238.803952][T11640] bridge0: port 2(bridge_slave_1) entered listening state
[  238.824353][T11651] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2622'.
[  238.863846][T11651] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2622'.
[  238.928392][T11592] chnl_net:caif_netlink_parms(): no params data found
[  239.062505][   T35] bridge_slave_1: left allmulticast mode
[  239.076979][   T35] bridge_slave_1: left promiscuous mode
[  239.082857][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  239.118210][   T35] bridge_slave_0: left allmulticast mode
[  239.127225][   T35] bridge_slave_0: left promiscuous mode
[  239.134003][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  239.806742][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  239.832442][   T35] bond0 (unregistering): Released all slaves
[  239.857443][   T35] bond1 (unregistering): Released all slaves
[  240.025143][   T35] tipc: Disabling bearer <eth:vlan0>
[  240.055646][   T35] tipc: Left network mode
[  240.066422][ T5108] Bluetooth: hci1: command tx timeout
[  240.255352][T11592] bridge0: port 1(bridge_slave_0) entered blocking state
[  240.272947][T11592] bridge0: port 1(bridge_slave_0) entered disabled state
[  240.293202][T11592] bridge_slave_0: entered allmulticast mode
[  240.312535][T11592] bridge_slave_0: entered promiscuous mode
[  240.341514][T11592] bridge0: port 2(bridge_slave_1) entered blocking state
[  240.356264][T11592] bridge0: port 2(bridge_slave_1) entered disabled state
[  240.364227][T11592] bridge_slave_1: entered allmulticast mode
[  240.380596][T11592] bridge_slave_1: entered promiscuous mode
[  240.465435][ T5108] Bluetooth: hci4: command tx timeout
[  240.781702][T11592] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  240.813005][   T35] batadv0: left promiscuous mode
[  240.830930][   T35] veth0: left promiscuous mode
[  240.871045][   T35] hsr_slave_0: left promiscuous mode
[  240.890924][   T35] hsr_slave_1: left promiscuous mode
[  240.913487][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  240.938780][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  240.952324][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  240.975154][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  241.035961][   T35] veth1_macvtap: left promiscuous mode
[  241.047988][   T35] veth0_macvtap: left promiscuous mode
[  241.063652][   T35] veth1_vlan: left promiscuous mode
[  241.071711][   T35] veth0_vlan: left promiscuous mode
[  241.152797][T11717] openvswitch: netlink: Key 0 has unexpected len 4 expected 0
[  241.445553][T11723] netlink: 228 bytes leftover after parsing attributes in process `syz.3.2652'.
[  241.454937][T11723] netlink: 'syz.3.2652': attribute type 2 has an invalid length.
[  241.857241][   T35] team0 (unregistering): Port device team_slave_1 removed
[  241.909897][   T35] team0 (unregistering): Port device team_slave_0 removed
[  242.149302][ T5108] Bluetooth: hci1: command tx timeout
[  242.358055][T11592] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  242.468386][    C1] bridge0: port 2(bridge_slave_1) entered learning state
[  242.531504][T11592] team0: Port device team_slave_0 added
[  242.545225][ T5108] Bluetooth: hci4: command tx timeout
[  242.574833][T11633] chnl_net:caif_netlink_parms(): no params data found
[  242.628203][T11592] team0: Port device team_slave_1 added
[  242.777527][T11592] batman_adv: batadv0: Adding interface: batadv_slave_0
[  242.794843][T11592] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  242.850590][T11592] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  242.899509][T11592] batman_adv: batadv0: Adding interface: batadv_slave_1
[  242.915144][T11592] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  242.965933][T11592] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  243.171814][T11758] (unnamed net_device) (uninitialized): option primary_reselect: invalid value (64)
[  243.405246][T11592] hsr_slave_0: entered promiscuous mode
[  243.442404][T11592] hsr_slave_1: entered promiscuous mode
[  243.463728][T11592] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  243.475584][T11592] Cannot create hsr debugfs directory
[  243.491808][T11633] bridge0: port 1(bridge_slave_0) entered blocking state
[  243.507324][T11633] bridge0: port 1(bridge_slave_0) entered disabled state
[  243.524892][T11633] bridge_slave_0: entered allmulticast mode
[  243.547471][T11633] bridge_slave_0: entered promiscuous mode
[  243.688494][T11633] bridge0: port 2(bridge_slave_1) entered blocking state
[  243.700218][T11633] bridge0: port 2(bridge_slave_1) entered disabled state
[  243.712570][T11633] bridge_slave_1: entered allmulticast mode
[  243.727827][T11633] bridge_slave_1: entered promiscuous mode
[  243.898062][   T35] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  243.910757][   T35] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  244.057787][   T35] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  244.101308][   T35] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  244.132372][T11633] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  244.142118][T11804] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2684'.
[  244.189114][T11633] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  244.235823][ T5108] Bluetooth: hci1: command tx timeout
[  244.413648][   T35] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  244.443584][   T35] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  244.630603][   T35] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  244.636466][ T5108] Bluetooth: hci4: command tx timeout
[  244.653023][   T35] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  244.714021][T11633] team0: Port device team_slave_0 added
[  244.743800][T11827] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  244.749353][T11633] team0: Port device team_slave_1 added
[  244.765222][T11827] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  244.896151][T11633] batman_adv: batadv0: Adding interface: batadv_slave_0
[  244.903804][T11633] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  244.948432][T11633] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  245.129806][T11633] batman_adv: batadv0: Adding interface: batadv_slave_1
[  245.156091][T11633] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  245.186424][T11633] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  245.229090][T11850] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2702'.
[  245.329024][T11633] hsr_slave_0: entered promiscuous mode
[  245.343868][T11633] hsr_slave_1: entered promiscuous mode
[  245.360019][T11633] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  245.378208][T11633] Cannot create hsr debugfs directory
[  245.514639][   T35] bond1: left allmulticast mode
[  245.542870][   T35] bridge1: left allmulticast mode
[  245.552203][   T35] bond1: left promiscuous mode
[  245.559523][   T35] bridge1: left promiscuous mode
[  245.564840][   T35] bridge0: port 3(bond1) entered disabled state
[  245.588435][   T35] bridge_slave_0: left allmulticast mode
[  245.594136][   T35] bridge_slave_0: left promiscuous mode
[  245.603092][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.341008][   T35] bond1 (unregistering): (slave bridge1): Releasing backup interface
[  246.624457][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  246.642438][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  246.654562][   T35] bond0 (unregistering): Released all slaves
[  246.675606][   T35] bond1 (unregistering): Released all slaves
[  246.705380][ T5108] Bluetooth: hci4: command tx timeout
[  248.526854][T11879] sctp: [Deprecated]: syz.2.2712 (pid 11879) Use of int in max_burst socket option.
[  248.526854][T11879] Use struct sctp_assoc_value instead
[  248.767006][T11883] ip6tnl1: entered allmulticast mode
[  248.905962][T11592] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  248.948889][   T35] hsr_slave_0: left promiscuous mode
[  248.955667][   T35] hsr_slave_1: left promiscuous mode
[  248.961928][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  248.969714][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  248.982032][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  248.991614][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  249.021534][   T35] veth1_to_bond: left promiscuous mode
[  249.030706][   T35] veth1_macvtap: left promiscuous mode
[  249.036477][   T35] veth0_macvtap: left promiscuous mode
[  249.042245][   T35] veth1_vlan: left promiscuous mode
[  249.048091][   T35] veth0_vlan: left promiscuous mode
[  249.192855][   T35] team0 (unregistering): Port device macvlan2 removed
[  249.653978][   T35] team0 (unregistering): Port device team_slave_1 removed
[  249.698398][   T35] team0 (unregistering): Port device team_slave_0 removed
[  250.141152][T11592] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  250.170882][T11891] netlink: 830 bytes leftover after parsing attributes in process `syz.2.2719'.
[  250.189741][T11592] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  250.292758][T11592] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  250.481982][T11901] unknown channel width for channel at 909000KHz?
[  250.499555][T11901] unknown channel width for channel at 909000KHz?
[  250.590138][T11907] ip6tnl1: entered allmulticast mode
[  250.825070][T11914] netlink: 120 bytes leftover after parsing attributes in process `syz.2.2730'.
[  250.850508][T11592] 8021q: adding VLAN 0 to HW filter on device bond0
[  250.884448][T11917] netlink: 830 bytes leftover after parsing attributes in process `syz.3.2731'.
[  250.894831][T11914] xt_TPROXY: Can be used only with -p tcp or -p udp
[  250.973603][T11592] 8021q: adding VLAN 0 to HW filter on device team0
[  250.994087][T11633] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  251.017731][T11633] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  251.161487][T11633] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  251.216614][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[  251.223788][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[  251.355467][T11633] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  251.375401][T11933] sctp: [Deprecated]: syz.3.2736 (pid 11933) Use of int in max_burst socket option.
[  251.375401][T11933] Use struct sctp_assoc_value instead
[  251.412079][ T5177] bridge0: port 2(bridge_slave_1) entered blocking state
[  251.419317][ T5177] bridge0: port 2(bridge_slave_1) entered forwarding state
[  251.815292][T11633] 8021q: adding VLAN 0 to HW filter on device bond0
[  251.867852][T11633] 8021q: adding VLAN 0 to HW filter on device team0
[  251.914508][ T5146] bridge0: port 1(bridge_slave_0) entered blocking state
[  251.921781][ T5146] bridge0: port 1(bridge_slave_0) entered forwarding state
[  251.990860][ T5145] bridge0: port 2(bridge_slave_1) entered blocking state
[  251.998148][ T5145] bridge0: port 2(bridge_slave_1) entered forwarding state
[  252.102560][T11960] unknown channel width for channel at 909000KHz?
[  252.123606][T11960] unknown channel width for channel at 909000KHz?
[  252.153576][T11633] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  252.226881][T11592] 8021q: adding VLAN 0 to HW filter on device batadv0
[  252.317175][T11969] ip6tnl1: entered allmulticast mode
[  252.469820][T11592] veth0_vlan: entered promiscuous mode
[  252.523597][T11592] veth1_vlan: entered promiscuous mode
[  252.544311][T11976] netlink: 'syz.3.2752': attribute type 1 has an invalid length.
[  252.557332][T11976] netlink: 'syz.3.2752': attribute type 2 has an invalid length.
[  252.673028][T11633] 8021q: adding VLAN 0 to HW filter on device batadv0
[  252.709294][T11592] veth0_macvtap: entered promiscuous mode
[  252.750463][T11592] veth1_macvtap: entered promiscuous mode
[  252.829798][T11592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  252.880084][T11592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.906744][T11592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  252.937395][T11592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.950698][T11592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  252.966580][T11592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.978200][T11592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  252.990121][T11592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.002258][T11592] batman_adv: batadv0: Interface activated: batadv_slave_0
[  253.061137][T11592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  253.083447][T11592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.100088][T11592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  253.117789][T11592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.127819][T11592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  253.145423][T11592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.165686][T11592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  253.184887][T11592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.208258][T11592] batman_adv: batadv0: Interface activated: batadv_slave_1
[  253.244680][T11592] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  253.295308][T11592] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  253.310808][T11592] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  253.341446][T11592] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  253.626857][T11633] veth0_vlan: entered promiscuous mode
[  253.648108][T11633] veth1_vlan: entered promiscuous mode
[  253.925169][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  253.932203][T11633] veth0_macvtap: entered promiscuous mode
[  253.933152][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  253.995445][T12008] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2765'.
[  254.060002][T12031] netlink: 'syz.2.2775': attribute type 1 has an invalid length.
[  254.081826][T12031] netlink: 'syz.2.2775': attribute type 2 has an invalid length.
[  254.134760][T11633] veth1_macvtap: entered promiscuous mode
[  254.180178][ T2462] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  254.191641][ T2462] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  254.382036][T12038] netlink: 'syz.2.2777': attribute type 12 has an invalid length.
[  254.412698][T12038] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2777'.
[  254.454728][T11633] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  254.485064][T11633] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  254.516033][T11633] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  254.539453][T11633] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  254.552579][T11633] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  254.595198][T11633] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  254.607947][T12051] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2601'.
[  254.629008][T11633] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  254.639609][T11633] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  254.653238][T11633] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  254.677463][T11633] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  254.702039][T11633] batman_adv: batadv0: Interface activated: batadv_slave_0
[  254.729660][T12051] netlink: 'syz.0.2601': attribute type 4 has an invalid length.
[  254.841721][T11633] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  254.862986][T11633] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  254.875625][T11633] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  254.889611][T11633] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  254.929554][T11633] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  254.943073][T11633] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  254.973743][T11633] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  254.984770][T11633] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  255.007009][T11633] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  255.018460][T11633] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  255.034340][T11633] batman_adv: batadv0: Interface activated: batadv_slave_1
[  255.167401][T11633] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  255.206805][T11633] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  255.235363][T11633] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  255.267534][T11633] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  255.295754][T12076] netlink: 'syz.0.2792': attribute type 12 has an invalid length.
[  255.316882][T12076] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2792'.
[  255.785262][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  255.793140][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  255.803182][ T2927] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  255.840594][ T2927] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  255.909117][ T1246] ieee802154 phy1 wpan1: encryption failed: -22
[  255.929897][T12066] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2789'.
[  256.101139][T12109] netlink: 'syz.1.2806': attribute type 12 has an invalid length.
[  256.116374][T12109] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2806'.
[  256.431798][T12120] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2809'.
[  256.772304][T12138] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  256.829163][T12141] netlink: 'syz.0.2821': attribute type 12 has an invalid length.
[  256.843264][T12141] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2821'.
[  257.758431][T12147] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2824'.
[  257.825854][    C1] bridge0: port 2(bridge_slave_1) entered forwarding state
[  257.880731][T12191] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2842'.
[  258.259935][T12201] netlink: 'syz.0.2845': attribute type 4 has an invalid length.
[  258.371129][T12201] netlink: 'syz.0.2845': attribute type 4 has an invalid length.
[  258.452654][T12207] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  259.144749][T12245] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  259.624285][T12270] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2866'.
[  259.970418][T12283] netlink: 'syz.4.2870': attribute type 4 has an invalid length.
[  260.045373][T12283] netlink: 'syz.4.2870': attribute type 4 has an invalid length.
[  260.099665][T12237] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2858'.
[  260.410951][T12295] netlink: 'syz.2.2877': attribute type 1 has an invalid length.
[  260.443035][T12295] netlink: 161700 bytes leftover after parsing attributes in process `syz.2.2877'.
[  260.575708][T12303] tipc: Started in network mode
[  260.584707][T12303] tipc: Node identity aaaaaaaaaa41, cluster identity 4711
[  260.621772][T12303] tipc: Enabled bearer <eth:geneve1>, priority 0
[  261.032202][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  261.224821][T12336] pim6reg: entered allmulticast mode
[  261.255928][T12336] pim6reg: left allmulticast mode
[  261.302310][T12345] x_tables: duplicate underflow at hook 1
[  261.706597][T12361] vxcan1: tx address claim with dest, not broadcast
[  261.745618][  T784] tipc: Node number set to 15444650
[  261.869731][   T35] ==================================================================
[  261.877855][   T35] BUG: KASAN: slab-use-after-free in l2tp_tunnel_del_work+0xe5/0x330
[  261.886001][   T35] Read of size 8 at addr ffff88802d6c58b8 by task kworker/u8:2/35
[  261.893840][   T35] 
[  261.896200][   T35] CPU: 1 PID: 35 Comm: kworker/u8:2 Not tainted 6.10.0-rc4-syzkaller-00909-g73cfd947dbdb #0
[  261.906291][   T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  261.916481][   T35] Workqueue: l2tp l2tp_tunnel_del_work
[  261.922181][   T35] Call Trace:
[  261.925485][   T35]  <TASK>
[  261.928440][   T35]  dump_stack_lvl+0x241/0x360
[  261.933160][   T35]  ? __pfx_dump_stack_lvl+0x10/0x10
[  261.938396][   T35]  ? __pfx__printk+0x10/0x10
[  261.943021][   T35]  ? _printk+0xd5/0x120
[  261.947215][   T35]  ? __virt_addr_valid+0x183/0x520
[  261.952365][   T35]  ? __virt_addr_valid+0x183/0x520
[  261.957524][   T35]  print_report+0x169/0x550
[  261.962072][   T35]  ? __virt_addr_valid+0x183/0x520
[  261.967222][   T35]  ? __virt_addr_valid+0x183/0x520
[  261.972370][   T35]  ? __virt_addr_valid+0x44e/0x520
[  261.977514][   T35]  ? __phys_addr+0xba/0x170
[  261.982039][   T35]  ? l2tp_tunnel_del_work+0xe5/0x330
[  261.987335][   T35]  kasan_report+0x143/0x180
[  261.991857][   T35]  ? l2tp_tunnel_del_work+0xe5/0x330
[  261.997164][   T35]  l2tp_tunnel_del_work+0xe5/0x330
[  262.002295][   T35]  ? process_scheduled_works+0x945/0x1830
[  262.008024][   T35]  process_scheduled_works+0xa2c/0x1830
[  262.013699][   T35]  ? __pfx_process_scheduled_works+0x10/0x10
[  262.019685][   T35]  ? assign_work+0x364/0x3d0
[  262.024288][   T35]  worker_thread+0x86d/0xd70
[  262.028907][   T35]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  262.034997][   T35]  ? __kthread_parkme+0x169/0x1d0
[  262.040049][   T35]  ? __pfx_worker_thread+0x10/0x10
[  262.045163][   T35]  kthread+0x2f0/0x390
[  262.049673][   T35]  ? __pfx_worker_thread+0x10/0x10
[  262.054785][   T35]  ? __pfx_kthread+0x10/0x10
[  262.059381][   T35]  ret_from_fork+0x4b/0x80
[  262.063803][   T35]  ? __pfx_kthread+0x10/0x10
[  262.068399][   T35]  ret_from_fork_asm+0x1a/0x30
[  262.073182][   T35]  </TASK>
[  262.076199][   T35] 
[  262.078547][   T35] Allocated by task 12365:
[  262.082956][   T35]  kasan_save_track+0x3f/0x80
[  262.087638][   T35]  __kasan_kmalloc+0x98/0xb0
[  262.092233][   T35]  __kmalloc_noprof+0x1f9/0x400
[  262.097182][   T35]  l2tp_session_create+0x3b/0xc20
[  262.102222][   T35]  pppol2tp_connect+0xca3/0x17a0
[  262.107167][   T35]  __sys_connect+0x2df/0x310
[  262.111757][   T35]  __x64_sys_connect+0x7a/0x90
[  262.116522][   T35]  do_syscall_64+0xf3/0x230
[  262.121043][   T35]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.126948][   T35] 
[  262.129275][   T35] Freed by task 24:
[  262.133096][   T35]  kasan_save_track+0x3f/0x80
[  262.137783][   T35]  kasan_save_free_info+0x40/0x50
[  262.142808][   T35]  poison_slab_object+0xe0/0x150
[  262.147760][   T35]  __kasan_slab_free+0x37/0x60
[  262.152527][   T35]  kfree+0x149/0x360
[  262.156429][   T35]  __sk_destruct+0x58/0x5f0
[  262.160942][   T35]  rcu_core+0xafd/0x1830
[  262.165184][   T35]  handle_softirqs+0x2c4/0x970
[  262.169952][   T35]  run_ksoftirqd+0xca/0x130
[  262.174453][   T35]  smpboot_thread_fn+0x544/0xa30
[  262.179389][   T35]  kthread+0x2f0/0x390
[  262.183462][   T35]  ret_from_fork+0x4b/0x80
[  262.187883][   T35]  ret_from_fork_asm+0x1a/0x30
[  262.192654][   T35] 
[  262.194982][   T35] Last potentially related work creation:
[  262.200699][   T35]  kasan_save_stack+0x3f/0x60
[  262.205395][   T35]  __kasan_record_aux_stack+0xac/0xc0
[  262.210869][   T35]  call_rcu+0x167/0xa70
[  262.215042][   T35]  pppol2tp_release+0x24b/0x350
[  262.219916][   T35]  sock_close+0xbc/0x240
[  262.224179][   T35]  __fput+0x406/0x8b0
[  262.228265][   T35]  task_work_run+0x24f/0x310
[  262.232870][   T35]  syscall_exit_to_user_mode+0x168/0x370
[  262.238516][   T35]  do_syscall_64+0x100/0x230
[  262.243128][   T35]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.249038][   T35] 
[  262.251360][   T35] The buggy address belongs to the object at ffff88802d6c5800
[  262.251360][   T35]  which belongs to the cache kmalloc-1k of size 1024
[  262.265596][   T35] The buggy address is located 184 bytes inside of
[  262.265596][   T35]  freed 1024-byte region [ffff88802d6c5800, ffff88802d6c5c00)
[  262.279654][   T35] 
[  262.281973][   T35] The buggy address belongs to the physical page:
[  262.288401][   T35] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2d6c0
[  262.297248][   T35] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  262.305750][   T35] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  262.313842][   T35] page_type: 0xffffefff(slab)
[  262.318523][   T35] raw: 00fff00000000040 ffff888015041dc0 0000000000000000 dead000000000001
[  262.327110][   T35] raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000
[  262.335699][   T35] head: 00fff00000000040 ffff888015041dc0 0000000000000000 dead000000000001
[  262.344368][   T35] head: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000
[  262.353046][   T35] head: 00fff00000000003 ffffea0000b5b001 ffffffffffffffff 0000000000000000
[  262.361836][   T35] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  262.370894][   T35] page dumped because: kasan: bad access detected
[  262.377333][   T35] page_owner tracks the page as allocated
[  262.383062][   T35] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2462, tgid 2462 (kworker/u8:10), ts 70470943545, free_ts 70426494778
[  262.403916][   T35]  post_alloc_hook+0x1f3/0x230
[  262.408698][   T35]  get_page_from_freelist+0x2e43/0x2f00
[  262.414258][   T35]  __alloc_pages_noprof+0x256/0x6c0
[  262.419464][   T35]  alloc_slab_page+0x5f/0x120
[  262.424236][   T35]  allocate_slab+0x5a/0x2f0
[  262.428742][   T35]  ___slab_alloc+0xcd1/0x14b0
[  262.433423][   T35]  __slab_alloc+0x58/0xa0
[  262.437763][   T35]  kmalloc_node_track_caller_noprof+0x281/0x440
[  262.444013][   T35]  kmalloc_reserve+0x111/0x2a0
[  262.448804][   T35]  __alloc_skb+0x1f3/0x440
[  262.453235][   T35]  inet6_rt_notify+0xdf/0x290
[  262.457925][   T35]  fib6_add+0x1e33/0x4430
[  262.462261][   T35]  ip6_ins_rt+0x106/0x170
[  262.466606][   T35]  __ipv6_ifa_notify+0x5d2/0x1230
[  262.471642][   T35]  addrconf_dad_completed+0x181/0xcd0
[  262.477037][   T35]  addrconf_dad_work+0xdc2/0x16f0
[  262.482097][   T35] page last free pid 5103 tgid 5103 stack trace:
[  262.488422][   T35]  free_unref_page+0xd22/0xea0
[  262.493196][   T35]  __slab_free+0x31b/0x3d0
[  262.497618][   T35]  qlist_free_all+0x9e/0x140
[  262.502211][   T35]  kasan_quarantine_reduce+0x14f/0x170
[  262.507671][   T35]  __kasan_slab_alloc+0x23/0x80
[  262.512552][   T35]  kmem_cache_alloc_lru_noprof+0x139/0x2b0
[  262.518382][   T35]  sock_alloc_inode+0x28/0xc0
[  262.523064][   T35]  new_inode_pseudo+0x69/0x1e0
[  262.527838][   T35]  __sock_create+0x123/0x920
[  262.532696][   T35]  __sys_socket+0x150/0x3c0
[  262.537205][   T35]  __x64_sys_socket+0x7a/0x90
[  262.541887][   T35]  do_syscall_64+0xf3/0x230
[  262.546447][   T35]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.552356][   T35] 
[  262.554678][   T35] Memory state around the buggy address:
[  262.560407][   T35]  ffff88802d6c5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  262.568492][   T35]  ffff88802d6c5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  262.576566][   T35] >ffff88802d6c5880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  262.584644][   T35]                                         ^
[  262.590542][   T35]  ffff88802d6c5900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  262.598613][   T35]  ffff88802d6c5980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  262.606853][   T35] ==================================================================
[  262.615046][   T35] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  262.622356][   T35] CPU: 1 PID: 35 Comm: kworker/u8:2 Not tainted 6.10.0-rc4-syzkaller-00909-g73cfd947dbdb #0
[  262.632455][   T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  262.642891][   T35] Workqueue: l2tp l2tp_tunnel_del_work
[  262.648414][   T35] Call Trace:
[  262.652325][   T35]  <TASK>
[  262.655282][   T35]  dump_stack_lvl+0x241/0x360
[  262.660020][   T35]  ? __pfx_dump_stack_lvl+0x10/0x10
[  262.665254][   T35]  ? __pfx__printk+0x10/0x10
[  262.669880][   T35]  ? vscnprintf+0x5d/0x90
[  262.674249][   T35]  panic+0x349/0x860
[  262.678177][   T35]  ? check_panic_on_warn+0x21/0xb0
[  262.683327][   T35]  ? __pfx_panic+0x10/0x10
[  262.687774][   T35]  ? mark_lock+0x9a/0x350
[  262.692130][   T35]  ? _raw_spin_unlock_irqrestore+0xd8/0x140
[  262.698040][   T35]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  262.704052][   T35]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  262.710406][   T35]  ? print_report+0x502/0x550
[  262.715192][   T35]  check_panic_on_warn+0x86/0xb0
[  262.720149][   T35]  ? l2tp_tunnel_del_work+0xe5/0x330
[  262.725623][   T35]  end_report+0x77/0x160
[  262.729886][   T35]  kasan_report+0x154/0x180
[  262.734402][   T35]  ? l2tp_tunnel_del_work+0xe5/0x330
[  262.739703][   T35]  l2tp_tunnel_del_work+0xe5/0x330
[  262.744835][   T35]  ? process_scheduled_works+0x945/0x1830
[  262.750562][   T35]  process_scheduled_works+0xa2c/0x1830
[  262.756131][   T35]  ? __pfx_process_scheduled_works+0x10/0x10
[  262.762295][   T35]  ? assign_work+0x364/0x3d0
[  262.767413][   T35]  worker_thread+0x86d/0xd70
[  262.772014][   T35]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  262.778457][   T35]  ? __kthread_parkme+0x169/0x1d0
[  262.783604][   T35]  ? __pfx_worker_thread+0x10/0x10
[  262.788737][   T35]  kthread+0x2f0/0x390
[  262.792822][   T35]  ? __pfx_worker_thread+0x10/0x10
[  262.797945][   T35]  ? __pfx_kthread+0x10/0x10
[  262.802549][   T35]  ret_from_fork+0x4b/0x80
[  262.806978][   T35]  ? __pfx_kthread+0x10/0x10
[  262.811596][   T35]  ret_from_fork_asm+0x1a/0x30
[  262.816381][   T35]  </TASK>
[  262.819516][   T35] Kernel Offset: disabled
[  262.823841][   T35] Rebooting in 86400 seconds..