last executing test programs: 7m20.559090671s ago: executing program 1 (id=894): accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) 7m20.289630045s ago: executing program 1 (id=895): bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="000000005e44f954c6b311a854a7ce673b46342911d1f0619eb513229688763fe15f", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32, @ANYBLOB='\x00'/14], 0x50) readv(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000001b80)=""/4096, 0x1000}], 0x1) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES64=0x0], 0x80}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c0000000706010800000000000000000a00000405000100070000007f530267e257c15079c322d1d042679c590faf9fad4ec537f743c90776ae8f3bf59b9010f566fb23aa75745645a8b10289f627d49ffcf090cfeba99b121974f5d7a5cd8fd505fc57b6cea6c4333665b36e7adcd63f595f54ad1a2facab3e627ca43d26db539e1925144fd32cb21a31dc"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80) 7m20.24488489s ago: executing program 1 (id=896): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f00000002c0)=@req3={0x10000, 0x1, 0x100, 0x100, 0xe, 0x0, 0x3}, 0x1c) sendmmsg(r0, &(0x7f0000000a80)=[{{&(0x7f0000000100)=@hci={0x1f, 0xffffffffffffffff, 0x2}, 0x80, 0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x10}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)}], 0x1, 0x0, 0x1228}}], 0x2, 0x45) 7m19.947682213s ago: executing program 1 (id=901): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x7) sendmsg$nl_route(r1, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x8}, {0xfff1, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000980)=@delchain={0x24, 0x66, 0xf31, 0xfffffff8, 0x0, {0x0, 0x0, 0x0, r3, {0xb, 0xc}, {0xf, 0xffff}, {0x0, 0x1b}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) 7m19.348636119s ago: executing program 1 (id=902): socket$alg(0x26, 0x5, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000002c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm(aes))\x00'}, 0x58) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) accept4(r1, 0x0, 0x0, 0x80000) socket$inet_sctp(0x2, 0x1, 0x84) socket$nl_xfrm(0x10, 0x3, 0x6) socket$can_bcm(0x1d, 0x2, 0x2) accept4(r0, 0x0, 0x0, 0x800) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791048000000000061043c000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x1, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd8b, 0xffffffffffffffff}, 0x48) socket$inet6_mptcp(0xa, 0x1, 0x106) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r2, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r4}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 7m18.096812208s ago: executing program 1 (id=905): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0xffbf}], 0x1) 7m2.802983923s ago: executing program 32 (id=905): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0xffbf}], 0x1) 4.816411245s ago: executing program 4 (id=3342): socket$netlink(0x10, 0x3, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r1, &(0x7f0000000140), &(0x7f0000000000)=""/6, 0x2}, 0x20) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371900000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1}, 0x0) 3.81120146s ago: executing program 4 (id=3353): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x2000000, 0x12, r0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r1, 0x0, 0x0, 0x0) setsockopt$inet_int(r1, 0x0, 0x8, &(0x7f0000000180)=0xb, 0x4) recvmmsg(r1, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003cc0)=""/114, 0x72}, 0x4}], 0x1, 0x45833af92e4b38ff, 0x0) 3.573086502s ago: executing program 4 (id=3355): socketpair$unix(0x1, 0x3, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 3.395975941s ago: executing program 5 (id=3357): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x50, 0x2, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x60000000}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00') unshare(0x6a040000) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) socket(0x10, 0x803, 0x0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x4c02}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local}) ioctl$TUNSETGROUP(r1, 0x400454ce, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3000000010005fba00000000000000e500000000", @ANYRES32=0x0, @ANYBLOB="800002000800000008001b000000000008000d"], 0x30}}, 0x0) 3.345474049s ago: executing program 4 (id=3358): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000040c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="a00000000d0a010800000000000000000a0000010900020073797a31000000000900010073797a31000000007400038070000080640001805d"], 0xa0}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000) 3.103511965s ago: executing program 4 (id=3362): socket$nl_audit(0x10, 0x3, 0x9) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000fc0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000fc0)) r2 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r2, &(0x7f0000000440), 0x10) listen(r2, 0x5) socket$nl_xfrm(0x10, 0x3, 0x6) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) sendmsg$inet(r0, &(0x7f0000001580)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @private, @multicast1}}}], 0x20}, 0x0) recvmsg$unix(r1, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000001040)=[{&(0x7f00000015c0)=""/4096, 0x7ffff000}], 0x1, 0x0, 0x2}, 0x40000300) ioctl$int_in(r1, 0x5452, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 2.726047565s ago: executing program 5 (id=3366): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xc, 0x4}, {0x0, 0x9}, {0xf, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_MPLS_OPTS={0x18, 0x63, 0x0, 0x1, @TCA_FLOWER_KEY_MPLS_OPTS_LSE={0x14, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_MPLS_OPT_LSE_LABEL={0x8}, @TCA_FLOWER_KEY_MPLS_OPT_LSE_TC={0x5}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x20040054) 2.390572861s ago: executing program 0 (id=3368): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x40f00}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0xf5ffffff, &(0x7f0000000000)='%', 0x0, 0xd01, 0xbe02, 0x0, 0x0, 0x0, 0x0, 0x2, 0x31}, 0x48) 2.200626104s ago: executing program 0 (id=3370): bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=@base={0xf, 0x3, 0x8, 0x1}, 0x50) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="12"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r0, 0xffffffffffffffff}, &(0x7f0000000840), 0x0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={r1, &(0x7f0000000140)='4', &(0x7f00000001c0)=""/163}, 0x20) 2.164589242s ago: executing program 3 (id=3372): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000040c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="a00000000d0a010800000000000000000a0000010900020073797a31000000000900010073797a31000000007400038070000080640001805d"], 0xa0}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000) 2.150973484s ago: executing program 4 (id=3373): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x2, 0x2, 0x0) setsockopt$sock_int(r3, 0x1, 0x5, &(0x7f0000000180)=0xd, 0x4) 2.057590012s ago: executing program 0 (id=3374): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$SMC_PNETID_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="380000001000370400"/20, @ANYRES32=r1, @ANYBLOB="89040400000000001800128008000100736974000c00028008000100", @ANYRES32=r1], 0x38}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newlink={0x40, 0x10, 0x439, 0x0, 0x2, {0x0, 0x0, 0xe403, r1}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @multicast1}, @IFLA_IPTUN_6RD_RELAY_PREFIXLEN={0x6, 0xe, 0x2a36}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x0) 2.050667739s ago: executing program 2 (id=3375): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x4004095}, 0xc000) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000701feffffff0000000002"], 0x34}, 0x1, 0x0, 0x0, 0x4000895}, 0xc000) 1.942527123s ago: executing program 2 (id=3376): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x50, 0x2, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x60000000}]}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00') unshare(0x6a040000) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) socket(0x10, 0x803, 0x0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x4c02}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local}) ioctl$TUNSETGROUP(r1, 0x400454ce, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3000000010005fba00000000000000e500000000", @ANYRES32=0x0, @ANYBLOB="800002000800000008001b000000000008000d"], 0x30}}, 0x0) 1.896976458s ago: executing program 3 (id=3377): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="340000003e000701feffffff00000000017c0000040042800c000180062106a990390000100002"], 0x34}, 0x1, 0x0, 0x0, 0x4004095}, 0xc000) 1.873628642s ago: executing program 0 (id=3378): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000300), 0x4) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000003c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000700000008000300", @ANYRES32=r4, @ANYBLOB="140004006e696376663000000000000000000000080005000a00"], 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x2400c890) 1.752881949s ago: executing program 5 (id=3379): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)={0x2, 0x3, 0x0, 0x2, 0xe, 0x0, 0x0, 0x0, [@sadb_key={0x2, 0x8, 0x8, 0x0, "a3"}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @empty}}]}, 0x70}, 0x1, 0x7}, 0x0) 1.658394509s ago: executing program 3 (id=3380): bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x2, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095", @ANYRES8=0x0], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bind$netlink(0xffffffffffffffff, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbff, 0x200}, 0xc) socket$kcm(0x10, 0x2, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a40)=ANY=[@ANYBLOB="140000001000010000000000000000002000000a70000000060a0b0400000000000000000200000044000480200001800e000100636f6e6e6c696d69740000000c000280080001400000000010000180090001006c61737400000000100001800a00010072656469720000000900010073797a30000000000900020073797a320000000014000000110001"], 0x98}}, 0x0) close(r0) 1.606347719s ago: executing program 5 (id=3381): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge0\x00', 0x0}) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="05"], 0x6c}, 0x1, 0x0, 0x0, 0x10004000}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="780000001000830404000000fedbdf2500007400", @ANYRES32=r1, @ANYBLOB="0008000007500500580012800b0001006272696467650000480002800500190002000000050017"], 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x0, 0x0, 0x0}, 0x94) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='h'], 0x68}, 0x9}, 0x0) 1.436056613s ago: executing program 3 (id=3382): r0 = socket(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000ac0)={'ip6gretap0\x00'}) r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) unshare(0x22020600) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r6, r5, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r6}, &(0x7f0000000000), &(0x7f0000000080)=r2}, 0x20) recvmsg$unix(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001780)=""/4071, 0xfe7}, {&(0x7f0000000300)=""/78, 0x4e}, {&(0x7f0000000400)=""/133, 0xe8b}], 0x9}, 0x40020000) sendmsg$inet(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)}, 0x0) sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0x50}}, 0x0) sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0) 1.312442664s ago: executing program 5 (id=3383): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [], {0x14}}, 0x28}}, 0x0) 1.283327432s ago: executing program 0 (id=3384): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0xc, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0xfffffffe}, [@call={0x85, 0x0, 0x0, 0x11}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xd, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.11353455s ago: executing program 0 (id=3385): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={{0x14}, [], {0x14}}, 0x28}}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) sendmmsg$alg(r0, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 1.06160506s ago: executing program 5 (id=3386): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) r1 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/cgroup\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x215eb000) r2 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="0500000004000000080000000300000000000000", @ANYRES32, @ANYRES16=r2, @ANYRES32=0x0, @ANYRES64=r0, @ANYBLOB="0000f8ffffffffffffff000000d0ebac87c5a07a6a000000000000fb587200"], 0x50) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000e80)={r3, 0x58, &(0x7f0000000e00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18875400000000000000000000000004186b00000d0000000000000000001aca2737fd3beefb062e74cb4fee2d607c121c2d197fec5e20d9fc0000001b9c947ca71dbd40859a476360d692b157aeb288a9c500cceceff8a3f18f470f4e6b6b4b1ec6d019"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', r4, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000b00)={'ip6_vti0\x00', &(0x7f0000000a80)={'syztnl2\x00', 0x0, 0x4, 0x1, 0x0, 0x7, 0x5, @dev={0xfe, 0x80, '\x00', 0xe}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8, 0x700, 0x7f52, 0x8}}) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB="1b000000000000000000000002000000000000", @ANYRES32=r1, @ANYRES32=r5, @ANYRES32, @ANYBLOB="00000000010000000500"/28], 0x50) r6 = socket(0x14, 0x2, 0x4) ioctl$sock_SIOCGIFINDEX(r6, 0x61d0, 0x0) ioctl$NS_GET_OWNER_UID(r1, 0xb704, &(0x7f0000000a00)) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x38}}, 0x0) r8 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_GET_FEATURE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x10, 0x3fb, 0x20, 0x70bd26, 0x25dfdbff}, 0x10}, 0x1, 0x0, 0x0, 0x800}, 0xc0) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={0x20, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}, [@typed={0x8, 0x18, 0x0, 0x0, @binary="04ac0f00"}, @typed={0x4, 0x1e}]}, 0x20}, 0x1, 0x0, 0x0, 0x42804}, 0x0) r10 = socket$inet_sctp(0x2, 0x5, 0x84) socket$nl_route(0x10, 0x3, 0x0) clock_gettime(0x0, &(0x7f0000000380)={0x0, 0x0}) ppoll(&(0x7f0000000340)=[{r10, 0x4}], 0x1, &(0x7f00000003c0)={r11, r12+10000000}, &(0x7f0000000400)={[0x9]}, 0x8) 978.779322ms ago: executing program 2 (id=3387): unshare(0x24060400) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7}, [@call={0x85, 0x0, 0x0, 0xa0}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) 590.115091ms ago: executing program 2 (id=3389): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni-avx2\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f00000003c0), r1) sendmmsg$alg(r1, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe1a}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x4924924924924b9, 0x0) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0xfeb1}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x23) 360.887566ms ago: executing program 3 (id=3390): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRES64=0x0], 0x34}, 0x1, 0x0, 0x0, 0x4004095}, 0xc000) 314.119158ms ago: executing program 2 (id=3391): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)={0x2, 0x3, 0x0, 0x2, 0xe, 0x0, 0x0, 0x0, [@sadb_key={0x2, 0x8, 0x8, 0x0, "a3"}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @empty}}]}, 0x70}, 0x1, 0x7}, 0x0) 136.374101ms ago: executing program 3 (id=3392): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000004c0)=@gcm_128={{0x303}, "d2c2534942c5b50b", "7cf2455f0dffb8d958d3a0ac03093a5f", "7ce820be", "2ae2f0bc1a04d3a3"}, 0x28) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000240)=@ccm_128={{0x304}, "a23b57e385caf274", "7e5603468271324088f978e73afbecd4", "e96f9389", "2937dbae6ad08957"}, 0x28) 0s ago: executing program 2 (id=3393): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge0\x00', 0x0}) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="6c0000001000010400d2", @ANYRES32=r3, @ANYBLOB="05"], 0x6c}, 0x1, 0x0, 0x0, 0x10004000}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="780000001000830404000000fedbdf2500007400", @ANYRES32=r1, @ANYBLOB="0008000007500500580012800b0001006272696467650000480002800500190002000000050017"], 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x0, 0x0, 0x0}, 0x94) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='h'], 0x68}, 0x9}, 0x0) kernel console output (not intermixed with test programs): p=0x7fc051c7aeb9 code=0x7ffc0000 [ 383.413225][ T37] audit: type=1326 audit(2000000172.910:819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9199 comm="syz.4.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7fc051c7aeb9 code=0x7ffc0000 [ 383.413270][ T37] audit: type=1326 audit(2000000172.910:820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9199 comm="syz.4.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc051c7aeb9 code=0x7ffc0000 [ 383.413313][ T37] audit: type=1326 audit(2000000172.910:821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9199 comm="syz.4.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc051c7aeb9 code=0x7ffc0000 [ 383.413358][ T37] audit: type=1326 audit(2000000172.910:822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9199 comm="syz.4.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7fc051c7aeb9 code=0x7ffc0000 [ 383.413403][ T37] audit: type=1326 audit(2000000172.920:823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9199 comm="syz.4.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc051c7aeb9 code=0x7ffc0000 [ 386.246987][ T9251] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1005'. [ 386.591026][ T8927] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 386.856210][ T8927] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 386.977212][ T8927] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 387.064558][ T8927] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 387.279620][ T13] hsr_slave_0: left promiscuous mode [ 387.327871][ T13] hsr_slave_1: left promiscuous mode [ 387.329387][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 388.445366][ T5880] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 388.624735][ T5880] usb 1-1: Using ep0 maxpacket: 16 [ 388.628903][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 388.628940][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 388.628980][ T5880] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2c24, bcdDevice= 0.00 [ 388.629005][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.714410][ T5880] usb 1-1: config 0 descriptor?? [ 388.855715][ T9304] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1017'. [ 388.954857][ T5880] usbhid 1-1:0.0: can't add hid device: -71 [ 388.954997][ T5880] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 388.983328][ T5880] usb 1-1: USB disconnect, device number 4 [ 391.415521][ T13] team0 (unregistering): Port device team_slave_1 removed [ 391.645443][ T13] team0 (unregistering): Port device team_slave_0 removed [ 393.764862][ T9307] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1018'. [ 394.331578][ T8927] 8021q: adding VLAN 0 to HW filter on device bond0 [ 394.441538][ T8927] 8021q: adding VLAN 0 to HW filter on device team0 [ 394.497736][ T6000] bridge0: port 1(bridge_slave_0) entered blocking state [ 394.497899][ T6000] bridge0: port 1(bridge_slave_0) entered forwarding state [ 394.542953][ T6273] bridge0: port 2(bridge_slave_1) entered blocking state [ 394.543216][ T6273] bridge0: port 2(bridge_slave_1) entered forwarding state [ 395.169192][ T9346] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1026'. [ 396.215737][ T9371] netlink: 228 bytes leftover after parsing attributes in process `syz.0.1032'. [ 396.420706][ T8927] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 397.179472][ T9406] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1043'. [ 397.389451][ T9414] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1044'. [ 397.571806][ T9419] netlink: 228 bytes leftover after parsing attributes in process `syz.4.1046'. [ 397.573541][ T8927] veth0_vlan: entered promiscuous mode [ 397.611642][ T8927] veth1_vlan: entered promiscuous mode [ 397.813643][ T8927] veth0_macvtap: entered promiscuous mode [ 397.916597][ T8927] veth1_macvtap: entered promiscuous mode [ 397.988635][ T8927] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 398.038824][ T8927] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 398.065686][ T156] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 398.065930][ T156] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 398.065969][ T156] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 398.066015][ T156] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 398.329323][ T9446] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1054'. [ 398.771351][ T9461] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1056'. [ 398.840573][ T6000] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 398.840598][ T6000] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 399.031377][ T6342] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 399.031402][ T6342] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 399.726221][ T37] kauditd_printk_skb: 29 callbacks suppressed [ 399.726242][ T37] audit: type=1326 audit(2000000189.240:853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9473 comm="syz.3.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 399.730902][ T37] audit: type=1326 audit(2000000189.240:854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9473 comm="syz.3.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 399.730958][ T37] audit: type=1326 audit(2000000189.240:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9473 comm="syz.3.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 399.731002][ T37] audit: type=1326 audit(2000000189.240:856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9473 comm="syz.3.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 399.733538][ T37] audit: type=1326 audit(2000000189.240:857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9473 comm="syz.3.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 399.733588][ T37] audit: type=1326 audit(2000000189.240:858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9473 comm="syz.3.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 399.734934][ T37] audit: type=1326 audit(2000000189.240:859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9473 comm="syz.3.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 399.734978][ T37] audit: type=1326 audit(2000000189.240:860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9473 comm="syz.3.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 399.735017][ T37] audit: type=1326 audit(2000000189.240:861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9473 comm="syz.3.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 399.735056][ T37] audit: type=1326 audit(2000000189.240:862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9473 comm="syz.3.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 400.292985][ T9492] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1066'. [ 401.004490][ T9513] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1073'. [ 401.784400][ T9528] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1078'. [ 402.648609][ T9552] netlink: 'syz.2.1087': attribute type 13 has an invalid length. [ 403.074029][ T9562] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1091'. [ 403.143486][ T9566] netlink: 'syz.0.1093': attribute type 3 has an invalid length. [ 403.248226][ T9564] nbd4: detected capacity change from 0 to 63 [ 403.270276][ T9567] block nbd4: NBD_DISCONNECT [ 403.314810][ T9567] block nbd4: Disconnected due to user request. [ 403.322986][ T9375] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 403.323142][ T9375] Buffer I/O error on dev nbd4, logical block 1, async page read [ 403.323351][ T9375] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 403.323380][ T9375] Buffer I/O error on dev nbd4, logical block 2, async page read [ 403.323438][ T9375] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 403.323465][ T9375] Buffer I/O error on dev nbd4, logical block 3, async page read [ 403.323517][ T9567] block nbd4: shutting down sockets [ 403.421986][ C0] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 403.422027][ C0] Buffer I/O error on dev nbd4, logical block 0, async page read [ 403.423944][ T9375] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 403.423989][ T9375] Buffer I/O error on dev nbd4, logical block 0, async page read [ 403.424047][ T9375] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 403.424067][ T9375] Buffer I/O error on dev nbd4, logical block 1, async page read [ 403.424111][ T9375] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 403.424130][ T9375] Buffer I/O error on dev nbd4, logical block 2, async page read [ 403.424172][ T9375] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 403.424192][ T9375] Buffer I/O error on dev nbd4, logical block 3, async page read [ 403.424246][ T9375] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 403.424267][ T9375] Buffer I/O error on dev nbd4, logical block 0, async page read [ 403.424310][ T9375] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 403.424329][ T9375] Buffer I/O error on dev nbd4, logical block 1, async page read [ 403.426452][ T9375] ldm_validate_partition_table(): Disk read failed. [ 403.427154][ T9375] Dev nbd4: unable to read RDB block 0 [ 403.428159][ T9375] nbd4: unable to read partition table [ 403.587076][ T9375] ldm_validate_partition_table(): Disk read failed. [ 403.587689][ T9375] Dev nbd4: unable to read RDB block 0 [ 403.588462][ T9375] nbd4: unable to read partition table [ 403.765961][ T9587] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1098'. [ 405.823298][ T9633] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 407.136983][ T9633] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 407.446082][ T9637] ip_vti0: entered promiscuous mode [ 407.463528][ T9637] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1115'. [ 409.706401][ T9707] syz_tun: entered allmulticast mode [ 409.707303][ T9707] syz_tun: left allmulticast mode [ 410.211025][ T9725] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1153'. [ 410.293685][ T9725] syz_tun: entered promiscuous mode [ 410.328569][ T9725] syz_tun: left promiscuous mode [ 412.886678][ T9745] netlink: 228 bytes leftover after parsing attributes in process `syz.0.1159'. [ 413.517961][ T37] kauditd_printk_skb: 68 callbacks suppressed [ 413.517984][ T37] audit: type=1326 audit(2000000203.030:931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9760 comm="syz.3.1165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 413.518035][ T37] audit: type=1326 audit(2000000203.030:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9760 comm="syz.3.1165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 413.525427][ T37] audit: type=1326 audit(2000000203.030:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9760 comm="syz.3.1165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 413.525478][ T37] audit: type=1326 audit(2000000203.030:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9760 comm="syz.3.1165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 413.525585][ T37] audit: type=1326 audit(2000000203.040:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9760 comm="syz.3.1165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 413.527852][ T37] audit: type=1326 audit(2000000203.040:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9760 comm="syz.3.1165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 413.528121][ T37] audit: type=1326 audit(2000000203.040:937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9760 comm="syz.3.1165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 413.528390][ T37] audit: type=1326 audit(2000000203.040:938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9760 comm="syz.3.1165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 413.535065][ T37] audit: type=1326 audit(2000000203.050:939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9760 comm="syz.3.1165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 413.536272][ T37] audit: type=1326 audit(2000000203.050:940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9760 comm="syz.3.1165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 415.815935][ T9799] netlink: 228 bytes leftover after parsing attributes in process `syz.4.1175'. [ 417.615100][ T9841] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1189'. [ 417.674188][ T9842] netlink: 228 bytes leftover after parsing attributes in process `syz.0.1188'. [ 419.019376][ T9886] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1203'. [ 419.021619][ T9886] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1203'. [ 419.073966][ T9887] ip_vti0: left promiscuous mode [ 419.222405][ T9897] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1204'. [ 419.769198][ T9916] netlink: 196 bytes leftover after parsing attributes in process `syz.5.1211'. [ 420.422948][ T9946] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1219'. [ 421.089443][ T9971] netlink: 196 bytes leftover after parsing attributes in process `syz.2.1228'. [ 421.477197][ T9981] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1227'. [ 421.478770][ T9981] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1227'. [ 423.350444][T10013] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1241'. [ 423.802328][T10031] netlink: 'syz.3.1249': attribute type 13 has an invalid length. [ 425.758424][T10055] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1259'. [ 425.824011][T10057] lo: entered allmulticast mode [ 425.825050][T10053] lo: left allmulticast mode [ 425.902944][T10058] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1260'. [ 425.997530][T10062] netlink: 'syz.4.1261': attribute type 13 has an invalid length. [ 426.476680][T10080] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 428.032575][T10097] syz_tun: entered allmulticast mode [ 428.033367][T10094] syz_tun: left allmulticast mode [ 428.358307][T10103] netlink: 'syz.3.1276': attribute type 13 has an invalid length. [ 428.528096][T10112] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 428.898351][T10123] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1284'. [ 428.986368][T10126] syz_tun: entered allmulticast mode [ 428.987283][T10125] syz_tun: left allmulticast mode [ 429.341812][T10136] netlink: 'syz.4.1289': attribute type 13 has an invalid length. [ 430.702973][T10151] netlink: 196 bytes leftover after parsing attributes in process `syz.2.1295'. [ 432.638494][T10167] lo: entered allmulticast mode [ 432.639387][T10166] lo: left allmulticast mode [ 433.095386][T10175] netlink: 'syz.0.1303': attribute type 13 has an invalid length. [ 433.309268][T10186] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1308'. [ 433.335787][T10187] netlink: 188 bytes leftover after parsing attributes in process `syz.4.1306'. [ 433.643854][T10192] syz_tun: entered allmulticast mode [ 433.653262][T10191] syz_tun: left allmulticast mode [ 436.608033][T10217] netlink: 'syz.4.1318': attribute type 13 has an invalid length. [ 436.817949][T10219] netlink: 188 bytes leftover after parsing attributes in process `syz.4.1320'. [ 436.834907][T10221] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1321'. [ 439.274529][T10248] netlink: 'syz.4.1331': attribute type 13 has an invalid length. [ 439.726844][T10251] netlink: 188 bytes leftover after parsing attributes in process `syz.0.1332'. [ 439.890957][T10254] netlink: 87 bytes leftover after parsing attributes in process `syz.4.1334'. [ 440.106097][T10256] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1333'. [ 440.122595][T10257] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 440.237239][T10263] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1336'. [ 440.321589][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.321673][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 442.793102][T10306] netlink: 196 bytes leftover after parsing attributes in process `syz.0.1348'. [ 443.663794][T10318] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1351'. [ 445.961220][T10324] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1353'. [ 446.285000][T10354] netlink: 196 bytes leftover after parsing attributes in process `syz.0.1361'. [ 446.943969][ T37] kauditd_printk_skb: 72 callbacks suppressed [ 446.944021][ T37] audit: type=1326 audit(2000000236.430:1013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10366 comm="syz.4.1368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc051c7aeb9 code=0x7ffc0000 [ 446.944299][ T37] audit: type=1326 audit(2000000236.430:1014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10366 comm="syz.4.1368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc051c7aeb9 code=0x7ffc0000 [ 446.944481][ T37] audit: type=1326 audit(2000000236.430:1015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10366 comm="syz.4.1368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fc051c7aeb9 code=0x7ffc0000 [ 446.945063][ T37] audit: type=1326 audit(2000000236.430:1016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10366 comm="syz.4.1368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc051c7aeb9 code=0x7ffc0000 [ 446.945324][ T37] audit: type=1326 audit(2000000236.430:1017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10366 comm="syz.4.1368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc051c7aeb9 code=0x7ffc0000 [ 446.945543][ T37] audit: type=1326 audit(2000000236.430:1018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10366 comm="syz.4.1368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7fc051c7aeb9 code=0x7ffc0000 [ 446.945756][ T37] audit: type=1326 audit(2000000236.430:1019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10366 comm="syz.4.1368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc051c7aeb9 code=0x7ffc0000 [ 446.945913][ T37] audit: type=1326 audit(2000000236.430:1020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10366 comm="syz.4.1368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc051c7aeb9 code=0x7ffc0000 [ 446.945991][ T37] audit: type=1326 audit(2000000236.440:1021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10366 comm="syz.4.1368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7fc051c7aeb9 code=0x7ffc0000 [ 446.946202][ T37] audit: type=1326 audit(2000000236.440:1022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10366 comm="syz.4.1368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc051c7aeb9 code=0x7ffc0000 [ 450.116067][T10389] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1372'. [ 450.273777][T10398] netlink: 196 bytes leftover after parsing attributes in process `syz.4.1375'. [ 450.982212][T10428] netlink: 228 bytes leftover after parsing attributes in process `syz.5.1383'. [ 451.108828][T10433] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1386'. [ 454.193032][T10466] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 454.228266][T10467] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1397'. [ 454.325871][T10472] netlink: 232 bytes leftover after parsing attributes in process `syz.3.1399'. [ 454.325903][T10472] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1399'. [ 458.915100][T10491] netlink: 228 bytes leftover after parsing attributes in process `syz.3.1400'. [ 459.659641][T10505] netlink: 232 bytes leftover after parsing attributes in process `syz.4.1411'. [ 459.659675][T10505] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1411'. [ 460.304908][T10523] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1416'. [ 461.337183][T10540] netlink: 228 bytes leftover after parsing attributes in process `syz.2.1420'. [ 461.988353][T10568] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1431'. [ 462.489397][T10575] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1435'. [ 463.856966][T10605] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1445'. [ 463.938830][T10608] ip_vti0: entered promiscuous mode [ 463.939083][T10608] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1446'. [ 464.122137][T10618] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1450'. [ 465.854533][T10653] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1460'. [ 465.863697][T10654] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1459'. [ 468.596600][T10693] ip_vti0: left promiscuous mode [ 468.933217][T10705] ip_vti0: entered promiscuous mode [ 468.933459][T10705] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1475'. [ 469.323954][T10714] netlink: 232 bytes leftover after parsing attributes in process `syz.5.1480'. [ 470.749936][T10732] netlink: 'syz.3.1486': attribute type 13 has an invalid length. [ 472.865045][T10784] netlink: 'syz.4.1507': attribute type 13 has an invalid length. [ 474.198477][T10814] netlink: 'syz.4.1520': attribute type 13 has an invalid length. [ 474.256802][T10816] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1521'. [ 474.527394][T10829] ip_vti0: entered promiscuous mode [ 474.527639][T10829] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1524'. [ 474.796775][T10835] netlink: 228 bytes leftover after parsing attributes in process `syz.5.1528'. [ 475.109173][T10846] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1534'. [ 475.297361][T10852] nbd: must specify at least one socket [ 475.786559][T10864] batman_adv: batadv0: Adding interface: dummy0 [ 475.786603][T10864] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 475.786639][T10864] batman_adv: batadv0: Interface activated: dummy0 [ 475.827510][T10864] batadv0: mtu less than device minimum [ 475.869861][T10864] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 475.909166][T10864] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 475.952294][T10864] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 476.015262][T10864] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 476.069581][T10864] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 476.109068][T10864] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 476.143446][T10864] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 476.173193][T10864] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 476.198288][T10864] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 476.291247][T10868] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1540'. [ 476.869779][T10885] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1548'. [ 476.899119][T10888] nbd: must specify at least one socket [ 477.704780][T10911] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1556'. [ 478.435569][T10924] nbd: must specify at least one socket [ 479.534845][T10949] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1568'. [ 480.192361][T10966] netlink: 228 bytes leftover after parsing attributes in process `syz.3.1574'. [ 481.853996][T11005] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1584'. [ 482.051401][T11010] netlink: 228 bytes leftover after parsing attributes in process `syz.2.1587'. [ 482.713204][T11029] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1597'. [ 483.845427][T11037] net_ratelimit: 10 callbacks suppressed [ 483.845452][T11037] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 484.240270][T11050] netlink: 228 bytes leftover after parsing attributes in process `syz.4.1601'. [ 486.134226][T11090] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1609'. [ 486.184998][T11091] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1608'. [ 486.604821][T11106] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 488.352344][T11126] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1622'. [ 491.703500][T11176] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1634'. [ 493.751441][T11222] batman_adv: batadv0: Local translation table size (96) exceeds maximum packet size (-320); Ignoring new local tt entry: 80:00:00:00:00:85 [ 494.039375][T11241] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1646'. [ 496.322013][T11269] netlink: 'syz.0.1656': attribute type 3 has an invalid length. [ 497.033874][T11276] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1657'. [ 499.570393][T11319] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1664'. [ 500.079514][T11334] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1671'. [ 501.875991][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.876075][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.217869][T11362] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1678'. [ 504.416239][T11401] netlink: 'syz.3.1682': attribute type 3 has an invalid length. [ 504.744816][T11408] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1685'. [ 506.772681][T11446] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1697'. [ 508.675766][T11498] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 511.361444][T11583] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1731'. [ 512.859951][T11632] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1743'. [ 514.806743][T11675] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1758'. [ 516.439009][T11710] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1771'. [ 520.545186][T11752] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1784'. [ 521.184681][T10490] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 521.334678][T10490] usb 5-1: Using ep0 maxpacket: 16 [ 521.337295][T10490] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 521.337331][T10490] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 521.337373][T10490] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2c24, bcdDevice= 0.00 [ 521.337408][T10490] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 521.343507][T10490] usb 5-1: config 0 descriptor?? [ 521.669634][T10490] usbhid 5-1:0.0: can't add hid device: -71 [ 521.669772][T10490] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 521.692773][T10490] usb 5-1: USB disconnect, device number 2 [ 525.709611][T11795] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1797'. [ 526.584727][ T952] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 526.735733][ T952] usb 5-1: Using ep0 maxpacket: 16 [ 526.738174][ T952] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 526.738209][ T952] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 526.738252][ T952] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2c24, bcdDevice= 0.00 [ 526.738276][ T952] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 526.868153][ T952] usb 5-1: config 0 descriptor?? [ 527.098940][ T952] usbhid 5-1:0.0: can't add hid device: -71 [ 527.099086][ T952] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 527.154848][ T952] usb 5-1: USB disconnect, device number 3 [ 529.429198][T11837] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1811'. [ 530.393133][T11844] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1813'. [ 531.204842][ T952] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 531.364743][ T952] usb 4-1: Using ep0 maxpacket: 16 [ 531.367396][ T952] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 531.367433][ T952] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 531.367475][ T952] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2c24, bcdDevice= 0.00 [ 531.367502][ T952] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 531.423034][ T952] usb 4-1: config 0 descriptor?? [ 531.645975][ T952] usbhid 4-1:0.0: can't add hid device: -71 [ 531.646119][ T952] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 531.692639][ T952] usb 4-1: USB disconnect, device number 5 [ 532.516065][T11868] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1823'. [ 533.550197][T11883] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1828'. [ 533.744782][ T5809] block nbd5: Receive control failed (result -32) [ 533.994247][T11874] nbd5: detected capacity change from 0 to 63 [ 534.021740][T10493] block nbd5: Dead connection, failed to find a fallback [ 534.021772][T10493] block nbd5: shutting down sockets [ 534.021789][T10493] blk_print_req_error: 138 callbacks suppressed [ 534.021803][T10493] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 534.021832][T10493] buffer_io_error: 138 callbacks suppressed [ 534.021850][T10493] Buffer I/O error on dev nbd5, logical block 0, async page read [ 534.022005][T10493] I/O error, dev nbd5, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 534.022032][T10493] Buffer I/O error on dev nbd5, logical block 1, async page read [ 534.022089][T10493] I/O error, dev nbd5, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 534.022115][T10493] Buffer I/O error on dev nbd5, logical block 2, async page read [ 534.022170][T10493] I/O error, dev nbd5, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 534.022195][T10493] Buffer I/O error on dev nbd5, logical block 3, async page read [ 534.022264][T10493] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 534.022289][T10493] Buffer I/O error on dev nbd5, logical block 0, async page read [ 534.022343][T10493] I/O error, dev nbd5, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 534.022368][T10493] Buffer I/O error on dev nbd5, logical block 1, async page read [ 534.022421][T10493] I/O error, dev nbd5, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 534.022447][T10493] Buffer I/O error on dev nbd5, logical block 2, async page read [ 534.022501][T10493] I/O error, dev nbd5, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 534.022526][T10493] Buffer I/O error on dev nbd5, logical block 3, async page read [ 534.022589][T10493] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 534.022614][T10493] Buffer I/O error on dev nbd5, logical block 0, async page read [ 534.022678][T10493] I/O error, dev nbd5, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 534.022704][T10493] Buffer I/O error on dev nbd5, logical block 1, async page read [ 534.031536][T10493] ldm_validate_partition_table(): Disk read failed. [ 534.040204][T10493] Dev nbd5: unable to read RDB block 0 [ 534.042333][T10493] nbd5: unable to read partition table [ 534.160496][T10493] ldm_validate_partition_table(): Disk read failed. [ 534.161214][T10493] Dev nbd5: unable to read RDB block 0 [ 534.167254][T10493] nbd5: unable to read partition table [ 534.683629][ T37] kauditd_printk_skb: 29 callbacks suppressed [ 534.683661][ T37] audit: type=1326 audit(2000000324.190:1052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11891 comm="syz.0.1831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff50f4faeb9 code=0x7ffc0000 [ 534.689048][ T37] audit: type=1326 audit(2000000324.200:1053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11891 comm="syz.0.1831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7ff50f4faeb9 code=0x7ffc0000 [ 534.704646][ T37] audit: type=1326 audit(2000000324.200:1054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11891 comm="syz.0.1831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff50f4faeb9 code=0x7ffc0000 [ 534.704707][ T37] audit: type=1326 audit(2000000324.210:1055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11891 comm="syz.0.1831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7ff50f4faeb9 code=0x7ffc0000 [ 534.704749][ T37] audit: type=1326 audit(2000000324.210:1056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11891 comm="syz.0.1831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff50f4faeb9 code=0x7ffc0000 [ 534.704791][ T37] audit: type=1326 audit(2000000324.210:1057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11891 comm="syz.0.1831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff50f4faeb9 code=0x7ffc0000 [ 534.732528][ T37] audit: type=1326 audit(2000000324.240:1058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11891 comm="syz.0.1831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff50f4faeb9 code=0x7ffc0000 [ 534.732580][ T37] audit: type=1326 audit(2000000324.240:1059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11891 comm="syz.0.1831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff50f4faeb9 code=0x7ffc0000 [ 534.732622][ T37] audit: type=1326 audit(2000000324.240:1060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11891 comm="syz.0.1831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff50f4faeb9 code=0x7ffc0000 [ 534.732660][ T37] audit: type=1326 audit(2000000324.240:1061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11891 comm="syz.0.1831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff50f4faeb9 code=0x7ffc0000 [ 535.963741][T11922] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1836'. [ 536.352946][T11929] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1840'. [ 536.674654][T11936] nbd4: detected capacity change from 0 to 63 [ 536.677439][ T5809] block nbd4: Receive control failed (result -32) [ 536.682141][T10493] block nbd4: Dead connection, failed to find a fallback [ 536.682170][T10493] block nbd4: shutting down sockets [ 536.689267][T10493] ldm_validate_partition_table(): Disk read failed. [ 536.691073][T10493] Dev nbd4: unable to read RDB block 0 [ 536.693103][T10493] nbd4: unable to read partition table [ 536.735192][T10493] ldm_validate_partition_table(): Disk read failed. [ 536.735584][T10493] Dev nbd4: unable to read RDB block 0 [ 536.745534][T10493] nbd4: unable to read partition table [ 538.576453][T11950] Can't find ip_set type hash:ip,mar [ 540.141142][T11976] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1853'. [ 540.250033][T11979] nbd: nbd4 already in use [ 544.618855][T11998] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1860'. [ 544.618885][T11998] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1860'. [ 546.524879][T12009] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1863'. [ 546.524917][T12009] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1863'. [ 546.800554][T12016] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1867'. [ 553.250738][T12047] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1876'. [ 553.472511][T12050] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1879'. [ 553.689503][T12054] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1881'. [ 554.996666][T12065] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1884'. [ 555.352094][T12064] nbd3: detected capacity change from 0 to 63 [ 555.353309][T12066] nbd: must specify an index to disconnect [ 555.355550][ T5809] block nbd3: Receive control failed (result -32) [ 556.104427][T12008] block nbd3: Dead connection, failed to find a fallback [ 556.104457][T12008] block nbd3: shutting down sockets [ 556.104471][T12008] blk_print_req_error: 286 callbacks suppressed [ 556.104485][T12008] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 556.133009][T12008] buffer_io_error: 286 callbacks suppressed [ 556.133031][T12008] Buffer I/O error on dev nbd3, logical block 0, async page read [ 556.133139][T12008] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 556.133168][T12008] Buffer I/O error on dev nbd3, logical block 1, async page read [ 556.133225][T12008] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 556.133259][T12008] Buffer I/O error on dev nbd3, logical block 2, async page read [ 556.133315][T12008] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 556.133341][T12008] Buffer I/O error on dev nbd3, logical block 3, async page read [ 556.133411][T12008] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 556.133438][T12008] Buffer I/O error on dev nbd3, logical block 0, async page read [ 556.133492][T12008] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 556.133518][T12008] Buffer I/O error on dev nbd3, logical block 1, async page read [ 556.133573][T12008] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 556.133598][T12008] Buffer I/O error on dev nbd3, logical block 2, async page read [ 556.133653][T12008] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 556.133678][T12008] Buffer I/O error on dev nbd3, logical block 3, async page read [ 556.133742][T12008] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 556.133766][T12008] Buffer I/O error on dev nbd3, logical block 0, async page read [ 556.133818][T12008] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 556.133842][T12008] Buffer I/O error on dev nbd3, logical block 1, async page read [ 556.344683][T12008] ldm_validate_partition_table(): Disk read failed. [ 556.345419][T12008] Dev nbd3: unable to read RDB block 0 [ 556.346455][T12008] nbd3: unable to read partition table [ 556.421565][T12008] ldm_validate_partition_table(): Disk read failed. [ 556.422283][T12008] Dev nbd3: unable to read RDB block 0 [ 556.423207][T12008] nbd3: unable to read partition table [ 556.705734][T12088] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1894'. [ 556.846499][T12095] sctp: [Deprecated]: syz.4.1892 (pid 12095) Use of int in max_burst socket option. [ 556.846499][T12095] Use struct sctp_assoc_value instead [ 559.351891][T12106] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1898'. [ 559.651040][T12109] netlink: 'syz.2.1900': attribute type 3 has an invalid length. [ 559.835136][T12119] batman_adv: batadv0: Local translation table size (96) exceeds maximum packet size (-320); Ignoring new local tt entry: 80:00:00:00:00:85 [ 559.983906][T12121] sctp: [Deprecated]: syz.3.1906 (pid 12121) Use of int in max_burst socket option. [ 559.983906][T12121] Use struct sctp_assoc_value instead [ 560.086100][T12130] nbd: nbd4 already in use [ 560.086436][T12130] nbd: must specify an index to disconnect [ 560.498353][T12141] netlink: 'syz.0.1915': attribute type 3 has an invalid length. [ 561.843133][T12155] netlink: 236 bytes leftover after parsing attributes in process `syz.5.1920'. [ 561.843163][T12155] netlink: 236 bytes leftover after parsing attributes in process `syz.5.1920'. [ 561.940064][T12160] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1923'. [ 562.144144][T12167] netlink: 'syz.3.1927': attribute type 3 has an invalid length. [ 562.710553][T12192] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1936'. [ 562.711280][T12192] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1936'. [ 563.562729][T12197] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1935'. [ 563.796873][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.796962][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.092718][T12207] batman_adv: batadv0: Interface deactivated: dummy0 [ 564.092750][T12207] batman_adv: batadv0: Removing interface: dummy0 [ 564.145043][T12209] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1940'. [ 564.221355][T12211] netlink: 'syz.4.1941': attribute type 3 has an invalid length. [ 573.039436][T12236] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1948'. [ 573.040389][T12236] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1948'. [ 573.126379][ T44] IPVS: starting estimator thread 0... [ 573.217119][T12239] IPVS: using max 8 ests per chain, 19200 per kthread [ 573.242851][T12235] Can't find ip_set type hash:ip, [ 573.731621][T12249] batman_adv: batadv0: Removing interface: dummy0 [ 576.842412][T12291] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1965'. [ 576.846635][T12291] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1965'. [ 576.868622][T12289] veth1_to_batadv: entered allmulticast mode [ 576.921973][T12289] pim6reg: entered allmulticast mode [ 577.904581][T12284] Can't find ip_set type hash:ip,ma [ 579.724992][T12316] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 579.730375][T12316] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1974'. [ 579.754393][T12316] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 579.774150][T12316] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 579.787401][T12316] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 580.104340][T12329] syzkaller0: entered promiscuous mode [ 580.104375][T12329] syzkaller0: entered allmulticast mode [ 581.400597][T12346] tipc: Enabled bearer , priority 0 [ 582.946513][T12325] tipc: Resetting bearer [ 583.123457][T12325] tipc: Disabling bearer [ 585.674651][ T5809] Bluetooth: hci5: command tx timeout [ 585.762949][T12414] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2005'. [ 589.145832][T12482] 8021q: adding VLAN 0 to HW filter on device bond0 [ 589.181010][T12482] bond0: (slave rose0): Enslaving as an active interface with an up link [ 589.214691][T12481] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2029'. [ 589.794803][T12508] netlink: 'syz.0.2033': attribute type 89 has an invalid length. [ 591.600341][ T37] kauditd_printk_skb: 19 callbacks suppressed [ 591.600366][ T37] audit: type=1326 audit(2000000381.100:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12557 comm="syz.3.2045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 591.600419][ T37] audit: type=1326 audit(2000000381.100:1082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12557 comm="syz.3.2045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 591.600466][ T37] audit: type=1326 audit(2000000381.100:1083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12557 comm="syz.3.2045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 591.600628][ T37] audit: type=1326 audit(2000000381.100:1084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12557 comm="syz.3.2045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 591.600678][ T37] audit: type=1326 audit(2000000381.100:1085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12557 comm="syz.3.2045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 591.600726][ T37] audit: type=1326 audit(2000000381.100:1086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12557 comm="syz.3.2045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 591.600785][ T37] audit: type=1326 audit(2000000381.100:1087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12557 comm="syz.3.2045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 591.600832][ T37] audit: type=1326 audit(2000000381.100:1088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12557 comm="syz.3.2045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 591.600879][ T37] audit: type=1326 audit(2000000381.100:1089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12557 comm="syz.3.2045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 591.601023][ T37] audit: type=1326 audit(2000000381.100:1090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12557 comm="syz.3.2045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 592.762091][T12594] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 592.866380][T12590] ip_vti0: left promiscuous mode [ 593.780928][T12625] netlink: 192 bytes leftover after parsing attributes in process `syz.0.2062'. [ 593.780957][T12625] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2062'. [ 594.189648][T12636] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2064'. [ 594.787102][T12649] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 595.175024][T12658] sctp: [Deprecated]: syz.2.2071 (pid 12658) Use of int in max_burst socket option. [ 595.175024][T12658] Use struct sctp_assoc_value instead [ 595.316897][T12661] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2074'. [ 595.347509][T12661] team0: entered promiscuous mode [ 595.347535][T12661] team_slave_0: entered promiscuous mode [ 595.347804][T12661] team_slave_1: entered promiscuous mode [ 595.350536][T12661] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 595.352462][T12661] team0: left promiscuous mode [ 595.352484][T12661] team_slave_0: left promiscuous mode [ 595.352737][T12661] team_slave_1: left promiscuous mode [ 596.897059][T12687] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 597.113845][T12691] sctp: [Deprecated]: syz.0.2083 (pid 12691) Use of int in max_burst socket option. [ 597.113845][T12691] Use struct sctp_assoc_value instead [ 599.454459][T12722] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 600.042243][T12751] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 600.069799][T12751] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2108'. [ 600.071659][T12751] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 600.206571][T12751] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 600.208495][T12751] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 600.339785][T12756] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 601.404390][T12773] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 603.218593][T12806] netlink: 'syz.4.2127': attribute type 89 has an invalid length. [ 603.243188][T12808] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 603.419905][T12811] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 603.484923][T12819] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2128'. [ 603.539509][T12821] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 603.616408][T12811] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 603.637164][T12811] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 605.435850][ T31] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 605.584712][ T31] usb 3-1: Using ep0 maxpacket: 16 [ 605.590190][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 605.590226][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 605.590268][ T31] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2c24, bcdDevice= 0.00 [ 605.590302][ T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 605.645684][ T31] usb 3-1: config 0 descriptor?? [ 605.857555][ T31] usbhid 3-1:0.0: can't add hid device: -71 [ 605.857699][ T31] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 605.890676][ T31] usb 3-1: USB disconnect, device number 3 [ 605.996973][T12867] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 606.060277][T12871] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2149'. [ 606.082349][T12871] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 606.271281][T12871] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 606.299883][T12871] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 610.310592][T12941] netlink: 'syz.5.2168': attribute type 3 has an invalid length. [ 611.148831][T12980] netlink: 'syz.4.2184': attribute type 3 has an invalid length. [ 612.314571][ T37] kauditd_printk_skb: 73 callbacks suppressed [ 612.314592][ T37] audit: type=1326 audit(2000000401.100:1164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12985 comm="syz.0.2187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff50f4faeb9 code=0x7ffc0000 [ 612.314646][ T37] audit: type=1326 audit(2000000401.100:1165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12985 comm="syz.0.2187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff50f4faeb9 code=0x7ffc0000 [ 612.314689][ T37] audit: type=1326 audit(2000000401.100:1166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12985 comm="syz.0.2187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7ff50f4faeb9 code=0x7ffc0000 [ 612.314732][ T37] audit: type=1326 audit(2000000401.100:1167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12985 comm="syz.0.2187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff50f4faeb9 code=0x7ffc0000 [ 612.314775][ T37] audit: type=1326 audit(2000000401.100:1168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12985 comm="syz.0.2187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff50f4faeb9 code=0x7ffc0000 [ 612.314817][ T37] audit: type=1326 audit(2000000401.100:1169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12985 comm="syz.0.2187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7ff50f4faeb9 code=0x7ffc0000 [ 612.314859][ T37] audit: type=1326 audit(2000000401.100:1170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12985 comm="syz.0.2187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff50f4faeb9 code=0x7ffc0000 [ 612.314900][ T37] audit: type=1326 audit(2000000401.100:1171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12985 comm="syz.0.2187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff50f4faeb9 code=0x7ffc0000 [ 612.314943][ T37] audit: type=1326 audit(2000000401.100:1172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12985 comm="syz.0.2187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff50f4faeb9 code=0x7ffc0000 [ 612.314984][ T37] audit: type=1326 audit(2000000401.100:1173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12985 comm="syz.0.2187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff50f4faeb9 code=0x7ffc0000 [ 615.134944][T13011] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2194'. [ 615.186499][T13014] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2194'. [ 615.338209][T13018] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2198'. [ 615.415982][T13018] erspan0: entered promiscuous mode [ 615.423840][T13018] erspan0: left promiscuous mode [ 617.599331][ T37] kauditd_printk_skb: 29 callbacks suppressed [ 617.599387][ T37] audit: type=1326 audit(2000000407.010:1203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13046 comm="syz.5.2207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 617.599677][ T37] audit: type=1326 audit(2000000407.010:1204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13046 comm="syz.5.2207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 617.599906][ T37] audit: type=1326 audit(2000000407.010:1205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13046 comm="syz.5.2207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 617.600215][ T37] audit: type=1326 audit(2000000407.010:1206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13046 comm="syz.5.2207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 617.600317][ T37] audit: type=1326 audit(2000000407.010:1207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13046 comm="syz.5.2207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 617.600446][ T37] audit: type=1326 audit(2000000407.010:1208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13046 comm="syz.5.2207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 617.600674][ T37] audit: type=1326 audit(2000000407.010:1209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13046 comm="syz.5.2207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 617.600902][ T37] audit: type=1326 audit(2000000407.010:1210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13046 comm="syz.5.2207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 617.601140][ T37] audit: type=1326 audit(2000000407.010:1211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13046 comm="syz.5.2207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 617.601337][ T37] audit: type=1326 audit(2000000407.010:1212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13046 comm="syz.5.2207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 619.386036][T13080] tipc: Started in network mode [ 619.386072][T13080] tipc: Node identity 0254cdfe92b5, cluster identity 4711 [ 619.386298][T13080] tipc: Enabled bearer , priority 0 [ 619.387690][T13080] syzkaller0: entered promiscuous mode [ 619.387715][T13080] syzkaller0: entered allmulticast mode [ 622.190156][ T5878] tipc: Node number set to 2430717438 [ 622.214380][T13090] tipc: Resetting bearer [ 622.311238][T13075] tipc: Resetting bearer [ 622.689886][T13111] netlink: 240 bytes leftover after parsing attributes in process `syz.0.2228'. [ 622.725285][T13075] tipc: Disabling bearer [ 623.658925][ T37] kauditd_printk_skb: 70 callbacks suppressed [ 623.658978][ T37] audit: type=1326 audit(2000000412.990:1283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13124 comm="syz.3.2234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 623.659198][ T37] audit: type=1326 audit(2000000412.990:1284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13124 comm="syz.3.2234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 623.659436][ T37] audit: type=1326 audit(2000000412.990:1285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13124 comm="syz.3.2234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 623.659671][ T37] audit: type=1326 audit(2000000412.990:1286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13124 comm="syz.3.2234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 623.661020][ T37] audit: type=1326 audit(2000000412.990:1287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13124 comm="syz.3.2234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 623.661172][ T37] audit: type=1326 audit(2000000413.000:1288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13124 comm="syz.3.2234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 623.661476][ T37] audit: type=1326 audit(2000000413.000:1289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13124 comm="syz.3.2234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 623.661751][ T37] audit: type=1326 audit(2000000413.000:1290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13124 comm="syz.3.2234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 623.662065][ T37] audit: type=1326 audit(2000000413.000:1291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13124 comm="syz.3.2234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 623.662219][ T37] audit: type=1326 audit(2000000413.000:1292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13124 comm="syz.3.2234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7e73aeb9 code=0x7ffc0000 [ 624.629442][T13135] netlink: 'syz.3.2238': attribute type 3 has an invalid length. [ 624.664825][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.664916][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 626.582574][T13163] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2245'. [ 626.595609][T13160] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2246'. [ 627.113512][T13181] openvswitch: netlink: Invalid VLAN frame [ 627.292559][T13185] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2255'. [ 627.292600][T13185] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2255'. [ 627.516024][T13181] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 627.555563][T13185] dummy0: entered promiscuous mode [ 627.617095][T13185] team0: entered promiscuous mode [ 627.617121][T13185] team_slave_0: entered promiscuous mode [ 627.617499][T13185] team_slave_1: entered promiscuous mode [ 627.625500][T13185] hsr1: Slave A (dummy0) is not up; please bring it up to get a fully working HSR network [ 627.625526][T13185] hsr1: Slave B (team0) is not up; please bring it up to get a fully working HSR network [ 634.708209][T13267] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2287'. [ 635.152876][T13278] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2290'. [ 635.152907][T13278] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2290'. [ 635.152924][T13278] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2290'. [ 635.483841][T13288] netlink: 'syz.2.2296': attribute type 3 has an invalid length. [ 635.633137][T13292] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2298'. [ 637.021564][T13305] tipc: Failed to remove unknown binding: 66,0,0/0:1006264004/1006264005 [ 637.022671][T13305] tipc: Failed to remove unknown binding: 66,0,0/0:1006264004/1006264005 [ 638.688537][T13323] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2302'. [ 638.688581][T13323] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2302'. [ 638.688602][T13323] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2302'. [ 638.688628][T13323] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2302'. [ 638.688647][T13323] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2302'. [ 638.719120][T13325] netlink: 'syz.4.2307': attribute type 3 has an invalid length. [ 640.107890][T13340] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 643.912097][T13360] netlink: 'syz.3.2319': attribute type 3 has an invalid length. [ 645.941163][T13376] tipc: Started in network mode [ 645.941198][T13376] tipc: Node identity 36eb28003a26, cluster identity 4711 [ 645.941411][T13376] tipc: Enabled bearer , priority 0 [ 646.072909][T13376] syzkaller0: entered promiscuous mode [ 646.072938][T13376] syzkaller0: entered allmulticast mode [ 646.185768][T13389] __nla_validate_parse: 27 callbacks suppressed [ 646.185791][T13389] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2329'. [ 646.185836][T13389] netlink: 48 bytes leftover after parsing attributes in process `syz.5.2329'. [ 648.070053][T13412] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2336'. [ 648.136740][T13405] dummy0: left promiscuous mode [ 648.208711][T10490] tipc: Node number set to 214771712 [ 648.301178][T13372] tipc: Resetting bearer [ 648.370431][T13427] netlink: 228 bytes leftover after parsing attributes in process `syz.5.2344'. [ 648.516248][T13372] tipc: Disabling bearer [ 649.120686][T13448] netlink: 'syz.0.2348': attribute type 10 has an invalid length. [ 650.842586][T13439] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2345'. [ 652.735770][T13508] tipc: Started in network mode [ 652.735806][T13508] tipc: Node identity 129c577ee5e6, cluster identity 4711 [ 652.736027][T13508] tipc: Enabled bearer , priority 0 [ 652.743651][T13504] syzkaller0: entered promiscuous mode [ 652.743674][T13504] syzkaller0: entered allmulticast mode [ 653.128805][T13502] tipc: Resetting bearer [ 653.556368][T13502] tipc: Disabling bearer [ 654.928795][T13541] netlink: 228 bytes leftover after parsing attributes in process `syz.0.2377'. [ 655.066006][T10490] tipc: Node number set to 4151990142 [ 655.999172][T13580] netlink: 228 bytes leftover after parsing attributes in process `syz.2.2391'. [ 656.697394][T13598] tipc: Failed to remove unknown binding: 66,0,0/2430717438:3931899211/3931899212 [ 656.697548][T13598] tipc: Failed to remove unknown binding: 66,0,0/2430717438:3931899211/3931899212 [ 656.864246][T13600] netlink: 'syz.4.2399': attribute type 3 has an invalid length. [ 656.992275][T13609] netlink: 228 bytes leftover after parsing attributes in process `syz.4.2403'. [ 657.535793][T13627] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2409'. [ 657.535833][T13627] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2409'. [ 657.976540][T13635] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2412'. [ 658.074252][T13637] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2413'. [ 658.114425][T13637] bond0: entered promiscuous mode [ 658.114450][T13637] bond_slave_0: entered promiscuous mode [ 658.126392][T13637] bond_slave_1: entered promiscuous mode [ 658.142276][T13637] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 658.144347][T13637] bond0: left promiscuous mode [ 658.144370][T13637] bond_slave_0: left promiscuous mode [ 658.164757][T13637] bond_slave_1: left promiscuous mode [ 659.239326][T13665] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2424'. [ 660.402874][T13694] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2438'. [ 660.402915][T13694] netlink: 'syz.2.2438': attribute type 11 has an invalid length. [ 660.441439][ T6345] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 660.441538][T13694] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2438'. [ 660.441571][T13694] netlink: 'syz.2.2438': attribute type 11 has an invalid length. [ 660.442145][ T6345] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 660.442308][ T6345] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 660.442354][ T6345] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 661.426575][T13742] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2459'. [ 661.467298][T13742] bond0: entered promiscuous mode [ 661.467324][T13742] : entered promiscuous mode [ 661.467596][T13742] bond_slave_1: entered promiscuous mode [ 661.470458][T13742] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 661.472627][T13742] bond0: left promiscuous mode [ 661.472649][T13742] : left promiscuous mode [ 661.472897][T13742] bond_slave_1: left promiscuous mode [ 661.756085][T13761] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2465'. [ 661.826467][T13763] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2465'. [ 661.851670][T13763] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2465'. [ 663.106836][T13799] tipc: Enabled bearer , priority 0 [ 663.108558][T13799] syzkaller0: entered promiscuous mode [ 663.108582][T13799] syzkaller0: entered allmulticast mode [ 664.897998][T13796] tipc: Resetting bearer [ 665.125505][T13796] tipc: Disabling bearer [ 666.327935][T13883] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2511'. [ 666.327975][T13883] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2511'. [ 666.422016][T13886] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2513'. [ 666.663155][T13891] tipc: Enabled bearer , priority 0 [ 666.694396][T13891] syzkaller0: entered promiscuous mode [ 666.694428][T13891] syzkaller0: entered allmulticast mode [ 666.716157][T13891] tipc: Resetting bearer [ 666.941613][T13903] netlink: 156 bytes leftover after parsing attributes in process `syz.4.2521'. [ 666.941640][T13903] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2521'. [ 667.081083][T13889] tipc: Resetting bearer [ 667.102587][T13911] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2524'. [ 667.102629][T13911] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2524'. [ 667.246220][T13889] tipc: Disabling bearer [ 667.262670][T13915] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2526'. [ 668.418665][T13947] ip6tnl0: Caught tx_queue_len zero misconfig [ 668.577747][T13952] tipc: Enabled bearer , priority 0 [ 668.579881][T13952] syzkaller0: entered promiscuous mode [ 668.579909][T13952] syzkaller0: entered allmulticast mode [ 668.806993][T13948] tipc: Resetting bearer [ 669.275208][T13948] tipc: Disabling bearer [ 670.525310][T13987] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2553'. [ 670.680103][T13987] bond0: entered promiscuous mode [ 670.680129][T13987] : entered promiscuous mode [ 670.680384][T13987] bond_slave_1: entered promiscuous mode [ 670.693480][T13987] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 670.699995][T13987] bond0: left promiscuous mode [ 670.700017][T13987] : left promiscuous mode [ 670.700252][T13987] bond_slave_1: left promiscuous mode [ 672.947493][T14042] tipc: Enabled bearer , priority 0 [ 673.125275][T14060] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2576'. [ 673.134093][T14042] syzkaller0: entered promiscuous mode [ 673.134124][T14042] syzkaller0: entered allmulticast mode [ 673.334196][T14064] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2579'. [ 673.369809][T14064] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2579'. [ 673.427123][T14069] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2580'. [ 673.645113][T14035] tipc: Resetting bearer [ 673.769892][T14035] tipc: Disabling bearer [ 673.947298][T14092] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2589'. [ 674.208299][T14100] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2592'. [ 674.256939][T14103] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2594'. [ 674.822771][T14128] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2605'. [ 674.822797][T14128] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2605'. [ 674.822821][T14128] netlink: 'syz.0.2605': attribute type 11 has an invalid length. [ 674.905839][T14128] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2605'. [ 674.906088][T14128] netlink: 'syz.0.2605': attribute type 11 has an invalid length. [ 674.911678][T14130] tipc: Enabled bearer , priority 0 [ 674.911748][ T6352] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 674.973877][ T6352] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 674.991235][T14125] syzkaller0: entered promiscuous mode [ 674.991264][T14125] syzkaller0: entered allmulticast mode [ 675.012220][ T6352] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 675.032884][ T6352] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 675.575981][T14118] tipc: Resetting bearer [ 675.696528][T14118] tipc: Disabling bearer [ 676.380676][T14164] syzkaller1: entered promiscuous mode [ 676.380708][T14164] syzkaller1: entered allmulticast mode [ 676.653314][T14184] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 677.370222][ T37] kauditd_printk_skb: 29 callbacks suppressed [ 677.370246][ T37] audit: type=1326 audit(2000000466.750:1322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14190 comm="syz.4.2627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc051c7aeb9 code=0x7ffc0000 [ 677.371309][ T37] audit: type=1326 audit(2000000466.750:1323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14190 comm="syz.4.2627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc051c7aeb9 code=0x7ffc0000 [ 677.372367][ T37] audit: type=1326 audit(2000000466.750:1324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14190 comm="syz.4.2627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fc051c7aeb9 code=0x7ffc0000 [ 677.376731][ T37] audit: type=1326 audit(2000000466.750:1325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14190 comm="syz.4.2627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc051c7aeb9 code=0x7ffc0000 [ 677.379402][ T37] audit: type=1326 audit(2000000466.750:1326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14190 comm="syz.4.2627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc051c7aeb9 code=0x7ffc0000 [ 677.379456][ T37] audit: type=1326 audit(2000000466.750:1327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14190 comm="syz.4.2627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7fc051c7aeb9 code=0x7ffc0000 [ 677.379503][ T37] audit: type=1326 audit(2000000466.750:1328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14190 comm="syz.4.2627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc051c7aeb9 code=0x7ffc0000 [ 677.379550][ T37] audit: type=1326 audit(2000000466.750:1329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14190 comm="syz.4.2627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc051c7aeb9 code=0x7ffc0000 [ 677.379597][ T37] audit: type=1326 audit(2000000466.750:1330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14190 comm="syz.4.2627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7fc051c7aeb9 code=0x7ffc0000 [ 677.379642][ T37] audit: type=1326 audit(2000000466.770:1331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14190 comm="syz.4.2627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc051c7aeb9 code=0x7ffc0000 [ 677.894380][T14193] tipc: Enabled bearer , priority 0 [ 677.895574][T14193] syzkaller0: entered promiscuous mode [ 677.895611][T14193] syzkaller0: entered allmulticast mode [ 678.134918][T14187] tipc: Resetting bearer [ 678.301302][T14187] tipc: Disabling bearer [ 678.454767][ T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 678.588136][T14218] __nla_validate_parse: 3 callbacks suppressed [ 678.588153][T14218] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2635'. [ 678.604782][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 678.617114][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 678.617150][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 678.617186][ T10] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2c24, bcdDevice= 0.00 [ 678.617200][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 678.622374][ T10] usb 5-1: config 0 descriptor?? [ 678.835979][ T10] usbhid 5-1:0.0: can't add hid device: -71 [ 678.836266][ T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 678.862386][ T10] usb 5-1: USB disconnect, device number 4 [ 679.041490][T14222] netlink: 124 bytes leftover after parsing attributes in process `syz.0.2637'. [ 680.645268][T14247] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2646'. [ 681.544894][T14275] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2654'. [ 681.702104][T14277] netlink: 'syz.3.2654': attribute type 10 has an invalid length. [ 681.715091][ T809] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 681.874804][ T809] usb 6-1: Using ep0 maxpacket: 16 [ 681.891963][ T809] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 681.892001][ T809] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 681.892042][ T809] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2c24, bcdDevice= 0.00 [ 681.892067][ T809] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 681.955038][ T809] usb 6-1: config 0 descriptor?? [ 682.171525][ T809] usbhid 6-1:0.0: can't add hid device: -71 [ 682.171789][ T809] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 682.215697][T14289] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2659'. [ 682.217024][ T809] usb 6-1: USB disconnect, device number 2 [ 683.054640][T14307] tipc: Enabled bearer , priority 0 [ 683.058149][T14304] syzkaller0: entered promiscuous mode [ 683.058178][T14304] syzkaller0: entered allmulticast mode [ 683.759390][T14325] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2670'. [ 683.804995][T14300] tipc: Resetting bearer [ 683.957238][T14300] tipc: Disabling bearer [ 684.365898][T14334] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2675'. [ 684.886428][T14349] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2681'. [ 685.117295][T14349] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2681'. [ 685.160849][ T5804] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 685.168775][ T5804] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 685.208680][ T5804] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 685.225619][T14355] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 685.226725][T14355] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 686.084289][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.084383][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.484096][T14351] chnl_net:caif_netlink_parms(): no params data found [ 686.569121][T14383] IPVS: Error connecting to the multicast addr [ 687.068265][T14403] tipc: Enabled bearer , priority 0 [ 687.068908][T14407] syzkaller0: entered promiscuous mode [ 687.069248][T14407] syzkaller0: entered allmulticast mode [ 687.258283][T14351] bridge0: port 1(bridge_slave_0) entered blocking state [ 687.258488][T14351] bridge0: port 1(bridge_slave_0) entered disabled state [ 687.258718][T14351] bridge_slave_0: entered allmulticast mode [ 687.262107][T14351] bridge_slave_0: entered promiscuous mode [ 687.274847][ T5809] Bluetooth: hci0: command tx timeout [ 687.357088][T14351] bridge0: port 2(bridge_slave_1) entered blocking state [ 687.357282][T14351] bridge0: port 2(bridge_slave_1) entered disabled state [ 687.358854][T14351] bridge_slave_1: entered allmulticast mode [ 687.362327][T14351] bridge_slave_1: entered promiscuous mode [ 687.724712][T14351] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 687.755127][T14394] tipc: Resetting bearer [ 687.917947][T14394] tipc: Disabling bearer [ 688.051164][T14351] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 688.364839][T14351] team0: Port device team_slave_0 added [ 688.516951][T14351] team0: Port device team_slave_1 added [ 688.689723][T14351] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 688.689744][T14351] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 688.689776][T14351] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 688.730228][T14441] tipc: Enabled bearer , priority 0 [ 688.735154][T14444] syzkaller0: entered promiscuous mode [ 688.735180][T14444] syzkaller0: entered allmulticast mode [ 688.759897][T14351] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 688.759914][T14351] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 688.759943][T14351] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 689.061497][T14351] hsr_slave_0: entered promiscuous mode [ 689.072227][T14351] hsr_slave_1: entered promiscuous mode [ 689.081368][T14351] debugfs: 'hsr0' already exists in 'hsr' [ 689.081399][T14351] Cannot create hsr debugfs directory [ 689.354862][ T5809] Bluetooth: hci0: command tx timeout [ 689.355181][T14437] tipc: Resetting bearer [ 689.487135][T14437] tipc: Disabling bearer [ 689.538850][T14469] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2719'. [ 690.451019][T14487] syzkaller0: entered promiscuous mode [ 690.451050][T14487] syzkaller0: entered allmulticast mode [ 691.446647][ T5809] Bluetooth: hci0: command tx timeout [ 691.874825][ T31] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 692.025046][ T31] usb 3-1: Using ep0 maxpacket: 16 [ 692.027808][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 692.027843][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 692.027885][ T31] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2c24, bcdDevice= 0.00 [ 692.027911][ T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 692.037045][ T31] usb 3-1: config 0 descriptor?? [ 692.286395][ T31] usbhid 3-1:0.0: can't add hid device: -71 [ 692.286547][ T31] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 692.297563][ T31] usb 3-1: USB disconnect, device number 4 [ 692.993762][T14351] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 693.042895][T14351] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 693.106564][T14351] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 693.108536][T14542] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2746'. [ 693.156607][T14351] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 693.161496][T14548] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2746'. [ 693.199712][T14546] netlink: 'syz.3.2749': attribute type 1 has an invalid length. [ 693.239442][T14542] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2746'. [ 693.281519][T14546] 8021q: adding VLAN 0 to HW filter on device bond1 [ 693.351523][T14555] bond1: (slave ip6gretap1): making interface the new active one [ 693.353723][T14555] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 693.474054][T14542] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2746'. [ 693.485692][T14557] veth7: entered promiscuous mode [ 693.491934][T14557] bond1: (slave veth7): Enslaving as an active interface with a down link [ 693.530345][ T5809] Bluetooth: hci0: command tx timeout [ 693.700048][T14572] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2754'. [ 693.721209][T14572] bond0: entered promiscuous mode [ 693.721227][T14572] bond_slave_0: entered promiscuous mode [ 693.721388][T14572] bond_slave_1: entered promiscuous mode [ 693.723692][T14572] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 693.758646][T14572] bond0: left promiscuous mode [ 693.758674][T14572] bond_slave_0: left promiscuous mode [ 693.758936][T14572] bond_slave_1: left promiscuous mode [ 693.894749][ T809] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 694.058363][ T809] usb 4-1: Using ep0 maxpacket: 16 [ 694.072749][ T809] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 694.072785][ T809] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 694.072825][ T809] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2c24, bcdDevice= 0.00 [ 694.072847][ T809] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 694.086142][ T809] usb 4-1: config 0 descriptor?? [ 694.179561][T14351] 8021q: adding VLAN 0 to HW filter on device bond0 [ 694.308120][ T809] usbhid 4-1:0.0: can't add hid device: -71 [ 694.308257][ T809] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 694.358267][ T809] usb 4-1: USB disconnect, device number 6 [ 694.418636][T14584] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2759'. [ 694.452648][T14584] bond0: entered promiscuous mode [ 694.452673][T14584] : entered promiscuous mode [ 694.452962][T14584] bond_slave_1: entered promiscuous mode [ 694.456484][T14584] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 694.458800][T14584] bond0: left promiscuous mode [ 694.458820][T14584] : left promiscuous mode [ 694.459050][T14584] bond_slave_1: left promiscuous mode [ 694.698133][T14351] 8021q: adding VLAN 0 to HW filter on device team0 [ 694.744766][ T6345] bridge0: port 1(bridge_slave_0) entered blocking state [ 694.744975][ T6345] bridge0: port 1(bridge_slave_0) entered forwarding state [ 694.792449][ T6273] bridge0: port 2(bridge_slave_1) entered blocking state [ 694.792617][ T6273] bridge0: port 2(bridge_slave_1) entered forwarding state [ 694.909061][T14596] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2763'. [ 694.962407][T14601] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2763'. [ 694.976004][T14600] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2765'. [ 695.093594][T14596] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2763'. [ 695.253509][T14596] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2763'. [ 695.603894][T14619] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2772'. [ 695.968967][ T5879] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 696.112905][T14351] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 696.124910][ T5879] usb 3-1: Using ep0 maxpacket: 16 [ 696.127037][ T5879] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 696.127067][ T5879] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 696.127092][ T5879] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2c24, bcdDevice= 0.00 [ 696.127106][ T5879] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 696.149947][ T5879] usb 3-1: config 0 descriptor?? [ 696.416668][ T5879] usbhid 3-1:0.0: can't add hid device: -71 [ 696.423745][ T5879] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 696.466400][ T5879] usb 3-1: USB disconnect, device number 5 [ 696.474163][T14639] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2779'. [ 696.712530][T14651] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2783'. [ 696.736968][T14653] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2782'. [ 696.738305][T14653] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2782'. [ 696.989695][T14663] netlink: 'syz.5.2786': attribute type 8 has an invalid length. [ 697.167586][T14351] veth0_vlan: entered promiscuous mode [ 697.217702][T14668] netlink: 'syz.5.2790': attribute type 3 has an invalid length. [ 697.390247][T14351] veth1_vlan: entered promiscuous mode [ 697.507190][T14351] veth0_macvtap: entered promiscuous mode [ 697.521533][T14351] veth1_macvtap: entered promiscuous mode [ 697.558503][T14351] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 697.582580][T14351] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 697.611150][ T5987] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 697.611420][ T5987] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 697.611463][ T5987] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 697.611499][ T5987] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 699.143267][T14708] netlink: 'syz.0.2803': attribute type 3 has an invalid length. [ 699.236583][ T6345] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 699.236607][ T6345] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 699.527836][ T6361] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 699.527862][ T6361] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 699.784290][T14729] Bluetooth: MGMT ver 1.23 [ 699.811962][T14735] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 700.270272][T14751] netlink: 'syz.5.2819': attribute type 1 has an invalid length. [ 700.297156][T14750] __nla_validate_parse: 5 callbacks suppressed [ 700.297179][T14750] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2820'. [ 700.579624][T14751] 8021q: adding VLAN 0 to HW filter on device bond1 [ 700.639098][T14756] bond1: (slave ip6gretap1): making interface the new active one [ 700.641323][T14756] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 701.025678][T14758] veth3: entered promiscuous mode [ 701.147804][T14355] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 701.185232][T14355] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 701.187847][T14355] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 701.224729][T14355] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 701.234021][T14355] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 701.603036][T14779] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2829'. [ 701.626832][T14779] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2829'. [ 701.876339][ T6342] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 702.220043][ T6342] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 702.227599][T14805] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2838'. [ 702.606867][ T6342] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 702.922008][T14827] Bluetooth: MGMT ver 1.23 [ 702.935429][T14824] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2846'. [ 702.936191][T14827] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2847'. [ 702.984333][T14830] netlink: 68 bytes leftover after parsing attributes in process `syz.5.2848'. [ 702.987414][ T6342] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 703.090510][T14824] bridge_slave_1: left allmulticast mode [ 703.090543][T14824] bridge_slave_1: left promiscuous mode [ 703.090848][T14824] bridge0: port 2(bridge_slave_1) entered disabled state [ 703.196836][T14824] bridge_slave_0: left allmulticast mode [ 703.196871][T14824] bridge_slave_0: left promiscuous mode [ 703.197188][T14824] bridge0: port 1(bridge_slave_0) entered disabled state [ 703.365322][ T5809] Bluetooth: hci1: command tx timeout [ 704.097752][T14763] chnl_net:caif_netlink_parms(): no params data found [ 705.683153][ T6342] bridge_slave_1: left allmulticast mode [ 705.683188][ T6342] bridge_slave_1: left promiscuous mode [ 705.683478][ T6342] bridge0: port 2(bridge_slave_1) entered disabled state [ 705.712700][ T5809] Bluetooth: hci1: command tx timeout [ 705.827313][ T6342] bridge_slave_0: left allmulticast mode [ 705.827345][ T6342] bridge_slave_0: left promiscuous mode [ 705.829744][ T6342] bridge0: port 1(bridge_slave_0) entered disabled state [ 707.764613][ T5809] Bluetooth: hci1: command tx timeout [ 708.685592][ T6342] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 708.745343][ T6342] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 708.765757][ T6342] bond0 (unregistering): Released all slaves [ 708.941875][T14763] bridge0: port 1(bridge_slave_0) entered blocking state [ 708.942013][T14763] bridge0: port 1(bridge_slave_0) entered disabled state [ 708.942266][T14763] bridge_slave_0: entered allmulticast mode [ 708.945397][T14763] bridge_slave_0: entered promiscuous mode [ 708.966668][ T6342] tipc: Left network mode [ 709.439073][T14908] netlink: 'syz.5.2875': attribute type 1 has an invalid length. [ 709.585460][T14763] bridge0: port 2(bridge_slave_1) entered blocking state [ 709.585647][T14763] bridge0: port 2(bridge_slave_1) entered disabled state [ 709.585913][T14763] bridge_slave_1: entered allmulticast mode [ 709.589122][T14763] bridge_slave_1: entered promiscuous mode [ 709.653076][T14908] 8021q: adding VLAN 0 to HW filter on device bond2 [ 709.807764][T14916] veth5: entered promiscuous mode [ 709.834821][ T5809] Bluetooth: hci1: command tx timeout [ 711.107242][T14949] Bluetooth: MGMT ver 1.23 [ 711.423772][T14959] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2888'. [ 711.912473][T14966] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2890'. [ 712.017286][T14959] bond0: entered promiscuous mode [ 712.017313][T14959] bond_slave_0: entered promiscuous mode [ 712.017560][T14959] bond_slave_1: entered promiscuous mode [ 712.019812][T14959] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 712.021847][T14959] bond0: left promiscuous mode [ 712.021869][T14959] bond_slave_0: left promiscuous mode [ 712.022156][T14959] bond_slave_1: left promiscuous mode [ 712.227982][T14979] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2892'. [ 712.280307][T14981] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2892'. [ 712.343629][T14763] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 712.557524][T14986] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2895'. [ 712.577765][T14763] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 712.758472][T14988] netlink: 'syz.3.2895': attribute type 10 has an invalid length. [ 713.687262][ T37] kauditd_printk_skb: 70 callbacks suppressed [ 713.687315][ T37] audit: type=1326 audit(2000000502.940:1402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14998 comm="syz.5.2900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 713.687456][ T37] audit: type=1326 audit(2000000502.940:1403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14998 comm="syz.5.2900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 713.687638][ T37] audit: type=1326 audit(2000000502.940:1404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14998 comm="syz.5.2900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 713.687951][ T37] audit: type=1326 audit(2000000502.940:1405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14998 comm="syz.5.2900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 713.688344][ T37] audit: type=1326 audit(2000000502.940:1406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14998 comm="syz.5.2900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 713.688475][ T37] audit: type=1326 audit(2000000502.950:1407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14998 comm="syz.5.2900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 713.688668][ T37] audit: type=1326 audit(2000000502.950:1408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14998 comm="syz.5.2900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 713.688929][ T37] audit: type=1326 audit(2000000502.950:1409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14998 comm="syz.5.2900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 713.689338][ T37] audit: type=1326 audit(2000000502.950:1410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14998 comm="syz.5.2900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 713.689497][ T37] audit: type=1326 audit(2000000502.950:1411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14998 comm="syz.5.2900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 714.348063][T14763] team0: Port device team_slave_0 added [ 714.540738][T14763] team0: Port device team_slave_1 added [ 714.720121][ T6342] hsr_slave_0: left promiscuous mode [ 714.767172][ T6342] hsr_slave_1: left promiscuous mode [ 714.768732][ T6342] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 714.795207][T15024] netlink: 52 bytes leftover after parsing attributes in process `syz.5.2906'. [ 714.816503][ T6342] batman_adv: batadv0: Removing interface: dummy0 [ 714.850386][T15028] netlink: 76 bytes leftover after parsing attributes in process `syz.5.2906'. [ 717.355560][T15040] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2911'. [ 717.497880][T15041] netlink: 'syz.0.2911': attribute type 10 has an invalid length. [ 718.975738][ T6342] team0 (unregistering): Port device team_slave_1 removed [ 719.205215][ T6342] team0 (unregistering): Port device team_slave_0 removed [ 721.688718][T15024] bridge0: port 2(bridge_slave_1) entered disabled state [ 721.690860][T15024] bridge0: port 1(bridge_slave_0) entered disabled state [ 721.724963][T15028] bridge0: port 2(bridge_slave_1) entered blocking state [ 721.726474][T15028] bridge0: port 2(bridge_slave_1) entered forwarding state [ 721.727354][T15028] bridge0: port 1(bridge_slave_0) entered blocking state [ 721.727528][T15028] bridge0: port 1(bridge_slave_0) entered forwarding state [ 721.733171][T15028] netlink: 52 bytes leftover after parsing attributes in process `syz.5.2906'. [ 721.810158][T15028] bridge0: port 2(bridge_slave_1) entered disabled state [ 721.812542][T15028] bridge0: port 1(bridge_slave_0) entered disabled state [ 721.868551][T14763] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 721.868570][T14763] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 721.868600][T14763] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 721.888366][T14763] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 721.888384][T14763] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 721.888410][T14763] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 722.387812][T14763] hsr_slave_0: entered promiscuous mode [ 722.390850][T14763] hsr_slave_1: entered promiscuous mode [ 723.019366][ T37] kauditd_printk_skb: 76 callbacks suppressed [ 723.019428][ T37] audit: type=1326 audit(2000000512.310:1488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15067 comm="syz.5.2920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 723.019912][ T37] audit: type=1326 audit(2000000512.310:1489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15067 comm="syz.5.2920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 723.020097][ T37] audit: type=1326 audit(2000000512.320:1490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15067 comm="syz.5.2920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 723.020173][ T37] audit: type=1326 audit(2000000512.320:1491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15067 comm="syz.5.2920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 723.020466][ T37] audit: type=1326 audit(2000000512.320:1492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15067 comm="syz.5.2920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 723.020674][ T37] audit: type=1326 audit(2000000512.320:1493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15067 comm="syz.5.2920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 723.021060][ T37] audit: type=1326 audit(2000000512.320:1494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15067 comm="syz.5.2920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 723.021164][ T37] audit: type=1326 audit(2000000512.320:1495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15067 comm="syz.5.2920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 723.021352][ T37] audit: type=1326 audit(2000000512.320:1496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15067 comm="syz.5.2920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 723.021597][ T37] audit: type=1326 audit(2000000512.330:1497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15067 comm="syz.5.2920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673105aeb9 code=0x7ffc0000 [ 724.128750][T15085] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2923'. [ 724.263167][T15090] netlink: 52 bytes leftover after parsing attributes in process `syz.5.2925'. [ 724.264963][T15090] netlink: 76 bytes leftover after parsing attributes in process `syz.5.2925'. [ 724.265205][T15090] bridge0: port 2(bridge_slave_1) entered blocking state [ 724.265396][T15090] bridge0: port 2(bridge_slave_1) entered forwarding state [ 724.265898][T15090] bridge0: port 1(bridge_slave_0) entered blocking state [ 724.266064][T15090] bridge0: port 1(bridge_slave_0) entered forwarding state [ 724.267838][T15090] netlink: 52 bytes leftover after parsing attributes in process `syz.5.2925'. [ 724.268615][T15090] bridge0: port 2(bridge_slave_1) entered disabled state [ 724.268869][T15090] bridge0: port 1(bridge_slave_0) entered disabled state [ 724.277724][T15088] netlink: 'syz.0.2923': attribute type 10 has an invalid length. [ 724.926834][ T6342] IPVS: stop unused estimator thread 0... [ 725.774857][T15130] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2938'. [ 725.774884][T15130] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2938'. [ 725.939426][T15136] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2941'. [ 727.356999][T15183] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2952'. [ 727.357027][T15183] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2952'. [ 727.507946][T15191] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2954'. [ 727.534272][T14763] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 727.640112][T14763] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 727.741690][T14763] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 727.770746][T14763] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 728.192676][T14763] 8021q: adding VLAN 0 to HW filter on device bond0 [ 728.243829][T14763] 8021q: adding VLAN 0 to HW filter on device team0 [ 728.272423][ T6342] bridge0: port 1(bridge_slave_0) entered blocking state [ 728.319349][ T6342] bridge0: port 1(bridge_slave_0) entered forwarding state [ 728.348646][ T6345] bridge0: port 2(bridge_slave_1) entered blocking state [ 728.348799][ T6345] bridge0: port 2(bridge_slave_1) entered forwarding state [ 728.885339][T15235] team0: entered promiscuous mode [ 728.885365][T15235] team_slave_0: entered promiscuous mode [ 728.885625][T15235] team_slave_1: entered promiscuous mode [ 728.896565][T15235] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 728.897658][T15235] bridge1: port 1(macvlan2) entered blocking state [ 728.897899][T15235] bridge1: port 1(macvlan2) entered disabled state [ 728.898122][T15235] macvlan2: entered allmulticast mode [ 728.898138][T15235] team0: entered allmulticast mode [ 728.898151][T15235] team_slave_0: entered allmulticast mode [ 728.898170][T15235] team_slave_1: entered allmulticast mode [ 728.919325][T15235] macvlan2: entered promiscuous mode [ 728.951166][T15235] bridge1: port 1(macvlan2) entered blocking state [ 728.951320][T15235] bridge1: port 1(macvlan2) entered forwarding state [ 729.549578][T14763] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 729.855625][T14763] veth0_vlan: entered promiscuous mode [ 729.935771][T14763] veth1_vlan: entered promiscuous mode [ 730.084932][T15274] __nla_validate_parse: 7 callbacks suppressed [ 730.084954][T15274] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2976'. [ 730.084972][T15274] openvswitch: netlink: Flow key attr not present in new flow. [ 730.101415][T14763] veth0_macvtap: entered promiscuous mode [ 730.163293][T14763] veth1_macvtap: entered promiscuous mode [ 730.290138][T14763] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 730.349128][T14763] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 730.408877][ T6273] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 730.409537][ T6273] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 730.418641][ T6000] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 730.418936][ T6000] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 730.974188][T15299] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2982'. [ 731.034076][T15302] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2982'. [ 731.093520][T15305] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2987'. [ 731.093549][T15305] openvswitch: netlink: Flow key attr not present in new flow. [ 731.459753][ T5987] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 731.459776][ T5987] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 731.645702][ T6000] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 731.645728][ T6000] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 731.821285][T15325] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2997'. [ 732.459959][T14355] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 732.492237][T14355] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 732.509869][T14355] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 732.522275][T14355] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 732.566304][T14355] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 732.858801][T15357] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3006'. [ 732.912593][T15358] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3006'. [ 733.109826][T15365] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3011'. [ 733.109851][T15365] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3011'. [ 733.866936][T15394] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3023'. [ 733.895617][T15387] veth3: entered promiscuous mode [ 734.323660][T15341] chnl_net:caif_netlink_parms(): no params data found [ 734.714728][ T5809] Bluetooth: hci2: command tx timeout [ 734.770989][T15341] bridge0: port 1(bridge_slave_0) entered blocking state [ 734.787116][T15341] bridge0: port 1(bridge_slave_0) entered disabled state [ 734.787407][T15341] bridge_slave_0: entered allmulticast mode [ 734.790446][T15341] bridge_slave_0: entered promiscuous mode [ 734.820307][T15341] bridge0: port 2(bridge_slave_1) entered blocking state [ 734.820617][T15341] bridge0: port 2(bridge_slave_1) entered disabled state [ 734.820861][T15341] bridge_slave_1: entered allmulticast mode [ 734.823730][T15341] bridge_slave_1: entered promiscuous mode [ 734.912022][T15341] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 734.926904][T15341] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 734.993405][T15341] team0: Port device team_slave_0 added [ 735.006750][T15341] team0: Port device team_slave_1 added [ 735.246794][T15341] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 735.246814][T15341] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 735.246843][T15341] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 735.248153][T15442] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 735.248196][T15442] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 735.248218][T15442] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 735.326275][T15341] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 735.326294][T15341] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 735.326324][T15341] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 735.468027][T15453] __nla_validate_parse: 7 callbacks suppressed [ 735.468050][T15453] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3046'. [ 735.470801][T15341] hsr_slave_0: entered promiscuous mode [ 735.472429][T15341] hsr_slave_1: entered promiscuous mode [ 735.473500][T15341] debugfs: 'hsr0' already exists in 'hsr' [ 735.473527][T15341] Cannot create hsr debugfs directory [ 735.632520][T15457] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3048'. [ 735.752913][T15459] netlink: 120 bytes leftover after parsing attributes in process `syz.4.3049'. [ 735.752950][T15459] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3049'. [ 736.153229][T15469] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3052'. [ 736.217700][T15472] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3052'. [ 736.558508][T15478] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3057'. [ 736.623073][T15480] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3058'. [ 736.631164][T15456] infiniband syz1: set down [ 736.631188][T15456] infiniband syz1: added bond0 [ 736.659955][T15456] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR [ 736.668583][T15456] infiniband syz1: Couldn't open port 1 [ 736.788432][T15483] netlink: 120 bytes leftover after parsing attributes in process `syz.2.3059'. [ 736.788457][T15483] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3059'. [ 736.794675][ T5809] Bluetooth: hci2: command tx timeout [ 736.880961][T15456] RDS/IB: syz1: added [ 736.881601][T15456] smc: adding ib device syz1 with port count 1 [ 736.881867][T15456] smc: ib device syz1 port 1 has no pnetid [ 738.200352][T15518] ip_vti0: left promiscuous mode [ 738.875009][ T5809] Bluetooth: hci2: command tx timeout [ 739.644361][T15518] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 740.616768][T15518] veth3: left promiscuous mode [ 740.657882][T15518] veth5: left promiscuous mode [ 740.658643][T15518] bridge1: port 1(macvlan2) entered disabled state [ 740.662721][T15518] team0: left promiscuous mode [ 740.662737][T15518] team_slave_0: left promiscuous mode [ 740.662886][T15518] team_slave_1: left promiscuous mode [ 740.748318][ T6345] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 740.809871][ T6345] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 740.809979][T15341] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 740.898026][ T6345] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 740.901817][ T6345] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 740.938490][T15341] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 740.955118][ T5809] Bluetooth: hci2: command tx timeout [ 740.987747][T15341] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 741.256446][T15562] __nla_validate_parse: 5 callbacks suppressed [ 741.256464][T15562] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3090'. [ 741.262660][T15341] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 742.192815][T15582] netlink: 'syz.4.3095': attribute type 1 has an invalid length. [ 742.192843][T15582] netlink: 'syz.4.3095': attribute type 4 has an invalid length. [ 742.192857][T15582] netlink: 15538 bytes leftover after parsing attributes in process `syz.4.3095'. [ 742.555207][T15341] 8021q: adding VLAN 0 to HW filter on device bond0 [ 742.594018][T15341] 8021q: adding VLAN 0 to HW filter on device team0 [ 742.612172][ T6361] bridge0: port 1(bridge_slave_0) entered blocking state [ 742.612553][ T6361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 742.616251][ T6361] bridge0: port 2(bridge_slave_1) entered blocking state [ 742.616387][ T6361] bridge0: port 2(bridge_slave_1) entered forwarding state [ 742.934930][T15594] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3098'. [ 742.940390][T15594] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3098'. [ 743.085660][T15598] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3101'. [ 743.378814][T15341] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 743.473346][T15341] veth0_vlan: entered promiscuous mode [ 743.486743][T15341] veth1_vlan: entered promiscuous mode [ 743.546989][T15341] veth0_macvtap: entered promiscuous mode [ 743.560921][T15341] veth1_macvtap: entered promiscuous mode [ 743.599488][T15341] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 743.620841][T15341] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 743.643567][ T88] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 743.643869][ T88] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 743.643912][ T88] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 743.643952][ T88] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 744.206662][T15613] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.3105'. [ 746.534316][ T6273] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 746.534341][ T6273] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 746.748378][ T6352] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 746.748400][ T6352] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 747.071220][T15645] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3113'. [ 747.259042][T15649] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3114'. [ 747.311204][T15650] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3114'. [ 747.522390][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.522469][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 749.718936][T15673] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3122'. [ 749.823508][ T6342] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 749.823686][T15673] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3122'. [ 749.824138][ T6342] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 749.824207][ T6342] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 749.824243][ T6342] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 750.265286][T15681] debugfs: 'netdev:nicvf0' already exists in 'phy19' [ 753.444231][T15692] lec:lec_atm_close: lec0: Shut down! [ 754.309475][T15721] debugfs: 'netdev:nicvf0' already exists in 'phy19' [ 754.775026][T15745] netlink: 'syz.4.3141': attribute type 5 has an invalid length. [ 754.821898][T15745] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3141'. [ 756.591717][T15770] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3147'. [ 758.987287][T15780] netlink: 14 bytes leftover after parsing attributes in process `syz.0.3149'. [ 759.338199][T15780] bond0 (unregistering): (slave 17): Releasing backup interface [ 759.420740][T15780] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 759.485915][T15780] bond0 (unregistering): Released all slaves [ 759.623498][T15797] bridge_slave_0: left allmulticast mode [ 759.623533][T15797] bridge_slave_0: left promiscuous mode [ 759.623836][T15797] bridge0: port 1(bridge_slave_0) entered disabled state [ 759.740087][T15797] bridge_slave_1: left allmulticast mode [ 759.740122][T15797] bridge_slave_1: left promiscuous mode [ 759.740445][T15797] bridge0: port 2(bridge_slave_1) entered disabled state [ 759.946142][ T88] smc: removing ib device syz1 [ 759.985611][T15797] bond0: (slave bond_slave_0): Releasing backup interface [ 760.113799][T15797] bond0: (slave bond_slave_1): Releasing backup interface [ 760.193304][T15797] team0: Port device team_slave_0 removed [ 760.253595][T15797] team0: Port device team_slave_1 removed [ 760.262707][T15797] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 760.262740][T15797] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 760.310619][T15797] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 760.310652][T15797] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 760.360348][T15797] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 760.749538][T15814] netlink: 'syz.5.3158': attribute type 1 has an invalid length. [ 762.484129][T15830] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3161'. [ 762.502683][T15817] veth7: entered promiscuous mode [ 762.626305][T15830] bridge0: port 2(bridge_slave_1) entered disabled state [ 762.652662][T15830] bridge0: port 1(bridge_slave_0) entered disabled state [ 762.814948][T14695] lec:lec_start_xmit: lec0:No lecd attached [ 765.325712][T15878] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3171'. [ 765.896426][T15887] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3176'. [ 765.948908][T15890] netlink: 76 bytes leftover after parsing attributes in process `syz.4.3176'. [ 766.155162][T15890] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3176'. [ 766.242067][T15894] netlink: 'syz.3.3178': attribute type 1 has an invalid length. [ 766.242095][T15894] netlink: 'syz.3.3178': attribute type 4 has an invalid length. [ 766.242109][T15894] netlink: 15538 bytes leftover after parsing attributes in process `syz.3.3178'. [ 768.334105][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5510 ms [ 768.334400][ C1] lec:lec_tx_timeout: lec0 [ 768.336591][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 769.519085][T15937] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3192'. [ 770.052687][T15948] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3195'. [ 770.100082][T15948] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3195'. [ 770.124872][T15950] netlink: 'syz.0.3197': attribute type 2 has an invalid length. [ 770.185085][T15948] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3195'. [ 770.451470][T15950] !9: entered promiscuous mode [ 770.633671][T15968] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3201'. [ 770.989782][T15987] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3206'. [ 772.336776][T16028] tipc: Started in network mode [ 772.336811][T16028] tipc: Node identity 3aeebc9da8cb, cluster identity 4711 [ 772.337034][T16028] tipc: Enabled bearer , priority 0 [ 772.432936][T16027] tipc: Disabling bearer [ 772.914144][T16043] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3222'. [ 772.932415][T16043] team0: entered promiscuous mode [ 772.933219][T16043] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 772.983633][T16043] team0: left promiscuous mode [ 773.058737][T16048] netlink: 128 bytes leftover after parsing attributes in process `syz.5.3225'. [ 774.154466][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5820 ms [ 774.154503][ C1] lec:lec_tx_timeout: lec0 [ 774.154724][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 774.477616][T16085] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3236'. [ 774.745669][T16095] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3238'. [ 774.745700][T16095] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3238'. [ 774.790031][T16095] team0: entered promiscuous mode [ 774.790051][T16095] team_slave_0: entered promiscuous mode [ 774.790236][T16095] team_slave_1: entered promiscuous mode [ 774.791688][T16095] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 775.690843][T16127] netlink: 128 bytes leftover after parsing attributes in process `syz.5.3250'. [ 776.269099][T16136] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 776.273323][T16136] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 776.446312][T16110] lec:lec_atm_close: lec0: Shut down! [ 776.549046][T16138] macvlan2: entered promiscuous mode [ 776.549066][T16138] macvlan2: entered allmulticast mode [ 776.550198][T16138] vlan1: entered promiscuous mode [ 776.569760][T16138] bond1: (slave macvlan2): Enslaving as an active interface with an up link [ 776.635413][T16148] netlink: 'syz.0.3255': attribute type 1 has an invalid length. [ 776.635437][T16148] netlink: 16150 bytes leftover after parsing attributes in process `syz.0.3255'. [ 778.608991][T16208] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3271'. [ 779.976935][T16259] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3284'. [ 780.159752][T16262] netlink: 'syz.0.3284': attribute type 10 has an invalid length. [ 781.008024][T16301] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3300'. [ 781.181634][T16308] netlink: 'syz.3.3300': attribute type 10 has an invalid length. [ 781.240204][T16312] netlink: 7064 bytes leftover after parsing attributes in process `syz.4.3303'. [ 781.240242][T16312] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 782.154541][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5710 ms [ 782.154578][ C1] lec:lec_tx_timeout: lec0 [ 782.154760][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 782.186771][T16317] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3303'. [ 782.269725][T16334] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3313'. [ 783.382067][T16368] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3328'. [ 783.922894][T16386] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3333'. [ 783.922924][T16386] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3333'. [ 784.358936][T16388] syzkaller0: entered promiscuous mode [ 784.358967][T16388] syzkaller0: entered allmulticast mode [ 785.185948][T16419] netlink: 52 bytes leftover after parsing attributes in process `syz.5.3341'. [ 785.285236][T16427] netlink: 'syz.4.3342': attribute type 39 has an invalid length. [ 785.341674][T16429] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3344'. [ 785.341703][T16429] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3344'. [ 785.434682][T14355] Bluetooth: hci5: command 0x0406 tx timeout [ 785.642311][T16441] netlink: 'syz.3.3347': attribute type 2 has an invalid length. [ 785.792786][T16441] !9: entered promiscuous mode [ 786.297511][T16458] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 786.299653][T16458] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 786.330112][T16466] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3354'. [ 786.650482][T16478] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3358'. [ 786.650515][T16478] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3358'. [ 786.792514][T16487] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3359'. [ 786.979437][T16497] netlink: 'syz.0.3363': attribute type 2 has an invalid length. [ 787.054709][T16500] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3363'. [ 787.164547][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 787.164584][ C1] lec:lec_tx_timeout: lec0 [ 787.164698][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 787.624067][T16522] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3369'. [ 787.883446][T16527] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3372'. [ 788.102545][T16541] netlink: 'syz.3.3377': attribute type 2 has an invalid length. [ 789.942443][T14355] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 789.964149][T14355] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 789.989229][T14355] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 789.991804][T14355] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 789.992652][T14355] Bluetooth: hci3: unexpect[ 789.992652][T14355] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 790.014847][ T6223] ================================================================== [ 790.014865][ T6223] BUG: KASAN: use-after-free in _raw_spin_lock_irq+0x3d/0x50 [ 790.014899][ T6223] Read of size 1 at addr ffff88801f310070 by task khidpd_16bf5505/6223 [ 790.014917][ T6223] [ 790.014932][ T6223] CPU: 0 UID: 0 PID: 6223 Comm: khidpd_16bf5505 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 790.014959][ T6223] Tainted: [L]=SOFTLOCKUP [ 790.014966][ T6223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 790.014978][ T6223] Call Trace: [ 790.014986][ T6223] [ 790.014993][ T6223] dump_stack_lvl+0xe8/0x150 [ 790.015019][ T6223] print_report+0xba/0x230 [ 790.015042][ T6223] ? _raw_spin_lock_irq+0x3d/0x50 [ 790.015063][ T6223] kasan_report+0x117/0x150 [ 790.015091][ T6223] ? _raw_spin_lock_irq+0x3d/0x50 [ 790.015116][ T6223] ? rt_mutex_slowlock_block+0x510/0x680 [ 790.015133][ T6223] __kasan_check_byte+0x2a/0x40 [ 790.015157][ T6223] lock_acquire+0x84/0x330 [ 790.015183][ T6223] _raw_spin_lock_irq+0x3d/0x50 [ 790.015205][ T6223] ? rt_mutex_slowlock_block+0x510/0x680 [ 790.015223][ T6223] rt_mutex_slowlock_block+0x510/0x680 [ 790.015246][ T6223] ? rt_mutex_slowlock_block+0x2e9/0x680 [ 790.015266][ T6223] rt_mutex_slowlock+0x2dc/0x710 [ 790.015286][ T6223] ? rt_mutex_slowlock+0x1fd/0x710 [ 790.015314][ T6223] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 790.015338][ T6223] ? l2cap_unregister_user+0x6a/0x1b0 [ 790.015358][ T6223] ? l2cap_unregister_user+0x6a/0x1b0 [ 790.015378][ T6223] ? l2cap_unregister_user+0x6a/0x1b0 [ 790.015393][ T6223] mutex_lock_nested+0x168/0x1d0 [ 790.015415][ T6223] l2cap_unregister_user+0x6a/0x1b0 [ 790.015435][ T6223] hidp_session_thread+0x3cb/0x440 [ 790.015456][ T6223] ? __pfx_hidp_session_thread+0x10/0x10 [ 790.015475][ T6223] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 790.015497][ T6223] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 790.015517][ T6223] ? __kthread_parkme+0x7a/0x1f0 [ 790.015538][ T6223] ? __kthread_parkme+0x19c/0x1f0 [ 790.015560][ T6223] kthread+0x726/0x8b0 [ 790.015582][ T6223] ? __pfx_hidp_session_thread+0x10/0x10 [ 790.015601][ T6223] ? __pfx_kthread+0x10/0x10 [ 790.015621][ T6223] ? rt_spin_unlock+0x14f/0x200 [ 790.015641][ T6223] ? rt_spin_unlock+0x160/0x200 [ 790.015659][ T6223] ? __pfx_kthread+0x10/0x10 [ 790.015680][ T6223] ret_from_fork+0x51b/0xa40 [ 790.015701][ T6223] ? __pfx_ret_from_fork+0x10/0x10 [ 790.015719][ T6223] ? __switch_to+0xc82/0x1410 [ 790.015747][ T6223] ? __pfx_kthread+0x10/0x10 [ 790.015769][ T6223] ret_from_fork_asm+0x1a/0x30 [ 790.015803][ T6223] [ 790.015810][ T6223] [ 790.015815][ T6223] The buggy address belongs to the physical page: [ 790.015825][ T6223] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88801f313740 pfn:0x1f310 [ 790.015844][ T6223] flags: 0x80000000000000(node=0|zone=1) [ 790.015867][ T6223] raw: 0080000000000000 ffffea0000e39e08 ffff8880b8842d80 0000000000000000 [ 790.015883][ T6223] raw: ffff88801f313740 0000000000000000 00000000ffffffff 0000000000000000 [ 790.015893][ T6223] page dumped because: kasan: bad access detected [ 790.015902][ T6223] page_owner tracks the page as freed [ 790.015909][ T6223] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_ZERO|__GFP_COMP), pid 5808, tgid 5808 (syz-executor), ts 84244021783, free_ts 790012550915 [ 790.015940][ T6223] post_alloc_hook+0x228/0x280 [ 790.015964][ T6223] get_page_from_freelist+0x28bb/0x2950 [ 790.015980][ T6223] __alloc_frozen_pages_noprof+0x18d/0x380 [ 790.015996][ T6223] alloc_pages_mpol+0xd1/0x380 [ 790.016020][ T6223] ___kmalloc_large_node+0x4e/0x150 [ 790.016042][ T6223] __kmalloc_large_node_noprof+0x18/0x90 [ 790.016065][ T6223] __kmalloc_noprof+0x4c2/0x7c0 [ 790.016087][ T6223] hci_alloc_dev_priv+0x28/0x2090 [ 790.016113][ T6223] vhci_create_device+0x120/0x660 [ 790.016132][ T6223] vhci_write+0x3d0/0x4a0 [ 790.016150][ T6223] vfs_write+0x629/0xba0 [ 790.016169][ T6223] ksys_write+0x156/0x270 [ 790.016187][ T6223] do_syscall_64+0xe2/0xf80 [ 790.016209][ T6223] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 790.016225][ T6223] page last free pid 12336 tgid 12336 stack trace: [ 790.016236][ T6223] __free_frozen_pages+0xfd0/0x1160 [ 790.016259][ T6223] bt_host_release+0x82/0x90 [ 790.016281][ T6223] device_release+0x9e/0x1d0 [ 790.016313][ T6223] kobject_put+0x228/0x560 [ 790.016336][ T6223] vhci_release+0x15d/0x1b0 [ 790.016353][ T6223] __fput+0x45e/0xa80 [ 790.016368][ T6223] task_work_run+0x1d9/0x270 [ 790.016389][ T6223] do_exit+0x69b/0x2320 [ 790.016410][ T6223] do_group_exit+0x21b/0x2d0 [ 790.016431][ T6223] get_signal+0x125c/0x1310 [ 790.016446][ T6223] arch_do_signal_or_restart+0xbc/0x830 [ 790.016471][ T6223] exit_to_user_mode_loop+0x86/0x480 [ 790.016489][ T6223] do_syscall_64+0x2b7/0xf80 [ 790.016510][ T6223] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 790.016527][ T6223] [ 790.016531][ T6223] Memory state around the buggy address: [ 790.016541][ T6223] ffff88801f30ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 790.016553][ T6223] ffff88801f30ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 790.016564][ T6223] >ffff88801f310000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 790.016574][ T6223] ^ [ 790.016585][ T6223] ffff88801f310080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 790.016597][ T6223] ffff88801f310100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 790.016606][ T6223] ================================================================== [ 790.016617][ T6223] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 790.016633][ T6223] CPU: 0 UID: 0 PID: 6223 Comm: khidpd_16bf5505 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 790.016658][ T6223] Tainted: [L]=SOFTLOCKUP [ 790.016664][ T6223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 790.016675][ T6223] Call Trace: [ 790.016682][ T6223] [ 790.016689][ T6223] vpanic+0x1e0/0x670 [ 790.016715][ T6223] panic+0xc5/0xd0 [ 790.016738][ T6223] ? __pfx_panic+0x10/0x10 [ 790.016764][ T6223] ? _raw_spin_lock_irq+0x3d/0x50 [ 790.016787][ T6223] ? rcu_is_watching+0x15/0xb0 [ 790.016813][ T6223] ? _raw_spin_lock_irq+0x3d/0x50 [ 790.016836][ T6223] ? _raw_spin_lock_irq+0x3d/0x50 [ 790.016858][ T6223] check_panic_on_warn+0x89/0xb0 [ 790.016883][ T6223] ? _raw_spin_lock_irq+0x3d/0x50 [ 790.016904][ T6223] end_report+0x6f/0x140 [ 790.016929][ T6223] kasan_report+0x128/0x150 [ 790.016954][ T6223] ? _raw_spin_lock_irq+0x3d/0x50 [ 790.016981][ T6223] ? rt_mutex_slowlock_block+0x510/0x680 [ 790.016998][ T6223] __kasan_check_byte+0x2a/0x40 [ 790.017022][ T6223] lock_acquire+0x84/0x330 [ 790.017046][ T6223] _raw_spin_lock_irq+0x3d/0x50 [ 790.017067][ T6223] ? rt_mutex_slowlock_block+0x510/0x680 [ 790.017085][ T6223] rt_mutex_slowlock_block+0x510/0x680 [ 790.017109][ T6223] ? rt_mutex_slowlock_block+0x2e9/0x680 [ 790.017128][ T6223] rt_mutex_slowlock+0x2dc/0x710 [ 790.017148][ T6223] ? rt_mutex_slowlock+0x1fd/0x710 [ 790.017167][ T6223] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 790.017189][ T6223] ? l2cap_unregister_user+0x6a/0x1b0 [ 790.017208][ T6223] ? l2cap_unregister_user+0x6a/0x1b0 [ 790.017227][ T6223] ? l2cap_unregister_user+0x6a/0x1b0 [ 790.017243][ T6223] mutex_lock_nested+0x168/0x1d0 [ 790.017264][ T6223] l2cap_unregister_user+0x6a/0x1b0 [ 790.017283][ T6223] hidp_session_thread+0x3cb/0x440 [ 790.017310][ T6223] ? __pfx_hidp_session_thread+0x10/0x10 [ 790.017330][ T6223] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 790.017353][ T6223] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 790.017373][ T6223] ? __kthread_parkme+0x7a/0x1f0 [ 790.017392][ T6223] ? __kthread_parkme+0x19c/0x1f0 [ 790.017414][ T6223] kthread+0x726/0x8b0 [ 790.017436][ T6223] ? __pfx_hidp_session_thread+0x10/0x10 [ 790.017455][ T6223] ? __pfx_kthread+0x10/0x10 [ 790.017475][ T6223] ? rt_spin_unlock+0x14f/0x200 [ 790.017496][ T6223] ? rt_spin_unlock+0x160/0x200 [ 790.017513][ T6223] ? __pfx_kthread+0x10/0x10 [ 790.017535][ T6223] ret_from_fork+0x51b/0xa40 [ 790.017555][ T6223] ? __pfx_ret_from_fork+0x10/0x10 [ 790.017573][ T6223] ? __switch_to+0xc82/0x1410 [ 790.017600][ T6223] ? __pfx_kthread+0x10/0x10 [ 790.017622][ T6223] ret_from_fork_asm+0x1a/0x30 [ 790.017654][ T6223] [ 790.018073][ T6223] Kernel Offset: disabled