last executing test programs: 12.826821694s ago: executing program 0 (id=3632): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200102f00fe80000000000000875a65059ff57b00000000000000000000000000ac1414aa"], 0xcfa4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 12.04944972s ago: executing program 0 (id=3640): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x2, @perf_config_ext={0xb, 0xffffffffffffffff}, 0x8, 0x0, 0x0, 0x0, 0x5, 0x800000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)={0x2, 0x7c, @local}, 0x10, &(0x7f0000000040)=[{&(0x7f0000003ac0)='d', 0x1}], 0x1}, 0x810) 11.526112871s ago: executing program 0 (id=3653): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0xa38, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) socketpair$nbd(0x1, 0x1, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r0, &(0x7f00000004c0)=ANY=[], 0xfdef) write$cgroup_subtree(r0, 0x0, 0x31) 11.313991243s ago: executing program 0 (id=3645): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x2}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0, 0xffffffffffffffff}, &(0x7f0000000180), &(0x7f0000000340)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000080)) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101}) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETSTEERINGEBPF(r4, 0x800454e0, &(0x7f0000000300)=r6) write$cgroup_devices(r5, &(0x7f0000000280)=ANY=[@ANYBLOB="1e030600bc5cb60128876360864666702c1ffe80000000000000", @ANYRESDEC], 0xffdd) 8.236208764s ago: executing program 1 (id=3673): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f0000"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f00000001c0), &(0x7f0000000280)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r4}, &(0x7f0000000280), &(0x7f0000000240)=r1}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r5, 0x4) sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 8.082552673s ago: executing program 4 (id=3664): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4c24, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) bpf$MAP_CREATE(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="0300000004000000040000000100180000000000", @ANYRESHEX, @ANYBLOB="18"], 0x50) 8.066353575s ago: executing program 1 (id=3666): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x2, @perf_config_ext={0xb, 0xffffffffffffffff}, 0x8, 0x0, 0x0, 0x0, 0x5, 0x800000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)={0x2, 0x7c, @local}, 0x10, &(0x7f0000000040)=[{&(0x7f0000003ac0)='d', 0x1}], 0x1}, 0x810) 7.584017923s ago: executing program 1 (id=3667): perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, @perf_bp={0x0}, 0x0, 0xc8}, 0x0, 0x6, 0xffffffffffffffff, 0x0) getpid() perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x48, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80102, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4, 0x3fe, 0x7ffffffc, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1, 0x0, 0x0, 0x7400}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000008c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0xfffffff9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB, @ANYRES32=0x1, @ANYRES32=0x0, @ANYRES32], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x13, 0x5, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4}, [@map_idx_val={0x18, 0x7, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x30c}]}, 0x0, 0x5, 0x61, &(0x7f0000000840)=""/97, 0x41100, 0x30, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x6, 0x5}, 0x8, 0x10, &(0x7f0000000680)={0x3, 0xe, 0x200, 0xffffff81}, 0x10, 0x0, 0xffffffffffffffff, 0x1, &(0x7f0000000a40), &(0x7f0000000a80)=[{0x2, 0x2, 0x4, 0x3}], 0x10, 0x5}, 0x94) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x8020) write$cgroup_subtree(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="8fedcb7910009875f37538e486dd6317ce8102038700fe08000e40000200875a65969ff57b00ff020000000000000000"], 0xfdef) r4 = socket$kcm(0xa, 0x5, 0x0) setsockopt$sock_attach_bpf(r4, 0x0, 0x26, 0x0, 0xe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) recvmsg$unix(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r6, &(0x7f0000000840)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc00037300005b686158bbcfe8875a060300000022000000000000000000000000ac1414aa"], 0xfdef) 7.176836637s ago: executing program 4 (id=3670): perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x49, 0x1, 0x0, 0x0, 0x0, 0x0, 0x82240, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x8}, 0x2, 0x0, 0x0, 0x8, 0x43fe, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x8800000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791048"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) r0 = socket$kcm(0x2, 0x200000000000001, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5}, 0x38) socket$kcm(0x11, 0x200000000000002, 0x300) close(0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x49, 0x1, 0x0, 0x0, 0x0, 0x0, 0x82240, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x8}, 0x2, 0x0, 0x0, 0x8, 0x43fe, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20f42, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000140)={'\x00', 0x6132}) write$cgroup_subtree(r1, 0x0, 0xfe3a) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x20008000) r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="b4050000fdff7f006110a40000000000c60000000000000095000000000000009f33ef60916e6e713f1e6b0b725ad99b817fd98cd824498949714e32f21dcc4ae5437aca55f21f3ca9e822d182054d54d53cd2b6da714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed00000000000000000000000000000000000000006c63b40e0c00000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000e40)=ANY=[@ANYRES32, @ANYRES32=r2, @ANYBLOB='&\x00'/12, @ANYRES32, @ANYRES64=0x0], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) recvmsg$kcm(r0, 0x0, 0x2) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x48, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80102, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_bp={0x0}, 0x0, 0x7, 0x0, 0x3, 0x3fe, 0x7ffffffc, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d34, 0x800c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x2000000008, 0x800}, 0x0, 0x9, 0x0, 0x4, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000a80)=0xffffffffffffffff, 0x4) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) sendmsg$inet(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000c80)="5c00000012006bab9a3fe3d86e17aa0a076b876c1d0048007ea60864160af36504001a0038001d00c4d237f42989d48149c1055d44ac557a209780f8f29014b154062001bf0a823ed473ac3c4ea88e319a030668b11e51bf943cbfa6", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) 2.650430923s ago: executing program 3 (id=3697): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x4, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x88f}, [@call={0x85, 0x0, 0x0, 0x61}]}, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="c8bb4e7dbde79f73008865000800", 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.53328308s ago: executing program 3 (id=3699): r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_config_ext={0x1ff, 0x200}, 0x8000, 0xcdd, 0x43a1bd76, 0x4, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)='^+,!z,-\x00') socket$kcm(0x2, 0x200000000000001, 0x106) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000780)=@bpf_lsm={0x1d, 0x0, 0x0, &(0x7f00000002c0)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x1a, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffff24}, 0x94) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x20, 0x12504, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x4, 0x0, @perf_bp={0x0, 0x8}, 0x7602, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = socket$kcm(0xa, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x0, 0x400007, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x0, 0xffffffff}, 0x50) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x890b, &(0x7f0000000000)) r2 = socket$kcm(0xa, 0x2, 0x0) sendmsg$inet(r2, &(0x7f0000000380)={&(0x7f0000000040)={0xa, 0xa, @local}, 0x1b, &(0x7f0000000180)=[{&(0x7f0000000080)="a2", 0xff0e}], 0x4, 0x0, 0x0, 0xa6820000}, 0x0) 2.183396491s ago: executing program 2 (id=3700): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r4}, &(0x7f0000000280), &(0x7f0000000240)=r1}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r5, 0x4) sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 2.074433137s ago: executing program 2 (id=3701): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedc0790700117df37538e486dd6317ce220005"], 0xfdef) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 1.794981623s ago: executing program 2 (id=3702): r0 = socket$kcm(0x2, 0x3, 0x2) sendmsg$inet(r0, 0x0, 0x810) 1.748916187s ago: executing program 2 (id=3703): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, @perf_bp={0x0, 0x5}, 0x104101, 0x4, 0x9, 0x1, 0x6, 0x4, 0x3}, 0x0, 0x1, 0xffffffffffffffff, 0x8) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) socket$kcm(0x2, 0x2, 0x73) 1.630351424s ago: executing program 1 (id=3704): r0 = socket$kcm(0xa, 0x2, 0x3a) sendmsg$kcm(r0, &(0x7f0000000440)={&(0x7f0000000800)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000c00)=[{&(0x7f0000000780)="80005b020eaa4da2", 0xfdef}], 0x1, 0x0, 0x0, 0x900}, 0x0) recvmsg(r0, 0x0, 0x0) 1.626926664s ago: executing program 0 (id=3705): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2501, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x2}, 0x828, 0x0, 0x0, 0x5, 0x10000, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000e, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_bp={0x0}, 0x11efa, 0x4, 0xfffd, 0x0, 0x2, 0xf7fff271, 0xfffc, 0x0, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) 1.534467139s ago: executing program 4 (id=3706): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4c24, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) bpf$MAP_CREATE(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="0300000004000000040000000100180000000000", @ANYRESHEX, @ANYBLOB="18"], 0x50) 1.446030114s ago: executing program 2 (id=3707): perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200102f00fe80000000000000875a65059ff57b00000000000000000000000000ac1414aa"], 0xcfa4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 1.445813114s ago: executing program 3 (id=3708): r0 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r0, 0x84, 0xb, &(0x7f0000000040), 0x2) sendmsg$inet(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000001c0)="92", 0x1}], 0x1}, 0x0) recvmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) sendmsg$inet(r0, &(0x7f0000000480)={&(0x7f0000000000)={0x2, 0x1, @loopback}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000300)="e4", 0x1}], 0x1}, 0x4000) 1.365835569s ago: executing program 1 (id=3709): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) write$cgroup_subtree(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e488a8637286dd"], 0xb2) 1.188801729s ago: executing program 3 (id=3710): r0 = socket$kcm(0x2, 0x1000000000000002, 0x0) sendmsg$inet(r0, &(0x7f0000000380)={&(0x7f0000000080)={0x2, 0x4e28, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000040)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xf}, @dev={0xac, 0x14, 0x14, 0x3a}}}}], 0x20}, 0x8840) sendmsg$inet(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)="1a225651654c06fff37c56a0b11103aa194f2c7f807dc18c8ce16e41471953d2283b7bbdb5583dcfd6702b58ed9b66f8f5a996bd84a18ca84414f7482597e67e293325d195a469e30a0dc8efdec3909fdc9258806fa433fab3a44a421fe70bc11e9fe0183e678c5d43221dd3ca904959dbd1250bfdc49b6dcfd0ab244955a2c1004a9a5e0dd27e12af38873cfc4386c3d7c83f7592123e57d04ddf1997fecdfb5c3bdf3131243f36a866585e1234fb6ee77346cfbd0a171eb03373f631c751dd9cb48009995b37d40a581dc5072b91a47411", 0xd2}, {&(0x7f0000000140)="a3deeeeb1cae38ac225dd9c1b1f4be6da4b1b402ea18c0c5ce457c0bcc44f72a3e8c6a3e1853812fb0aaecc3b304fa1e1616cd148676b1ff906d385c383aff6041264b4496cec6aeb6077feac27035e876be1ee1bc40763a90a910523dc5421094c81f7de16da871aca6baaf5d7cd8f6e8366c71f7b83fa954aa8c9109075dac86afd2950816dd5ec8f2b0a7eec879e4f1381167f1c8", 0x96}, {&(0x7f00000004c0)="ddcf32067a0c2606312605f0a77dbceb1f722ffd3c8f575727a61f38accdeef0a906d59de2fc840308266c8eb54267b5637b6d84d3dd54f9b636046e378da02cadbda22a472efb10ab0e156ca5febd0bb1e3b4ea0162905203ffafb15e335177c50f11172d14c2a9d91e8c7bf88c77c71ba1722f0331608b3d8324deba9712181176639f5d5bff504672aeabebc3342d83842eae135d2dba0d62aaa97ccb36b90f79bb8d72fabb3e28cf137d4a401448dd2b1b922b3aea6a00426943778b6aabf6f25e08f18643cbb1e7e994cc2b28bd2d064f580d2b83288d78747f39d7fd9ec9c6b735b424a5378b844e359e05cd7027c5ae", 0xf3}, {&(0x7f00000006c0)="a9b286a24eeca8c7ee61730b00d46d49f6a57dc4f2d5330fea47c6060aaec3306464d608973049951923e3141cc5bac131e3ff6bba1780d265d46fd23afa6e78a0eee61333347e9305f855400ec605428288f369db4fb15674aceecc5c83428695876eee3033406f8f06658c", 0x6c}, {&(0x7f0000000cc0)="fe262cbfd2cf5bd5a888f338c65aac763ae641bc895714b7f4cffe8af269b2a596449ee20ed104f85196df136db243d18f803f86efd9060afdf72f9c6bf8747ed16745d8bd951ea0ae928896ac2e3c970b55f31232283043516ca6ec513d1fa6c1dec959eb5e187c23aec784b8a452c75f2af580b3d1025592fa6e3939d3945038690f92cc90c8006887a78a8c7abc30d23abb049f0ac4e69e963aa984fee9e7bcaed0fdca381db2577df6e15dcd700955bfb5c45f81324c6da093571843d0f1d4c42c8354e905d9bb41bfdd9372999eb0a9674f706372562a270f6001db41581bfe4fc07c1b4911dc5cf8a9fd2ed63fea34ba995b5ba31fa549527b21d2d78f698cc6ae73dfd8b0fd5bae799489f26a4c564dd2df0b7c29c49932fa0d633ca8fb3eef6729180c561faa3379f8773c90fa90fad5e77d0891997e439cb697fa72cd9f2b4e9c5c7e05c809a8135155f9d60e236a44886ef451f1255798a8c35c5059b52f119fad20bcbb1887475f81415106", 0x171}], 0x5}, 0x4000000) 972.420072ms ago: executing program 3 (id=3711): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1900000004000000040000000200000000000000", @ANYRES32, @ANYBLOB='\x00'/19, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00'], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x1c, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce62667f2c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 554.091167ms ago: executing program 4 (id=3712): r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000280)}], 0x1, 0x0, 0x0, 0x7}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 385.803747ms ago: executing program 4 (id=3713): socket$kcm(0xa, 0x3, 0x3a) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x2}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8b04, &(0x7f0000001180)={'wlan1\x00', @random="0e002db60100"}) 103.991494ms ago: executing program 0 (id=3714): socket$kcm(0x11, 0x20000000000000a, 0x300) perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x10000002}, 0x0, 0xc8, 0xffff, 0x7, 0xf7, 0x0, 0x4, 0x0, 0xffffffff}, 0x0, 0x7, 0xffffffffffffffff, 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r1, &(0x7f00000007c0)={[{0x2b, 'cpuset'}, {0x2d, 'rlimit'}]}, 0x10) 101.036234ms ago: executing program 2 (id=3715): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x7b}]}, 0x0}, 0x94) r0 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xb6123, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_config_ext={0xfff, 0x10}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x18, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000001b"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) recvmsg$unix(r3, 0x0, 0x40) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x5, 0x5, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 52.917116ms ago: executing program 4 (id=3716): r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000003c0)="89000000120081ae08060cdc030000007f1be3f74001000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00123d00014009080c00000000009bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x9b}], 0x1}, 0x0) 52.239356ms ago: executing program 1 (id=3717): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000080)={0x2, &(0x7f0000000840)=[{0x2d, 0x0, 0x1, 0xfffff034}, {0x6}]}) 0s ago: executing program 3 (id=3718): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_devices(r0, &(0x7f0000000100)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r1, &(0x7f0000000200)=ANY=[@ANYBLOB='c 122'], 0xa) kernel console output (not intermixed with test programs): cess `syz.2.1518'. [ 444.416121][ T9343] netlink: 'syz.2.1518': attribute type 2 has an invalid length. [ 444.486287][ T9343] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1518'. [ 444.511793][ T4283] Bluetooth: hci4: unexpected event 0x14 length: 15 > 6 [ 444.685248][ T9339] netlink: 'syz.2.1518': attribute type 2 has an invalid length. [ 444.741649][ T9343] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1518'. [ 444.885025][ T4283] Bluetooth: hci4: unexpected event 0x16 length: 15 > 6 [ 445.226629][ T9363] netlink: 'syz.1.1527': attribute type 10 has an invalid length. [ 445.241765][ T9363] netlink: 55 bytes leftover after parsing attributes in process `syz.1.1527'. [ 445.670060][ T4283] Bluetooth: hci1: unexpected event 0x14 length: 15 > 6 [ 445.853131][ T9374] netlink: 13602 bytes leftover after parsing attributes in process `syz.4.1531'. [ 446.492914][ T9382] netlink: 'syz.1.1536': attribute type 39 has an invalid length. [ 446.609238][ T9385] netlink: 'syz.0.1537': attribute type 10 has an invalid length. [ 446.653740][ T9385] netlink: 55 bytes leftover after parsing attributes in process `syz.0.1537'. [ 447.280738][ T9402] netlink: 'syz.4.1544': attribute type 10 has an invalid length. [ 447.372372][ T9402] netlink: 55 bytes leftover after parsing attributes in process `syz.4.1544'. [ 447.673378][ T4283] Bluetooth: hci3: unexpected event 0x14 length: 15 > 6 [ 448.455192][ T9424] netlink: 13602 bytes leftover after parsing attributes in process `syz.1.1550'. [ 448.796001][ T9432] netlink: 'syz.4.1552': attribute type 10 has an invalid length. [ 448.965359][ T9422] delete_channel: no stack [ 449.398859][ T9439] netlink: 'syz.1.1565': attribute type 10 has an invalid length. [ 449.438668][ T9438] delete_channel: no stack [ 449.459857][ T4283] Bluetooth: hci4: unexpected event 0x16 length: 15 > 6 [ 449.738083][ T9455] netlink: 134268 bytes leftover after parsing attributes in process `syz.0.1560'. [ 449.796680][ T9452] netlink: 'syz.0.1560': attribute type 2 has an invalid length. [ 449.806111][ T9452] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1560'. [ 449.975291][ T9455] netlink: 'syz.0.1560': attribute type 2 has an invalid length. [ 450.019023][ T9452] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1560'. [ 450.828547][ T9463] delete_channel: no stack [ 451.011050][ T9461] device syzkaller0 entered promiscuous mode [ 451.037709][ T9464] netlink: 'syz.1.1564': attribute type 10 has an invalid length. [ 451.064188][ T9475] netlink: 13602 bytes leftover after parsing attributes in process `syz.3.1567'. [ 451.701847][ T4279] Bluetooth: hci2: unexpected event 0x16 length: 15 > 6 [ 452.790500][ T9491] delete_channel: no stack [ 453.224031][ T9490] netlink: 'syz.4.1573': attribute type 39 has an invalid length. [ 453.232208][ T9492] netlink: 'syz.0.1572': attribute type 10 has an invalid length. [ 453.418469][ T4279] Bluetooth: hci1: unexpected event 0x20 length: 15 > 7 [ 453.756140][ T9508] netlink: 'syz.1.1579': attribute type 10 has an invalid length. [ 453.911801][ T9507] delete_channel: no stack [ 454.139406][ T4283] Bluetooth: hci3: unexpected event 0x16 length: 15 > 6 [ 455.207665][ T9526] device syzkaller0 entered promiscuous mode [ 455.260471][ T9524] netlink: 13602 bytes leftover after parsing attributes in process `syz.3.1586'. [ 455.626135][ T4283] Bluetooth: hci2: unexpected event 0x20 length: 15 > 7 [ 456.545206][ T4279] Bluetooth: hci4: unexpected event 0x16 length: 15 > 6 [ 458.334042][ T9564] netlink: 'syz.2.1598': attribute type 39 has an invalid length. [ 458.987613][ T4279] Bluetooth: hci0: unexpected event 0x16 length: 15 > 6 [ 459.065403][ T4279] Bluetooth: hci3: unexpected event 0x14 length: 15 > 6 [ 460.375732][ T9614] netlink: 'syz.1.1613': attribute type 10 has an invalid length. [ 460.652786][ T9623] device syzkaller0 entered promiscuous mode [ 460.709850][ T4279] Bluetooth: hci1: unexpected event 0x16 length: 15 > 6 [ 460.754787][ T9625] netlink: 'syz.2.1618': attribute type 10 has an invalid length. [ 460.997993][ T4279] Bluetooth: hci4: unexpected event 0x14 length: 15 > 6 [ 462.102342][ T9647] netlink: 'syz.0.1625': attribute type 3 has an invalid length. [ 462.118153][ T9647] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.1625'. [ 463.343366][ T9639] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 463.352929][ T9646] netlink: 'syz.3.1627': attribute type 39 has an invalid length. [ 463.369966][ T9644] netlink: 'syz.0.1625': attribute type 21 has an invalid length. [ 463.374256][ T9639] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 463.385562][ T9644] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1625'. [ 463.448987][ T9639] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 463.939348][ T4279] Bluetooth: hci1: unexpected event 0x16 length: 15 > 6 [ 464.152098][ T4279] Bluetooth: hci2: unexpected event 0x14 length: 15 > 6 [ 464.450503][ T9677] netlink: 'syz.0.1639': attribute type 10 has an invalid length. [ 464.565004][ T9676] delete_channel: no stack [ 464.848547][ T9684] netlink: 'syz.4.1641': attribute type 39 has an invalid length. [ 465.266133][ T9695] netlink: 13602 bytes leftover after parsing attributes in process `syz.2.1650'. [ 465.580581][ T9703] netlink: 'syz.0.1653': attribute type 10 has an invalid length. [ 466.904462][ T9704] netlink: 'syz.1.1642': attribute type 21 has an invalid length. [ 466.944730][ T9704] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1642'. [ 467.285151][ T9707] netlink: 'syz.1.1642': attribute type 3 has an invalid length. [ 467.292974][ T9707] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.1642'. [ 467.527183][ T4279] Bluetooth: hci2: unexpected event 0x14 length: 15 > 6 [ 467.713133][ T4279] Bluetooth: hci3: unexpected event 0x16 length: 15 > 6 [ 468.301280][ T9741] netlink: 13602 bytes leftover after parsing attributes in process `syz.3.1657'. [ 469.403111][ T4279] Bluetooth: hci1: unexpected event 0x14 length: 15 > 6 [ 469.766141][ T4279] Bluetooth: hci3: unexpected event 0x16 length: 15 > 6 [ 470.542685][ T9795] netlink: 13602 bytes leftover after parsing attributes in process `syz.0.1675'. [ 471.556291][ T4279] Bluetooth: hci3: unexpected event 0x14 length: 15 > 6 [ 472.325561][ T9837] netlink: 'syz.2.1691': attribute type 39 has an invalid length. [ 473.072077][ T4279] Bluetooth: hci2: unexpected event 0x14 length: 15 > 6 [ 473.295303][ T9864] netlink: 'syz.2.1701': attribute type 10 has an invalid length. [ 473.587258][ T9868] device syzkaller0 entered promiscuous mode [ 474.474794][ T4279] Bluetooth: hci1: unexpected event 0x14 length: 15 > 6 [ 476.062162][ T9893] netlink: 'syz.1.1713': attribute type 39 has an invalid length. [ 476.907832][ T9904] netlink: 13602 bytes leftover after parsing attributes in process `syz.1.1716'. [ 477.245621][ T9921] netlink: 'syz.3.1719': attribute type 39 has an invalid length. [ 477.423113][ T9920] netlink: 'syz.4.1720': attribute type 10 has an invalid length. [ 477.840091][ T4279] Bluetooth: hci3: unexpected event 0x14 length: 15 > 6 [ 478.020483][ T9943] netlink: 'syz.3.1727': attribute type 10 has an invalid length. [ 478.054145][ T4279] Bluetooth: hci1: unexpected event 0x16 length: 15 > 6 [ 478.171831][ T9946] netlink: 'syz.2.1729': attribute type 10 has an invalid length. [ 478.315190][ T9946] team0: Port device geneve1 added [ 478.340825][ T9944] delete_channel: no stack [ 479.053449][ T9970] netlink: 13602 bytes leftover after parsing attributes in process `syz.4.1737'. [ 479.729843][ T4279] Bluetooth: hci0: unexpected event 0x14 length: 15 > 6 [ 480.001375][ T9983] netlink: 'syz.1.1742': attribute type 10 has an invalid length. [ 480.201276][ T9991] netlink: 'syz.3.1744': attribute type 10 has an invalid length. [ 481.463456][T10013] netlink: 13602 bytes leftover after parsing attributes in process `syz.0.1754'. [ 481.550672][ T4279] Bluetooth: hci2: unexpected event 0x14 length: 15 > 6 [ 481.802960][T10029] netlink: 'syz.2.1758': attribute type 10 has an invalid length. [ 482.341476][T10045] netlink: 'syz.2.1763': attribute type 10 has an invalid length. [ 482.360515][T10043] netlink: 'syz.0.1762': attribute type 10 has an invalid length. [ 482.380653][T10043] netlink: 55 bytes leftover after parsing attributes in process `syz.0.1762'. [ 482.668103][T10049] device syzkaller0 entered promiscuous mode [ 482.952199][ T4279] Bluetooth: hci0: unexpected event 0x16 length: 15 > 6 [ 483.061763][ T4279] Bluetooth: hci3: unexpected event 0x14 length: 15 > 6 [ 483.100441][T10059] netlink: 'syz.1.1766': attribute type 3 has an invalid length. [ 483.125320][T10059] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.1766'. [ 485.024266][T10054] netlink: 'syz.1.1766': attribute type 21 has an invalid length. [ 485.032213][T10054] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1766'. [ 485.044484][T10065] netlink: 'syz.2.1771': attribute type 39 has an invalid length. [ 485.667008][T10085] netlink: 'syz.4.1787': attribute type 10 has an invalid length. [ 485.695403][T10084] delete_channel: no stack [ 485.901367][T10095] netlink: 'syz.3.1780': attribute type 10 has an invalid length. [ 485.980847][ T4279] Bluetooth: hci2: unexpected event 0x16 length: 15 > 6 [ 486.016596][ T4279] Bluetooth: hci3: unexpected event 0x16 length: 15 > 6 [ 486.970560][T10103] netlink: 'syz.4.1783': attribute type 21 has an invalid length. [ 487.015501][T10103] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1783'. [ 487.295743][T10106] netlink: 'syz.4.1783': attribute type 3 has an invalid length. [ 487.310438][T10122] netlink: 134268 bytes leftover after parsing attributes in process `syz.2.1788'. [ 487.337144][T10106] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.1783'. [ 487.421355][T10122] netlink: 'syz.2.1788': attribute type 2 has an invalid length. [ 487.464157][T10122] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1788'. [ 487.703551][T10130] netlink: 'syz.2.1788': attribute type 2 has an invalid length. [ 487.901998][T10120] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1788'. [ 488.002774][T10111] netlink: 'syz.0.1785': attribute type 21 has an invalid length. [ 488.042934][T10111] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1785'. [ 488.085037][T10137] netlink: 55 bytes leftover after parsing attributes in process `syz.4.1791'. [ 488.343597][T10114] validate_nla: 1 callbacks suppressed [ 488.343615][T10114] netlink: 'syz.0.1785': attribute type 3 has an invalid length. [ 488.363140][T10114] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.1785'. [ 488.660169][ T4283] Bluetooth: hci0: unexpected event 0x16 length: 15 > 6 [ 489.080630][T10155] netlink: 'syz.1.1796': attribute type 10 has an invalid length. [ 489.761717][T10173] netlink: 'syz.3.1804': attribute type 39 has an invalid length. [ 490.478866][T10190] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1809'. [ 490.717299][T10178] netlink: 'syz.4.1806': attribute type 21 has an invalid length. [ 490.759771][T10178] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1806'. [ 490.868244][T10185] netlink: 'syz.4.1806': attribute type 3 has an invalid length. [ 490.930610][T10185] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.1806'. [ 490.989503][T10190] netlink: 13602 bytes leftover after parsing attributes in process `syz.0.1809'. [ 491.218637][ T4279] Bluetooth: hci3: unexpected event 0x16 length: 15 > 6 [ 491.916621][T10218] netlink: 'syz.4.1817': attribute type 10 has an invalid length. [ 492.326804][T10225] netlink: 'syz.2.1821': attribute type 10 has an invalid length. [ 492.479020][T10224] delete_channel: no stack [ 493.260476][ T4283] Bluetooth: hci2: unexpected event 0x16 length: 15 > 6 [ 493.331450][ T4283] Bluetooth: hci4: unexpected event 0x14 length: 15 > 6 [ 493.785583][ T4283] Bluetooth: hci4: unexpected event 0x14 length: 15 > 6 [ 494.507905][T10276] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1848'. [ 494.706144][T10277] netlink: 13602 bytes leftover after parsing attributes in process `syz.1.1848'. [ 494.772798][T10285] netlink: 'syz.4.1837': attribute type 10 has an invalid length. [ 495.293252][T10291] netlink: 'syz.3.1838': attribute type 10 has an invalid length. [ 495.304260][T10293] netlink: 134268 bytes leftover after parsing attributes in process `syz.0.1839'. [ 495.347023][T10294] netlink: 'syz.0.1839': attribute type 2 has an invalid length. [ 495.411488][T10294] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1839'. [ 495.424479][T10290] delete_channel: no stack [ 495.465806][T10293] netlink: 'syz.0.1839': attribute type 2 has an invalid length. [ 495.492354][ T4283] Bluetooth: hci1: unexpected event 0x16 length: 15 > 6 [ 495.506388][T10293] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1839'. [ 496.053164][ T4283] Bluetooth: hci4: unexpected event 0x14 length: 15 > 6 [ 497.399985][ T4283] Bluetooth: hci3: unexpected event 0x16 length: 15 > 6 [ 497.629360][T10340] netlink: 'syz.4.1859': attribute type 10 has an invalid length. [ 497.715195][T10339] delete_channel: no stack [ 497.797754][T10351] netlink: 'syz.0.1861': attribute type 10 has an invalid length. [ 497.822106][T10350] delete_channel: no stack [ 499.155237][T10376] netlink: 'syz.4.1871': attribute type 21 has an invalid length. [ 499.163590][T10376] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1871'. [ 499.299010][T10395] netlink: 'syz.0.1875': attribute type 10 has an invalid length. [ 499.309336][T10380] netlink: 'syz.4.1871': attribute type 3 has an invalid length. [ 499.359578][T10380] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.1871'. [ 499.891548][T10405] netlink: 'syz.1.1877': attribute type 10 has an invalid length. [ 500.040865][T10398] delete_channel: no stack [ 500.734219][T10415] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1881'. [ 501.024604][T10417] netlink: 13602 bytes leftover after parsing attributes in process `syz.4.1881'. [ 501.527788][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.534286][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.831379][T10437] netlink: 'syz.0.1889': attribute type 10 has an invalid length. [ 502.207081][T10443] netlink: 'syz.1.1891': attribute type 10 has an invalid length. [ 502.277725][T10442] delete_channel: no stack [ 502.631592][T10452] netlink: 134268 bytes leftover after parsing attributes in process `syz.1.1894'. [ 502.729119][T10451] netlink: 'syz.1.1894': attribute type 2 has an invalid length. [ 502.784230][T10451] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1894'. [ 503.172084][T10460] netlink: 'syz.0.1905': attribute type 10 has an invalid length. [ 503.207539][T10457] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1896'. [ 503.438655][T10468] netlink: 13602 bytes leftover after parsing attributes in process `syz.4.1896'. [ 503.917856][T10480] netlink: 134268 bytes leftover after parsing attributes in process `syz.0.1910'. [ 503.969035][T10480] netlink: 'syz.0.1910': attribute type 2 has an invalid length. [ 504.069896][T10480] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1910'. [ 504.681630][T10497] netlink: 'syz.2.1906': attribute type 10 has an invalid length. [ 504.734996][T10496] delete_channel: no stack [ 505.529545][T10511] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1911'. [ 505.834573][T10511] netlink: 13602 bytes leftover after parsing attributes in process `syz.2.1911'. [ 506.332412][T10525] netlink: 'syz.1.1914': attribute type 10 has an invalid length. [ 506.873336][T10532] netlink: 'syz.2.1919': attribute type 21 has an invalid length. [ 506.947184][T10532] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1919'. [ 507.024885][ T4283] Bluetooth: hci2: unexpected event 0x16 length: 15 > 6 [ 507.615689][T10532] netlink: 'syz.2.1919': attribute type 3 has an invalid length. [ 507.642612][T10532] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.1919'. [ 508.748208][T10567] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1930'. [ 509.085895][T10567] netlink: 13602 bytes leftover after parsing attributes in process `syz.1.1930'. [ 509.970376][T10598] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1948'. [ 510.209758][T10598] netlink: 13602 bytes leftover after parsing attributes in process `syz.2.1948'. [ 510.832947][T10607] netlink: 'syz.0.1941': attribute type 10 has an invalid length. [ 511.960001][T10639] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1955'. [ 512.180264][T10639] netlink: 13602 bytes leftover after parsing attributes in process `syz.3.1955'. [ 512.946394][T10654] netlink: 'syz.4.1957': attribute type 10 has an invalid length. [ 513.022354][T10656] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1968'. [ 513.273586][T10660] netlink: 13602 bytes leftover after parsing attributes in process `syz.0.1968'. [ 514.049121][T10675] netlink: 'syz.3.1961': attribute type 39 has an invalid length. [ 518.423211][T10715] netlink: 'syz.1.1982': attribute type 39 has an invalid length. [ 518.618917][T10698] netlink: 'syz.3.1967': attribute type 21 has an invalid length. [ 518.642818][T10698] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1967'. [ 518.791602][T10710] netlink: 'syz.3.1967': attribute type 3 has an invalid length. [ 518.841734][T10710] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.1967'. [ 519.704927][T10745] netlink: 'syz.4.1979': attribute type 13 has an invalid length. [ 519.712846][T10745] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1979'. [ 519.766246][T10745] syz_tun: refused to change device tx_queue_len [ 519.772903][T10745] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 519.950273][T10747] netlink: 'syz.1.1980': attribute type 10 has an invalid length. [ 520.246241][T10760] netlink: 'syz.4.1985': attribute type 39 has an invalid length. [ 521.330537][T10784] netlink: 'syz.4.1992': attribute type 10 has an invalid length. [ 521.708882][T10768] netlink: 'syz.3.1989': attribute type 21 has an invalid length. [ 521.719479][T10768] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1989'. [ 521.861450][T10782] netlink: 'syz.3.1989': attribute type 3 has an invalid length. [ 521.900551][T10782] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.1989'. [ 522.196596][T10799] netlink: 'syz.0.1997': attribute type 9 has an invalid length. [ 522.258186][T10799] netlink: 207496 bytes leftover after parsing attributes in process `syz.0.1997'. [ 522.451391][T10807] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1999'. [ 522.478289][T10807] syz_tun: refused to change device tx_queue_len [ 522.496019][T10807] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 522.858895][T10812] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2002'. [ 523.127314][T10814] netlink: 13602 bytes leftover after parsing attributes in process `syz.4.2002'. [ 523.469037][T10822] validate_nla: 2 callbacks suppressed [ 523.469157][T10822] netlink: 'syz.2.2005': attribute type 39 has an invalid length. [ 523.836969][T10826] netlink: 'syz.0.2007': attribute type 10 has an invalid length. [ 524.404401][T10838] netlink: 'syz.2.2012': attribute type 9 has an invalid length. [ 524.492092][T10838] netlink: 207496 bytes leftover after parsing attributes in process `syz.2.2012'. [ 525.303811][T10856] netlink: 'syz.4.2015': attribute type 21 has an invalid length. [ 525.322918][T10856] netlink: 156 bytes leftover after parsing attributes in process `syz.4.2015'. [ 525.408003][ T4283] Bluetooth: hci3: unexpected event 0x16 length: 15 > 6 [ 525.429449][T10862] netlink: 'syz.4.2015': attribute type 3 has an invalid length. [ 525.581511][T10862] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.2015'. [ 526.743288][T10890] device syzkaller0 entered promiscuous mode [ 526.760742][T10885] netlink: 'syz.3.2023': attribute type 10 has an invalid length. [ 527.117950][T10900] netlink: 'syz.3.2029': attribute type 9 has an invalid length. [ 527.160959][T10900] netlink: 207496 bytes leftover after parsing attributes in process `syz.3.2029'. [ 527.931642][T10901] delete_channel: no stack [ 528.188372][ T4283] Bluetooth: hci0: unexpected event 0x16 length: 15 > 6 [ 528.959983][T10928] netlink: 'syz.2.2037': attribute type 3 has an invalid length. [ 528.981509][T10928] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.2037'. [ 530.270308][T10902] netlink: 'syz.0.2039': attribute type 10 has an invalid length. [ 530.280081][T10927] netlink: 'syz.2.2037': attribute type 21 has an invalid length. [ 530.304056][T10927] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2037'. [ 531.165742][T10954] netlink: 'syz.0.2045': attribute type 10 has an invalid length. [ 531.185784][T10953] delete_channel: no stack [ 531.534840][ T4283] Bluetooth: hci0: unexpected event 0x16 length: 15 > 6 [ 531.627174][T10966] device syzkaller0 entered promiscuous mode [ 532.503847][T10981] netlink: 134268 bytes leftover after parsing attributes in process `syz.4.2056'. [ 532.561507][T10986] netlink: 'syz.4.2056': attribute type 2 has an invalid length. [ 532.579147][T10986] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2056'. [ 534.129848][T10971] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2054'. [ 534.140795][T10974] netlink: 13602 bytes leftover after parsing attributes in process `syz.2.2054'. [ 534.151609][T10985] netlink: 'syz.1.2065': attribute type 10 has an invalid length. [ 534.163670][T10989] netlink: 'syz.4.2056': attribute type 2 has an invalid length. [ 534.191598][T10990] netlink: 14 bytes leftover after parsing attributes in process `syz.4.2056'. [ 534.662976][T11007] netlink: 'syz.0.2062': attribute type 39 has an invalid length. [ 535.856050][ T4283] Bluetooth: hci3: unexpected event 0x16 length: 15 > 6 [ 536.362809][T11001] netlink: 'syz.1.2061': attribute type 21 has an invalid length. [ 536.379075][T11001] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2061'. [ 536.444653][T11032] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2070'. [ 536.527156][T11004] netlink: 'syz.1.2061': attribute type 3 has an invalid length. [ 536.609225][T11004] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.2061'. [ 536.737957][T11033] netlink: 13602 bytes leftover after parsing attributes in process `syz.4.2070'. [ 537.623236][T11037] netlink: 'syz.3.2072': attribute type 21 has an invalid length. [ 537.631947][T11037] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2072'. [ 537.709950][T11039] netlink: 'syz.3.2072': attribute type 3 has an invalid length. [ 537.744541][T11039] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.2072'. [ 538.784901][T11062] netlink: 'syz.4.2079': attribute type 39 has an invalid length. [ 539.349913][T11071] netlink: 'syz.1.2092': attribute type 10 has an invalid length. [ 539.769024][ T4283] Bluetooth: hci0: unexpected event 0x16 length: 15 > 6 [ 539.787343][T11089] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2086'. [ 539.995579][T11089] netlink: 13602 bytes leftover after parsing attributes in process `syz.4.2086'. [ 540.737152][T11095] netlink: 'syz.0.2089': attribute type 21 has an invalid length. [ 540.761003][T11095] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2089'. [ 540.893546][T11095] netlink: 'syz.0.2089': attribute type 3 has an invalid length. [ 540.933006][T11095] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.2089'. [ 541.402168][T11084] netlink: 'syz.2.2087': attribute type 21 has an invalid length. [ 541.477753][T11084] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2087'. [ 541.731754][T11087] netlink: 'syz.2.2087': attribute type 3 has an invalid length. [ 541.766219][T11087] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.2087'. [ 543.195391][T11133] netlink: 'syz.2.2100': attribute type 39 has an invalid length. [ 543.355771][T11134] netlink: 'syz.0.2101': attribute type 10 has an invalid length. [ 546.368028][T11159] netlink: 'syz.2.2109': attribute type 10 has an invalid length. [ 547.443178][T11177] netlink: 134268 bytes leftover after parsing attributes in process `syz.3.2114'. [ 547.512209][T11182] netlink: 'syz.3.2114': attribute type 2 has an invalid length. [ 547.524345][T11182] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2114'. [ 547.607861][T11177] netlink: 'syz.3.2114': attribute type 2 has an invalid length. [ 547.633437][T11177] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2114'. [ 548.315865][T11206] netlink: 'syz.3.2124': attribute type 10 has an invalid length. [ 549.840483][T11234] netlink: 134268 bytes leftover after parsing attributes in process `syz.1.2135'. [ 549.937254][T11234] netlink: 'syz.1.2135': attribute type 2 has an invalid length. [ 549.973985][T11234] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2135'. [ 550.079595][T11234] netlink: 'syz.1.2135': attribute type 2 has an invalid length. [ 550.160568][T11237] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2135'. [ 551.492591][T11278] netlink: 'syz.1.2154': attribute type 10 has an invalid length. [ 552.659479][T11306] netlink: 'syz.3.2166': attribute type 10 has an invalid length. [ 552.681180][T11304] delete_channel: no stack [ 552.798317][T11308] netlink: 'syz.0.2167': attribute type 10 has an invalid length. [ 552.862382][T11312] netlink: 'syz.1.2169': attribute type 39 has an invalid length. [ 553.017092][T11315] netlink: 'syz.3.2170': attribute type 9 has an invalid length. [ 553.088119][T11315] netlink: 207496 bytes leftover after parsing attributes in process `syz.3.2170'. [ 554.382101][ T4283] Bluetooth: hci1: unexpected event 0x14 length: 15 > 6 [ 554.773683][T11358] netlink: 'syz.4.2184': attribute type 10 has an invalid length. [ 554.947957][T11365] netlink: 'syz.0.2188': attribute type 10 has an invalid length. [ 554.964402][T11364] delete_channel: no stack [ 555.485186][T11377] netlink: 'syz.2.2192': attribute type 10 has an invalid length. [ 555.613629][T11384] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2194'. [ 555.774449][T11385] netlink: 'syz.4.2195': attribute type 10 has an invalid length. [ 555.864437][T11381] netlink: 13602 bytes leftover after parsing attributes in process `syz.3.2194'. [ 555.869740][T11382] delete_channel: no stack [ 555.897468][ T4283] Bluetooth: hci1: unexpected event 0x14 length: 15 > 6 [ 556.462754][T11405] netlink: 'syz.0.2200': attribute type 10 has an invalid length. [ 556.663098][T11407] netlink: 'syz.1.2202': attribute type 10 has an invalid length. [ 556.735075][T11406] delete_channel: no stack [ 557.119856][T11423] netlink: 'syz.4.2207': attribute type 10 has an invalid length. [ 557.141604][T11423] netlink: 55 bytes leftover after parsing attributes in process `syz.4.2207'. [ 557.173730][T11424] netlink: 'syz.0.2209': attribute type 10 has an invalid length. [ 557.197042][T11422] delete_channel: no stack [ 558.279889][T11454] netlink: 'syz.1.2220': attribute type 9 has an invalid length. [ 558.288230][T11454] netlink: 207496 bytes leftover after parsing attributes in process `syz.1.2220'. [ 558.325486][T11455] netlink: 'syz.4.2219': attribute type 10 has an invalid length. [ 558.347588][T11453] delete_channel: no stack [ 558.567536][T11462] netlink: 'syz.1.2221': attribute type 10 has an invalid length. [ 558.762376][T11467] netlink: 'syz.4.2224': attribute type 10 has an invalid length. [ 558.781072][T11464] delete_channel: no stack [ 559.205191][T11480] netlink: 'syz.4.2231': attribute type 39 has an invalid length. [ 562.172421][T11502] netlink: 'syz.4.2234': attribute type 9 has an invalid length. [ 562.200761][T11502] netlink: 207496 bytes leftover after parsing attributes in process `syz.4.2234'. [ 562.209708][T11501] netlink: 'syz.1.2244': attribute type 39 has an invalid length. [ 562.356594][ T4283] Bluetooth: hci3: unexpected event 0x16 length: 15 > 6 [ 562.570673][T11515] netlink: 'syz.4.2237': attribute type 39 has an invalid length. [ 562.925073][T11526] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2239'. [ 562.998860][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.005541][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.119454][T11524] netlink: 13602 bytes leftover after parsing attributes in process `syz.1.2239'. [ 563.146995][T11508] netlink: 'syz.0.2236': attribute type 21 has an invalid length. [ 563.189188][T11508] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2236'. [ 563.516063][T11520] netlink: 'syz.0.2236': attribute type 3 has an invalid length. [ 563.556159][T11532] netlink: 'syz.2.2241': attribute type 10 has an invalid length. [ 563.614857][T11530] delete_channel: no stack [ 563.619634][T11520] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.2236'. [ 563.787897][T11541] netlink: 'syz.3.2242': attribute type 10 has an invalid length. [ 563.810325][T11541] netlink: 55 bytes leftover after parsing attributes in process `syz.3.2242'. [ 567.025671][T11573] netlink: 'syz.0.2254': attribute type 39 has an invalid length. [ 567.401534][T11580] netlink: 'syz.4.2258': attribute type 10 has an invalid length. [ 567.441839][T11584] netlink: 'syz.2.2257': attribute type 39 has an invalid length. [ 567.458294][T11579] delete_channel: no stack [ 568.148122][T11599] netlink: 'syz.0.2263': attribute type 39 has an invalid length. [ 568.790889][T11618] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2270'. [ 568.873236][T11616] netlink: 'syz.2.2271': attribute type 39 has an invalid length. [ 568.942330][T11614] netlink: 13602 bytes leftover after parsing attributes in process `syz.1.2270'. [ 569.199339][T11625] netlink: 'syz.0.2272': attribute type 10 has an invalid length. [ 569.248036][T11617] delete_channel: no stack [ 569.266622][T11624] netlink: 'syz.3.2274': attribute type 10 has an invalid length. [ 569.321490][T11623] delete_channel: no stack [ 569.933309][T11648] netlink: 'syz.3.2284': attribute type 39 has an invalid length. [ 569.967283][T11642] netlink: 'syz.4.2281': attribute type 10 has an invalid length. [ 570.331518][T11657] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2286'. [ 570.502155][T11659] netlink: 13602 bytes leftover after parsing attributes in process `syz.1.2286'. [ 570.931171][ T4283] Bluetooth: hci0: unexpected event 0x16 length: 15 > 6 [ 570.960640][T11670] netlink: 'syz.1.2289': attribute type 39 has an invalid length. [ 571.209559][T11674] netlink: 'syz.2.2290': attribute type 10 has an invalid length. [ 571.250790][T11673] delete_channel: no stack [ 571.423719][T11678] delete_channel: no stack [ 571.839797][T11694] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2300'. [ 572.031971][T11694] netlink: 13602 bytes leftover after parsing attributes in process `syz.0.2300'. [ 572.927481][T11711] validate_nla: 2 callbacks suppressed [ 572.927586][T11711] netlink: 'syz.0.2306': attribute type 10 has an invalid length. [ 573.177770][T11717] netlink: 'syz.4.2309': attribute type 10 has an invalid length. [ 573.209696][T11716] delete_channel: no stack [ 573.513511][ T4283] Bluetooth: hci4: unexpected event 0x16 length: 15 > 6 [ 574.228187][T11749] netlink: 'syz.3.2318': attribute type 39 has an invalid length. [ 574.576716][T11747] netlink: 'syz.4.2319': attribute type 21 has an invalid length. [ 574.594380][T11747] netlink: 156 bytes leftover after parsing attributes in process `syz.4.2319'. [ 574.747577][T11750] netlink: 'syz.4.2319': attribute type 3 has an invalid length. [ 574.764790][T11750] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.2319'. [ 574.840036][T11762] netlink: 'syz.2.2323': attribute type 10 has an invalid length. [ 575.620034][T11777] netlink: 'syz.4.2329': attribute type 10 has an invalid length. [ 575.661534][T11776] delete_channel: no stack [ 575.962794][ T4283] Bluetooth: hci3: unexpected event 0x16 length: 15 > 6 [ 576.500949][T11806] netlink: 'syz.1.2339': attribute type 10 has an invalid length. [ 576.781335][T11815] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2342'. [ 576.995288][T11816] netlink: 13602 bytes leftover after parsing attributes in process `syz.0.2342'. [ 578.505130][T11840] netlink: 'syz.4.2344': attribute type 21 has an invalid length. [ 578.638726][T11840] netlink: 156 bytes leftover after parsing attributes in process `syz.4.2344'. [ 578.705249][T11812] netlink: 'syz.3.2341': attribute type 21 has an invalid length. [ 578.739447][T11812] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2341'. [ 578.812657][ T4283] Bluetooth: hci3: unexpected event 0x16 length: 15 > 6 [ 578.845925][T11840] netlink: 'syz.4.2344': attribute type 3 has an invalid length. [ 578.959332][T11840] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.2344'. [ 579.071500][T11825] netlink: 'syz.3.2341': attribute type 3 has an invalid length. [ 579.133762][T11825] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.2341'. [ 579.860968][ T4283] Bluetooth: hci1: unexpected event 0x16 length: 15 > 6 [ 580.050445][T11863] netlink: 'syz.3.2352': attribute type 10 has an invalid length. [ 580.082492][T11858] delete_channel: no stack [ 580.257486][T11871] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2357'. [ 580.424803][T11871] netlink: 13602 bytes leftover after parsing attributes in process `syz.0.2357'. [ 581.292360][T11890] netlink: 'syz.0.2363': attribute type 10 has an invalid length. [ 581.335822][T11890] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 581.364212][T11890] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 581.373488][T11890] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 581.379619][T11892] netlink: 'syz.2.2365': attribute type 2 has an invalid length. [ 581.400386][T11892] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2365'. [ 581.432395][T11890] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 581.463494][T11890] device geneve0 entered promiscuous mode [ 581.541537][T11890] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 581.551829][T11890] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 581.562025][T11890] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 581.572569][T11890] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 581.601158][T11890] bond0: (slave geneve0): Enslaving as an active interface with an up link [ 581.612892][T11895] netlink: 'syz.2.2365': attribute type 2 has an invalid length. [ 581.624888][T11900] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2365'. [ 581.816690][T11902] netlink: 'syz.4.2368': attribute type 39 has an invalid length. [ 581.959072][ T4283] Bluetooth: hci0: unexpected event 0x16 length: 15 > 6 [ 582.020009][T11908] netlink: 'syz.0.2371': attribute type 10 has an invalid length. [ 582.066796][T11907] delete_channel: no stack [ 582.407244][T11916] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2374'. [ 582.617312][T11917] netlink: 13602 bytes leftover after parsing attributes in process `syz.3.2374'. [ 582.685508][ T4283] Bluetooth: hci2: ISO packet for unknown connection handle 255 [ 583.820046][ T4283] Bluetooth: hci0: unexpected event 0x16 length: 15 > 6 [ 584.031382][T11962] netlink: 'syz.0.2388': attribute type 39 has an invalid length. [ 584.188720][T11969] netlink: 'syz.2.2394': attribute type 2 has an invalid length. [ 584.226042][T11964] netlink: 'syz.3.2391': attribute type 10 has an invalid length. [ 584.237444][T11969] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2394'. [ 584.379802][T11969] netlink: 'syz.2.2394': attribute type 2 has an invalid length. [ 584.417648][T11969] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2394'. [ 584.733345][T11983] netlink: 'syz.0.2399': attribute type 39 has an invalid length. [ 584.945000][T11985] netlink: 'syz.1.2400': attribute type 10 has an invalid length. [ 584.974061][T11987] netlink: 'syz.4.2401': attribute type 10 has an invalid length. [ 584.995944][T11987] netlink: 55 bytes leftover after parsing attributes in process `syz.4.2401'. [ 585.089753][ T4283] Bluetooth: hci0: unexpected event 0x16 length: 15 > 6 [ 585.515203][T11998] netlink: 'syz.2.2417': attribute type 10 has an invalid length. [ 585.786098][T12006] netlink: 'syz.0.2407': attribute type 10 has an invalid length. [ 585.788716][T12012] netlink: 'syz.4.2409': attribute type 2 has an invalid length. [ 585.812285][T12012] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2409'. [ 585.843665][T12012] netlink: 14 bytes leftover after parsing attributes in process `syz.4.2409'. [ 586.275695][ T4283] Bluetooth: hci2: unexpected event 0x16 length: 15 > 6 [ 586.355634][T12025] netlink: 55 bytes leftover after parsing attributes in process `syz.1.2416'. [ 586.564638][T12031] delete_channel: no stack [ 586.613119][ T4283] Bluetooth: hci4: unexpected event 0x16 length: 15 > 6 [ 587.408480][T12057] delete_channel: no stack [ 587.646648][T12064] netlink: 55 bytes leftover after parsing attributes in process `syz.3.2433'. [ 587.742609][T12067] delete_channel: no stack [ 587.903079][ T4283] Bluetooth: hci2: unexpected event 0x16 length: 15 > 6 [ 587.942197][T12076] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 587.964785][T12076] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 587.978553][T12076] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 587.989320][T12076] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 588.003250][T12076] device geneve0 entered promiscuous mode [ 588.079117][T12076] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 588.088343][T12076] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 588.098019][T12076] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 588.108850][T12076] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 588.121230][T12076] bond0: (slave geneve0): Enslaving as an active interface with an up link [ 589.184966][T12113] validate_nla: 14 callbacks suppressed [ 589.184987][T12113] netlink: 'syz.0.2455': attribute type 10 has an invalid length. [ 589.289865][T12113] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 589.309589][T12113] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 589.320484][T12113] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 589.340572][T12113] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 589.979970][T12134] netlink: 'syz.3.2463': attribute type 10 has an invalid length. [ 590.022357][T12133] delete_channel: no stack [ 590.351007][T12144] netlink: 'syz.1.2467': attribute type 10 has an invalid length. [ 590.765080][T12147] netlink: 'syz.3.2468': attribute type 21 has an invalid length. [ 590.773482][T12147] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2468'. [ 590.905454][T12156] netlink: 'syz.3.2468': attribute type 3 has an invalid length. [ 590.974631][T12156] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.2468'. [ 591.946751][T12175] netlink: 'syz.1.2479': attribute type 39 has an invalid length. [ 592.591436][T12177] netlink: 'syz.0.2480': attribute type 21 has an invalid length. [ 592.639256][T12177] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2480'. [ 593.127609][T12182] netlink: 'syz.0.2480': attribute type 3 has an invalid length. [ 593.175351][T12182] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.2480'. [ 593.190424][T12195] netlink: 'syz.4.2485': attribute type 10 has an invalid length. [ 593.574077][T12207] netlink: 'syz.2.2488': attribute type 10 has an invalid length. [ 593.613693][T12201] delete_channel: no stack [ 594.049485][T12222] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2493'. [ 594.174018][T12222] netlink: 13602 bytes leftover after parsing attributes in process `syz.2.2493'. [ 594.396001][T12224] netlink: 'syz.0.2497': attribute type 39 has an invalid length. [ 596.076992][T12249] netlink: 'syz.1.2504': attribute type 21 has an invalid length. [ 596.098153][T12249] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2504'. [ 596.222670][T12265] netlink: 'syz.1.2504': attribute type 3 has an invalid length. [ 596.291778][T12265] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.2504'. [ 596.452212][T12271] netlink: 'syz.4.2509': attribute type 10 has an invalid length. [ 596.924147][T12280] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2512'. [ 597.045931][T12282] netlink: 13602 bytes leftover after parsing attributes in process `syz.0.2512'. [ 597.097327][T12268] delete_channel: no stack [ 598.241778][T12291] netlink: 'syz.1.2516': attribute type 21 has an invalid length. [ 598.274692][T12291] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2516'. [ 598.359313][T12303] netlink: 'syz.1.2516': attribute type 3 has an invalid length. [ 598.386378][T12303] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.2516'. [ 600.041205][T12331] netlink: 'syz.0.2526': attribute type 10 has an invalid length. [ 600.062767][T12328] delete_channel: no stack [ 600.141197][T12335] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2528'. [ 600.272532][T12336] netlink: 13602 bytes leftover after parsing attributes in process `syz.4.2528'. [ 601.131311][T12340] netlink: 'syz.3.2529': attribute type 21 has an invalid length. [ 601.159396][T12340] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2529'. [ 601.270074][T12344] netlink: 'syz.3.2529': attribute type 3 has an invalid length. [ 601.307484][T12344] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.2529'. [ 601.671634][T12376] netlink: 'syz.0.2541': attribute type 39 has an invalid length. [ 602.218377][T12389] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2547'. [ 602.344460][T12398] netlink: 13602 bytes leftover after parsing attributes in process `syz.0.2547'. [ 606.072147][T12431] netlink: 'syz.4.2556': attribute type 21 has an invalid length. [ 606.082616][T12431] netlink: 156 bytes leftover after parsing attributes in process `syz.4.2556'. [ 606.202003][ T4283] Bluetooth: hci3: unexpected event 0x20 length: 15 > 7 [ 606.417295][T12440] netlink: 'syz.4.2556': attribute type 3 has an invalid length. [ 606.443899][T12440] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.2556'. [ 606.539060][T12454] netlink: 'syz.0.2567': attribute type 10 has an invalid length. [ 606.720954][T12461] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2569'. [ 606.941022][T12461] netlink: 13602 bytes leftover after parsing attributes in process `syz.3.2569'. [ 608.969763][ T4283] Bluetooth: hci2: unexpected event 0x20 length: 15 > 7 [ 609.139525][T12503] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2582'. [ 609.336024][T12507] netlink: 13602 bytes leftover after parsing attributes in process `syz.2.2582'. [ 609.999791][ T4283] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 612.607242][T12533] netlink: 'syz.4.2590': attribute type 10 has an invalid length. [ 615.332607][ T4283] Bluetooth: hci3: unexpected event 0x20 length: 15 > 7 [ 616.183132][T12565] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2598'. [ 616.470821][T12569] netlink: 13602 bytes leftover after parsing attributes in process `syz.3.2598'. [ 617.335747][T12591] netlink: 'syz.0.2604': attribute type 10 has an invalid length. [ 617.404162][T12593] netlink: 'syz.3.2605': attribute type 39 has an invalid length. [ 617.523170][T12599] netlink: 'syz.4.2606': attribute type 10 has an invalid length. [ 617.561937][T12599] netlink: 55 bytes leftover after parsing attributes in process `syz.4.2606'. [ 621.188290][T12638] netlink: 'syz.2.2621': attribute type 10 has an invalid length. [ 621.251919][T12640] netlink: 'syz.0.2622': attribute type 10 has an invalid length. [ 621.280940][T12640] netlink: 55 bytes leftover after parsing attributes in process `syz.0.2622'. [ 624.478014][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.484530][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.916148][T12679] netlink: 'syz.3.2635': attribute type 10 has an invalid length. [ 625.453648][T12686] netlink: 'syz.0.2636': attribute type 10 has an invalid length. [ 625.488311][T12684] delete_channel: no stack [ 626.235450][T12705] netlink: 'syz.1.2642': attribute type 10 has an invalid length. [ 626.295050][T12705] netlink: 55 bytes leftover after parsing attributes in process `syz.1.2642'. [ 626.457487][T12693] netlink: 'syz.3.2639': attribute type 21 has an invalid length. [ 626.514980][T12693] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2639'. [ 627.037833][T12721] netlink: 'syz.3.2639': attribute type 3 has an invalid length. [ 627.064151][T12721] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.2639'. [ 627.819466][T12731] netlink: 'syz.4.2650': attribute type 10 has an invalid length. [ 629.767166][T12739] netlink: 'syz.3.2654': attribute type 10 has an invalid length. [ 629.827949][T12737] delete_channel: no stack [ 630.151289][T12756] netlink: 'syz.1.2658': attribute type 10 has an invalid length. [ 631.405622][T12784] netlink: 'syz.3.2666': attribute type 10 has an invalid length. [ 631.475945][T12785] netlink: 'syz.1.2665': attribute type 21 has an invalid length. [ 631.508571][T12785] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2665'. [ 631.662277][T12786] netlink: 'syz.1.2665': attribute type 3 has an invalid length. [ 631.690787][T12786] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.2665'. [ 635.760407][T12823] netlink: 'syz.1.2681': attribute type 10 has an invalid length. [ 636.727870][T12852] netlink: 'syz.4.2687': attribute type 21 has an invalid length. [ 636.884036][T12852] netlink: 156 bytes leftover after parsing attributes in process `syz.4.2687'. [ 637.221804][T12856] netlink: 'syz.1.2692': attribute type 10 has an invalid length. [ 638.097262][T12852] netlink: 'syz.4.2687': attribute type 3 has an invalid length. [ 638.117957][T12852] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.2687'. [ 641.301953][T12895] netlink: 'syz.0.2707': attribute type 10 has an invalid length. [ 642.816537][T12916] netlink: 'syz.2.2712': attribute type 21 has an invalid length. [ 642.847188][T12916] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2712'. [ 642.962021][T12924] netlink: 'syz.2.2712': attribute type 3 has an invalid length. [ 642.980460][T12924] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.2712'. [ 646.013725][T12962] netlink: 'syz.4.2727': attribute type 39 has an invalid length. [ 647.042369][T12976] netlink: 'syz.4.2730': attribute type 3 has an invalid length. [ 647.058803][T12976] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.2730'. [ 647.074278][T12982] netlink: 'syz.0.2729': attribute type 3 has an invalid length. [ 647.082313][T12982] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.2729'. [ 647.245336][T12980] netlink: 'syz.3.2732': attribute type 3 has an invalid length. [ 647.253366][T12980] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.2732'. [ 648.711285][T12971] netlink: 'syz.4.2730': attribute type 21 has an invalid length. [ 648.719534][T12971] netlink: 156 bytes leftover after parsing attributes in process `syz.4.2730'. [ 648.730050][T12969] netlink: 'syz.0.2729': attribute type 21 has an invalid length. [ 648.738674][T12969] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2729'. [ 648.748082][T12979] netlink: 'syz.3.2732': attribute type 21 has an invalid length. [ 648.759411][T12979] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2732'. [ 649.386212][T12988] netlink: 'syz.0.2743': attribute type 21 has an invalid length. [ 649.414612][T12988] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2743'. [ 649.770923][T13011] netlink: 'syz.2.2741': attribute type 39 has an invalid length. [ 649.985827][T12999] netlink: 'syz.0.2743': attribute type 3 has an invalid length. [ 649.993668][T12999] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.2743'. [ 650.151723][T13016] netlink: 'syz.4.2744': attribute type 39 has an invalid length. [ 650.228245][T13019] netlink: 'syz.1.2745': attribute type 10 has an invalid length. [ 650.274929][T13017] delete_channel: no stack [ 650.666467][T13027] netlink: 'syz.2.2747': attribute type 39 has an invalid length. [ 651.524132][T13039] netlink: 'syz.3.2746': attribute type 3 has an invalid length. [ 651.548967][T13039] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.2746'. [ 651.852279][T13046] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.2749'. [ 652.057194][T13047] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.2751'. [ 653.090896][T13050] delete_channel: no stack [ 653.859172][T13023] validate_nla: 2 callbacks suppressed [ 653.859189][T13023] netlink: 'syz.3.2746': attribute type 21 has an invalid length. [ 653.872960][T13023] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2746'. [ 653.882285][T13030] netlink: 'syz.0.2749': attribute type 21 has an invalid length. [ 653.890922][T13030] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2749'. [ 653.903933][T13041] netlink: 'syz.2.2751': attribute type 21 has an invalid length. [ 653.911942][T13041] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2751'. [ 653.970406][T13051] netlink: 'syz.4.2754': attribute type 10 has an invalid length. [ 654.151313][T13053] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2755'. [ 654.292664][T13056] netlink: 13602 bytes leftover after parsing attributes in process `syz.3.2755'. [ 654.406394][T13055] netlink: 'syz.1.2756': attribute type 10 has an invalid length. [ 654.943348][T13069] netlink: 'syz.2.2759': attribute type 10 has an invalid length. [ 654.970111][T13068] netlink: 'syz.1.2758': attribute type 39 has an invalid length. [ 654.985273][T13066] delete_channel: no stack [ 655.323715][T13075] netlink: 'syz.0.2762': attribute type 39 has an invalid length. [ 655.874776][T13091] netlink: 'syz.2.2769': attribute type 10 has an invalid length. [ 656.192253][T13089] netlink: 'syz.3.2768': attribute type 21 has an invalid length. [ 656.220061][T13089] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2768'. [ 656.406079][T13104] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.2768'. [ 656.572700][T13099] delete_channel: no stack [ 656.822631][T13084] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2766'. [ 656.962511][T13103] netlink: 156 bytes leftover after parsing attributes in process `syz.4.2770'. [ 656.995641][T13095] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.2766'. [ 658.888817][T13141] validate_nla: 9 callbacks suppressed [ 658.888857][T13141] netlink: 'syz.2.2783': attribute type 39 has an invalid length. [ 659.648196][T13143] netlink: 'syz.1.2784': attribute type 21 has an invalid length. [ 659.721365][T13143] __nla_validate_parse: 1 callbacks suppressed [ 659.721408][T13143] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2784'. [ 659.848700][T13157] netlink: 'syz.2.2789': attribute type 10 has an invalid length. [ 659.855096][T13163] netlink: 'syz.1.2784': attribute type 3 has an invalid length. [ 659.883950][T13163] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.2784'. [ 659.967210][T13165] netlink: 'syz.4.2790': attribute type 39 has an invalid length. [ 660.034472][T13152] netlink: 'syz.0.2787': attribute type 21 has an invalid length. [ 660.042735][T13152] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2787'. [ 660.177805][T13168] netlink: 'syz.0.2787': attribute type 3 has an invalid length. [ 660.225133][T13168] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.2787'. [ 660.347595][T13170] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2791'. [ 660.596537][T13173] netlink: 13602 bytes leftover after parsing attributes in process `syz.3.2791'. [ 660.778374][T13181] netlink: 'syz.4.2792': attribute type 10 has an invalid length. [ 660.821943][T13176] delete_channel: no stack [ 660.835933][T13180] netlink: 'syz.1.2793': attribute type 39 has an invalid length. [ 661.971279][T13211] netlink: 'syz.0.2803': attribute type 10 has an invalid length. [ 662.220880][T13201] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2801'. [ 662.523446][T13205] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.2801'. [ 662.614139][T13217] delete_channel: no stack [ 664.102229][T13258] validate_nla: 5 callbacks suppressed [ 664.102280][T13258] netlink: 'syz.1.2828': attribute type 10 has an invalid length. [ 664.256666][T13261] netlink: 'syz.4.2816': attribute type 10 has an invalid length. [ 664.398511][T13266] netlink: 'syz.2.2820': attribute type 10 has an invalid length. [ 664.416025][T13265] delete_channel: no stack [ 664.555659][T13269] netlink: 'syz.1.2822': attribute type 10 has an invalid length. [ 664.911785][T13264] netlink: 'syz.3.2819': attribute type 21 has an invalid length. [ 664.920993][T13264] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2819'. [ 665.222760][T13274] netlink: 'syz.3.2819': attribute type 3 has an invalid length. [ 665.294194][T13274] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.2819'. [ 665.334079][T13290] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2831'. [ 665.515736][T13290] netlink: 13602 bytes leftover after parsing attributes in process `syz.4.2831'. [ 666.956382][T13313] netlink: 'syz.3.2837': attribute type 10 has an invalid length. [ 667.069849][T13312] delete_channel: no stack [ 667.233164][T13318] netlink: 'syz.2.2839': attribute type 10 has an invalid length. [ 667.478521][T13323] netlink: 'syz.0.2840': attribute type 39 has an invalid length. [ 667.616352][T13326] netlink: 'syz.2.2843': attribute type 39 has an invalid length. [ 668.161042][T13336] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2845'. [ 668.438950][T13336] netlink: 13602 bytes leftover after parsing attributes in process `syz.1.2845'. [ 669.061335][T13353] delete_channel: no stack [ 669.370585][T13365] netlink: 'syz.3.2854': attribute type 10 has an invalid length. [ 669.758121][T13375] netlink: 'syz.3.2859': attribute type 39 has an invalid length. [ 669.780989][T13376] delete_channel: no stack [ 670.122196][T13381] netlink: 'syz.0.2860': attribute type 10 has an invalid length. [ 670.224533][T13385] netlink: 'syz.2.2862': attribute type 10 has an invalid length. [ 671.411559][T13370] netlink: 'syz.1.2858': attribute type 21 has an invalid length. [ 671.424302][T13370] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2858'. [ 671.746546][T13382] netlink: 'syz.1.2858': attribute type 3 has an invalid length. [ 671.800814][T13382] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.2858'. [ 672.292978][T13412] delete_channel: no stack [ 672.620588][T13427] netlink: 'syz.2.2875': attribute type 10 has an invalid length. [ 672.752050][T13430] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2878'. [ 672.962654][T13430] netlink: 13602 bytes leftover after parsing attributes in process `syz.1.2878'. [ 674.091805][T13451] netlink: 'syz.4.2885': attribute type 10 has an invalid length. [ 674.175820][T13455] delete_channel: no stack [ 674.310663][T13460] netlink: 'syz.2.2887': attribute type 10 has an invalid length. [ 674.466914][T13463] netlink: 'syz.4.2889': attribute type 10 has an invalid length. [ 675.350353][ T4279] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 675.358920][ T4279] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 675.366816][ T4279] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 675.375665][T13491] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 675.383980][T13491] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 675.392313][T13491] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 676.106573][T13486] chnl_net:caif_netlink_parms(): no params data found [ 676.352818][T13486] bridge0: port 1(bridge_slave_0) entered blocking state [ 676.360367][T13486] bridge0: port 1(bridge_slave_0) entered disabled state [ 676.369097][T13486] device bridge_slave_0 entered promiscuous mode [ 676.378766][T13486] bridge0: port 2(bridge_slave_1) entered blocking state [ 676.386790][T13486] bridge0: port 2(bridge_slave_1) entered disabled state [ 676.396273][T13486] device bridge_slave_1 entered promiscuous mode [ 676.539052][T13486] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 676.574719][T13486] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 676.715296][T13486] team0: Port device team_slave_0 added [ 676.831155][T13486] team0: Port device team_slave_1 added [ 676.941955][T13486] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 676.977862][T13486] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 677.173978][T13486] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 677.248626][T13486] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 677.344489][T13486] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 677.444475][T13491] Bluetooth: hci1: command 0x0409 tx timeout [ 677.733459][T13486] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 678.199899][T13486] device hsr_slave_0 entered promiscuous mode [ 678.269553][T13486] device hsr_slave_1 entered promiscuous mode [ 678.319278][T13486] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 678.348514][T13486] Cannot create hsr debugfs directory [ 678.862763][T13486] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 678.901531][T13563] netlink: 830 bytes leftover after parsing attributes in process `syz.4.2930'. [ 678.997708][T13486] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 679.119455][T13486] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 679.258364][T13486] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 679.524103][T13491] Bluetooth: hci1: command 0x041b tx timeout [ 681.604038][T13491] Bluetooth: hci1: command 0x040f tx timeout [ 681.853046][T13486] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 681.932335][T13486] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 681.959739][T13486] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 682.007892][T13486] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 682.122210][T13608] Illegal XDP return value 4294967294 on prog (id 2260) dev N/A, expect packet loss! [ 682.395151][T13486] 8021q: adding VLAN 0 to HW filter on device bond0 [ 682.423683][ T4299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 682.442914][ T4299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 682.465975][T13486] 8021q: adding VLAN 0 to HW filter on device team0 [ 682.536729][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 682.574824][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 682.594718][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 682.601940][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 682.641258][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 682.697178][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 682.707397][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 682.762717][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 682.770056][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 682.844409][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 682.862048][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 682.871826][T13631] netlink: 'syz.2.2955': attribute type 10 has an invalid length. [ 682.894809][T13631] bond0: (slave bond_slave_0): Releasing backup interface [ 682.947851][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 682.982217][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 683.024507][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 683.050143][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 683.105003][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 683.123004][T13486] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 683.304211][T13486] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 683.377682][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 683.405065][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 683.485545][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 683.528854][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 683.591376][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 683.685668][T13491] Bluetooth: hci1: command 0x0419 tx timeout [ 683.926254][T13658] netlink: 'syz.0.2967': attribute type 20 has an invalid length. [ 684.213358][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 684.231483][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 684.256642][T13486] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 684.384991][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 684.403116][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 684.509707][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 684.528342][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 684.595425][T13486] device veth0_vlan entered promiscuous mode [ 684.619685][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 684.653742][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 684.709921][T13486] device veth1_vlan entered promiscuous mode [ 684.901971][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 684.925273][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 684.944742][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 684.965592][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 685.006541][T13486] device veth0_macvtap entered promiscuous mode [ 685.064774][T13486] device veth1_macvtap entered promiscuous mode [ 685.151044][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 685.179815][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 685.196677][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 685.229308][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 685.289292][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 685.314623][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 685.334903][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 685.351013][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 685.363711][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 685.380193][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 685.432265][T13486] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 685.457048][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 685.466573][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 685.541281][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 685.565808][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 685.587223][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 685.625579][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 685.661029][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 685.707886][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 685.727723][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 685.738770][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 685.749058][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 685.760032][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 685.777761][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 685.802401][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 685.845704][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.852136][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.861790][T13486] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 685.880991][ T4299] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 685.930979][ T4299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 685.961957][T13486] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 685.977069][T13486] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 686.013432][T13486] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 686.041025][T13486] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 686.239600][ T4357] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 686.261396][ T4357] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 686.343204][ T4299] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 686.361010][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 686.379360][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 686.402402][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 688.691720][T13751] Ÿë: port 1(veth0_to_bridge) entered blocking state [ 688.710738][T13751] Ÿë: port 1(veth0_to_bridge) entered disabled state [ 688.733226][T13751] device veth0_to_bridge entered promiscuous mode [ 688.774441][ T4283] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 688.788590][ T4283] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 688.798724][ T4283] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 688.808207][ T4283] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 688.817650][T13744] Ÿë: port 2(veth0_to_team) entered blocking state [ 688.825612][ T4279] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 688.832934][ T4279] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 688.835903][T13744] Ÿë: port 2(veth0_to_team) entered disabled state [ 688.897494][T13744] device veth0_to_team entered promiscuous mode [ 689.223055][T13755] chnl_net:caif_netlink_parms(): no params data found [ 689.281928][T13765] netlink: 830 bytes leftover after parsing attributes in process `syz.4.3013'. [ 689.481602][T13755] bridge0: port 1(bridge_slave_0) entered blocking state [ 689.526865][T13755] bridge0: port 1(bridge_slave_0) entered disabled state [ 689.535417][T13755] device bridge_slave_0 entered promiscuous mode [ 689.551069][T13772] device hsr0 entered promiscuous mode [ 689.582639][T13755] bridge0: port 2(bridge_slave_1) entered blocking state [ 689.590337][T13755] bridge0: port 2(bridge_slave_1) entered disabled state [ 689.598830][T13755] device bridge_slave_1 entered promiscuous mode [ 689.638788][T13776] netlink: 156 bytes leftover after parsing attributes in process `syz.0.3016'. [ 689.684718][T13755] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 689.723577][T13755] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 689.882559][T13755] team0: Port device team_slave_0 added [ 689.908591][T13755] team0: Port device team_slave_1 added [ 690.007542][T13787] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 690.015234][T13787] IPv6: NLM_F_CREATE should be set when creating new route [ 690.022642][T13787] IPv6: NLM_F_CREATE should be set when creating new route [ 690.029985][T13787] IPv6: NLM_F_CREATE should be set when creating new route [ 690.208289][T13755] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 690.300520][T13755] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 690.434758][T13755] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 690.454547][T13755] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 690.461649][T13755] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 690.488231][T13755] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 690.565195][T13755] device hsr_slave_0 entered promiscuous mode [ 690.591068][T13755] device hsr_slave_1 entered promiscuous mode [ 690.602868][T13755] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 690.621364][T13755] Cannot create hsr debugfs directory [ 690.884171][ T4283] Bluetooth: hci3: command 0x0409 tx timeout [ 691.257378][T13755] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 691.394836][T13798] Ÿë: port 1(veth0_to_team) entered blocking state [ 691.457107][T13798] Ÿë: port 1(veth0_to_team) entered disabled state [ 691.527146][T13798] device veth0_to_team entered promiscuous mode [ 691.683100][T13755] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 691.869976][T13755] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 692.052186][T13755] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 692.421284][T13755] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 692.462704][T13755] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 692.546090][T13755] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 692.611074][T13755] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 692.801591][T13862] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 692.808931][T13862] IPv6: NLM_F_CREATE should be set when creating new route [ 692.816308][T13862] IPv6: NLM_F_CREATE should be set when creating new route [ 692.823608][T13862] IPv6: NLM_F_CREATE should be set when creating new route [ 692.917399][T13840] Ÿë: port 1(veth0_to_bridge) entered blocking state [ 692.934461][T13840] Ÿë: port 1(veth0_to_bridge) entered disabled state [ 693.000816][ T4283] Bluetooth: hci3: command 0x041b tx timeout [ 693.065589][T13840] device veth0_to_bridge entered promiscuous mode [ 693.128819][T13755] 8021q: adding VLAN 0 to HW filter on device bond0 [ 693.144556][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 693.152511][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 693.210020][T13755] 8021q: adding VLAN 0 to HW filter on device team0 [ 693.225544][T13849] Ÿë: port 2(veth0_to_team) entered blocking state [ 693.240606][T13849] Ÿë: port 2(veth0_to_team) entered disabled state [ 693.255448][T13849] device veth0_to_team entered promiscuous mode [ 693.320944][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 693.374757][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 693.404642][ T5213] bridge0: port 1(bridge_slave_0) entered blocking state [ 693.412795][ T5213] bridge0: port 1(bridge_slave_0) entered forwarding state [ 693.458610][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 693.492807][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 693.521961][ T5213] bridge0: port 2(bridge_slave_1) entered blocking state [ 693.529225][ T5213] bridge0: port 2(bridge_slave_1) entered forwarding state [ 693.562429][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 693.594838][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 693.604461][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 693.629550][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 693.640088][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 693.649397][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 693.660549][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 693.721822][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 693.739617][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 693.762078][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 693.787515][T13755] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 693.820011][T13755] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 693.905805][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 693.944078][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 694.413007][T13900] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 694.420382][T13900] IPv6: NLM_F_CREATE should be set when creating new route [ 694.427728][T13900] IPv6: NLM_F_CREATE should be set when creating new route [ 694.435052][T13900] IPv6: NLM_F_CREATE should be set when creating new route [ 695.047534][ T4283] Bluetooth: hci3: command 0x040f tx timeout [ 695.098013][T13909] device hsr0 entered promiscuous mode [ 695.409989][ T4299] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 695.423199][ T4299] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 695.451484][T13755] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 695.499797][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 695.510719][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 695.537892][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 695.547583][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 695.559862][T13755] device veth0_vlan entered promiscuous mode [ 695.569509][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 695.588563][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 695.613117][T13755] device veth1_vlan entered promiscuous mode [ 695.719234][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 695.735708][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 695.745672][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 695.775340][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 695.817165][T13755] device veth0_macvtap entered promiscuous mode [ 695.856440][T13755] device veth1_macvtap entered promiscuous mode [ 695.907108][T13755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 695.934927][T13755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 695.954253][T13755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 695.980236][T13755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 696.044259][T13755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 696.093935][T13755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 696.111057][T13755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 696.138284][T13755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 696.171872][T13755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 696.208942][T13755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 696.242259][T13755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 696.281218][T13755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 696.315814][T13755] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 696.355197][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 696.377017][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 696.398544][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 696.552481][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 696.642982][T13755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 696.712553][T13755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 696.777273][T13755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 696.838649][T13755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 696.894429][T13755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 696.948300][T13755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 697.032681][T13755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 697.083906][T13755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 697.129559][ T4283] Bluetooth: hci3: command 0x0419 tx timeout [ 697.153279][T13755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 697.204098][T13755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 697.214235][T13755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 697.225441][T13755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 697.265588][T13755] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 697.273746][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 697.322785][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 697.410104][T13755] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 697.453966][T13755] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 697.463289][T13755] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 697.498732][T13755] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 697.770804][ T5213] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 697.789368][ T5213] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 697.814202][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 697.906681][ T4357] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 697.943206][ T4357] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 697.951547][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 697.994061][T13978] netlink: 156 bytes leftover after parsing attributes in process `syz.3.3098'. [ 698.905988][T13986] Ÿë: port 1(veth0_to_bridge) entered blocking state [ 698.967123][T13986] Ÿë: port 1(veth0_to_bridge) entered disabled state [ 699.040179][T13986] device veth0_to_bridge entered promiscuous mode [ 699.152976][T13994] Ÿë: port 2(veth0_to_team) entered blocking state [ 699.164292][T13994] Ÿë: port 2(veth0_to_team) entered disabled state [ 699.200827][T13994] device veth0_to_team entered promiscuous mode [ 699.224687][ T4283] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 699.233745][ T4283] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 699.242737][ T4283] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 699.254933][ T4283] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 699.262644][ T4283] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 699.270013][ T4283] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 699.903526][T14010] chnl_net:caif_netlink_parms(): no params data found [ 700.076390][T14041] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3127'. [ 700.117855][T14041] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3127'. [ 700.156032][T14045] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3127'. [ 700.202171][T14048] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3128'. [ 700.269057][T14048] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3128'. [ 700.309266][T14054] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3128'. [ 700.329162][T14010] bridge0: port 1(bridge_slave_0) entered blocking state [ 700.337572][T14010] bridge0: port 1(bridge_slave_0) entered disabled state [ 700.346044][T14010] device bridge_slave_0 entered promiscuous mode [ 700.355086][T14010] bridge0: port 2(bridge_slave_1) entered blocking state [ 700.362324][T14010] bridge0: port 2(bridge_slave_1) entered disabled state [ 700.370926][T14010] device bridge_slave_1 entered promiscuous mode [ 700.405543][T14010] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 700.427342][T14010] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 700.545870][T14010] team0: Port device team_slave_0 added [ 700.575692][T14010] team0: Port device team_slave_1 added [ 700.649665][T14010] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 700.709653][T14010] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 700.777826][T14010] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 700.822417][T14010] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 700.841935][T14010] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 700.908080][T14010] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 701.033746][T14010] device hsr_slave_0 entered promiscuous mode [ 701.087160][T14010] device hsr_slave_1 entered promiscuous mode [ 701.133659][T14010] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 701.151056][T14010] Cannot create hsr debugfs directory [ 701.293948][ T4283] Bluetooth: hci2: command 0x0409 tx timeout [ 702.129758][T14093] bridge0: port 2(bridge_slave_1) entered disabled state [ 702.137380][T14093] bridge0: port 1(bridge_slave_0) entered disabled state [ 702.179809][T14096] device bridge_slave_1 left promiscuous mode [ 702.194937][T14096] bridge0: port 2(bridge_slave_1) entered disabled state [ 702.225956][T14098] netlink: 'syz.0.3151': attribute type 29 has an invalid length. [ 702.281898][T14096] device bridge_slave_0 left promiscuous mode [ 702.294098][T14096] bridge0: port 1(bridge_slave_0) entered disabled state [ 702.422288][T14098] netlink: 'syz.0.3151': attribute type 29 has an invalid length. [ 702.461390][T14099] netlink: 'syz.0.3151': attribute type 29 has an invalid length. [ 702.689380][T14010] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 702.908212][T14010] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 703.152382][T14010] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 703.364101][ T4283] Bluetooth: hci2: command 0x041b tx timeout [ 703.437735][T14010] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 703.634406][T14128] device bridge_slave_1 left promiscuous mode [ 703.656370][T14128] bridge0: port 2(bridge_slave_1) entered disabled state [ 703.677858][T14128] device bridge_slave_0 left promiscuous mode [ 703.691390][T14128] bridge0: port 1(bridge_slave_0) entered disabled state [ 703.725502][T14128] team0: Port device bridge0 removed [ 703.828395][T14010] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 703.869093][T14010] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 703.883279][T14010] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 703.903461][T14010] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 704.222013][T14010] 8021q: adding VLAN 0 to HW filter on device bond0 [ 704.298616][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 704.314342][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 704.356508][T14010] 8021q: adding VLAN 0 to HW filter on device team0 [ 704.393980][T14149] netlink: 'syz.0.3172': attribute type 3 has an invalid length. [ 704.411862][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 704.426486][T14149] netlink: 13435 bytes leftover after parsing attributes in process `syz.0.3172'. [ 704.440792][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 704.469341][ T5213] bridge0: port 1(bridge_slave_0) entered blocking state [ 704.476866][ T5213] bridge0: port 1(bridge_slave_0) entered forwarding state [ 704.553583][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 704.588612][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 704.633055][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 704.672036][ T5213] bridge0: port 2(bridge_slave_1) entered blocking state [ 704.679355][ T5213] bridge0: port 2(bridge_slave_1) entered forwarding state [ 704.742840][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 704.793683][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 704.829896][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 704.867878][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 704.913779][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 704.974510][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 704.996807][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 705.017336][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 705.034991][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 705.052992][T14010] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 705.099727][T14010] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 705.147120][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 705.184561][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 705.444004][ T4283] Bluetooth: hci2: command 0x040f tx timeout [ 705.851028][T14188] netlink: 'syz.1.3188': attribute type 5 has an invalid length. [ 705.926523][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 705.954971][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 705.968579][T14010] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 707.195850][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 707.224955][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 707.276458][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 707.293604][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 707.335222][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 707.382517][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 707.412618][T14010] device veth0_vlan entered promiscuous mode [ 707.496304][T14010] device veth1_vlan entered promiscuous mode [ 707.524569][ T4283] Bluetooth: hci2: command 0x0419 tx timeout [ 707.640469][ T4299] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 707.656643][ T4299] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 707.686878][ T4299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 707.706541][ T4299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 707.730630][T14010] device veth0_macvtap entered promiscuous mode [ 707.775770][T14010] device veth1_macvtap entered promiscuous mode [ 707.862942][T14010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 707.889009][T14010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.899018][T14010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 707.927334][T14010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.960760][T14010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 707.985492][T14010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.004197][T14010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 708.029170][T14010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.047025][T14010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 708.079486][T14010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.090341][T14010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 708.120453][T14010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.137568][T14010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 708.170295][T14010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.188637][T14010] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 708.216938][ T4299] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 708.225774][ T4299] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 708.241031][ T4299] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 708.272630][ T4299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 708.293158][T14010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.317548][T14010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.340188][T14010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.350826][T14010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.367756][T14010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.385950][T14010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.396820][T14010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.407818][T14010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.418616][T14010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.429364][T14010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.439482][T14010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.450257][T14010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.460182][T14010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.470962][T14010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.505609][T14010] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 708.538634][T14010] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 708.593871][T14010] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 708.602657][T14010] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 708.634723][T14010] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 708.698484][ T4299] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 708.714600][ T4299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 708.948791][T14260] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3216'. [ 709.207305][T14260] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3216'. [ 709.244842][T14262] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3216'. [ 709.340794][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 709.361007][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 709.380181][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 709.461107][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 709.473918][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 709.504556][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 710.475000][T14297] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3233'. [ 710.508444][T14297] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3233'. [ 710.545439][T14299] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3233'. [ 710.572715][T14297] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3233'. [ 710.908310][ T4283] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 710.918683][ T4283] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 710.947079][ T4283] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 710.955689][ T4283] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 710.963240][ T4283] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 710.972664][ T4283] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 711.007687][T14308] netlink: 'syz.2.3236': attribute type 10 has an invalid length. [ 711.058952][T14308] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 711.886267][T14302] chnl_net:caif_netlink_parms(): no params data found [ 712.308941][T14302] bridge0: port 1(bridge_slave_0) entered blocking state [ 712.352627][T14302] bridge0: port 1(bridge_slave_0) entered disabled state [ 712.399782][T14302] device bridge_slave_0 entered promiscuous mode [ 712.440763][T14302] bridge0: port 2(bridge_slave_1) entered blocking state [ 712.489097][T14302] bridge0: port 2(bridge_slave_1) entered disabled state [ 712.519600][T14302] device bridge_slave_1 entered promiscuous mode [ 712.552242][T14302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 712.566313][T14302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 712.633931][T14302] team0: Port device team_slave_0 added [ 712.652781][T14302] team0: Port device team_slave_1 added [ 712.749477][T14302] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 712.788192][T14302] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 712.873978][T14302] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 712.972937][T14302] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 712.982150][T14302] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 713.039685][T14302] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 713.049189][ T4279] Bluetooth: hci0: command 0x0409 tx timeout [ 713.213580][T14302] device hsr_slave_0 entered promiscuous mode [ 713.246494][T14350] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3253'. [ 713.285972][T14302] device hsr_slave_1 entered promiscuous mode [ 713.302184][T14302] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 713.319436][T14302] Cannot create hsr debugfs directory [ 713.346685][T14350] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3253'. [ 713.414194][T14352] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3253'. [ 713.455390][T14354] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3253'. [ 713.513233][T14350] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3253'. [ 714.254927][T14302] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 714.500719][T14302] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 714.669283][T14368] device syzkaller0 entered promiscuous mode [ 714.833202][T14302] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 715.117367][T14302] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 715.124851][ T4279] Bluetooth: hci0: command 0x041b tx timeout [ 717.207897][ T4279] Bluetooth: hci0: command 0x040f tx timeout [ 718.642665][T14382] netlink: 164 bytes leftover after parsing attributes in process `syz.1.3263'. [ 718.935047][T14302] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 718.957713][T14302] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 718.969493][T14302] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 719.019057][T14302] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 719.284015][ T4279] Bluetooth: hci0: command 0x0419 tx timeout [ 719.468147][T14302] 8021q: adding VLAN 0 to HW filter on device bond0 [ 719.493561][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 719.502991][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 719.543189][T14302] 8021q: adding VLAN 0 to HW filter on device team0 [ 719.594060][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 719.655233][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 719.687479][ T4357] bridge0: port 1(bridge_slave_0) entered blocking state [ 719.694717][ T4357] bridge0: port 1(bridge_slave_0) entered forwarding state [ 719.744900][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 719.789745][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 719.834851][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 719.877281][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 719.884531][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 719.954570][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 719.965580][T14440] netlink: 55631 bytes leftover after parsing attributes in process `syz.4.3286'. [ 719.983693][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 720.055998][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 720.078606][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 720.109923][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 720.160917][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 720.205932][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 720.255509][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 720.284608][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 720.309375][T14302] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 720.341140][T14302] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 720.381578][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 720.394888][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 720.899648][ T4279] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 721.368364][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 721.377161][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 721.412276][T14302] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 721.505841][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 721.517167][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 721.581206][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 721.609242][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 721.631569][T14302] device veth0_vlan entered promiscuous mode [ 721.641251][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 721.660233][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 721.699771][T14302] device veth1_vlan entered promiscuous mode [ 721.769072][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 721.782865][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 721.803487][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 721.828327][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 721.848916][T14302] device veth0_macvtap entered promiscuous mode [ 721.890973][T14302] device veth1_macvtap entered promiscuous mode [ 721.941415][T14302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 721.963353][T14302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.017602][T14302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 722.058746][T14302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.104077][T14302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 722.147771][T14302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.190021][T14302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 722.246840][T14302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.315814][T14302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 722.419467][T14302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.459927][T14302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 722.503118][T14302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.544438][T14302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 722.579956][T14302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.629036][T14302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 722.662110][T14302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.720989][T14302] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 722.741446][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 722.766023][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 722.807151][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 722.847805][T14302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 722.894105][T14302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.943868][T14302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 722.983875][T14302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.015053][T14302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 723.048682][T14302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.093199][T14302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 723.114671][T14302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.125258][T14302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 723.136467][T14302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.147701][T14302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 723.160074][T14302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.172785][T14302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 723.183730][T14302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.194954][T14302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 723.206309][T14302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.223608][T14302] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 723.236840][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 723.248217][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 723.267133][T14302] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 723.289571][T14302] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 723.312346][T14302] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 723.323743][T14302] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 723.534151][ T4299] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 723.542438][ T4299] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 723.634989][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 723.648359][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 723.694093][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 723.726675][T14510] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.3314'. [ 723.765739][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 725.124964][T13491] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 725.135474][T13491] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 725.143354][T13491] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 725.151904][T13491] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 725.161525][T13491] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 725.168984][T13491] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 726.191878][T14540] chnl_net:caif_netlink_parms(): no params data found [ 726.771489][T14540] bridge0: port 1(bridge_slave_0) entered blocking state [ 726.814910][T14540] bridge0: port 1(bridge_slave_0) entered disabled state [ 726.864050][T14540] device bridge_slave_0 entered promiscuous mode [ 726.897557][T14540] bridge0: port 2(bridge_slave_1) entered blocking state [ 726.907435][T14540] bridge0: port 2(bridge_slave_1) entered disabled state [ 726.936411][T14540] device bridge_slave_1 entered promiscuous mode [ 727.011441][T14581] netlink: 'syz.3.3341': attribute type 10 has an invalid length. [ 727.024073][T14581] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3341'. [ 727.047316][T14540] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 727.086441][T14540] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 727.203630][T14540] team0: Port device team_slave_0 added [ 727.204127][T13491] Bluetooth: hci5: command 0x0409 tx timeout [ 727.240726][T14540] team0: Port device team_slave_1 added [ 727.461688][T14540] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 727.494002][T14540] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 727.656333][T14540] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 727.724145][T14540] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 727.758895][T14540] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 727.916148][T14540] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 728.628126][T14540] device hsr_slave_0 entered promiscuous mode [ 728.969349][T14540] device hsr_slave_1 entered promiscuous mode [ 729.218915][T14540] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 729.229819][T14540] Cannot create hsr debugfs directory [ 729.283913][T13491] Bluetooth: hci5: command 0x041b tx timeout [ 729.862434][T13491] Bluetooth: hci2: unknown advertising packet type: 0xfb [ 731.363998][T13491] Bluetooth: hci5: command 0x040f tx timeout [ 731.665129][T14540] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 731.726479][T14540] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 731.760914][T14540] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 731.845030][T14540] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 732.162928][T14540] 8021q: adding VLAN 0 to HW filter on device bond0 [ 732.225012][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 732.238642][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 732.271472][T14540] 8021q: adding VLAN 0 to HW filter on device team0 [ 732.303481][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 732.321146][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 732.364845][ T4357] bridge0: port 1(bridge_slave_0) entered blocking state [ 732.372032][ T4357] bridge0: port 1(bridge_slave_0) entered forwarding state [ 732.440866][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 732.466899][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 732.501729][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 732.529461][ T4357] bridge0: port 2(bridge_slave_1) entered blocking state [ 732.536748][ T4357] bridge0: port 2(bridge_slave_1) entered forwarding state [ 732.597241][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 732.654966][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 732.685571][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 732.732758][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 732.792684][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 732.836817][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 732.873681][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 732.924929][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 732.948011][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 732.998459][T14540] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 733.011246][T14540] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 733.019972][T12930] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 733.064525][T12930] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 733.443956][T13491] Bluetooth: hci5: command 0x0419 tx timeout [ 734.153186][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 734.174231][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 734.299024][T14540] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 734.487677][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 734.554305][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 734.606224][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 734.627303][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 734.647203][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 734.678965][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 734.696219][T14540] device veth0_vlan entered promiscuous mode [ 734.737164][T14540] device veth1_vlan entered promiscuous mode [ 734.814870][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 734.834706][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 734.867836][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 734.915069][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 734.948236][T14540] device veth0_macvtap entered promiscuous mode [ 734.988094][T14540] device veth1_macvtap entered promiscuous mode [ 735.096381][T14540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 735.123743][T14540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.157617][T14540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 735.194007][T14540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.233968][T14540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 735.253899][T14540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.265327][T14540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 735.276194][T14540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.299525][T14540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 735.334006][T14540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.363059][T14540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 735.383829][T14540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.397708][T14540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 735.423235][T14540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.446476][T14540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 735.467517][T14540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.490605][T14540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 735.512454][T14540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.539602][T14540] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 735.558156][T14706] netlink: 164 bytes leftover after parsing attributes in process `syz.3.3390'. [ 735.580770][T14707] netlink: 164 bytes leftover after parsing attributes in process `syz.3.3390'. [ 735.590266][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 735.604317][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 735.612859][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 735.624545][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 735.639511][T14540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 735.653008][T14540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.663930][T14540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 735.675558][T14540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.685896][T14540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 735.696935][T14540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.709451][T14540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 735.720428][T14540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.732809][T14540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 735.743857][T14540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.762054][T14540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 735.780257][T14540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.797647][T14540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 735.818713][T14540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.841437][T14540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 735.872627][T14540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.893089][T14540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 735.911420][T14540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.995029][T14540] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 736.002694][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 736.022220][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 736.072098][T14540] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 736.144037][T14540] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 736.194266][T14540] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 736.203140][T14540] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 736.249485][T14715] tap0: tun_chr_ioctl cmd 1074025677 [ 736.266434][T14715] tap0: linktype set to 776 [ 736.374247][T14717] bridge0: port 2(bridge_slave_1) entered disabled state [ 736.381775][T14717] bridge0: port 1(bridge_slave_0) entered disabled state [ 736.569648][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 736.593922][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 736.608675][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 736.632308][T14723] netlink: 'syz.2.3395': attribute type 2 has an invalid length. [ 736.663889][T14723] netlink: 'syz.2.3395': attribute type 8 has an invalid length. [ 736.671865][T14723] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3395'. [ 736.727302][ T4296] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 736.743928][ T4296] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 736.751603][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 737.475758][T14748] bridge0: port 2(bridge_slave_1) entered disabled state [ 737.483332][T14748] bridge0: port 1(bridge_slave_0) entered disabled state [ 737.669484][T14753] netlink: 'syz.2.3406': attribute type 29 has an invalid length. [ 737.725348][T14753] netlink: 'syz.2.3406': attribute type 29 has an invalid length. [ 737.784315][T14754] netlink: 'syz.2.3406': attribute type 29 has an invalid length. [ 738.194109][T14764] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3411'. [ 738.203615][T14764] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3411'. [ 738.247960][T14765] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3411'. [ 738.267202][T14764] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3411'. [ 738.738466][T14778] bridge0: port 2(bridge_slave_1) entered disabled state [ 738.746038][T14778] bridge0: port 1(bridge_slave_0) entered disabled state [ 739.823636][T14799] netlink: 'syz.0.3426': attribute type 10 has an invalid length. [ 739.855097][T14799] bridge0: port 3(netdevsim0) entered blocking state [ 739.861994][T14799] bridge0: port 3(netdevsim0) entered disabled state [ 739.934823][T14799] device netdevsim0 entered promiscuous mode [ 740.541005][T14820] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3436'. [ 740.560623][T14820] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3436'. [ 740.590734][T14820] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3436'. [ 740.653113][T14824] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3436'. [ 747.288136][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.294666][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.674669][T14947] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3494'. [ 747.711746][T14947] netlink: 'syz.4.3494': attribute type 12 has an invalid length. [ 747.744167][T14947] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3494'. [ 748.864084][T14981] netlink: 'syz.1.3509': attribute type 10 has an invalid length. [ 749.074518][T14989] netlink: 'syz.0.3513': attribute type 29 has an invalid length. [ 749.095961][T14989] netlink: 'syz.0.3513': attribute type 29 has an invalid length. [ 749.105533][T14989] netlink: 'syz.0.3513': attribute type 29 has an invalid length. [ 750.402445][T15012] netlink: 'syz.1.3525': attribute type 10 has an invalid length. [ 754.574531][T15107] netlink: 'syz.4.3564': attribute type 10 has an invalid length. [ 754.582641][T15107] bridge0: port 3(netdevsim0) entered blocking state [ 754.620044][T15107] bridge0: port 3(netdevsim0) entered disabled state [ 754.645101][T15107] device netdevsim0 entered promiscuous mode [ 760.838072][T15184] device macvlan1 entered promiscuous mode [ 763.891663][T15246] netlink: 'syz.0.3625': attribute type 29 has an invalid length. [ 766.432526][T15246] netlink: 'syz.0.3625': attribute type 29 has an invalid length. [ 766.516690][ T5213] device veth0_to_team left promiscuous mode [ 766.524902][ T5213] Ÿë: port 2(veth0_to_team) entered disabled state [ 766.561957][ T5213] device veth0_to_bridge left promiscuous mode [ 766.606340][ T5213] Ÿë: port 1(veth0_to_bridge) entered disabled state [ 767.232202][ T5213] device hsr_slave_0 left promiscuous mode [ 767.245958][ T5213] device hsr_slave_1 left promiscuous mode [ 767.271432][ T5213] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 767.303226][ T5213] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 767.336327][ T5213] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 767.363727][ T5213] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 767.478673][ T5213] device veth1_macvtap left promiscuous mode [ 767.507497][ T5213] device veth0_macvtap left promiscuous mode [ 768.121973][T15302] netlink: 'syz.2.3643': attribute type 29 has an invalid length. [ 768.283587][ T5213] team0 (unregistering): Port device geneve1 removed [ 768.583552][ T5213] bond0 (unregistering): (slave geneve0): Releasing backup interface [ 769.376417][ T5213] team0 (unregistering): Port device team_slave_1 removed [ 769.467207][ T5213] team0 (unregistering): Port device team_slave_0 removed [ 769.535558][ T5213] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 770.336720][ T5213] bond0 (unregistering): Released all slaves [ 770.441434][T15302] netlink: 'syz.2.3643': attribute type 29 has an invalid length. [ 770.577969][T15307] device syzkaller0 entered promiscuous mode [ 772.416396][T15369] netlink: 'syz.4.3670': attribute type 29 has an invalid length. [ 777.700360][T15369] netlink: 'syz.4.3670': attribute type 29 has an invalid length. [ 779.461034][T15454] ================================================================== [ 779.469255][T15454] BUG: KASAN: slab-out-of-bounds in __bpf_get_stackid+0x6c9/0x920 [ 779.477124][T15454] Write of size 56 at addr ffff88801bf87090 by task syz.2.3715/15454 [ 779.485248][T15454] [ 779.487629][T15454] CPU: 1 PID: 15454 Comm: syz.2.3715 Not tainted syzkaller #0 [ 779.495745][T15454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 779.505864][T15454] Call Trace: [ 779.509204][T15454] [ 779.512177][T15454] dump_stack_lvl+0x188/0x24e [ 779.516910][T15454] ? __lock_acquire+0x7d10/0x7d10 [ 779.521998][T15454] ? show_regs_print_info+0x12/0x12 [ 779.527255][T15454] ? load_image+0x400/0x400 [ 779.531809][T15454] ? _raw_spin_lock_irqsave+0xbc/0x100 [ 779.537317][T15454] ? __virt_addr_valid+0x188/0x540 [ 779.542488][T15454] ? __virt_addr_valid+0x465/0x540 [ 779.547655][T15454] ? __bpf_get_stackid+0x6c9/0x920 [ 779.552806][T15454] print_report+0xa8/0x210 [ 779.557275][T15454] kasan_report+0x10b/0x140 [ 779.561838][T15454] ? __bpf_get_stackid+0x6c9/0x920 [ 779.567003][T15454] kasan_check_range+0x235/0x290 [ 779.572000][T15454] ? __bpf_get_stackid+0x6c9/0x920 [ 779.577167][T15454] memcpy+0x3c/0x60 [ 779.581025][T15454] __bpf_get_stackid+0x6c9/0x920 [ 779.586026][T15454] bpf_get_stackid_pe+0x33f/0x400 [ 779.591112][T15454] bpf_prog_16fa1569821187d5+0x21/0x31 [ 779.596639][T15454] bpf_overflow_handler+0x522/0x7c0 [ 779.601893][T15454] ? bpf_overflow_handler+0xd9/0x7c0 [ 779.607231][T15454] ? perf_event_switch_output+0x760/0x760 [ 779.613015][T15454] ? __perf_event_account_interrupt+0x187/0x280 [ 779.619336][T15454] __perf_event_overflow+0x448/0x610 [ 779.624722][T15454] ___perf_sw_event+0x49e/0x6e0 [ 779.629630][T15454] ? ___perf_sw_event+0x180/0x6e0 [ 779.634710][T15454] ? perf_swevent_put_recursion_context+0xb0/0xb0 [ 779.641191][T15454] ? __lock_acquire+0x13cf/0x7d10 [ 779.646370][T15454] ? lockdep_hardirqs_on+0x94/0x140 [ 779.651623][T15454] ? verify_lock_unused+0x140/0x140 [ 779.656973][T15454] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 779.663111][T15454] ? lock_chain_count+0x20/0x20 [ 779.668045][T15454] __perf_sw_event+0x135/0x260 [ 779.672891][T15454] do_user_addr_fault+0xaea/0xb10 [ 779.677975][T15454] ? trace_hardirqs_off_finish+0x86/0x180 [ 779.683784][T15454] exc_page_fault+0x60/0x100 [ 779.688477][T15454] asm_exc_page_fault+0x22/0x30 [ 779.693469][T15454] RIP: 0010:copy_user_short_string+0xa/0x40 [ 779.699420][T15454] Code: 83 f8 12 74 0a 89 d1 f3 a4 89 c8 0f 01 ca c3 89 d0 0f 01 ca c3 01 ca eb e7 90 90 90 90 90 90 90 89 d1 83 e2 07 c1 e9 03 74 12 <4c> 8b 06 4c 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 [ 779.719090][T15454] RSP: 0018:ffffc900034d7ba8 EFLAGS: 00050202 [ 779.725229][T15454] RAX: ffffffff8410e701 RBX: 0000000000000038 RCX: 0000000000000007 [ 779.733251][T15454] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc900034d7c40 [ 779.741280][T15454] RBP: 0000000000000000 R08: ffffc900034d7c77 R09: 1ffff9200069af8e [ 779.749483][T15454] R10: dffffc0000000000 R11: fffff5200069af8f R12: 00007fffffffefc8 [ 779.757598][T15454] R13: dffffc0000000000 R14: ffffc900034d7c40 R15: 0000000000000000 [ 779.765633][T15454] ? refcount_dec_and_lock_irqsave+0xd1/0xf0 [ 779.771684][T15454] _copy_from_user+0xf4/0x170 [ 779.776420][T15454] ___sys_recvmsg+0x172/0x590 [ 779.781162][T15454] ? __sys_recvmsg+0x290/0x290 [ 779.785992][T15454] ? __fget_files+0x43d/0x4b0 [ 779.790734][T15454] __x64_sys_recvmsg+0x205/0x2e0 [ 779.795725][T15454] ? ___sys_recvmsg+0x590/0x590 [ 779.800639][T15454] ? lockdep_hardirqs_on+0x94/0x140 [ 779.805883][T15454] do_syscall_64+0x4c/0xa0 [ 779.810388][T15454] ? clear_bhb_loop+0x60/0xb0 [ 779.815131][T15454] ? clear_bhb_loop+0x60/0xb0 [ 779.819859][T15454] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 779.825796][T15454] RIP: 0033:0x7f6dd1b9bf79 [ 779.830253][T15454] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 779.850008][T15454] RSP: 002b:00007f6dd2b3e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 779.858478][T15454] RAX: ffffffffffffffda RBX: 00007f6dd1e15fa0 RCX: 00007f6dd1b9bf79 [ 779.866510][T15454] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000006 [ 779.874620][T15454] RBP: 00007f6dd1c327e0 R08: 0000000000000000 R09: 0000000000000000 [ 779.882642][T15454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 779.890668][T15454] R13: 00007f6dd1e16038 R14: 00007f6dd1e15fa0 R15: 00007ffcaccfeb48 [ 779.898699][T15454] [ 779.901759][T15454] [ 779.904135][T15454] Allocated by task 15454: [ 779.908588][T15454] kasan_set_track+0x4b/0x70 [ 779.913446][T15454] __kasan_kmalloc+0x8e/0xa0 [ 779.918088][T15454] __kmalloc_node+0xb0/0x240 [ 779.922741][T15454] bpf_map_area_alloc+0x47/0xe0 [ 779.927637][T15454] prealloc_elems_and_freelist+0x86/0x1c0 [ 779.933417][T15454] stack_map_alloc+0x390/0x520 [ 779.938227][T15454] map_create+0x534/0x1000 [ 779.942698][T15454] __sys_bpf+0x38b/0x780 [ 779.946992][T15454] __x64_sys_bpf+0x78/0x90 [ 779.951544][T15454] do_syscall_64+0x4c/0xa0 [ 779.956094][T15454] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 779.962038][T15454] [ 779.964402][T15454] Last potentially related work creation: [ 779.970150][T15454] kasan_save_stack+0x3a/0x60 [ 779.974880][T15454] __kasan_record_aux_stack+0xb2/0xc0 [ 779.980296][T15454] call_rcu+0x14f/0x990 [ 779.984514][T15454] __nf_register_net_hook+0x788/0x910 [ 779.990108][T15454] nf_register_net_hook+0xae/0x190 [ 779.995361][T15454] nf_register_net_hooks+0x40/0x1a0 [ 780.000607][T15454] ebt_register_table+0xc97/0x1020 [ 780.005774][T15454] find_inlist_lock_noload+0x178/0x260 [ 780.011305][T15454] do_ebt_get_ctl+0x2c7/0x1cf0 [ 780.016217][T15454] nf_getsockopt+0x25e/0x280 [ 780.020857][T15454] ip_getsockopt+0x19b/0x230 [ 780.025501][T15454] __sys_getsockopt+0x1b0/0x230 [ 780.030404][T15454] __x64_sys_getsockopt+0xb1/0xc0 [ 780.035485][T15454] do_syscall_64+0x4c/0xa0 [ 780.039953][T15454] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 780.045897][T15454] [ 780.048251][T15454] Second to last potentially related work creation: [ 780.054869][T15454] kasan_save_stack+0x3a/0x60 [ 780.059693][T15454] __kasan_record_aux_stack+0xb2/0xc0 [ 780.065115][T15454] call_rcu+0x14f/0x990 [ 780.069333][T15454] __nf_register_net_hook+0x788/0x910 [ 780.074752][T15454] nf_register_net_hook+0xae/0x190 [ 780.079907][T15454] nf_register_net_hooks+0x40/0x1a0 [ 780.085157][T15454] nf_ct_netns_do_get+0x20f/0x5b0 [ 780.090229][T15454] nf_ct_netns_inet_get+0x3b/0x150 [ 780.095395][T15454] nf_conncount_init+0x123/0x380 [ 780.100393][T15454] ovs_ct_init+0x312/0x480 [ 780.104865][T15454] ovs_init_net+0x1e2/0x240 [ 780.109426][T15454] ops_init+0x355/0x5f0 [ 780.113632][T15454] register_pernet_operations+0x2af/0x610 [ 780.119410][T15454] register_pernet_device+0x26/0x70 [ 780.124661][T15454] dp_init+0x91/0x13e [ 780.128690][T15454] do_one_initcall+0x26a/0x840 [ 780.133512][T15454] do_initcall_level+0x137/0x1e4 [ 780.138503][T15454] do_initcalls+0x4b/0x8a [ 780.142888][T15454] kernel_init_freeable+0x415/0x5be [ 780.148146][T15454] kernel_init+0x19/0x1b0 [ 780.152519][T15454] ret_from_fork+0x1f/0x30 [ 780.157180][T15454] [ 780.159543][T15454] The buggy address belongs to the object at ffff88801bf87080 [ 780.159543][T15454] which belongs to the cache kmalloc-cg-64 of size 64 [ 780.173742][T15454] The buggy address is located 16 bytes inside of [ 780.173742][T15454] 64-byte region [ffff88801bf87080, ffff88801bf870c0) [ 780.187415][T15454] [ 780.189783][T15454] The buggy address belongs to the physical page: [ 780.196311][T15454] page:ffffea00006fe1c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88801bf87700 pfn:0x1bf87 [ 780.207823][T15454] memcg:ffff88801fe55801 [ 780.212109][T15454] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 780.219721][T15454] raw: 00fff00000000200 ffffea00008ea680 dead000000000007 ffff888017442780 [ 780.228358][T15454] raw: ffff88801bf87700 000000008020001c 00000001ffffffff ffff88801fe55801 [ 780.236994][T15454] page dumped because: kasan: bad access detected [ 780.243464][T15454] page_owner tracks the page as allocated [ 780.249223][T15454] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, tgid 1 (swapper/0), ts 8312083607, free_ts 0 [ 780.265869][T15454] post_alloc_hook+0x173/0x1a0 [ 780.270727][T15454] get_page_from_freelist+0x1a1e/0x1ab0 [ 780.276330][T15454] __alloc_pages+0x1ec/0x4f0 [ 780.280973][T15454] alloc_page_interleave+0x24/0x1e0 [ 780.286229][T15454] alloc_slab_page+0x5d/0x160 [ 780.290986][T15454] new_slab+0x87/0x2c0 [ 780.295111][T15454] ___slab_alloc+0xbc6/0x1240 [ 780.299842][T15454] __kmem_cache_alloc_node+0x1a0/0x260 [ 780.305353][T15454] __kmalloc_node+0xa0/0x240 [ 780.310009][T15454] kvmalloc_node+0x6c/0x180 [ 780.314577][T15454] nf_hook_entries_grow+0x309/0x730 [ 780.319828][T15454] __nf_register_net_hook+0x2c9/0x910 [ 780.325280][T15454] nf_register_net_hook+0xae/0x190 [ 780.330436][T15454] nf_register_net_hooks+0x40/0x1a0 [ 780.335690][T15454] ops_init+0x355/0x5f0 [ 780.339941][T15454] register_pernet_operations+0x2af/0x610 [ 780.345709][T15454] page_owner free stack trace missing [ 780.351109][T15454] [ 780.353460][T15454] Memory state around the buggy address: [ 780.359120][T15454] ffff88801bf86f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 780.367286][T15454] ffff88801bf87000: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 780.375387][T15454] >ffff88801bf87080: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 780.383485][T15454] ^ [ 780.388889][T15454] ffff88801bf87100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 780.396998][T15454] ffff88801bf87180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 780.405111][T15454] ================================================================== [ 780.415946][T15454] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 780.423284][T15454] CPU: 1 PID: 15454 Comm: syz.2.3715 Not tainted syzkaller #0 [ 780.430782][T15454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 780.440863][T15454] Call Trace: [ 780.444167][T15454] [ 780.447124][T15454] dump_stack_lvl+0x188/0x24e [ 780.451832][T15454] ? memcpy+0x3c/0x60 [ 780.455843][T15454] ? show_regs_print_info+0x12/0x12 [ 780.461078][T15454] ? load_image+0x400/0x400 [ 780.465616][T15454] panic+0x2e5/0x730 [ 780.469539][T15454] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 780.475721][T15454] ? bpf_jit_dump+0xd0/0xd0 [ 780.480247][T15454] ? _raw_spin_unlock_irqrestore+0xbc/0x120 [ 780.486164][T15454] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 780.492088][T15454] ? _raw_spin_unlock+0x40/0x40 [ 780.496965][T15454] check_panic_on_warn+0x80/0xa0 [ 780.501933][T15454] ? __bpf_get_stackid+0x6c9/0x920 [ 780.507095][T15454] end_report+0x66/0x110 [ 780.511374][T15454] kasan_report+0x118/0x140 [ 780.515918][T15454] ? __bpf_get_stackid+0x6c9/0x920 [ 780.521080][T15454] kasan_check_range+0x235/0x290 [ 780.526071][T15454] ? __bpf_get_stackid+0x6c9/0x920 [ 780.531221][T15454] memcpy+0x3c/0x60 [ 780.535058][T15454] __bpf_get_stackid+0x6c9/0x920 [ 780.540030][T15454] bpf_get_stackid_pe+0x33f/0x400 [ 780.545083][T15454] bpf_prog_16fa1569821187d5+0x21/0x31 [ 780.550571][T15454] bpf_overflow_handler+0x522/0x7c0 [ 780.555805][T15454] ? bpf_overflow_handler+0xd9/0x7c0 [ 780.561119][T15454] ? perf_event_switch_output+0x760/0x760 [ 780.566871][T15454] ? __perf_event_account_interrupt+0x187/0x280 [ 780.573151][T15454] __perf_event_overflow+0x448/0x610 [ 780.578487][T15454] ___perf_sw_event+0x49e/0x6e0 [ 780.583397][T15454] ? ___perf_sw_event+0x180/0x6e0 [ 780.588479][T15454] ? perf_swevent_put_recursion_context+0xb0/0xb0 [ 780.594936][T15454] ? __lock_acquire+0x13cf/0x7d10 [ 780.600360][T15454] ? lockdep_hardirqs_on+0x94/0x140 [ 780.605604][T15454] ? verify_lock_unused+0x140/0x140 [ 780.610837][T15454] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 780.616855][T15454] ? lock_chain_count+0x20/0x20 [ 780.621744][T15454] __perf_sw_event+0x135/0x260 [ 780.626553][T15454] do_user_addr_fault+0xaea/0xb10 [ 780.631614][T15454] ? trace_hardirqs_off_finish+0x86/0x180 [ 780.637374][T15454] exc_page_fault+0x60/0x100 [ 780.642005][T15454] asm_exc_page_fault+0x22/0x30 [ 780.646880][T15454] RIP: 0010:copy_user_short_string+0xa/0x40 [ 780.652806][T15454] Code: 83 f8 12 74 0a 89 d1 f3 a4 89 c8 0f 01 ca c3 89 d0 0f 01 ca c3 01 ca eb e7 90 90 90 90 90 90 90 89 d1 83 e2 07 c1 e9 03 74 12 <4c> 8b 06 4c 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 [ 780.672534][T15454] RSP: 0018:ffffc900034d7ba8 EFLAGS: 00050202 [ 780.678642][T15454] RAX: ffffffff8410e701 RBX: 0000000000000038 RCX: 0000000000000007 [ 780.686725][T15454] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc900034d7c40 [ 780.694717][T15454] RBP: 0000000000000000 R08: ffffc900034d7c77 R09: 1ffff9200069af8e [ 780.702718][T15454] R10: dffffc0000000000 R11: fffff5200069af8f R12: 00007fffffffefc8 [ 780.710805][T15454] R13: dffffc0000000000 R14: ffffc900034d7c40 R15: 0000000000000000 [ 780.718816][T15454] ? refcount_dec_and_lock_irqsave+0xd1/0xf0 [ 780.724842][T15454] _copy_from_user+0xf4/0x170 [ 780.729557][T15454] ___sys_recvmsg+0x172/0x590 [ 780.734334][T15454] ? __sys_recvmsg+0x290/0x290 [ 780.739148][T15454] ? __fget_files+0x43d/0x4b0 [ 780.743871][T15454] __x64_sys_recvmsg+0x205/0x2e0 [ 780.748846][T15454] ? ___sys_recvmsg+0x590/0x590 [ 780.753740][T15454] ? lockdep_hardirqs_on+0x94/0x140 [ 780.758975][T15454] do_syscall_64+0x4c/0xa0 [ 780.763438][T15454] ? clear_bhb_loop+0x60/0xb0 [ 780.768218][T15454] ? clear_bhb_loop+0x60/0xb0 [ 780.772930][T15454] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 780.778863][T15454] RIP: 0033:0x7f6dd1b9bf79 [ 780.783306][T15454] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 780.802961][T15454] RSP: 002b:00007f6dd2b3e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 780.811401][T15454] RAX: ffffffffffffffda RBX: 00007f6dd1e15fa0 RCX: 00007f6dd1b9bf79 [ 780.819400][T15454] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000006 [ 780.827397][T15454] RBP: 00007f6dd1c327e0 R08: 0000000000000000 R09: 0000000000000000 [ 780.835395][T15454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 780.844260][T15454] R13: 00007f6dd1e16038 R14: 00007f6dd1e15fa0 R15: 00007ffcaccfeb48 [ 780.852279][T15454] [ 780.855927][T15454] Kernel Offset: disabled [ 780.860267][T15454] Rebooting in 86400 seconds..