last executing test programs: 2.609199677s ago: executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet(r0, &(0x7f0000001400)=[{{0x0, 0x0, &(0x7f0000002f00)=[{&(0x7f0000000940)="fb", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000f40)='@', 0x1}], 0x1, &(0x7f0000001340)=ANY=[@ANYBLOB="8d"], 0x70}}], 0x2, 0xf000080) 2.392064574s ago: executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000280)={'#! ', '', [{0x20, '\x00\x00\x00\x00\x00\x00'}, {0x20, '\x05'}, {0x20, '[{\xd6${\'\xf5(\'([}'}, {0x20, ',$*\x19*'}, {0x20, '{)%]['}, {0x20, '*'}, {0x20, '(C.^'}]}, 0x2d) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16, @ANYBLOB="090d2000000000f0ff000700000008000300", @ANYRES32=r7, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc0008000500040000001400040073"], 0x58}}, 0x0) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x2c, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x2c}}, 0x0) sendfile(r2, r1, 0x0, 0x100004002) 2.165397792s ago: executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) 2.153946414s ago: executing program 0: r0 = socket$tipc(0x1e, 0x2, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) sendmsg$tipc(r0, &(0x7f00000006c0)={&(0x7f0000000540)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3}}, 0x10, 0x0}, 0x0) 1.947110136s ago: executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000280)={'#! ', '', [{0x20, '\x00\x00\x00\x00\x00\x00'}, {0x20, '\x05'}, {0x20, '[{\xd6${\'\xf5(\'([}'}, {0x20, ',$*\x19*'}, {0x20, '{)%]['}, {0x20, '*'}, {0x20, '(C.^'}]}, 0x2d) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000300)={'wlan0\x00'}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x2c, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x2c}}, 0x0) sendfile(r2, r1, 0x0, 0x100004002) 1.938392363s ago: executing program 4: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x20048004, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x28, r3, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev}]}]}, 0x28}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x28, r5, 0x1, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1a}]}]}, 0x28}}, 0x0) 1.7126425s ago: executing program 4: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01080076d300000000000b00000008000300", @ANYRES32=r2, @ANYBLOB="30005080110001004abee339084eeef16f162471f400000005000900010000000500020000000000080003000aac0f"], 0x4c}}, 0x0) 1.696664531s ago: executing program 1: sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000000)={0x44, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r2}, @val={0xc}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'nicvf0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}]}, 0x44}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_BT_SECURITY(r5, 0x112, 0x4, 0x0, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0xcb) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000400)='kfree\x00', r6}, 0x10) r7 = socket$inet6_dccp(0xa, 0x6, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, &(0x7f0000000000)={@loopback}, 0x30) 1.67558686s ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000049c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a4693989c36ffffffffffffd0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1530f8d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c11090000000000000000b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f98117919472b61b20026d7e646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c8565117fcb8ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17911540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db55474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc240000000000127535a468702cac97b6b82a6e65d4cf1200"/2702], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xe80, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f088a847e0ffff00124000632f77fbac141416e000030a94029f034d2f87e589ca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c) 1.616155775s ago: executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'macvlan0\x00'}) sendmsg$nl_route(r0, &(0x7f0000002240)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000002380)=@newlink={0x48, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_MTU={0x8, 0x4, 0x200}, @IFLA_ADDRESS={0xa, 0x1, @dev}]}, 0x48}}, 0x0) 1.502403581s ago: executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000280)={'#! ', '', [{0x20, '\x00\x00\x00\x00\x00\x00'}, {0x20, '\x05'}, {0x20, '[{\xd6${\'\xf5(\'([}'}, {0x20, ',$*\x19*'}, {0x20, '{)%]['}, {0x20, '*'}, {0x20, '(C.^'}]}, 0x2d) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16, @ANYBLOB="090d2000000000f0ff000700000008000300", @ANYRES32=r7, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc0008000500040000001400040073"], 0x58}}, 0x0) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x2c, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x2c}}, 0x0) sendfile(r2, r1, 0x0, 0x100004002) 1.501254047s ago: executing program 4: r0 = socket$tipc(0x1e, 0x2, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) sendmsg$tipc(r0, &(0x7f00000006c0)={&(0x7f0000000540)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3}}, 0x10, 0x0}, 0x0) 1.483459748s ago: executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000280)={'#! ', '', [{0x20, '\x00\x00\x00\x00\x00\x00'}, {0x20, '\x05'}, {0x20, '[{\xd6${\'\xf5(\'([}'}, {0x20, ',$*\x19*'}, {0x20, '{)%]['}, {0x20, '*'}, {0x20, '(C.^'}]}, 0x2d) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="090d2000000000f0ff000700000008000300", @ANYRES32=r7, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc0008000500040000001400040073"], 0x58}}, 0x0) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x2c, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x2c}}, 0x0) sendfile(r2, r1, 0x0, 0x100004002) 1.446244399s ago: executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) 1.390687137s ago: executing program 1: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x20048004, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x28, r3, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev}]}]}, 0x28}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x14, r5, 0x1, 0x0, 0x0, {0x7}}, 0x14}}, 0x0) 1.287369727s ago: executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000280)={'#! ', '', [{0x20, '\x00\x00\x00\x00\x00\x00'}, {0x20, '\x05'}, {0x20, '[{\xd6${\'\xf5(\'([}'}, {0x20, ',$*\x19*'}, {0x20, '{)%]['}, {0x20, '*'}, {0x20, '(C.^'}]}, 0x2d) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000300)={'wlan0\x00'}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x2c, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x2c}}, 0x0) sendfile(r2, r1, 0x0, 0x100004002) 1.060543081s ago: executing program 3: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x20048004, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x28, r3, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev}]}]}, 0x28}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x28, r5, 0x1, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1a}]}]}, 0x28}}, 0x0) 1.038330874s ago: executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet(r0, &(0x7f0000001400)=[{{0x0, 0x0, &(0x7f0000002f00)=[{&(0x7f0000000940)="fb", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000f40)='@', 0x1}], 0x1, &(0x7f0000001340)=ANY=[@ANYBLOB="8d"], 0x70}}], 0x2, 0xf000080) 982.742351ms ago: executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000280)={'#! ', '', [{0x20, '\x00\x00\x00\x00\x00\x00'}, {0x20, '\x05'}, {0x20, '[{\xd6${\'\xf5(\'([}'}, {0x20, ',$*\x19*'}, {0x20, '{)%]['}, {0x20, '*'}, {0x20, '(C.^'}]}, 0x2d) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000300)={'wlan0\x00'}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x2c, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x2c}}, 0x0) sendfile(r2, r1, 0x0, 0x100004002) 955.005195ms ago: executing program 0: r0 = socket$inet_smc(0x2b, 0x1, 0x0) bind$inet(r0, 0x0, 0x0) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10) sendmsg$inet(r0, &(0x7f0000001680)={0x0, 0x0, 0x0}, 0x0) 782.385556ms ago: executing program 3: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01080076d300000000000b00000008000300", @ANYRES32=r2, @ANYBLOB="30005080110001004abee339084eeef16f162471f400000005000900010000000500020000000000080003000aac0f"], 0x4c}}, 0x0) 751.212478ms ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000049c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a4693989c36ffffffffffffd0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1530f8d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c11090000000000000000b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f98117919472b61b20026d7e646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c8565117fcb8ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17911540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db55474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc240000000000127535a468702cac97b6b82a6e65d4cf1200"/2702], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xe80, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f088a847e0ffff00124000632f77fbac141416e000030a94029f034d2f87e589ca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c) 644.529278ms ago: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f00000000c0), 0x4) syz_emit_ethernet(0x32, &(0x7f00000002c0)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0) 557.119024ms ago: executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'macvlan0\x00'}) sendmsg$nl_route(r0, &(0x7f0000002240)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000002380)=@newlink={0x48, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_MTU={0x8, 0x4, 0x200}, @IFLA_ADDRESS={0xa, 0x1, @dev}]}, 0x48}}, 0x0) 538.315295ms ago: executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x4a, &(0x7f00000003c0)={@local, @random="c5f9772bb146", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @private0, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0x5}}}}}}}, 0x0) 523.112783ms ago: executing program 1: sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000000)={0x44, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r2}, @val={0xc}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'nicvf0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}]}, 0x44}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_BT_SECURITY(r5, 0x112, 0x4, 0x0, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0xcb) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000400)='kfree\x00', r6}, 0x10) r7 = socket$inet6_dccp(0xa, 0x6, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, &(0x7f0000000000)={@loopback}, 0x30) 298.689603ms ago: executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000280)={'#! ', '', [{0x20, '\x00\x00\x00\x00\x00\x00'}, {0x20, '\x05'}, {0x20, '[{\xd6${\'\xf5(\'([}'}, {0x20, ',$*\x19*'}, {0x20, '{)%]['}, {0x20, '*'}, {0x20, '(C.^'}]}, 0x2d) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16, @ANYBLOB="090d2000000000f0ff000700000008000300", @ANYRES32=r7, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc0008000500040000001400040073"], 0x58}}, 0x0) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x2c, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x2c}}, 0x0) sendfile(r2, r1, 0x0, 0x100004002) 272.618033ms ago: executing program 3: unshare(0x2a020400) 249.516794ms ago: executing program 1: pipe(&(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r5, 0x0, 0xf3a, 0x0) vmsplice(r4, &(0x7f00000003c0)=[{0x0}], 0x1, 0x0) write(r1, &(0x7f0000001100)="94", 0x1) tee(r0, r5, 0xaf5, 0x0) write$binfmt_script(r5, &(0x7f0000000540)={'#! ', './file0'}, 0xb) write(r2, 0x0, 0x0) 0s ago: executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000280)={'#! ', '', [{0x20, '\x00\x00\x00\x00\x00\x00'}, {0x20, '\x05'}, {0x20, '[{\xd6${\'\xf5(\'([}'}, {0x20, ',$*\x19*'}, {0x20, '{)%]['}, {0x20, '*'}, {0x20, '(C.^'}]}, 0x2d) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="090d2000000000f0ff000700000008000300", @ANYRES32=r7, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc0008000500040000001400040073"], 0x58}}, 0x0) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x2c, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x2c}}, 0x0) sendfile(r2, r1, 0x0, 0x100004002) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.232' (ED25519) to the list of known hosts. 2024/06/14 13:35:58 fuzzer started 2024/06/14 13:35:58 dialing manager at 10.128.0.169:30016 [ 82.230172][ T5095] cgroup: Unknown subsys name 'net' [ 82.517358][ T5095] cgroup: Unknown subsys name 'rlimit' 2024/06/14 13:36:00 starting 5 executor processes [ 83.877308][ T5100] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 84.970922][ T5124] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 84.977379][ T5131] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 84.980610][ T5124] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.987767][ T5131] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 84.996047][ T5124] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.002850][ T5131] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.009534][ T5124] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.023931][ T5131] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.024320][ T5124] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.032269][ T5131] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.039147][ T5124] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.046820][ T5131] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.052422][ T5124] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.059984][ T5133] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.073647][ T5124] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.073944][ T5133] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.088240][ T5124] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.091666][ T5133] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 85.103553][ T5133] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.111150][ T5124] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.111456][ T5133] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 85.119573][ T5124] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 85.126807][ T5133] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 85.133369][ T5124] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.149859][ T5119] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 85.150038][ T5133] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.165150][ T5133] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.165596][ T5124] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 85.199270][ T5124] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 85.212864][ T5133] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 85.908610][ T5117] chnl_net:caif_netlink_parms(): no params data found [ 85.938299][ T5127] chnl_net:caif_netlink_parms(): no params data found [ 85.965001][ T5125] chnl_net:caif_netlink_parms(): no params data found [ 86.113635][ T5115] chnl_net:caif_netlink_parms(): no params data found [ 86.162426][ T5116] chnl_net:caif_netlink_parms(): no params data found [ 86.250612][ T5127] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.258914][ T5127] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.267044][ T5127] bridge_slave_0: entered allmulticast mode [ 86.275843][ T5127] bridge_slave_0: entered promiscuous mode [ 86.347462][ T5127] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.355501][ T5127] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.363156][ T5127] bridge_slave_1: entered allmulticast mode [ 86.370763][ T5127] bridge_slave_1: entered promiscuous mode [ 86.392490][ T5117] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.399708][ T5117] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.407693][ T5117] bridge_slave_0: entered allmulticast mode [ 86.415645][ T5117] bridge_slave_0: entered promiscuous mode [ 86.425792][ T5125] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.433191][ T5125] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.440430][ T5125] bridge_slave_0: entered allmulticast mode [ 86.448215][ T5125] bridge_slave_0: entered promiscuous mode [ 86.487395][ T5117] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.495256][ T5117] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.503191][ T5117] bridge_slave_1: entered allmulticast mode [ 86.510400][ T5117] bridge_slave_1: entered promiscuous mode [ 86.530808][ T5125] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.538616][ T5125] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.546124][ T5125] bridge_slave_1: entered allmulticast mode [ 86.553923][ T5125] bridge_slave_1: entered promiscuous mode [ 86.600680][ T5127] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.615368][ T5127] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.651202][ T5115] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.658986][ T5115] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.666523][ T5115] bridge_slave_0: entered allmulticast mode [ 86.675071][ T5115] bridge_slave_0: entered promiscuous mode [ 86.684172][ T5115] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.691531][ T5115] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.699393][ T5115] bridge_slave_1: entered allmulticast mode [ 86.707157][ T5115] bridge_slave_1: entered promiscuous mode [ 86.758309][ T5117] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.810648][ T5116] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.819584][ T5116] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.828566][ T5116] bridge_slave_0: entered allmulticast mode [ 86.836744][ T5116] bridge_slave_0: entered promiscuous mode [ 86.863818][ T5117] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.892997][ T5125] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.907138][ T5125] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.934455][ T5115] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.944416][ T5116] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.952312][ T5116] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.959980][ T5116] bridge_slave_1: entered allmulticast mode [ 86.967654][ T5116] bridge_slave_1: entered promiscuous mode [ 86.991321][ T5127] team0: Port device team_slave_0 added [ 87.029655][ T5125] team0: Port device team_slave_0 added [ 87.038797][ T5115] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.081587][ T5127] team0: Port device team_slave_1 added [ 87.106438][ T5117] team0: Port device team_slave_0 added [ 87.116876][ T5117] team0: Port device team_slave_1 added [ 87.125914][ T5125] team0: Port device team_slave_1 added [ 87.148923][ T5115] team0: Port device team_slave_0 added [ 87.158421][ T5116] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.213564][ T5126] Bluetooth: hci1: command tx timeout [ 87.213584][ T5133] Bluetooth: hci2: command tx timeout [ 87.225666][ T5130] Bluetooth: hci0: command tx timeout [ 87.249152][ T5115] team0: Port device team_slave_1 added [ 87.271559][ T5116] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.282704][ T5127] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.289781][ T5127] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.316686][ T5126] Bluetooth: hci3: command tx timeout [ 87.322919][ T5126] Bluetooth: hci4: command tx timeout [ 87.324735][ T5127] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.345272][ T5117] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.352656][ T5117] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.379170][ T5117] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.391329][ T5125] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.400096][ T5125] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.427054][ T5125] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.480412][ T5127] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.487883][ T5127] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.515864][ T5127] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.528158][ T5117] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.535825][ T5117] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.562278][ T5117] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.581653][ T5125] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.588981][ T5125] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.615010][ T5125] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.627000][ T5115] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.634728][ T5115] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.662097][ T5115] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.675801][ T5115] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.683164][ T5115] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.709366][ T5115] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.725835][ T5116] team0: Port device team_slave_0 added [ 87.737657][ T5116] team0: Port device team_slave_1 added [ 87.920383][ T5127] hsr_slave_0: entered promiscuous mode [ 87.932625][ T5127] hsr_slave_1: entered promiscuous mode [ 88.039364][ T5125] hsr_slave_0: entered promiscuous mode [ 88.047073][ T5125] hsr_slave_1: entered promiscuous mode [ 88.054927][ T5125] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.063442][ T5125] Cannot create hsr debugfs directory [ 88.070592][ T5116] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.078879][ T5116] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.107314][ T5116] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.190461][ T5116] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.199094][ T5116] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.229954][ T5116] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.263156][ T5117] hsr_slave_0: entered promiscuous mode [ 88.270129][ T5117] hsr_slave_1: entered promiscuous mode [ 88.277159][ T5117] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.285563][ T5117] Cannot create hsr debugfs directory [ 88.390884][ T5115] hsr_slave_0: entered promiscuous mode [ 88.398274][ T5115] hsr_slave_1: entered promiscuous mode [ 88.407344][ T5115] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.416204][ T5115] Cannot create hsr debugfs directory [ 88.535284][ T5116] hsr_slave_0: entered promiscuous mode [ 88.543046][ T5116] hsr_slave_1: entered promiscuous mode [ 88.549687][ T5116] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.558084][ T5116] Cannot create hsr debugfs directory [ 89.013203][ T5127] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.040071][ T5127] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.054163][ T5127] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.071681][ T5127] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.145856][ T5125] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.173003][ T5125] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.194078][ T5125] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.205378][ T5125] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.292447][ T5126] Bluetooth: hci1: command tx timeout [ 89.293405][ T5133] Bluetooth: hci0: command tx timeout [ 89.298266][ T5130] Bluetooth: hci2: command tx timeout [ 89.326526][ T5115] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 89.350282][ T5115] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 89.363482][ T5115] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 89.372554][ T5130] Bluetooth: hci4: command tx timeout [ 89.372561][ T5133] Bluetooth: hci3: command tx timeout [ 89.394252][ T5115] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 89.511782][ T5117] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.539251][ T5117] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.584900][ T5117] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.601922][ T5117] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.647727][ T5116] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.661896][ T5127] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.704404][ T5116] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.720760][ T5116] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.768592][ T5127] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.776320][ T5116] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.813961][ T5121] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.821512][ T5121] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.859606][ T5125] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.890480][ T5121] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.897878][ T5121] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.026208][ T5115] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.047630][ T5125] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.091715][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.099110][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.112170][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.119349][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.144575][ T5117] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.219816][ T5115] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.264613][ T5117] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.328443][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.336620][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.358605][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.365949][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.386610][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.393894][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.409240][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.417418][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.625211][ T5116] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.650587][ T5127] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.746496][ T5116] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.801383][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.808637][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.830831][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.838169][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.920589][ T5125] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.000332][ T5127] veth0_vlan: entered promiscuous mode [ 91.123966][ T5127] veth1_vlan: entered promiscuous mode [ 91.271660][ T5125] veth0_vlan: entered promiscuous mode [ 91.320140][ T5117] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.334416][ T5115] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.347157][ T5125] veth1_vlan: entered promiscuous mode [ 91.365315][ T5127] veth0_macvtap: entered promiscuous mode [ 91.376170][ T5133] Bluetooth: hci0: command tx timeout [ 91.384728][ T5133] Bluetooth: hci2: command tx timeout [ 91.386666][ T5130] Bluetooth: hci1: command tx timeout [ 91.431087][ T5127] veth1_macvtap: entered promiscuous mode [ 91.456870][ T5126] Bluetooth: hci4: command tx timeout [ 91.463206][ T5130] Bluetooth: hci3: command tx timeout [ 91.608146][ T5127] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.630893][ T5125] veth0_macvtap: entered promiscuous mode [ 91.664765][ T5127] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.678201][ T5117] veth0_vlan: entered promiscuous mode [ 91.708096][ T5127] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.721229][ T5127] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.737675][ T5127] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.747269][ T5127] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.776655][ T5116] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.795065][ T5125] veth1_macvtap: entered promiscuous mode [ 91.809883][ T5117] veth1_vlan: entered promiscuous mode [ 91.916308][ T5125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.927590][ T5125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.941553][ T5125] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.977440][ T5125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.988790][ T5125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.001513][ T5125] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.068408][ T5117] veth0_macvtap: entered promiscuous mode [ 92.099919][ T5125] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.112946][ T5125] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.125201][ T5125] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.136095][ T5125] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.166281][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.177687][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.188130][ T5116] veth0_vlan: entered promiscuous mode [ 92.201710][ T5115] veth0_vlan: entered promiscuous mode [ 92.209526][ T5117] veth1_macvtap: entered promiscuous mode [ 92.271660][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.285248][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.299669][ T5116] veth1_vlan: entered promiscuous mode [ 92.334278][ T5117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.345469][ T5117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.355587][ T5117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.366192][ T5117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.378892][ T5117] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.408005][ T5115] veth1_vlan: entered promiscuous mode [ 92.445897][ T5117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.456625][ T5117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.470652][ T5117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.481223][ T5117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.493563][ T5117] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.569166][ T5117] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.595330][ T5117] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.612488][ T5117] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.618113][ T5203] netlink: 2048 bytes leftover after parsing attributes in process `syz-executor.0'. [ 92.627691][ T5117] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.645948][ T5203] netlink: get zone limit has 8 unknown bytes [ 92.700478][ T2397] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.723476][ T2397] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.786543][ T5116] veth0_macvtap: entered promiscuous mode [ 92.816229][ T5116] veth1_macvtap: entered promiscuous mode [ 92.879949][ T5115] veth0_macvtap: entered promiscuous mode [ 92.957876][ T5115] veth1_macvtap: entered promiscuous mode [ 92.975622][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.987309][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.001639][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.013302][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.023620][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.034437][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.047377][ T5116] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.058381][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.061266][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.082595][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.086065][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.107724][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.118741][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.135903][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.147347][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.159705][ T5116] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.201366][ T5116] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.211616][ T5116] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.223062][ T5116] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.232891][ T5116] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.300671][ T5115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.324355][ T2397] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.332750][ T2397] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.340888][ T5115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.352018][ T5115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.363484][ T5115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.374463][ T5115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.386305][ T5115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.396826][ T5115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.409522][ T5115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.422786][ T5115] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.457558][ T5130] Bluetooth: hci1: command tx timeout [ 93.463628][ T5130] Bluetooth: hci2: command tx timeout [ 93.464616][ T5126] Bluetooth: hci0: command tx timeout [ 93.494938][ T5115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.520095][ T5115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.533160][ T5126] Bluetooth: hci3: command tx timeout [ 93.534203][ T5130] Bluetooth: hci4: command tx timeout [ 93.576185][ T5115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.586903][ T5115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.601556][ T5115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.620609][ T5115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.632439][ T5115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.653701][ T5115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.670118][ T5115] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.751486][ T5210] warning: `syz-executor.0' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 93.786466][ T5115] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.808482][ T5115] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.851160][ T5115] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.873924][ T5115] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.923752][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.931910][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.152533][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.195258][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.331673][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.362723][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.435485][ T5222] bridge_slave_1: left allmulticast mode [ 94.441849][ T5222] bridge_slave_1: left promiscuous mode [ 94.462086][ T5222] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.510029][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.555583][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.647431][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.698809][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.016530][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 97.957267][ T45] cfg80211: failed to load regulatory.db [ 99.810337][ T5364] tipc: Can't bind to reserved service type 0 [ 101.627187][ T5387] Zero length message leads to an empty skb [ 105.344755][ T5471] gretap0: refused to change device tx_queue_len [ 105.372587][ T5471] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 109.288585][ T5534] gretap0: refused to change device tx_queue_len [ 109.305967][ T5534] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 109.960112][ T5586] gretap0: refused to change device tx_queue_len [ 109.972700][ T5586] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 119.685634][ T29] audit: type=1804 audit(1718372196.475:2): pid=5919 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2744876283/syzkaller.aL6mYi/56/cgroup.controllers" dev="sda1" ino=1944 res=1 errno=0 [ 119.830690][ T29] audit: type=1804 audit(1718372196.585:3): pid=5924 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3132851105/syzkaller.uMwJw3/63/cgroup.controllers" dev="sda1" ino=1945 res=1 errno=0 [ 120.299194][ T29] audit: type=1804 audit(1718372197.085:4): pid=5946 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3132851105/syzkaller.uMwJw3/65/cgroup.controllers" dev="sda1" ino=1950 res=1 errno=0 [ 120.587726][ T29] audit: type=1804 audit(1718372197.375:5): pid=5959 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2744876283/syzkaller.aL6mYi/59/cgroup.controllers" dev="sda1" ino=1964 res=1 errno=0 [ 120.728655][ T29] audit: type=1804 audit(1718372197.515:6): pid=5961 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir4110946229/syzkaller.p9jhvO/81/cgroup.controllers" dev="sda1" ino=1948 res=1 errno=0 [ 121.241797][ T29] audit: type=1804 audit(1718372198.025:7): pid=5985 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir4110946229/syzkaller.p9jhvO/83/cgroup.controllers" dev="sda1" ino=1960 res=1 errno=0 [ 121.274807][ T5985] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 121.349468][ T29] audit: type=1804 audit(1718372198.125:8): pid=5980 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2744876283/syzkaller.aL6mYi/62/cgroup.controllers" dev="sda1" ino=1961 res=1 errno=0 [ 121.472462][ T29] audit: type=1804 audit(1718372198.235:9): pid=5989 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2019895026/syzkaller.iJByYc/58/cgroup.controllers" dev="sda1" ino=1958 res=1 errno=0 [ 121.865935][ T29] audit: type=1804 audit(1718372198.645:10): pid=5996 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2019895026/syzkaller.iJByYc/59/cgroup.controllers" dev="sda1" ino=1939 res=1 errno=0 [ 122.337081][ T5115] syz-executor.4 (5115) used greatest stack depth: 18448 bytes left [ 122.420201][ T29] audit: type=1804 audit(1718372199.205:11): pid=6013 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2019895026/syzkaller.iJByYc/61/cgroup.controllers" dev="sda1" ino=1951 res=1 errno=0 [ 122.518948][ T5126] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 122.533223][ T2397] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.545782][ T5126] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 122.558649][ T5126] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 122.569616][ T5126] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 122.582650][ T5126] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 122.591374][ T5126] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 122.603975][ T6018] ================================================================== [ 122.612755][ T6018] BUG: KFENCE: invalid free in __hci_req_sync+0x62f/0x950 [ 122.612755][ T6018] [ 122.622619][ T6018] Invalid free of 0xffff88823bd6a000 (in kfence-#180): [ 122.629973][ T6018] __hci_req_sync+0x62f/0x950 [ 122.635493][ T6018] hci_req_sync+0xa9/0xd0 [ 122.640598][ T6018] hci_dev_cmd+0x4c5/0xa50 [ 122.645243][ T6018] sock_do_ioctl+0x158/0x460 [ 122.650034][ T6018] sock_ioctl+0x629/0x8e0 [ 122.655065][ T6018] __se_sys_ioctl+0xfc/0x170 [ 122.659879][ T6018] do_syscall_64+0xf3/0x230 [ 122.664558][ T6018] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.670892][ T6018] [ 122.673247][ T6018] kfence-#180: 0xffff88823bd6a000-0xffff88823bd6a0ef, size=240, cache=skbuff_head_cache [ 122.673247][ T6018] [ 122.686212][ T6018] allocated by task 5126 on cpu 1 at 122.603099s: [ 122.692800][ T6018] skb_clone+0x20c/0x390 [ 122.697381][ T6018] hci_cmd_work+0x29e/0x670 [ 122.702289][ T6018] process_scheduled_works+0xa2c/0x1830 [ 122.708327][ T6018] worker_thread+0x86d/0xd70 [ 122.713100][ T6018] kthread+0x2f0/0x390 [ 122.717303][ T6018] ret_from_fork+0x4b/0x80 [ 122.721774][ T6018] ret_from_fork_asm+0x1a/0x30 [ 122.722167][ T6023] netlink: 'syz-executor.3': attribute type 11 has an invalid length. [ 122.726655][ T6018] [ 122.726668][ T6018] freed by task 5126 on cpu 1 at 122.603836s: [ 122.726779][ T6018] hci_req_sync_complete+0xe7/0x290 [ 122.726811][ T6018] hci_event_packet+0xc71/0x1540 [ 122.726830][ T6018] hci_rx_work+0x3e8/0xca0 [ 122.726849][ T6018] process_scheduled_works+0xa2c/0x1830 [ 122.726868][ T6018] worker_thread+0x86d/0xd70 [ 122.726888][ T6018] kthread+0x2f0/0x390 [ 122.726911][ T6018] ret_from_fork+0x4b/0x80 [ 122.726937][ T6018] ret_from_fork_asm+0x1a/0x30 [ 122.726966][ T6018] [ 122.726985][ T6018] CPU: 0 PID: 6018 Comm: syz-executor.4 Not tainted 6.10.0-rc2-syzkaller-00249-gbe27b8965297 #0 [ 122.727010][ T6018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 122.727029][ T6018] ================================================================== [ 122.727041][ T6018] Kernel panic - not syncing: KFENCE: panic_on_warn set ... [ 122.727365][ T6018] CPU: 0 PID: 6018 Comm: syz-executor.4 Not tainted 6.10.0-rc2-syzkaller-00249-gbe27b8965297 #0 [ 122.727390][ T6018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 122.727412][ T6018] Call Trace: [ 122.727423][ T6018] [ 122.727434][ T6018] dump_stack_lvl+0x241/0x360 [ 122.727484][ T6018] ? __pfx_dump_stack_lvl+0x10/0x10 [ 122.727515][ T6018] ? __pfx__printk+0x10/0x10 [ 122.727540][ T6018] ? vprintk_emit+0x631/0x770 [ 122.727583][ T6018] ? vscnprintf+0x5d/0x90 [ 122.727619][ T6018] panic+0x349/0x860 [ 122.727648][ T6018] ? check_panic_on_warn+0x21/0xb0 [ 122.727684][ T6018] ? __pfx_panic+0x10/0x10 [ 122.727707][ T6018] ? _printk+0xd5/0x120 [ 122.727732][ T6018] ? __pfx__printk+0x10/0x10 [ 122.727762][ T6018] ? __pfx__printk+0x10/0x10 [ 122.727798][ T6018] check_panic_on_warn+0x86/0xb0 [ 122.727835][ T6018] kfence_report_error+0x998/0xd10 [ 122.727868][ T6018] ? mark_lock+0x9a/0x350 [ 122.727907][ T6018] ? __pfx_kfence_report_error+0x10/0x10 [ 122.727941][ T6018] ? kfence_guarded_free+0x16c/0x4e0 [ 122.727967][ T6018] ? kmem_cache_free+0x1b1/0x350 [ 122.727989][ T6018] ? __hci_req_sync+0x62f/0x950 [ 122.728017][ T6018] ? hci_req_sync+0xa9/0xd0 [ 122.728044][ T6018] ? hci_dev_cmd+0x4c5/0xa50 [ 122.728075][ T6018] ? sock_do_ioctl+0x158/0x460 [ 122.728104][ T6018] ? sock_ioctl+0x629/0x8e0 [ 122.728131][ T6018] ? __se_sys_ioctl+0xfc/0x170 [ 122.728155][ T6018] ? do_syscall_64+0xf3/0x230 [ 122.728181][ T6018] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.728262][ T6018] ? _raw_spin_lock_irqsave+0xe1/0x120 [ 122.728296][ T6018] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 122.728329][ T6018] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 122.728377][ T6018] kfence_guarded_free+0x16c/0x4e0 [ 122.728413][ T6018] ? __hci_req_sync+0x62f/0x950 [ 122.728447][ T6018] kmem_cache_free+0x1b1/0x350 [ 122.728478][ T6018] __hci_req_sync+0x62f/0x950 [ 122.728514][ T6018] ? __pfx___hci_req_sync+0x10/0x10 [ 122.728555][ T6018] ? __pfx___mutex_lock+0x10/0x10 [ 122.728580][ T6018] ? __pfx_autoremove_wake_function+0x10/0x10 [ 122.728616][ T6018] ? __pfx_hci_scan_req+0x10/0x10 [ 122.728649][ T6018] hci_req_sync+0xa9/0xd0 [ 122.728683][ T6018] hci_dev_cmd+0x4c5/0xa50 [ 122.728713][ T6018] ? security_capable+0x90/0xb0 [ 122.728745][ T6018] ? __pfx_hci_dev_cmd+0x10/0x10 [ 122.728781][ T6018] ? hci_sock_ioctl+0x6c4/0xa40 [ 122.728819][ T6018] sock_do_ioctl+0x158/0x460 [ 122.728856][ T6018] ? __pfx_sock_do_ioctl+0x10/0x10 [ 122.728912][ T6018] sock_ioctl+0x629/0x8e0 [ 122.728943][ T6018] ? __pfx_sock_ioctl+0x10/0x10 [ 122.728970][ T6018] ? __fget_files+0x29/0x470 [ 122.729004][ T6018] ? __fget_files+0x3f6/0x470 [ 122.729033][ T6018] ? __fget_files+0x29/0x470 [ 122.729070][ T6018] ? bpf_lsm_file_ioctl+0x9/0x10 [ 122.729096][ T6018] ? security_file_ioctl+0x87/0xb0 [ 122.729119][ T6018] ? __pfx_sock_ioctl+0x10/0x10 [ 122.729149][ T6018] __se_sys_ioctl+0xfc/0x170 [ 122.729179][ T6018] do_syscall_64+0xf3/0x230 [ 122.729208][ T6018] ? clear_bhb_loop+0x35/0x90 [ 122.729241][ T6018] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.729281][ T6018] RIP: 0033:0x7fc8a7a7cc0b [ 122.729311][ T6018] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 122.729331][ T6018] RSP: 002b:00007ffc57b90070 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 122.729365][ T6018] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8a7a7cc0b [ 122.729382][ T6018] RDX: 00007ffc57b900e8 RSI: 00000000400448dd RDI: 0000000000000003 [ 122.729399][ T6018] RBP: 000055555cd76430 R08: 0000000000000000 R09: 0000000000000000 [ 122.729415][ T6018] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000 [ 122.729430][ T6018] R13: 0000000000000000 R14: 0000000000000003 R15: 000000000000000c [ 122.729469][ T6018] [ 122.736060][ T6018] Kernel Offset: disabled