last executing test programs: 16.099440225s ago: executing program 0 (id=2903): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x1000}, 0x48) socket$inet6_tcp(0xa, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) ioctl$sock_netrom_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0) r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @local}}, 0x24) sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000001880)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffd2d}}], 0xf000, 0x10002, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0xfecc) socket$nl_route(0x10, 0x3, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000073c0)=[{{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000780)=""/130, 0x82}, {0x0}, {&(0x7f0000000840)=""/100, 0x64}, {&(0x7f00000008c0)=""/122, 0x7a}], 0x4, &(0x7f0000000300)=""/209, 0xd1}, 0x3}, {{&(0x7f0000004a80)=@l2tp={0x2, 0x0, @local}, 0x80, &(0x7f0000004b00), 0x0, &(0x7f0000004b40)=""/242, 0xf2}, 0xfb}, {{0x0, 0x0, &(0x7f0000004c80)=[{&(0x7f0000004c40)=""/8, 0x8}], 0x1, &(0x7f0000004cc0)=""/88, 0x58}, 0x5}, {{&(0x7f0000004d40)=@x25, 0x80, &(0x7f0000006040)=[{0x0}, {&(0x7f0000004f40)=""/235, 0xeb}], 0x2, &(0x7f0000006080)=""/148, 0x94}, 0x1}, {{&(0x7f0000006140)=@phonet, 0x80, &(0x7f0000006240)=[{&(0x7f00000061c0)=""/88, 0x58}], 0x1}, 0x5}, {{0x0, 0x0, &(0x7f0000006380)=[{&(0x7f0000006280)=""/164, 0xa4}, {&(0x7f0000006340)=""/18, 0x12}], 0x2, &(0x7f00000063c0)=""/4096, 0x1000}, 0x2}], 0x6, 0x40010021, &(0x7f0000007600)={0x0, 0x989680}) socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001f80), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_RESET_STATS(r1, &(0x7f0000002200)={0x0, 0x0, &(0x7f00000021c0)={&(0x7f0000000240)={0x50, r2, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x3c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x0, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, 0x0, 0x4000084) socket$nl_route(0x10, 0x3, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, &(0x7f0000007880)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000007840)={&(0x7f0000007780)={0xa0, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller0\x00'}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="5400000010000104000000000200000000000000", @ANYRES32=r5, @ANYBLOB="000000000000000034001280110001006272696467655f736c617665000000001c000580050021000000000006001f0000000000080022"], 0x54}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REQ_SET_REG(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="050100000000000000001b00000008009a00020045"], 0x1c}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x5, 0x0, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x90) socket$packet(0x11, 0x3, 0x300) 14.454192048s ago: executing program 0 (id=2929): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = accept(r1, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x983a0000, &(0x7f0000000a80)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0) 13.530251326s ago: executing program 0 (id=2945): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00'}) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a00)=ANY=[@ANYBLOB="9400f6021000010400"/20, @ANYRES32=0x0, @ANYBLOB="444dc9fe000000006400128009000100766c616e000000005400028006000100000000000c000200020000000a000000040004801c0003800c00010068e30000030000000c0001007f000000070000001c0004800c0001000200000060d506000c000100000000000200000008000500", @ANYRES32=r2], 0x94}}, 0x0) 13.509868878s ago: executing program 0 (id=2946): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000500)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x120, 0x1170, 0x1398, 0x0, 0x1170, 0x2a8, 0x1398, 0x1398, 0x2a8, 0x1398, 0x1d, 0x0, {[{{@ipv6={@empty, @mcast1, [], [], 'ip6tnl0\x00', 'veth0_to_hsr\x00', {}, {}, 0x6, 0x0, 0x3}, 0x0, 0xf8, 0x120, 0x0, {}, [@common=@inet=@ecn={{0x28}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@SYNPROXY={0x28}}, {{@uncond, 0x0, 0x160, 0x188, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @private0, @private0, @loopback}}]}, @common=@unspec=@NFQUEUE0={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 4.671168428s ago: executing program 0 (id=2948): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={0x0}, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x3c, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_FRAME={0x1e, 0x33, @disassoc={{{0x0, 0x0, 0xa, 0x0, 0x0, 0x1}, {}, @device_b, @device_a, @from_mac=@broadcast}, 0x0, @void}}]}, 0x3c}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f0000000140)={0x20}) write$cgroup_int(r3, &(0x7f0000000040), 0xfea0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_cpus\x00', 0x275a, 0x0) write$cgroup_int(r4, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x6, [@fwd={0x4}, @ptr={0x0, 0x0, 0x0, 0x2, 0x1}]}, {0x0, [0x0, 0x0, 0x0, 0x2e]}}, 0x0, 0x36, 0x0, 0x1}, 0x20) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r4, 0x660c) ioctl$EXT4_IOC_MOVE_EXT(r4, 0xc028660f, &(0x7f0000000000)={0x2880008, r3, 0x0, 0x7}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) preadv(r5, &(0x7f0000001580)=[{0x0}, {&(0x7f0000000340)=""/238, 0x78c00}], 0x2, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$ifreq_SIOCGIFINDEX_wireguard(r8, 0x8933, &(0x7f0000000340)={'wg0\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r6, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)={0xa4, r7, 0x5d2346a9be0a0437, 0x0, 0x0, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r9}, @WGDEVICE_A_PEERS={0x88, 0x8, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}]}, {0x5c, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x2c, 0x9, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5}}]}]}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x8000}, @WGPEER_A_PUBLIC_KEY={0x24}]}]}]}, 0xa4}}, 0x0) r10 = socket$netlink(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r10, 0x8982, &(0x7f0000001e80)={0x3, 'vlan0\x00'}) r11 = socket$nl_route(0x10, 0x3, 0x0) r12 = socket$vsock_stream(0x28, 0x1, 0x0) getsockname(r12, &(0x7f00000014c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000001540)=0x80) sendmsg$nl_route_sched(r11, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000009380)={&(0x7f0000000140)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r13}}, 0x24}}, 0x0) 4.399849626s ago: executing program 0 (id=3029): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x3, [@fwd={0x5}]}, {0x0, [0x5f]}}, &(0x7f00000002c0)=""/213, 0x27, 0xd5, 0x1, 0x7f}, 0x20) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0x3}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002240)=@delchain={0x298, 0x65, 0x0, 0x0, 0x0, {}, [@filter_kind_options=@f_flow={{0x9}, {0x2c, 0x2, [@TCA_FLOW_ADDEND={0x8, 0x5, 0x7}, @TCA_FLOW_MASK={0x8, 0x6, 0x3e}, @TCA_FLOW_RSHIFT={0x8, 0x4, 0x6}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x20}]}}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_route={{0xa}, {0x228, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_POLICE={0x6c, 0x5, [@TCA_POLICE_RATE64={0xc}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4}}}, @TCA_POLICE_RESULT={0x8}, @TCA_POLICE_PEAKRATE64={0xc}, @TCA_POLICE_RATE64={0xc}]}, @TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_ACT={0x198, 0x6, [@m_ctinfo={0x64, 0x0, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_CTINFO_ZONE={0x6}]}, {0x2d, 0x6, "55eb88be72ea2bba577976ef9b5ab407e07afa05e4594285326849c2ec806d7b79f86d10adeb18245c"}, {0xc}, {0xc}}}, @m_tunnel_key={0xac, 0x1b, 0x0, 0x0, {{0xf}, {0x2c, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @mcast2}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @remote}]}, {0x54, 0x6, "9ef92f3aadf1b59a610c2f88aba1e0cb66b7d082c5e95478aef29f227e3114ea354232a77f61dcb824a831d5facbd60e44aa77c2fb4ee9cd6b29155e0b845b8a4b75cebb47dc583404c7e2754b9ddf74"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_bpf={0x44, 0x0, 0x0, 0x0, {{0x8}, {0xc, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6}]}, {0x11, 0x6, "538ccaa56078deef003c665683"}, {0xc}, {0xc}}}, @m_ctinfo={0x40, 0x0, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_CPMARK_MASK={0x8}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8}]}, {0x4}, {0xc}, {0xc}}}]}, @TCA_ROUTE4_IIF={0x8}]}}]}, 0x298}}, 0x0) sendto(0xffffffffffffffff, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x4}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000b00)={0x1488, 0x12, 0xa01, 0x0, 0x0, {0x7}, [@generic="d4c97e0dc01a101751fb27df7204985cd04ccab5dd0b057f6ec4ceb1c0566912418833b4acecbe28dea4ec0a9f7663cf22d87e8d2c7bc42831c9334094b684ef0a75ada87f6bcae9a163cf2d5f90a10e3b12b86cd4a36f63e7541e0a1d1d60c0db62cd1236342a679a2f8734f347e8f6fa523fc8f2b8012ad46f3141b6426671cc8f125015d95d3bba172c5b977540ae9711db6260aef4fc97b9405f4e308027bb28f49ff0019482ba79cf108dc7fda430a281d8c9e66dcc7307668be299822dcc057754884c050b64d15875d1772cbb7ce71fc1c9718d573542e53b524a4be9bb2a4cd073a83b31665180f022deae8ea04d6bdef998e0083032fc78ae1af082eadae5afb186f9d6cbd64e1fc99a8f2856226670c31fe248f9dd419b99277f2fb2a0abdcc7feff99ed22b8ac5d97bf1f46e72d713b77de5578dd904263f58a49e2cc8e1cc2a35884e742187a43c7c1483a0e99c0f8272f5504f77108eb50a831d00e11162ce58c84838ddf5da419c4bd5a64e5ac67374f488393d061ee566aeec6be3307aa88445d6b79460674fa5e8e4af9d67068df86500a42483d96a4af58c5648ade521d29747262fbe3680903c1bb0e91abbcab0212c6b7c41e9299d934018aa9d93a11991a775c16ba77de2be46951a8a4d38a29ffb003097b15a9c20b18ed7d094f42ceb0e569190565706f92eaf203c48a1e34eaa4d80f094c173047a05c56e51d024159b09300e88ad789e257a894204ff607db8b2bd1efc72a4423527636c2b4746dce2a5f15d94dd701e76d292581a6e32db7fe8d86aabb73fb710c2aef6e86674b2948911f5b761b84bc86cb58924640811fa6c7efb2b057399612b91b59db083e80502cd7e30d83ad797d9ac3ee213265fb48523e9fb40e2b06458e189299265f2ded709e6fd751268cc6444b5f836eb075269fb9dabdf9ea6903f7a255dc33c927b3da6fa8ce38b2eb6a7ed05e81c28110c9916c1901c9c9df238920c8dfe6129d424eebb8657b8fd38641539b913c3b6d89a89dcdfddd4ff7737ba2bd7e31c5e316dd5ea0f15558591cf350ddb8443e656926c86735e6982bbadf92f4c51ea0ef6474e99cd14abc60e921351fcb8bceb460161fe2810c0456e7cffd1c6c54026cade3a1a267f4e6c10a7138ff3342cca310109b682398c1bc12b9f9992ae21593097f7ea88869019bbe7808e80767707c5b4509ce76669e6e976b7a0a183f174df6f4e7b84c407f90b87929df79bd51385e92c7700a8db2601a29778bed21cb521d01fe9c37732d72ee73ff5309777cd80a7db20165619b095955610d02dbf398b73e1afca17f4124779cb89a7d0b89cd1f24e35af9776982f97c94fd430e46049da8ef1132c5872343093688ff2e2f963113afd90fcf695591b949fd23d599a7e7d0ae12c85c6c99f149ec0b9d0481d0255f1af545a1ae1ebda6d1a2fbe1b9b1c7650a317039a754394c8a4e9fc83167a629927b36aa7ebeeb93fa6f3165a5461077d196c0adf16ea88f73d0a79654b26fb65fb64c29fffeaf887b884101f3b10c291501d8932bacaf157e84b85fccba6b1888cac0b8b1a2f7145d25ea48c020105b2d93a5ff48f5172b8cca01201ba379c7e4aee39163d207ee3cde54e78c7c98736b14480b75208940aa1e6f1ad8cae0a3abba0f32e5399cdde185bb55a0c4692ad9281ce91e22d4b2e8a74e84fb9960a6f1ca54db1553dd93f693a3bb8cdaf9f608f0dea7f0e61dbd6bb530a8098f56dc48a31f5ecbcdb15b9bcfae5f5c1c06cf82872b355c309add19cc6cd44ac047a1aa6c0bb2c56f90939fc83f672b35aa9507e92df78c199c8e0453657cf18243347e0bfb3a18cbdd5a146935b26573b591e1f8f7c57e05ff3e2e8cac6dd22feeae44ce7410a464e94b4cf1016c7a6b8fce57500ca4831cf2ff6533cc80675cd7d4914be871bfe58b420943a2584e302e55b55a147c199bc32c3429b0b9fd20362f3eafa0aa5630c51448f91f038dc8871a694ca3c9526e433fee6f20208a9c8c34dc8fad0ac887da83d9d50084ade2495e4c332311cda3b1a5c5e9ed2bd1fc0a73f84f8fbb58b58d4fbc00e665d1f18e475f3e0bd46ccecd07727051f4f4ea6cc067127d91070b0f944958d7fcfb2690557880174cd0b940b1aea4472b37679ab9d1e8e8c73eb686fbea1ba85f6c02fe619e4ceb4cd63c0c492e1cd3c8344b5a8df0016096798696308c4862ab808f2b3245b0d1825d5cd413e3139864489686646bf1c8611b10bf483b52614614baff9dc00c2ae0a996aed657eaf5833c9fcaaac39cf1bbc241c3c3a2611485322ec1e20601858fc5f8321590a80bd4c0f55ac0d1eb05933b042ebe9c658e56ff0d9808c6fe5c9118ffbf39e4ef8f73b5fc7fe6d1b576a2c802f6bec8307114d196c6a236b523d8b6789d58079134cc3e19fad2280cecd5b3c5b80fcab031ad4ce25737079e4fd8b06fe11a19bd2101094ab873f642cf6ea673bd09e5c657dd718c5ed8d5b01ef2b1904bbab2b872afc6dbca3b0f88b2fc866d97223769f9e7f0a19273e1eed107e913686fa2389fa4f9cda8ef2bf22700a0b4d003ddd2d860a22e42627dcea8517d964301e6bcf16b3ad76b73d6640f9c4f0fb76fe39273f5814f6609eb96272591b6edd815a826ac065b5ba909cbbff0503a2a4d9e965121b8e635d294f1937ed55fd0c81707dd060875633fed013b9e5aa253467ec55a714875873cb9c8b183983b425c4b48d26185eebcdcd63b0f01f6024a0c2ae65b09df45cbd636de5af9bfba015bf295b0d870a96b57ed1e26e2be41baa69caaea83fd6d6eb02c3c89067077f2ec387b6a2ece831295e7a748a5087683291338c1aeca906522bf990c22dceab3ab7906e6e27afec03a6882bae67a8b14258fb23d20921039166f339a80a038125c0b2495cbe4fa158bc271a92abd7762256f899e71958814072d37c793cf6dbb42732ec7cc4a0eefa975fb5faf5d8c2b8d59bdb9ec92cb2ce4f3edb1e05690c066132abdaa5d1b0837f2d45e66db18b2d7f3be0893ae04bdfaf6f418952d5c84596a725e866c137425d3f5880d046b8f5c1079b35e9533a7a8f0bf8399fa2eb6365a172aa307cfd9f22d8229cd9357847eaead8ee71b848b7ce9011cb998a5d8a1f7206a97a9aaef8e72289a1d3b827ea4bc061be307328b715972adebdbf0574b4fa77eaa78572e3f9b31cfc40a9e368f52c7d16a3c678bd894443960a5c8af6818a2ac77ab497637d7353cd424d2a87bdbea1ab87940a0f6f08b5a705f17e31cb7c37f7c3a8ce261225b084e455847dd0d3dd2e1ad3b321c29114959999e917be2918ba7bb4efb0b4afda56d078c77a109cb0c3859a9e7c45a93ee1040a946de45cc6d7fc85c063b6da6ea374dedb2f7d00d12ae4cef8fea25c3dc4779448754109362016057f4e9ec1df5b94afd5f612b42d200b4ae75f2f37b4705a4486d761902e5ee3601a77e0dff5bd3a9b19e99c8cd0cacf26dd8c58955a7bb83802f9926d4599543772e9548a8f16cf3c2f377384842237ede7c848006a6707c0b4a95ab9a0d23586b7279739511088e2e36d610aa18c61fff94e7084db568ff4dfa81d824285758f8436114a3453063efd4da4f74ac8bbc7620ad15322efb8f262e9a108cc38a62e4988d14166e19b21abd7fc6a1477de9a93c0f9eac6278c638458058776ba064bfd11ac471b752d01dc7a4b4a43f55382171baa4561f8258ba38f0a7f0ad863619e44f47147a689c54ced59183edff900272756f07268b70604abe1c65d8f6a8617a515bceed99bedc69f7deae04f889745f2220b4b1c426063fd28ff20f1d0fa458eaed532ba491cfd5c633d2ee77b962e69b6bbfe0b2646918b1c4857869c7faa5ca9ae7bb83d4355823582e67089900712589603e1ec8771b5de996cfaf36f3034f790813abdc0c675a0f5ff9a35600146238f72e0b36446491ed3b4d2095f9f1c16a311a48bf83cca92e670c43dce4752d63305dddd53b91cbfbb90c5535ac0592d6b04f697d0dcaeba12b70cbbdee56f100c20249090a650d27444cbfd517e9d8416e716d16fcc798472ae2a807ef98665efed25c1a7f85e047601beb9faf5849f0e02b4455013514dac1a826c7d610d4dba285d97f807086991000278c736495d177556ce4b73d57fbee478532db7ea363a528873750574c886956c047857fa91fc622b8519ea7499d9c2a68c6f669b37edb636b4dd8ad1b93a152b7d4bf9e534156f62ea01761e8bfd633c45956e4ca8e762e35c85b8a68b6ba30c8608ee95e427e19891c27d946a0bc97845eace5f7cbc00db7f34982815df54d2fa4fe7f216294cbd7bdd5de2d5efae7408e6ebf7b1612ed9dc9ef1df37e88fc4fbb0b79bed6549c50a0c8b3c9143ddc8a34b23085997d20cb75c8a37686af4fc9372f67c98612ca907740e076b7400b6cbf69fff126f6d670ba117e9fbd6f813aa14b51ac0aa42e354cef59d554f3ecd761bf5d6e7b1edcba6a839c46a19e4c0a0b5f6425eb49bb38f33c003727e08ee9d1c982024134ef1ba5293796cf678eac4504f543151af8f8a4fff50cf0c8bf8ee2b84024003f487a72898e4e394b226182aa45b0c7f84300c01cae3f9f80a0e2b946350d5a68e1678eead57d4e97cddc26d3a840997c10ed1131536817bbb3ba3cbfb00912f443408f5bfa6838afd9a628b797d34af6659f87c910b6534c6c06928a99eae042472f41d587a3b3d663af3a34395962d296c1d321127522e691954f2c30031e157364c8bb269c60e3ed127e3702aa8dad28fcd7dc23b3d57f52a6c94b91a0c1b51d01d5dcd1ceb10561a066b12b6923403e95f487baad06c9b35d1f1679b4dc67810371debb558e604922846752331eca885ac8356f3e72116a09f9615065e7ed92c542594a277b74a06301baa2c370b2a106186cc17fc0b10f969cdd6b5341e87713782adf3d6c0bb35e3d3a0230052c849d7ba89e6910e271ea38927f20524dd2c38031a247509fa82d551ddc0784b0d5c51ecb42d16b961d00b7a5770be6c104473e697ddcd26e7cfa3fbc68d0cf35ac95de37a597046317a09c916a15afae62b27835e5a357a50340c630dddb41d770e746a3be4679e79bbd061ffec8d091075e1d5e8ac83052aef124388b7281389e8f8ca202c658f7674bbe642fcd6a9b651c455a5d80a823aff6a4486cf4348c8cdbd6b40a30c89945f00e252c427c10de0885127a393602186e6898d44f0978b822cc24a8d0926beb7dd4b5ecebb03f95fe226babf5edc2daa138602bd777b27e0a0522cf026887e05fcc01acc8b947235c17960c7fee42ecb0e2ed8976f76f1ec302d2ff343159e3151e9aa97d4fe1e6ef2117ef3f085ced7c499db86a690d86c6008068ca28de8979f6d8201e3c74cc7aef56611238fa426204ade88c26debaa84733756da491fd5eb380e0691018af1f1f6d85dee227c4994ae242320ef3ae23cf26748424f888bd87fc3d3844223efed21c200ddd47c3c290ae609844e07f188f70c7a284e30debb1d5429e66c5792eeb860a3b75329e9002553779c4cf3aece55510b1cc142941813e334d367cbbceb15d57bd062c488024487f8e1412d2b22a97879c1fc798689b989bf3647ddd81def2c108b3807d69b5d65f7a98d83b6dda451e81743f68a4ecca01ec8c95b354e7d7f18107c9274610f76bcf09f8dd18e3d2431348a2a00bc75ba266dd79738fa1be278d947a7b677c70cec847d83bae24905562517265e6de9a02a058fcd2c81f4aa8e43fc8418b34989c91d1dd7ae4e7b1", @generic="4890de3f6f0029759ef132d32770e17958f03a99b5b0e69595b62bc8bdd695c05412fd2cc902947fe0b62f54726ec423cd25deda6404c2e919e75dca15ed8ca3fa477b6707ba46594828bd810d4c991000dd4da71aa612d3135a5865901d0f9e8dd23a216c6be7282782b221caf96856cf55f0725f197425a76402726fa3d1a4a1e94ea0221050201b70ef10b460b8efceb9bca0270b1d2c030d6923e0b81a001bcb3ccee4a4c915fdf581c738c6c6a423360ded59be367919708a08f107b91a4dba36", @nested={0x1fe, 0x3c, 0x0, 0x1, [@typed={0xfffffffffffffeaa, 0xe7, 0x0, 0x0, @u64=0x6}, @generic="f980f74f1d695b7f07ddd65d1ad08543242b149e460a717a52d706d8ebef4c116b1f280d8ce06056d8f539927bf330c465aff973ccc9e5f8999362f404d25ba13a5c6d0ed54232ffc77c84d842b7fddef2add15b9ae4346ca206a7b6afbd3d97a2ad461cb6fa824036b593d7b42c272587e55c4c285094e12514f16ff1f67bf12b0e5f90cd8883b62a823379c5eb6f003763261d1c649e79dad64a52d9964f1e61df8cddedaf975d9763a6371e927c8118686479fd00ba55309f", @generic="d757e49bfcb96a92e3c572e3a631f8ef2e1b2e4c9eabcd92055e689950eadad7d7ea92dbce65b84b21a7f5b234e722e760af0ee562cede7feccb4df9b2992af9b2fb2b41aec9ada240900f28bc1879327552423a76eaad257ce3f458424ab1", @typed={0x6, 0xc3, 0x0, 0x0, @str=']\x00'}, @generic="da93663805f7af694eb50d1d64bf06786705bbc0ce6e30c3720d2204b22c60f01cb6c4e97fa40a7ad7022ba868981a4e515893b0f69d858c6875cec70158a17c5fe4387ab4538b531db19a7a88894feb6e18c49c", @generic="097f1646c49762d8f4491c49f8467d6e194be0aefb379c812f55496053e71ff81e5a91059ec4485b73eb87bd6741f27280777fc1714c0b1f207b60e4cc81b847149e585db60dac7068e47849618438f598863dfe97890d3ebabb1ed9cd3afeec868f1c030ca5d040416231bfd7176596cc9d163659918b3153"]}, @generic="3ceb696aa1aadf596aeaf9fb6b6ad4ae5dbd1335263c5aeb8f535d05b3b892c946f9f24dc311ea69fff61eba9abd5a287e7017809034dfb7968aa294cad3753ede8f514f17387b70391cd9780f5f5d791a0f5a0d4dd74e41e659701405e152db231157ad604578eedc3e7a65f6daba6817d7646f4ebab64d690d9c87f1c45a15a964485743166eb84eb49b678b9066", @typed={0x8, 0x2b, 0x0, 0x0, @u32=0x4}, @nested={0x116, 0x9e, 0x0, 0x1, [@typed={0x8, 0x6c, 0x0, 0x0, @fd=r0}, @generic="a37362c332a9360b56759d7431a605d8ac0d1c16996c288fc84fac899e9c76440917e908ee201bb9b7c483f80e751ee23b", @generic="77c75dda6edda3f4efa120ef0eac87afc32d30444d55ec0e0c4abc1449ae6fbbe46c8b9e6a0181363d05e7b266fd4d99204163452e166a761adcf109d346bdf032df4add279ae9d4fbdac58372e5df011e30a5fea278958ec57cec707349bf408cd842eb7910eb779b7bcba226b29fee8942cc7287804ca18320d05ac12b5e36cf7b54a15e047ecae95fcb4a666022b16627de8f5dfe9727a244a102c0f7bc0a7ff8195674a8d57431b6ba562859ff96659420bfe6be78f7e320c916a0a9c346f25338c1782189cd82cccb70d69b98bca8f411f3c9490dfe7e"]}]}, 0x1488}}, 0x0) getsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f00000000c0)={@dev, 0x0}, &(0x7f0000000140)=0x14) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000180), 0x12) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="1801000cdd59a52591a601002340810000f8ffffff0000850065d178ba18acdfb6b7"], &(0x7f0000000100)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', r1, 0x2, r2}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000800000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r4 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f00000000c0)={@dev, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20) connect$inet6(r4, &(0x7f00000002c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r4, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x380000, @loopback}, 0x1c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='contention_end\x00', r3}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udp(0x2, 0x2, 0x0) r5 = socket$nl_rdma(0x10, 0x3, 0x14) r6 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r6, 0x6, 0x13, &(0x7f0000000000)=0x1, 0xfef2) connect$inet(r6, &(0x7f0000000080)={0x2, 0x0, @dev}, 0x10) setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x9, &(0x7f0000000040), 0x4) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="b00000000314010027bd7000ffdbdf250900020073797a310000000008004100727865001400330070696d726567000000000000000000000900020073797a300000000008004100736977001400330076657468315f746f5f627269646765000900020073797a310000000008004100727865001400330076657468315f766c616e000000000000090002"], 0xb0}}, 0x0) 3.010076015s ago: executing program 3 (id=3047): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000cc0), 0x1c1341, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) syz_emit_ethernet(0x36, &(0x7f0000000180)={@link_local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @private=0xa010102}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) socket$inet_udp(0x2, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) write$cgroup_subtree(r2, &(0x7f0000000180)=ANY=[], 0x240) 2.982413505s ago: executing program 1 (id=3048): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0x3, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@generic={0x20}]}, &(0x7f0000000100)='syzkaller\x00'}, 0x80) 2.928778122s ago: executing program 2 (id=3049): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xc, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="720ac9ff002100007110490000000000950000000000080069c80a5e5d2065c69cd8dd8b77401fb2bd140642e234330569bfdd7fd743d8b7bccfabfa8241313df2eef11651c10599189407badd91b1ddc6f8b7"], &(0x7f0000000480)='GPL\x00'}, 0x80) 2.830100492s ago: executing program 1 (id=3050): bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x0, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000000000"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000980)=ANY=[@ANYBLOB="b702000026000000bfa300000000000007030000007effff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe000000008500000087000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67dafe6c8dc525d78c07f34e4d5b3185b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b0a341a2d7cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d9961b626c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a08060000000200000000000000334d83239dd27080e71113610e10d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3964663e88535c133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0182babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421ace5e845885efb5b9924e4beba3da8223fe5308e4e6505000000000000f8ddebf70132a4d0175b989b8eccf707882042e716df9b57b2090061d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc66bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787791e00015c1d093dab18fd0699fe3304000000323e9c7080397bc49d70c060d57bc81fe73bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db36f1dc6b792e825d8b743c1d82a5687f2ed690000000000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edeeeba72205beff7771bcb293747b88486cacee403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289ce2ad779ce71d4dc30cbb2cc4289d2f884d66cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c757fbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb3c76ff0700007981699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d2503a3ea376721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e6712824a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f5124948f8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f54b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580375b347b820c8523db1c9154826b6c16bd94d2da66059de81abfa15eeeb88b6ae5882ad341032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e071a89cd69b47dcb52b0be6a3a71afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc9223248b5e5717eac184f46c9f61b69f55cd2231bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a3262101932ddf460a098119a6f47eb1bac47946d7a009cbc6ec74c19a7293cc7c7138b28c95270116181fd5f553573c48104d2ad0e10d3663488e664401453f22f0d76d2162635365258af61ae1f46f4a7862f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee0725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed3071330c58145be813a10788a720a6b5a498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cf2c60538a505ad4a0510eebb023e4954c9eb6cd70627f5c03d867dbf3ad5d1f1dc852064dd0efb91dc88c096fc6fe9b876557e2afc3df20ec8faf3d194db76127f88f284fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7afe8a1f8cde79b7a6c5aafe954b8ba37818e40c14b37c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1db99c2cf2735ad6c5fabf082e0df0f8ba7e24272165e96bbb96b5e1f165c87e7ad68a3600b3d357fa9a7d53c281d88ebb175a4dbb82130e6870982947913110f091d21760d985afd3163f2e6880682442f9b3b97d57a9f980edfa1116a3d04d58872a07d6a7e12db673acd2f7b8988d833e71943fe2c1c65a3cf36b955c56b55bfd3ecf0af694c71a03f2996c15b1ba971de1cb9c7e6a0000000000000014783ef54c51199317413f98dca8ff3d0bda50f6c0af58514adfa17d31429c68db50a93d88199defd3b4625fea426ff9293a28a531a6a9e2a79b55daa1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718f3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e68884d7245bc5d61dc5a114d10ffb22e76678bbfc1e3865b47d128306d1b81884a934cb00000000000000000098a4526e6468987dbc63bff7590eb388afaba43d811996333eef7e9f472bee293f0c40d434b8be07cbd52325296e22802493edb5c590ad208bac683a8b2d4c9d2d57ff846ae8c422e0b285835ef0325a46671f11d8157bb762c91f3fbcca8e21589c92446ae65d408c0637ffcc2d44d715ce003dd1e12b085e186d069a55c2e96efbe5024d61a56a36d988c0f51a973a6c238e545b28211a920000000015ffffff7f0000000040a9d4e293690c5e697b3a1480e46df5371bca1cfb28a57c1b3c956ec81397e81fbf870a67385fea04220423f52ad8178b9fd04bdc7e5fee4bd52db996e633792118efdb6b88023e80da74fdf723c7f0df6ed4fbea810378d43597a2d4744f59a6963f625d9fd8460ae511d5c9bc7b00e9b03d3b4ac662afb3df942bd9c05e9fff49ba7cbc65b08527b5104c0601a8488e9a71eb2c901149d1b508b89b2385981999cd18309705ea265e05b892a23e40fd71c5c8c95025784c88fa87b78f5423c414e2fb88759b1afd1de64a6c2b95537d2f855f33000000000000000000000000000000004696a2c07b59c46233f84982941fa3a69c5d7b6214c52e5d7a1698491d6f554e26b137c371710b2ac9f4a3bd9f2df9d539d4cdc56205ac13a72f633ec6be92fc32b298f0b5200d212febb53ba0c1e0fc42a140e712a12059d9a63f58f4c74520c0adcefe740fe8e082fea2e5c2fbb702c697c73a6d02a61285c50e2fce35697eaf7951681eab6ef7cf4b"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffe58}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000080)="7c533121ba56b5b1000000000000", 0x0, 0xf000, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x48) 2.784685904s ago: executing program 2 (id=3051): r0 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [], {0x14}}, 0x28}}, 0x0) write$cgroup_subtree(r0, &(0x7f0000000080)=ANY=[], 0xfe6b) 2.674272265s ago: executing program 1 (id=3053): unshare(0x62040200) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000180)={'mangle\x00', 0x7003}, &(0x7f0000000040)=0x54) 2.643092785s ago: executing program 4 (id=3054): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x76, &(0x7f0000000600)={@local, @random="6a2ddcf6177a", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x15, 0x0, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}, @exp_fastopen={0xfe, 0x10, 0xf989, "6080356e793ca9d55b8ef24e"}, @nop, @generic={0x0, 0xc, "04f6fea52eb715ea7022"}, @sack={0x5, 0x16, [0x0, 0x0, 0x0, 0x0, 0x0]}]}}}}}}}, 0x0) syz_emit_ethernet(0x36, &(0x7f00000000c0)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) 2.566881027s ago: executing program 4 (id=3055): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000240)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x50}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000a80)='ext4_writepages\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0x2009) 2.39410195s ago: executing program 4 (id=3056): syz_emit_ethernet(0x66, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaaaa86dd60fe17cd00306700fe880000000000000000000000000001fe8000000000000000000000000000aa"], 0x0) 2.393745922s ago: executing program 4 (id=3057): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) accept4$tipc(0xffffffffffffffff, 0x0, &(0x7f0000000300), 0x0) getsockopt$TIPC_CONN_TIMEOUT(0xffffffffffffffff, 0x10f, 0x82, 0x0, &(0x7f0000000380)) socket$inet_udp(0x2, 0x2, 0x0) socket$unix(0x1, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5}, 0x0) bind$unix(0xffffffffffffffff, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x4}, {0x0, [0x0, 0x0]}}, &(0x7f0000000f40)=""/4089, 0x1c, 0xff9, 0x1}, 0x20) r1 = epoll_create(0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000040)) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r2, &(0x7f0000000000)="2e000400010002", 0x7) 2.284259123s ago: executing program 4 (id=3058): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x10, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}}, 0x0) 641.192253ms ago: executing program 2 (id=3059): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="400000001000310400"/20, @ANYRES32=r3, @ANYBLOB="019800000000000020001280080001006772650014000280060003003d000000080007007f"], 0x40}}, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005ac0), 0x0, 0x0) sendto$packet(r0, &(0x7f00000000c0)="1e6d2447ba506d434fe981333d0732", 0xf, 0x0, &(0x7f0000000340)={0x11, 0x0, r3, 0x1, 0x81}, 0x14) 562.128246ms ago: executing program 3 (id=3060): unshare(0x20000400) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100)) ioctl$PPPIOCSMRU1(r0, 0x40047452, 0x0) 514.511913ms ago: executing program 4 (id=3061): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000040), &(0x7f0000000080)=0x20) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) r7 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$IP_VS_SO_SET_DEL(r7, 0x0, 0x484, 0x0, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="24010010", @ANYRES16=r5, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r6, @ANYBLOB="0800050002000000"], 0x24}}, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x38, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x1000}]}, 0x38}}, 0x0) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000380)=ANY=[@ANYBLOB="800035e101028e9fa86fd1000012021100000108021100000008021100000000000000000000000000640001000006020202020202020000000000000018240300fc0400028100da0200dfbcd5c219336edf5223e5fb19ab7d7d121f3c9b62540edf5a6ea86130acf9daaa9983524d5b3988b2f2853b719c607864e18babd536db067de94109db707f901228745ccdba623d0c89a6719bb2226044acc1228a83c5341867a9988859c076e7b8e020e965778629de70207ccda17d8365d6dae9ab85b98f44875ea9d5ed860c4f1408db47553eb280c5f98e82c7"], 0x78) sendmsg$NL80211_CMD_NOTIFY_RADAR(r4, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)={0x68, r5, 0x400, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x80000001, 0x43}}}}, [@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x1000}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xc0}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x180}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xe}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x200}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}]}, 0x68}, 0x1, 0x0, 0x0, 0xc884}, 0x4000) nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) r8 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_inet_SIOCSIFNETMASK(r8, 0x891c, &(0x7f0000000000)={'ip6_vti0\x00', {0x2, 0x0, @empty}}) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) setsockopt$IP_VS_SO_SET_STARTDAEMON(r3, 0x0, 0x48b, &(0x7f0000000000)={0x0, 'ip6gre0\x00', 0x2}, 0x18) unshare(0x20000400) r9 = socket(0x1e, 0x5, 0x0) getpeername$l2tp(r9, 0x0, 0x0) r10 = accept4$x25(0xffffffffffffffff, &(0x7f0000000040)={0x9, @remote}, &(0x7f0000000080)=0x12, 0x80800) ioctl$sock_x25_SIOCDELRT(r10, 0x890c, &(0x7f00000000c0)={@null, 0x7, 'caif0\x00'}) bind$rose(r2, &(0x7f0000000000)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x5, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default]}, 0x40) syz_emit_ethernet(0x3e, &(0x7f0000001700)=ANY=[@ANYBLOB="aaaaaaaaaaaa0000000000000800460000300000000000119078ac141400ac1414aa0000e10000000000001890780400"/62], 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f00000002c0)={'team0\x00', 0x200}) 428.297387ms ago: executing program 2 (id=3062): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000001240), r0) sendmsg$NLBL_UNLABEL_C_LIST(r1, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001300)={&(0x7f0000001280)={0x14, r2, 0x1}, 0x14}}, 0x0) 322.218113ms ago: executing program 2 (id=3063): r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000300)={0xffffffffffffffff}) sendmsg$ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f0000000e80)={0x0}}, 0x0) 322.099056ms ago: executing program 1 (id=3064): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan0\x00'}) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000580)) ioctl$PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000100)={0x367, &(0x7f00000000c0)=[{}]}) 318.985819ms ago: executing program 3 (id=3065): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x76, &(0x7f0000000600)={@local, @random="6a2ddcf6177a", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x15, 0x0, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}, @exp_fastopen={0xfe, 0x10, 0xf989, "6080356e793ca9d55b8ef24e"}, @nop, @generic={0x0, 0xc, "04f6fea52eb715ea7022"}, @sack={0x5, 0x16, [0x0, 0x0, 0x0, 0x0, 0x0]}]}}}}}}}, 0x0) syz_emit_ethernet(0x36, &(0x7f00000000c0)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) 246.854557ms ago: executing program 2 (id=3066): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x2c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random="1b"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x2c}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000040)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x9}}, 0x0, @default, 0x1, @void, @val, @void, @val={0x4, 0x6, {0x2}}, @void, @void, @void, @void}, 0x2e) nanosleep(0x0, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x28, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0) 221.363475ms ago: executing program 3 (id=3067): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000040)={@private0, @mcast2, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x10200}) r1 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet6(r1, &(0x7f0000003300)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @private2}, 0x1c, 0x0}}], 0x1, 0x0) 90.156115ms ago: executing program 1 (id=3068): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000080)={'filter\x00', 0x7, 0x4, 0x3c0, 0xe8, 0x1f0, 0x0, 0x2d8, 0x2d8, 0x2d8, 0x4, 0x0, {[{{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28}}, {{@uncond, 0xc0, 0x108}, @unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x410) 90.014206ms ago: executing program 3 (id=3069): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x11, &(0x7f00000003c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2c00000020000100000000000000000002000000000000000000000008000b0000001000080017004e204e24"], 0x2c}}, 0x0) 25.151379ms ago: executing program 3 (id=3070): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="010b000000e05300000013"], 0x14}}, 0x0) 0s ago: executing program 1 (id=3071): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002}) writev(r0, &(0x7f0000001800)=[{&(0x7f0000000540)="000300000004070022eae0a518b3", 0xe}], 0x1) kernel console output (not intermixed with test programs): 133.324823][ T8853] dump_stack_lvl+0x241/0x360 [ 133.329541][ T8853] ? __pfx_dump_stack_lvl+0x10/0x10 [ 133.334781][ T8853] ? __pfx__printk+0x10/0x10 [ 133.339407][ T8853] ? find_vma+0xf9/0x170 [ 133.343682][ T8853] __get_user_pages+0x10e3/0x1590 [ 133.348739][ T8853] ? __gup_longterm_locked+0x1ec9/0x2a80 [ 133.354391][ T8853] ? __pfx___get_user_pages+0x10/0x10 [ 133.359784][ T8853] ? __lock_acquire+0x1346/0x1fd0 [ 133.364828][ T8853] __gup_longterm_locked+0x1ff6/0x2a80 [ 133.370344][ T8853] ? __pfx___gup_longterm_locked+0x10/0x10 [ 133.376156][ T8853] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 133.382145][ T8853] ? sanity_check_pinned_pages+0x12bb/0x13c0 [ 133.388143][ T8853] gup_fast_fallback+0x2732/0x2b40 [ 133.393282][ T8853] ? __pfx_gup_fast_fallback+0x10/0x10 [ 133.398744][ T8853] ? __pfx_validate_chain+0x10/0x10 [ 133.403951][ T8853] ? unwind_get_return_address+0x91/0xc0 [ 133.409586][ T8853] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.415653][ T8853] ? arch_stack_walk+0x16d/0x1b0 [ 133.420613][ T8853] ? __lock_acquire+0x1346/0x1fd0 [ 133.425730][ T8853] ? is_valid_gup_args+0x124/0x200 [ 133.430932][ T8853] pin_user_pages_fast+0xcc/0x160 [ 133.436014][ T8853] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 133.441658][ T8853] iov_iter_extract_pages+0x3db/0x720 [ 133.447044][ T8853] bio_iov_iter_get_pages+0x541/0x1930 [ 133.452518][ T8853] ? bio_associate_blkg+0x6c/0x230 [ 133.457636][ T8853] ? bio_associate_blkg_from_css+0xb0c/0xc70 [ 133.463646][ T8853] ? bio_associate_blkg_from_css+0xa4/0xc70 [ 133.469545][ T8853] ? __pfx_bio_iov_iter_get_pages+0x10/0x10 [ 133.475447][ T8853] ? bio_alloc_bioset+0x6d7/0x1130 [ 133.480568][ T8853] iomap_dio_bio_iter+0xc8e/0x1670 [ 133.485712][ T8853] __iomap_dio_rw+0x1295/0x2370 [ 133.490567][ T8853] ? do_syscall_64+0xf3/0x230 [ 133.495267][ T8853] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.501371][ T8853] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 133.507360][ T8853] ? __pfx___iomap_dio_rw+0x10/0x10 [ 133.512623][ T8853] ? jbd2_journal_stop+0x902/0xd80 [ 133.517749][ T8853] ? __pfx_jbd2_journal_stop+0x10/0x10 [ 133.523212][ T8853] ? __pfx_ext4_orphan_add+0x10/0x10 [ 133.528531][ T8853] iomap_dio_rw+0x46/0xa0 [ 133.532879][ T8853] ext4_file_write_iter+0x15e5/0x1a10 [ 133.538276][ T8853] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 133.544008][ T8853] vfs_write+0xa72/0xc90 [ 133.548256][ T8853] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 133.554064][ T8853] ? __pfx_vfs_write+0x10/0x10 [ 133.558823][ T8853] ? do_futex+0x33b/0x560 [ 133.563175][ T8853] ksys_write+0x1a0/0x2c0 [ 133.567516][ T8853] ? __pfx_ksys_write+0x10/0x10 [ 133.572498][ T8853] ? do_syscall_64+0x100/0x230 [ 133.577268][ T8853] ? do_syscall_64+0xb6/0x230 [ 133.581948][ T8853] do_syscall_64+0xf3/0x230 [ 133.586450][ T8853] ? clear_bhb_loop+0x35/0x90 [ 133.591130][ T8853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.597022][ T8853] RIP: 0033:0x7f0b1df75b99 [ 133.601439][ T8853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.621052][ T8853] RSP: 002b:00007f0b1d9ff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 133.629499][ T8853] RAX: ffffffffffffffda RBX: 00007f0b1e103fa0 RCX: 00007f0b1df75b99 [ 133.637473][ T8853] RDX: 0000000000043400 RSI: 0000000020000200 RDI: 0000000000000008 [ 133.645443][ T8853] RBP: 00007f0b1dff677e R08: 0000000000000000 R09: 0000000000000000 [ 133.653412][ T8853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 133.661382][ T8853] R13: 000000000000000b R14: 00007f0b1e103fa0 R15: 00007fffb5385268 [ 133.669388][ T8853] [ 133.680298][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.687303][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.719887][ T8862] __nla_validate_parse: 29 callbacks suppressed [ 133.719910][ T8862] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1222'. [ 133.741969][ T8862] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address. [ 133.760817][ T8862] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (1) [ 133.790239][ T8866] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1222'. [ 133.975970][ T8882] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1226'. [ 134.025205][ T8880] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 134.044748][ T8880] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1227'. [ 134.175855][ T8892] netlink: 'syz.2.1230': attribute type 2 has an invalid length. [ 134.222937][ T8892] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1230'. [ 134.350439][ T8860] netlink: 'syz.4.1220': attribute type 21 has an invalid length. [ 134.416249][ T8860] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1220'. [ 134.441325][ T8901] batadv1: entered allmulticast mode [ 134.456203][ T8908] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1220'. [ 134.659870][ T8918] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1237'. [ 134.688192][ T8918] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address. [ 134.711591][ T8918] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (1) [ 134.742368][ T8924] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1238'. [ 134.769543][ T8924] (unnamed net_device) (uninitialized): option coupled_control: invalid value (116) [ 134.789288][ T8912] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1237'. [ 134.808184][ T8912] geneve2: entered promiscuous mode [ 134.813816][ T8912] geneve2: entered allmulticast mode [ 134.824607][ T8926] macvtap0: entered promiscuous mode [ 134.842146][ T8926] macvtap0: refused to change device tx_queue_len [ 135.128015][ T8943] validate_nla: 4 callbacks suppressed [ 135.128036][ T8943] netlink: 'syz.2.1248': attribute type 4 has an invalid length. [ 135.161830][ T8943] netlink: 'syz.2.1248': attribute type 4 has an invalid length. [ 135.243647][ T8956] netlink: 'syz.0.1252': attribute type 21 has an invalid length. [ 135.509294][ T8975] netlink: 'syz.3.1259': attribute type 40 has an invalid length. [ 135.588614][ T8978] Â: renamed from pim6reg1 [ 136.168933][ T9027] hsr_slave_0: left promiscuous mode [ 136.176193][ T9027] hsr_slave_1: left promiscuous mode [ 136.337032][ T9033] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address. [ 136.346008][ T9033] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (1) [ 136.378093][ T9033] geneve2: entered promiscuous mode [ 136.385671][ T9033] geneve2: entered allmulticast mode [ 136.497251][ T9044] netlink: 'syz.3.1279': attribute type 25 has an invalid length. [ 136.523616][ T9044] netdevsim netdevsim3 : set [0, 0] type 1 family 0 port 8472 - 0 [ 136.532235][ T9044] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 136.541670][ T9044] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 136.550407][ T9044] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 136.730064][ T9056] netlink: 'syz.2.1283': attribute type 1 has an invalid length. [ 136.739978][ T9056] FAULT_INJECTION: forcing a failure. [ 136.739978][ T9056] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 136.764936][ T9056] CPU: 0 PID: 9056 Comm: syz.2.1283 Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0 [ 136.775063][ T9056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 136.785143][ T9056] Call Trace: [ 136.788442][ T9056] [ 136.791398][ T9056] dump_stack_lvl+0x241/0x360 [ 136.796113][ T9056] ? __pfx_dump_stack_lvl+0x10/0x10 [ 136.801319][ T9056] ? __pfx__printk+0x10/0x10 [ 136.805931][ T9056] ? snprintf+0xda/0x120 [ 136.810190][ T9056] should_fail_ex+0x3b0/0x4e0 [ 136.814877][ T9056] _copy_to_user+0x2f/0xb0 [ 136.819309][ T9056] simple_read_from_buffer+0xca/0x150 [ 136.824690][ T9056] proc_fail_nth_read+0x1e9/0x250 [ 136.829714][ T9056] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 136.835272][ T9056] ? rw_verify_area+0x514/0x6b0 [ 136.840134][ T9056] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 136.845682][ T9056] vfs_read+0x204/0xbd0 [ 136.849844][ T9056] ? __pfx_lock_release+0x10/0x10 [ 136.854872][ T9056] ? __pfx_vfs_read+0x10/0x10 [ 136.859551][ T9056] ? __fget_files+0x29/0x470 [ 136.864145][ T9056] ? __fget_files+0x3f6/0x470 [ 136.868919][ T9056] ksys_read+0x1a0/0x2c0 [ 136.873167][ T9056] ? __pfx_ksys_read+0x10/0x10 [ 136.877976][ T9056] ? do_syscall_64+0x100/0x230 [ 136.882756][ T9056] ? do_syscall_64+0xb6/0x230 [ 136.887446][ T9056] do_syscall_64+0xf3/0x230 [ 136.891945][ T9056] ? clear_bhb_loop+0x35/0x90 [ 136.896622][ T9056] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.902539][ T9056] RIP: 0033:0x7f0b1df7467c [ 136.906951][ T9056] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 136.926645][ T9056] RSP: 002b:00007f0b1d9ff040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 136.935062][ T9056] RAX: ffffffffffffffda RBX: 00007f0b1e103fa0 RCX: 00007f0b1df7467c [ 136.943119][ T9056] RDX: 000000000000000f RSI: 00007f0b1d9ff0b0 RDI: 0000000000000003 [ 136.951091][ T9056] RBP: 00007f0b1d9ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 136.959067][ T9056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 136.967070][ T9056] R13: 000000000000000b R14: 00007f0b1e103fa0 R15: 00007fffb5385268 [ 136.975058][ T9056] [ 137.253428][ T9066] netlink: 'syz.1.1288': attribute type 21 has an invalid length. [ 137.423411][ T9078] netlink: 'syz.2.1289': attribute type 4 has an invalid length. [ 137.431278][ T9078] netlink: 'syz.2.1289': attribute type 4 has an invalid length. [ 137.554138][ T9086] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 137.630683][ T9102] pimreg: entered allmulticast mode [ 137.784319][ T9110] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 137.989922][ T9120] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 138.002425][ T9120] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 138.395239][ T9156] FAULT_INJECTION: forcing a failure. [ 138.395239][ T9156] name failslab, interval 1, probability 0, space 0, times 0 [ 138.412350][ T9156] CPU: 0 PID: 9156 Comm: syz.3.1312 Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0 [ 138.422577][ T9156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 138.432662][ T9156] Call Trace: [ 138.435958][ T9156] [ 138.438908][ T9156] dump_stack_lvl+0x241/0x360 [ 138.443621][ T9156] ? __pfx_dump_stack_lvl+0x10/0x10 [ 138.448858][ T9156] ? __pfx__printk+0x10/0x10 [ 138.453505][ T9156] should_fail_ex+0x3b0/0x4e0 [ 138.458227][ T9156] ? __alloc_skb+0x1c3/0x440 [ 138.462842][ T9156] should_failslab+0x9/0x20 [ 138.467358][ T9156] kmem_cache_alloc_node_noprof+0x71/0x320 [ 138.473176][ T9156] ? genl_rcv_msg+0x88c/0xec0 [ 138.477861][ T9156] __alloc_skb+0x1c3/0x440 [ 138.482283][ T9156] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.488360][ T9156] ? __pfx___alloc_skb+0x10/0x10 [ 138.493315][ T9156] netlink_dump+0x2cd/0xd80 [ 138.497832][ T9156] ? __pfx_netlink_dump+0x10/0x10 [ 138.502869][ T9156] ? __asan_memset+0x23/0x50 [ 138.507466][ T9156] ? genl_start+0x4a8/0x6d0 [ 138.511982][ T9156] __netlink_dump_start+0x59f/0x780 [ 138.517191][ T9156] genl_rcv_msg+0x88c/0xec0 [ 138.521698][ T9156] ? mark_lock+0x9a/0x350 [ 138.526037][ T9156] ? __pfx_genl_rcv_msg+0x10/0x10 [ 138.531071][ T9156] ? __pfx_genl_start+0x10/0x10 [ 138.535924][ T9156] ? __pfx_genl_dumpit+0x10/0x10 [ 138.540865][ T9156] ? __pfx_genl_done+0x10/0x10 [ 138.545652][ T9156] ? __pfx_lock_acquire+0x10/0x10 [ 138.550679][ T9156] ? __pfx_batadv_netlink_dump_hardif+0x10/0x10 [ 138.556935][ T9156] ? __pfx___might_resched+0x10/0x10 [ 138.562234][ T9156] netlink_rcv_skb+0x1e3/0x430 [ 138.567001][ T9156] ? __pfx_genl_rcv_msg+0x10/0x10 [ 138.572062][ T9156] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 138.577386][ T9156] ? __netlink_deliver_tap+0x77e/0x7c0 [ 138.582873][ T9156] genl_rcv+0x28/0x40 [ 138.586878][ T9156] netlink_unicast+0x7f0/0x990 [ 138.591662][ T9156] ? __pfx_netlink_unicast+0x10/0x10 [ 138.596951][ T9156] ? __virt_addr_valid+0x183/0x520 [ 138.602071][ T9156] ? __check_object_size+0x49c/0x900 [ 138.607368][ T9156] ? bpf_lsm_netlink_send+0x9/0x10 [ 138.612493][ T9156] netlink_sendmsg+0x8e4/0xcb0 [ 138.617271][ T9156] ? __pfx_netlink_sendmsg+0x10/0x10 [ 138.622560][ T9156] ? __import_iovec+0x536/0x820 [ 138.627415][ T9156] ? aa_sock_msg_perm+0x91/0x160 [ 138.632395][ T9156] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 138.637766][ T9156] ? security_socket_sendmsg+0x87/0xb0 [ 138.643236][ T9156] ? __pfx_netlink_sendmsg+0x10/0x10 [ 138.648558][ T9156] __sock_sendmsg+0x221/0x270 [ 138.653240][ T9156] ____sys_sendmsg+0x525/0x7d0 [ 138.658015][ T9156] ? __pfx_____sys_sendmsg+0x10/0x10 [ 138.663315][ T9156] __sys_sendmsg+0x2b0/0x3a0 [ 138.667936][ T9156] ? __pfx___sys_sendmsg+0x10/0x10 [ 138.673073][ T9156] ? vfs_write+0x7c4/0xc90 [ 138.677556][ T9156] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 138.683887][ T9156] ? do_syscall_64+0x100/0x230 [ 138.688657][ T9156] ? do_syscall_64+0xb6/0x230 [ 138.693379][ T9156] do_syscall_64+0xf3/0x230 [ 138.697889][ T9156] ? clear_bhb_loop+0x35/0x90 [ 138.702575][ T9156] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.708512][ T9156] RIP: 0033:0x7f11abf75b99 [ 138.712932][ T9156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 138.732543][ T9156] RSP: 002b:00007f11accb1048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 138.740989][ T9156] RAX: ffffffffffffffda RBX: 00007f11ac103fa0 RCX: 00007f11abf75b99 [ 138.748968][ T9156] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000003 [ 138.756941][ T9156] RBP: 00007f11accb10a0 R08: 0000000000000000 R09: 0000000000000000 [ 138.764912][ T9156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 138.772881][ T9156] R13: 000000000000000b R14: 00007f11ac103fa0 R15: 00007ffc13b9c2b8 [ 138.780866][ T9156] [ 138.786875][ T9159] __nla_validate_parse: 13 callbacks suppressed [ 138.786893][ T9159] netlink: 236 bytes leftover after parsing attributes in process `syz.0.1311'. [ 138.973870][ T9161] netlink: 'syz.2.1314': attribute type 21 has an invalid length. [ 138.997498][ T9161] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1314'. [ 139.051914][ T9161] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1314'. [ 139.130316][ T9173] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1318'. [ 139.357679][ T9187] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1324'. [ 139.747841][ T9204] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1331'. [ 139.768459][ T9204] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1331'. [ 139.889326][ T9207] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1332'. [ 139.904718][ T9207] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1332'. [ 139.998687][ T9212] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1334'. [ 140.038381][ T9212] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 140.190449][ T9228] vlan2: entered promiscuous mode [ 140.197690][ T9228] macvtap0: entered promiscuous mode [ 140.207411][ T9228] vlan2: entered allmulticast mode [ 140.214753][ T9228] macvtap0: entered allmulticast mode [ 140.220464][ T9228] veth0_macvtap: entered allmulticast mode [ 140.305214][ T9235] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-alb(6) [ 140.509110][ T9239] validate_nla: 3 callbacks suppressed [ 140.509130][ T9239] netlink: 'syz.4.1343': attribute type 21 has an invalid length. [ 140.619491][ T9254] x_tables: duplicate underflow at hook 2 [ 141.012583][ T29] audit: type=1804 audit(1719662000.402:43): pid=9285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1355" name="/root/syzkaller.GALFXy/320/memory.events" dev="sda1" ino=1965 res=1 errno=0 [ 141.038768][ T29] audit: type=1800 audit(1719662000.402:44): pid=9285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1355" name="memory.events" dev="sda1" ino=1965 res=0 errno=0 [ 141.061729][ T29] audit: type=1804 audit(1719662000.422:45): pid=9285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1355" name="/root/syzkaller.GALFXy/320/memory.events" dev="sda1" ino=1965 res=1 errno=0 [ 141.084723][ T29] audit: type=1804 audit(1719662000.452:46): pid=9285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1355" name="/root/syzkaller.GALFXy/320/memory.events" dev="sda1" ino=1965 res=1 errno=0 [ 141.197334][ T9287] netlink: 'syz.2.1356': attribute type 21 has an invalid length. [ 141.254584][ T9289] netlink: 'syz.2.1357': attribute type 3 has an invalid length. [ 141.364729][ T9278] infiniband syz1: set down [ 141.369994][ T9278] infiniband syz1: added syzkaller0 [ 141.545327][ T9278] RDS/IB: syz1: added [ 141.550971][ T9278] smc: adding ib device syz1 with port count 1 [ 141.559418][ T9278] smc: ib device syz1 port 1 has pnetid [ 141.612966][ T9298] netlink: 'syz.3.1360': attribute type 21 has an invalid length. [ 141.909608][ T9317] netlink: 'syz.1.1367': attribute type 21 has an invalid length. [ 142.487907][ T9359] netlink: 'syz.3.1383': attribute type 21 has an invalid length. [ 142.766792][ T35] smc: removing ib device syz1 [ 142.862032][ T9374] tap0: tun_chr_ioctl cmd 1074025677 [ 142.867559][ T9374] tap0: linktype set to 512 [ 143.087346][ T9389] xt_CT: You must specify a L4 protocol and not use inversions on it [ 143.116588][ T9389] netlink: 'syz.2.1395': attribute type 1 has an invalid length. [ 143.190201][ T9392] netlink: 'syz.1.1396': attribute type 21 has an invalid length. [ 143.349457][ T9278] rdma_rxe: rxe_newlink: failed to add syzkaller0 [ 143.971308][ T9424] __nla_validate_parse: 19 callbacks suppressed [ 143.971330][ T9424] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1405'. [ 144.051227][ T9430] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1408'. [ 144.069863][ T9431] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1405'. [ 144.083708][ T9431] netlink: 'syz.0.1405': attribute type 18 has an invalid length. [ 144.382003][ T9440] netlink: 'syz.4.1409': attribute type 21 has an invalid length. [ 144.464204][ T9440] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1409'. [ 144.623419][ T9454] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1409'. [ 145.002214][ T9483] tipc: Started in network mode [ 145.007313][ T9483] tipc: Node identity ac14140f, cluster identity 4711 [ 145.021233][ T9483] tipc: New replicast peer: 255.255.255.255 [ 145.029047][ T9483] tipc: Enabled bearer , priority 10 [ 145.176977][ T9489] syzkaller1: entered promiscuous mode [ 145.189548][ T9489] syzkaller1: entered allmulticast mode [ 145.383396][ T9501] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1431'. [ 145.395078][ T9501] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1431'. [ 145.522596][ T29] audit: type=1804 audit(1719662004.912:47): pid=9508 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1434" name="/root/syzkaller.GALFXy/344/cgroup.controllers" dev="sda1" ino=1966 res=1 errno=0 [ 146.143450][ T9] tipc: Node number set to 2886997007 [ 146.402085][ T2906] wlan1: Trigger new scan to find an IBSS to join [ 146.467971][ T9558] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1451'. [ 146.673226][ T9576] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1457'. [ 147.210055][ T9602] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1466'. [ 147.263575][ T29] audit: type=1804 audit(1719662006.652:48): pid=9604 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1467" name="/root/syzkaller.GALFXy/350/cgroup.controllers" dev="sda1" ino=1962 res=1 errno=0 [ 147.368357][ T9600] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 147.453818][ T2906] wlan1: Trigger new scan to find an IBSS to join [ 147.966139][ T9637] validate_nla: 2 callbacks suppressed [ 147.966161][ T9637] netlink: 'syz.0.1481': attribute type 2 has an invalid length. [ 148.001638][ T9637] netlink: 'syz.0.1481': attribute type 1 has an invalid length. [ 148.133600][ T9643] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 148.260625][ T45] IPVS: starting estimator thread 0... [ 148.361856][ T9653] IPVS: using max 22 ests per chain, 52800 per kthread [ 148.398451][ T9661] netlink: 'syz.0.1486': attribute type 10 has an invalid length. [ 148.422196][ T9661] syz_tun: entered promiscuous mode [ 148.430861][ T9661] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 148.678531][ T29] audit: type=1804 audit(1719662008.062:49): pid=9677 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1494" name="/root/syzkaller.tYUdsY/257/cgroup.controllers" dev="sda1" ino=1950 res=1 errno=0 [ 148.711174][ T9681] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0) [ 148.726183][ T9681] openvswitch: netlink: IP tunnel dst address not specified [ 149.271279][ T9708] Bluetooth: hci3: invalid length 0, exp 2 for type 12 [ 149.323642][ T9708] macvlan3: entered allmulticast mode [ 149.329692][ T9708] mac80211_hwsim hwsim12 wlan0: entered allmulticast mode [ 149.340660][ T9708] team0: Port device macvlan3 added [ 149.405453][ T9716] __nla_validate_parse: 8 callbacks suppressed [ 149.405474][ T9716] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1510'. [ 149.443356][ T12] wlan1: Trigger new scan to find an IBSS to join [ 149.478243][ T9716] team0: Port device team_slave_0 removed [ 149.557233][ T9725] netlink: 'syz.0.1515': attribute type 1 has an invalid length. [ 149.571878][ T9725] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1515'. [ 149.797195][ T9735] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1518'. [ 150.013139][ T9733] x_tables: ip_tables: osf match: only valid for protocol 6 [ 150.082772][ T4489] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 150.107885][ T4489] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 150.131088][ T4489] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 150.139597][ T4489] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 150.149583][ T4489] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 150.159124][ T4489] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 150.403632][ T12] wlan1: Trigger new scan to find an IBSS to join [ 150.576104][ T9760] FAULT_INJECTION: forcing a failure. [ 150.576104][ T9760] name failslab, interval 1, probability 0, space 0, times 0 [ 150.612227][ T9760] CPU: 0 PID: 9760 Comm: syz.1.1524 Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0 [ 150.622364][ T9760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 150.632538][ T9760] Call Trace: [ 150.635836][ T9760] [ 150.638776][ T9760] dump_stack_lvl+0x241/0x360 [ 150.643483][ T9760] ? __pfx_dump_stack_lvl+0x10/0x10 [ 150.648722][ T9760] ? __pfx__printk+0x10/0x10 [ 150.653335][ T9760] ? __pfx___might_resched+0x10/0x10 [ 150.658674][ T9760] should_fail_ex+0x3b0/0x4e0 [ 150.663378][ T9760] ? sock_kmalloc+0xd7/0x160 [ 150.668006][ T9760] should_failslab+0x9/0x20 [ 150.672544][ T9760] __kmalloc_noprof+0xd8/0x400 [ 150.677346][ T9760] sock_kmalloc+0xd7/0x160 [ 150.681798][ T9760] ip_mc_source+0x78f/0x10c0 [ 150.686509][ T9760] ? __pfx_ip_mc_source+0x10/0x10 [ 150.691569][ T9760] do_ip_setsockopt+0x299d/0x3cd0 [ 150.696617][ T9760] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 150.702010][ T9760] ? aa_sk_perm+0x967/0xab0 [ 150.706580][ T9760] ? __pfx_aa_sk_perm+0x10/0x10 [ 150.711447][ T9760] ? __pfx_lock_acquire+0x10/0x10 [ 150.716502][ T9760] ? aa_sock_opt_perm+0x79/0x120 [ 150.721454][ T9760] ip_setsockopt+0x63/0x100 [ 150.725967][ T9760] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 150.731862][ T9760] do_sock_setsockopt+0x3af/0x720 [ 150.736899][ T9760] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 150.742501][ T9760] ? __fget_files+0x29/0x470 [ 150.747114][ T9760] ? __fget_files+0x3f6/0x470 [ 150.751807][ T9760] __sys_setsockopt+0x1ae/0x250 [ 150.756755][ T9760] __x64_sys_setsockopt+0xb5/0xd0 [ 150.761786][ T9760] do_syscall_64+0xf3/0x230 [ 150.766295][ T9760] ? clear_bhb_loop+0x35/0x90 [ 150.770983][ T9760] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.776882][ T9760] RIP: 0033:0x7f3d7ff75b99 [ 150.781300][ T9760] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.800999][ T9760] RSP: 002b:00007f3d80e00048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 150.809417][ T9760] RAX: ffffffffffffffda RBX: 00007f3d80103fa0 RCX: 00007f3d7ff75b99 [ 150.817398][ T9760] RDX: 0000000000000027 RSI: 0000000000000000 RDI: 0000000000000003 [ 150.825380][ T9760] RBP: 00007f3d80e000a0 R08: 000000000000000c R09: 0000000000000000 [ 150.833374][ T9760] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001 [ 150.841374][ T9760] R13: 000000000000000b R14: 00007f3d80103fa0 R15: 00007ffcb79de608 [ 150.849390][ T9760] [ 150.894265][ T9759] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1522'. [ 151.077091][ T9742] chnl_net:caif_netlink_parms(): no params data found [ 151.185519][ T9771] netlink: 'syz.2.1526': attribute type 21 has an invalid length. [ 151.229867][ T9771] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1526'. [ 151.313481][ T9782] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1526'. [ 151.505457][ T9742] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.526763][ T9742] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.539671][ T9742] bridge_slave_0: entered allmulticast mode [ 151.548920][ T9742] bridge_slave_0: entered promiscuous mode [ 151.559453][ T9794] netlink: 236 bytes leftover after parsing attributes in process `syz.2.1533'. [ 151.574371][ T9742] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.609589][ T9742] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.618852][ T9742] bridge_slave_1: entered allmulticast mode [ 151.635500][ T9742] bridge_slave_1: entered promiscuous mode [ 151.747989][ T9800] erspan0: entered promiscuous mode [ 151.771304][ T9800] erspan0: left promiscuous mode [ 151.837030][ T9742] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 151.845607][ T9812] set match dimension is over the limit! [ 151.859978][ T9742] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 152.015475][ T9742] team0: Port device team_slave_0 added [ 152.036732][ T9742] team0: Port device team_slave_1 added [ 152.108120][ T9742] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 152.119008][ T9742] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 152.154285][ T9742] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 152.180607][ T9742] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 152.194967][ T9742] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 152.233959][ T9742] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 152.241692][ T4489] Bluetooth: hci4: command tx timeout [ 152.251839][ T9820] netlink: 'syz.1.1543': attribute type 21 has an invalid length. [ 152.261994][ T9820] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1543'. [ 152.271798][ T9821] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1543'. [ 152.425891][ T9742] hsr_slave_0: entered promiscuous mode [ 152.442046][ T9742] hsr_slave_1: entered promiscuous mode [ 152.455766][ T9742] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 152.474074][ T9742] Cannot create hsr debugfs directory [ 152.846444][ T9742] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.004430][ T9742] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.028569][ T9856] netlink: 'syz.3.1554': attribute type 21 has an invalid length. [ 153.042187][ T9856] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1554'. [ 153.143283][ T9742] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.258191][ T9742] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.269452][ T2930] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 153.443055][ T9742] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 153.452074][ T2930] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 153.455265][ T9742] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 153.487352][ T9742] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 153.498242][ T9742] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 153.537421][ T29] audit: type=1804 audit(1719662012.922:50): pid=9880 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1561" name="/root/syzkaller.tYUdsY/279/cgroup.controllers" dev="sda1" ino=1956 res=1 errno=0 [ 153.594252][ T29] audit: type=1804 audit(1719662012.962:51): pid=9880 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1561" name="/root/syzkaller.tYUdsY/279/cgroup.controllers" dev="sda1" ino=1956 res=1 errno=0 [ 153.635140][ T29] audit: type=1804 audit(1719662013.022:52): pid=9883 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1561" name="/root/syzkaller.tYUdsY/279/cgroup.controllers" dev="sda1" ino=1956 res=1 errno=0 [ 153.726876][ T29] audit: type=1804 audit(1719662013.112:53): pid=9882 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1562" name="/root/syzkaller.GALFXy/365/cgroup.controllers" dev="sda1" ino=1961 res=1 errno=0 [ 153.755621][ T9742] 8021q: adding VLAN 0 to HW filter on device bond0 [ 153.771445][ T9880] Êü: entered promiscuous mode [ 153.781164][ T29] audit: type=1804 audit(1719662013.112:54): pid=9880 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1561" name="/root/syzkaller.tYUdsY/279/cgroup.controllers" dev="sda1" ino=1956 res=1 errno=0 [ 153.786629][ T29] audit: type=1804 audit(1719662013.112:55): pid=9880 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1561" name="/root/syzkaller.tYUdsY/279/cgroup.controllers" dev="sda1" ino=1956 res=1 errno=0 [ 153.869901][ T9742] 8021q: adding VLAN 0 to HW filter on device team0 [ 153.898966][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.906164][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 153.933613][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.940775][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 154.289356][ T9742] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 154.321720][ T4489] Bluetooth: hci4: command tx timeout [ 154.554036][ T9916] netlink: 'syz.0.1571': attribute type 13 has an invalid length. [ 154.581708][ T9916] macvtap0: left promiscuous mode [ 154.586805][ T9916] macvtap0: entered allmulticast mode [ 154.612394][ T9916] macvtap0: refused to change device tx_queue_len [ 154.673818][ T29] audit: type=1804 audit(1719662014.052:56): pid=9917 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1572" name="/root/syzkaller.HANBaS/324/cgroup.controllers" dev="sda1" ino=1966 res=1 errno=0 [ 154.774108][ T9925] __nla_validate_parse: 3 callbacks suppressed [ 154.774129][ T9925] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1574'. [ 154.865947][ T9742] veth0_vlan: entered promiscuous mode [ 154.896430][ T9742] veth1_vlan: entered promiscuous mode [ 154.923277][ T29] audit: type=1804 audit(1719662014.302:57): pid=9927 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1575" name="/root/syzkaller.YonQGu/368/cgroup.controllers" dev="sda1" ino=1948 res=1 errno=0 [ 154.974700][ T9742] veth0_macvtap: entered promiscuous mode [ 154.994248][ T9742] veth1_macvtap: entered promiscuous mode [ 155.163216][ T9742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 155.210825][ T9742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.231581][ T9742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 155.249905][ T9742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.260494][ T9742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 155.273506][ T9742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.306072][ T9742] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 155.308969][ T9942] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 155.327075][ T9742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.348018][ T9742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.367302][ T9742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.372752][ T9942] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1580'. [ 155.378682][ T9742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.397604][ T9742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.411283][ T9742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.442588][ T9742] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 155.526970][ T9742] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.558658][ T9742] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.580818][ T9742] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.598521][ T9742] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.624273][ T9960] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 155.624631][ T9955] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1583'. [ 155.655545][ T9963] xt_bpf: check failed: parse error [ 155.660967][ T9960] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1587'. [ 155.873002][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 155.913538][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 155.948434][ T9980] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1594'. [ 155.967468][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 155.990632][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.018911][ T9982] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 156.045546][ T9982] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1595'. [ 156.070655][ T9980] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1594'. [ 156.401790][ T5095] Bluetooth: hci4: command tx timeout [ 156.748800][T10036] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 156.765478][T10036] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1608'. [ 156.852961][ T29] audit: type=1804 audit(1719662016.242:58): pid=10043 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1611" name="/root/syzkaller.tYUdsY/288/cgroup.controllers" dev="sda1" ino=1968 res=1 errno=0 [ 157.244883][T10068] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 157.261603][T10068] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1622'. [ 157.265707][T10066] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1620'. [ 157.302439][ T29] audit: type=1804 audit(1719662016.692:59): pid=10072 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1624" name="/root/syzkaller.YonQGu/381/cgroup.controllers" dev="sda1" ino=1968 res=1 errno=0 [ 157.528175][T10083] vlan2: entered promiscuous mode [ 157.537060][T10083] dummy0: entered promiscuous mode [ 157.555572][T10083] team0: Port device vlan2 added [ 157.697118][T10092] netlink: 'syz.3.1632': attribute type 5 has an invalid length. [ 158.370309][T10126] netlink: 'syz.2.1644': attribute type 1 has an invalid length. [ 158.486409][ T5095] Bluetooth: hci4: command 0x0419 tx timeout [ 158.567690][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 158.567708][ T29] audit: type=1804 audit(1719662017.952:61): pid=10144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1649" name="/root/syzkaller.GALFXy/383/cgroup.controllers" dev="sda1" ino=1968 res=1 errno=0 [ 158.884353][T10161] FAULT_INJECTION: forcing a failure. [ 158.884353][T10161] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 158.898654][T10161] CPU: 0 PID: 10161 Comm: syz.4.1656 Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0 [ 158.908853][T10161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 158.918927][T10161] Call Trace: [ 158.922219][T10161] [ 158.925162][T10161] dump_stack_lvl+0x241/0x360 [ 158.929867][T10161] ? __pfx_dump_stack_lvl+0x10/0x10 [ 158.935084][T10161] ? __pfx__printk+0x10/0x10 [ 158.939708][T10161] ? __pfx_lock_release+0x10/0x10 [ 158.944748][T10161] ? __lock_acquire+0x1346/0x1fd0 [ 158.949819][T10161] should_fail_ex+0x3b0/0x4e0 [ 158.954505][T10161] _copy_from_user+0x2f/0xe0 [ 158.959097][T10161] kstrtouint_from_user+0xc6/0x190 [ 158.964234][T10161] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 158.969999][T10161] ? __pfx_lock_acquire+0x10/0x10 [ 158.975050][T10161] proc_fail_nth_write+0xaa/0x2d0 [ 158.980084][T10161] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 158.985998][T10161] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 158.991662][T10161] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 158.997306][T10161] vfs_write+0x2a2/0xc90 [ 159.001684][T10161] ? __pfx_vfs_write+0x10/0x10 [ 159.006470][T10161] ? __fget_files+0x29/0x470 [ 159.011118][T10161] ? __fget_files+0x3f6/0x470 [ 159.015891][T10161] ksys_write+0x1a0/0x2c0 [ 159.020249][T10161] ? __pfx_ksys_write+0x10/0x10 [ 159.025122][T10161] ? do_syscall_64+0x100/0x230 [ 159.029925][T10161] ? do_syscall_64+0xb6/0x230 [ 159.034608][T10161] do_syscall_64+0xf3/0x230 [ 159.039112][T10161] ? clear_bhb_loop+0x35/0x90 [ 159.043807][T10161] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.049734][T10161] RIP: 0033:0x7febb937471f [ 159.054170][T10161] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 159.073776][T10161] RSP: 002b:00007febba0eb040 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 159.082205][T10161] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007febb937471f [ 159.090224][T10161] RDX: 0000000000000001 RSI: 00007febba0eb0b0 RDI: 0000000000000004 [ 159.098218][T10161] RBP: 00007febba0eb0a0 R08: 0000000000000000 R09: 0000000000000000 [ 159.106201][T10161] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 159.114198][T10161] R13: 000000000000000b R14: 00007febb9503fa0 R15: 00007ffc174d84d8 [ 159.122203][T10161] [ 159.216195][T10165] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 159.419023][ T29] audit: type=1804 audit(1719662018.802:62): pid=10176 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1664" name="/root/syzkaller.HANBaS/346/cgroup.controllers" dev="sda1" ino=1970 res=1 errno=0 [ 159.605155][T10188] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 159.978967][T10215] ieee802154 phy0 wpan0: encryption failed: -22 [ 160.150889][T10225] __nla_validate_parse: 8 callbacks suppressed [ 160.150986][T10225] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1682'. [ 160.259566][T10228] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 160.284310][T10228] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1684'. [ 160.404273][T10240] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 160.444244][T10241] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1688'. [ 160.470656][T10241] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1688'. [ 160.500389][T10241] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1688'. [ 160.525357][T10236] netlink: 112 bytes leftover after parsing attributes in process `syz.2.1688'. [ 160.540781][T10236] tipc: Started in network mode [ 160.547096][T10236] tipc: Node identity aaaaaaaaaa0c, cluster identity 3 [ 160.562610][ T4489] Bluetooth: hci4: command 0x0419 tx timeout [ 160.576461][T10236] tipc: Enabled bearer , priority 16 [ 160.698539][T10244] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1690'. [ 160.843493][T10260] bridge0: port 3(gretap0) entered blocking state [ 160.860381][T10260] bridge0: port 3(gretap0) entered disabled state [ 160.870513][T10260] gretap0: entered allmulticast mode [ 160.883219][T10260] gretap0: entered promiscuous mode [ 160.891518][T10260] bridge0: port 3(gretap0) entered blocking state [ 160.898747][T10260] bridge0: port 3(gretap0) entered forwarding state [ 160.925044][T10260] tipc: Resetting bearer [ 161.621666][ T5138] tipc: Node number set to 10922666 [ 161.793205][T10269] sctp: [Deprecated]: syz.4.1697 (pid 10269) Use of struct sctp_assoc_value in delayed_ack socket option. [ 161.793205][T10269] Use struct sctp_sack_info instead [ 161.877578][T10303] netlink: 'syz.2.1710': attribute type 1 has an invalid length. [ 161.893199][T10303] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1710'. [ 161.904036][T10289] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1707'. [ 162.040092][T10313] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1715'. [ 162.322876][T10328] bond0: (slave vlan2): Opening slave failed [ 162.628243][T10340] sit0: entered allmulticast mode [ 162.703283][T10346] netlink: 'syz.0.1727': attribute type 1 has an invalid length. [ 162.999025][T10365] netlink: 'syz.1.1735': attribute type 10 has an invalid length. [ 163.028138][T10365] batman_adv: batadv0: Adding interface: team0 [ 163.056876][T10365] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.089783][T10365] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 163.132043][T10365] netlink: 'syz.1.1735': attribute type 10 has an invalid length. [ 163.140065][T10365] team0: entered promiscuous mode [ 163.147987][T10365] team_slave_0: entered promiscuous mode [ 163.172680][T10365] team_slave_1: entered promiscuous mode [ 163.193966][T10365] 8021q: adding VLAN 0 to HW filter on device team0 [ 163.210774][T10365] batman_adv: batadv0: Interface activated: team0 [ 163.232558][ C0] TCP: request_sock_TCP: Possible SYN flooding on port [::ffff:172.20.20.170]:2. Sending cookies. [ 163.239434][T10375] openvswitch: netlink: Multiple metadata blocks provided [ 163.265976][T10365] batman_adv: batadv0: Interface deactivated: team0 [ 163.277921][T10365] batman_adv: batadv0: Removing interface: team0 [ 163.392018][T10379] netlink: 'syz.1.1741': attribute type 1 has an invalid length. [ 163.655887][T10396] netlink: 'syz.4.1746': attribute type 17 has an invalid length. [ 163.665830][T10396] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 163.912150][T10409] netlink: 'syz.3.1752': attribute type 10 has an invalid length. [ 163.947610][T10411] netlink: 'syz.2.1754': attribute type 1 has an invalid length. [ 163.959989][T10409] batman_adv: batadv0: Adding interface: team0 [ 163.973339][T10409] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.999995][T10409] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 164.064645][T10409] netlink: 'syz.3.1752': attribute type 10 has an invalid length. [ 164.085195][T10409] team0: entered promiscuous mode [ 164.090290][T10409] team_slave_1: entered promiscuous mode [ 164.102199][T10409] batadv1: entered promiscuous mode [ 164.109937][T10409] 8021q: adding VLAN 0 to HW filter on device team0 [ 164.117829][T10409] batman_adv: batadv0: Interface activated: team0 [ 164.130521][T10409] batman_adv: batadv0: Interface deactivated: team0 [ 164.152045][T10409] batman_adv: batadv0: Removing interface: team0 [ 164.337674][T10431] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 164.648591][T10447] netlink: 'syz.0.1765': attribute type 1 has an invalid length. [ 164.855794][T10455] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 165.104890][T10477] netlink: 'syz.3.1775': attribute type 7 has an invalid length. [ 165.239236][T10479] xt_CT: You must specify a L4 protocol and not use inversions on it [ 165.496837][T10497] netlink: 'syz.1.1781': attribute type 10 has an invalid length. [ 165.572833][T10497] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 165.624259][T10514] sctp: [Deprecated]: syz.0.1785 (pid 10514) Use of int in max_burst socket option deprecated. [ 165.624259][T10514] Use struct sctp_assoc_value instead [ 165.658781][T10500] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 165.666554][T10516] __nla_validate_parse: 15 callbacks suppressed [ 165.666574][T10516] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1787'. [ 165.759535][T10518] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1785'. [ 165.783608][T10518] bond0: (slave syz_tun): Releasing backup interface [ 165.850291][T10524] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1791'. [ 165.906802][T10527] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1792'. [ 165.917273][T10527] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1792'. [ 166.067439][T10536] IPVS: Error connecting to the multicast addr [ 166.664820][T10576] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1807'. [ 167.088398][T10594] netlink: 'syz.1.1816': attribute type 21 has an invalid length. [ 167.096677][T10594] IPv6: NLM_F_CREATE should be specified when creating new route [ 167.105092][T10594] IPv6: Can't replace route, no match found [ 167.283918][ T5095] Bluetooth: hci0: command 0x0c1a tx timeout [ 167.290049][ T4489] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 167.452578][T10610] batman_adv: batadv0: Adding interface: macvtap1 [ 167.459236][T10610] batman_adv: batadv0: The MTU of interface macvtap1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.497495][T10610] batman_adv: batadv0: Interface activated: macvtap1 [ 167.666504][T10614] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 168.128611][T10654] netlink: 1042 bytes leftover after parsing attributes in process `syz.0.1838'. [ 168.217951][T10661] veth0_to_hsr: mtu less than device minimum [ 168.305377][T10667] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1843'. [ 168.696509][T10687] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1846'. [ 169.345461][T10709] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1852'. [ 169.394242][T10714] atomic_op ffff8880778ad998 conn xmit_atomic 0000000000000000 [ 169.814121][T10733] netlink: 'syz.0.1859': attribute type 11 has an invalid length. [ 169.849367][T10733] netlink: 'syz.0.1859': attribute type 5 has an invalid length. [ 170.021596][T10746] xt_nat: multiple ranges no longer supported [ 170.144013][T10748] nr0: tun_chr_ioctl cmd 1074025673 [ 170.212747][T10759] vlan3: entered promiscuous mode [ 170.404206][T10767] bond_slave_0: entered promiscuous mode [ 170.410399][T10767] bond_slave_1: entered promiscuous mode [ 170.416288][T10767] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 170.629146][T10765] bond_slave_0: left promiscuous mode [ 170.635163][T10765] bond_slave_1: left promiscuous mode [ 170.640894][T10765] netdevsim netdevsim1 netdevsim0: left promiscuous mode [ 170.662173][T10771] syzkaller1: entered promiscuous mode [ 170.667738][T10771] syzkaller1: entered allmulticast mode [ 171.077535][ T29] audit: type=1804 audit(1719662030.462:63): pid=10782 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1877" name="/root/syzkaller.GALFXy/443/cgroup.controllers" dev="sda1" ino=1966 res=1 errno=0 [ 171.627394][T10828] xt_CT: You must specify a L4 protocol and not use inversions on it [ 171.635697][ T29] audit: type=1804 audit(1719662031.012:64): pid=10825 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1891" name="/root/syzkaller.HANBaS/386/cgroup.controllers" dev="sda1" ino=1973 res=1 errno=0 [ 171.729259][T10831] netlink: 'syz.2.1895': attribute type 2 has an invalid length. [ 171.737410][T10831] netlink: 'syz.2.1895': attribute type 8 has an invalid length. [ 171.745944][T10831] netlink: 'syz.2.1895': attribute type 1 has an invalid length. [ 171.754575][T10831] netlink: 'syz.2.1895': attribute type 1 has an invalid length. [ 171.771766][T10831] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.991959][T10843] __nla_validate_parse: 1 callbacks suppressed [ 171.991978][T10843] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1900'. [ 173.202514][ T4489] Bluetooth: hci4: command 0x0419 tx timeout [ 176.407287][ T5104] Bluetooth: hci2: command 0x0406 tx timeout [ 176.407353][ T5103] Bluetooth: hci1: command 0x0406 tx timeout [ 176.413468][ T5099] Bluetooth: hci3: command 0x0406 tx timeout [ 180.485081][T10899] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1921'. [ 180.535472][T10900] delete_channel: no stack [ 180.559584][T10907] bridge2: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 180.591893][T10907] bridge2: entered promiscuous mode [ 180.597176][T10907] bridge2: entered allmulticast mode [ 180.924283][T10936] xt_TPROXY: Can be used only with -p tcp or -p udp [ 180.935530][T10936] sch_fq: defrate 0 ignored. [ 180.957283][T10940] sctp: [Deprecated]: syz.1.1937 (pid 10940) Use of int in max_burst socket option. [ 180.957283][T10940] Use struct sctp_assoc_value instead [ 180.986057][T10940] netlink: 1832 bytes leftover after parsing attributes in process `syz.1.1937'. [ 181.217009][ T29] audit: type=1804 audit(1719662040.602:65): pid=10950 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1942" name="/root/syzkaller.YonQGu/454/cgroup.controllers" dev="sda1" ino=1969 res=1 errno=0 [ 181.326527][T10956] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1943'. [ 181.360744][T10956] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1943'. [ 181.401757][T10956] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1943'. [ 181.422084][T10956] 1ªX¹¦D: left allmulticast mode [ 181.458274][T10956] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1943'. [ 181.500779][T10956] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1943'. [ 181.518660][T10956] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1943'. [ 181.540572][T10956] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1943'. [ 181.549476][T10960] netlink: 'syz.4.1944': attribute type 1 has an invalid length. [ 181.575289][T10956] sit0: left promiscuous mode [ 181.580222][T10956] sit0: left allmulticast mode [ 181.597611][T10956] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1943'. [ 181.825212][T10956] team0: left promiscuous mode [ 181.830250][T10956] team_slave_0: left promiscuous mode [ 181.840591][T10956] team_slave_1: left promiscuous mode [ 182.248063][T10956] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 182.291033][T10956] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 182.615989][T10956] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.630513][T10956] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.640117][T10956] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.842353][T10973] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 183.025348][ T29] audit: type=1804 audit(1719662042.402:66): pid=10985 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1953" name="/root/syzkaller.YonQGu/457/cgroup.controllers" dev="sda1" ino=1960 res=1 errno=0 [ 183.138183][T10997] xt_cluster: node mask cannot exceed total number of nodes [ 183.173336][T10995] syzkaller1: entered promiscuous mode [ 183.178893][T10995] syzkaller1: entered allmulticast mode [ 183.356488][T11005] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 183.514315][T11019] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 183.558456][T11027] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 183.749454][ T29] audit: type=1804 audit(1719662043.132:67): pid=11041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1971" name="/root/syzkaller.HANBaS/400/cgroup.controllers" dev="sda1" ino=1957 res=1 errno=0 [ 183.802013][ T29] audit: type=1804 audit(1719662043.182:68): pid=11038 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1971" name="/root/syzkaller.HANBaS/400/cgroup.controllers" dev="sda1" ino=1957 res=1 errno=0 [ 183.870092][ T29] audit: type=1804 audit(1719662043.252:69): pid=11029 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1971" name="/root/syzkaller.HANBaS/400/cgroup.controllers" dev="sda1" ino=1957 res=1 errno=0 [ 184.435912][T11092] netlink: 'syz.1.1987': attribute type 14 has an invalid length. [ 184.459715][T11093] x_tables: duplicate underflow at hook 1 [ 185.108137][T11137] xt_CT: You must specify a L4 protocol and not use inversions on it [ 185.130871][T11128] xt_CT: No such helper "pptp" [ 185.187178][ T29] audit: type=1804 audit(1719662044.572:70): pid=11139 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2007" name="/root/syzkaller.tYUdsY/371/cgroup.controllers" dev="sda1" ino=1949 res=1 errno=0 [ 185.222191][T11128] netlink: 'syz.3.2003': attribute type 27 has an invalid length. [ 185.412407][T11128] sit0: left allmulticast mode [ 185.605424][T11128] team0: left promiscuous mode [ 185.610273][T11128] team_slave_1: left promiscuous mode [ 185.626936][T11128] batadv1: left promiscuous mode [ 185.842187][ T63] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 185.852950][ T6047] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 185.900092][T11128] team_slave_0: left allmulticast mode [ 185.949522][T11128] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 185.990882][T11128] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 186.290915][T11128] netdevsim netdevsim3 : unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.310219][T11128] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.319363][T11128] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.328341][T11128] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.421858][T11128] netdevsim netdevsim3 : unset [1, 1] type 2 family 0 port 20000 - 0 [ 186.430088][T11128] netdevsim netdevsim3 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 186.443016][T11128] netdevsim netdevsim3 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 186.452098][T11128] netdevsim netdevsim3 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 186.461311][T11128] geneve2: left promiscuous mode [ 186.467222][T11128] geneve2: left allmulticast mode [ 186.526130][T11128] gretap1: left promiscuous mode [ 186.531135][T11128] gretap1: left allmulticast mode [ 186.620292][T11128] netdevsim netdevsim3 : unset [0, 0] type 1 family 0 port 8472 - 0 [ 186.628512][T11128] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 186.637549][T11128] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 186.647033][T11128] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 186.667911][T11128] vlan2: left promiscuous mode [ 186.673734][T11128] batman_adv: batadv0: Interface deactivated: macvtap1 [ 186.690278][T11128] bridge2: left promiscuous mode [ 186.695730][T11128] bridge2: left allmulticast mode [ 186.832705][T11175] __nla_validate_parse: 77 callbacks suppressed [ 186.832728][T11175] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2013'. [ 186.858452][T11170] netlink: 'syz.2.2014': attribute type 2 has an invalid length. [ 186.872027][T11170] openvswitch: netlink: IP tunnel dst address not specified [ 186.964963][T11171] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2012'. [ 186.977242][T11171] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2012'. [ 186.988817][T11171] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2012'. [ 187.004741][T11175] netlink: 'syz.1.2013': attribute type 5 has an invalid length. [ 187.067707][T11185] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2018'. [ 187.308163][ T29] audit: type=1804 audit(1719662046.692:71): pid=11199 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2021" name="/root/syzkaller.tYUdsY/375/cgroup.controllers" dev="sda1" ino=1962 res=1 errno=0 [ 187.931856][T11234] netlink: 172 bytes leftover after parsing attributes in process `syz.1.2033'. [ 188.082952][T11236] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 188.116109][T11242] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2036'. [ 188.139648][T11242] sysfs: cannot create duplicate filename '/class/ieee80211/ü!ô' [ 188.156733][T11242] CPU: 0 PID: 11242 Comm: syz.2.2036 Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0 [ 188.166962][T11242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 188.177139][T11242] Call Trace: [ 188.180449][T11242] [ 188.183415][T11242] dump_stack_lvl+0x241/0x360 [ 188.188162][T11242] ? __pfx_dump_stack_lvl+0x10/0x10 [ 188.193405][T11242] ? __pfx__printk+0x10/0x10 [ 188.198045][T11242] ? sysfs_warn_dup+0x51/0xa0 [ 188.202761][T11242] ? kmalloc_trace_noprof+0x19c/0x2c0 [ 188.208177][T11242] sysfs_warn_dup+0x8e/0xa0 [ 188.212709][T11242] sysfs_do_create_link_sd+0xbe/0x110 [ 188.218081][T11242] device_add_class_symlinks+0x1c5/0x250 [ 188.223713][T11242] device_add+0x553/0xbf0 [ 188.228043][T11242] wiphy_register+0x1d3f/0x2b30 [ 188.232928][T11242] ? __pfx_wiphy_register+0x10/0x10 [ 188.238141][T11242] ? minstrel_ht_alloc+0x72b/0x860 [ 188.243264][T11242] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 188.249348][T11242] ieee80211_register_hw+0x3098/0x3d80 [ 188.254827][T11242] ? ieee80211_register_hw+0x1151/0x3d80 [ 188.260466][T11242] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 188.266281][T11242] ? __asan_memset+0x23/0x50 [ 188.270865][T11242] ? __hrtimer_init+0x170/0x250 [ 188.275723][T11242] mac80211_hwsim_new_radio+0x2597/0x44d0 [ 188.281472][T11242] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 188.287562][T11242] ? kmalloc_node_track_caller_noprof+0x242/0x440 [ 188.293982][T11242] ? kstrndup+0x5c/0xb0 [ 188.298157][T11242] ? __asan_memcpy+0x40/0x70 [ 188.302750][T11242] hwsim_new_radio_nl+0xe4c/0x21d0 [ 188.307875][T11242] ? __pfx___nla_validate_parse+0x10/0x10 [ 188.313609][T11242] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 188.319208][T11242] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 188.325556][T11242] genl_rcv_msg+0xb14/0xec0 [ 188.330065][T11242] ? mark_lock+0x9a/0x350 [ 188.334400][T11242] ? __pfx_genl_rcv_msg+0x10/0x10 [ 188.339438][T11242] ? __pfx_lock_acquire+0x10/0x10 [ 188.344460][T11242] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 188.350018][T11242] ? __pfx___might_resched+0x10/0x10 [ 188.355320][T11242] netlink_rcv_skb+0x1e3/0x430 [ 188.360090][T11242] ? __pfx_genl_rcv_msg+0x10/0x10 [ 188.365200][T11242] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 188.370501][T11242] ? __netlink_deliver_tap+0x77e/0x7c0 [ 188.375979][T11242] genl_rcv+0x28/0x40 [ 188.379989][T11242] netlink_unicast+0x7f0/0x990 [ 188.384758][T11242] ? __pfx_netlink_unicast+0x10/0x10 [ 188.390053][T11242] ? __virt_addr_valid+0x183/0x520 [ 188.395180][T11242] ? __check_object_size+0x49c/0x900 [ 188.400473][T11242] ? bpf_lsm_netlink_send+0x9/0x10 [ 188.405599][T11242] netlink_sendmsg+0x8e4/0xcb0 [ 188.410374][T11242] ? __pfx_netlink_sendmsg+0x10/0x10 [ 188.415664][T11242] ? __import_iovec+0x536/0x820 [ 188.420511][T11242] ? aa_sock_msg_perm+0x91/0x160 [ 188.425492][T11242] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 188.430780][T11242] ? security_socket_sendmsg+0x87/0xb0 [ 188.436239][T11242] ? __pfx_netlink_sendmsg+0x10/0x10 [ 188.441532][T11242] __sock_sendmsg+0x221/0x270 [ 188.446225][T11242] ____sys_sendmsg+0x525/0x7d0 [ 188.450994][T11242] ? __pfx_____sys_sendmsg+0x10/0x10 [ 188.456326][T11242] __sys_sendmsg+0x2b0/0x3a0 [ 188.460923][T11242] ? __pfx___sys_sendmsg+0x10/0x10 [ 188.466064][T11242] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 188.472388][T11242] ? do_syscall_64+0x100/0x230 [ 188.477150][T11242] ? do_syscall_64+0xb6/0x230 [ 188.481820][T11242] do_syscall_64+0xf3/0x230 [ 188.486327][T11242] ? clear_bhb_loop+0x35/0x90 [ 188.491026][T11242] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.496917][T11242] RIP: 0033:0x7f0b1df75b99 [ 188.501337][T11242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 188.520944][T11242] RSP: 002b:00007f0b1d9ff048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 188.529476][T11242] RAX: ffffffffffffffda RBX: 00007f0b1e103fa0 RCX: 00007f0b1df75b99 [ 188.537463][T11242] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 188.545430][T11242] RBP: 00007f0b1dff677e R08: 0000000000000000 R09: 0000000000000000 [ 188.553401][T11242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 188.561372][T11242] R13: 000000000000000b R14: 00007f0b1e103fa0 R15: 00007fffb5385268 [ 188.569366][T11242] [ 188.701868][T11251] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2040'. [ 188.822520][T11247] syzkaller0: entered promiscuous mode [ 188.828712][T11247] syzkaller0: entered allmulticast mode [ 189.075760][T11271] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2048'. [ 189.101190][T11271] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2048'. [ 191.061960][T11279] netlink: 'syz.4.2047': attribute type 5 has an invalid length. [ 191.138928][T11282] tipc: Started in network mode [ 191.149307][T11282] tipc: Node identity aaaaaaaaaa17, cluster identity 4711 [ 191.159003][T11282] tipc: Enabled bearer , priority 0 [ 191.366352][T11307] netlink: 'syz.1.2057': attribute type 11 has an invalid length. [ 191.518341][T11320] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 191.769100][T11343] ieee802154 phy0 wpan0: encryption failed: -22 [ 191.776505][T11341] xt_cgroup: invalid path, errno=-2 [ 192.153152][T11373] IPVS: set_ctl: invalid protocol: 44 172.20.20.187:20003 [ 192.182591][ T5138] IPVS: starting estimator thread 0... [ 192.271808][ T5237] tipc: Node number set to 12429994 [ 192.292295][T11376] IPVS: using max 18 ests per chain, 43200 per kthread [ 192.363806][T11384] bond1: entered promiscuous mode [ 192.368924][T11384] bond1: entered allmulticast mode [ 192.379695][T11384] 8021q: adding VLAN 0 to HW filter on device bond1 [ 192.388904][T11387] __nla_validate_parse: 6 callbacks suppressed [ 192.388922][T11387] netlink: 4079 bytes leftover after parsing attributes in process `syz.2.2084'. [ 192.605174][T11400] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2088'. [ 192.787699][T11411] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2090'. [ 192.965351][T11425] bond0: left promiscuous mode [ 192.970208][T11425] bond_slave_0: left promiscuous mode [ 193.002865][T11425] bond_slave_1: left promiscuous mode [ 193.019092][T11425] netdevsim netdevsim2 : left promiscuous mode [ 193.034955][T11425] macvlan3: left promiscuous mode [ 193.040418][T11425] team0: left promiscuous mode [ 193.052214][T11425] team0: Device bond0 is already an upper device of the team interface [ 193.150170][ T29] audit: type=1804 audit(1719662052.532:72): pid=11432 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2097" name="/root/syzkaller.pFMCXd/48/cgroup.controllers" dev="sda1" ino=1967 res=1 errno=0 [ 193.630658][T11464] netlink: 108 bytes leftover after parsing attributes in process `syz.1.2112'. [ 194.023584][ T29] audit: type=1804 audit(1719662053.412:73): pid=11474 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2116" name="/root/syzkaller.YonQGu/499/cgroup.controllers" dev="sda1" ino=1961 res=1 errno=0 [ 194.167479][T11481] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2119'. [ 194.209591][T11481] Êü: entered promiscuous mode [ 194.290984][T11485] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 194.324944][T11490] netlink: 19 bytes leftover after parsing attributes in process `syz.3.2122'. [ 194.532641][T11503] tipc: Failed to remove unknown binding: 66,1,1/0:649842884/649842886 [ 194.546570][T11503] tipc: Failed to remove unknown binding: 66,1,1/0:649842884/649842886 [ 194.677978][T11513] vlan3: entered promiscuous mode [ 194.695451][T11513] team0: Device vlan3 is already an upper device of the team interface [ 194.820047][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.826644][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.606964][ T29] audit: type=1804 audit(1719662054.992:74): pid=11538 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2141" name="/root/syzkaller.pFMCXd/55/memory.events" dev="sda1" ino=1957 res=1 errno=0 [ 195.801369][T11552] vlan3: entered allmulticast mode [ 195.809886][T11552] bond0: (slave vlan3): Opening slave failed [ 195.827241][T11553] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2145'. [ 196.125148][T11574] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2147'. [ 196.312236][T11583] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 196.318098][T11574] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 196.329413][T11574] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 196.338589][T11574] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 196.347758][T11574] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 196.375056][T11574] vxlan0: entered promiscuous mode [ 196.427631][T11581] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 196.446627][T11581] team0: Port device batadv0 added [ 196.790855][T11600] netlink: 'syz.2.2165': attribute type 21 has an invalid length. [ 197.048966][T11614] netlink: 'syz.2.2171': attribute type 3 has an invalid length. [ 197.068986][T11614] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2171'. [ 197.274627][T11625] xt_limit: Overflow, try lower: 0/0 [ 197.354543][T11640] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2177'. [ 197.508712][T11648] dccp_invalid_packet: P.CsCov 11 exceeds packet length 256 [ 197.546132][T11649] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 197.553437][T11649] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 198.424972][T11682] netlink: 'syz.2.2194': attribute type 21 has an invalid length. [ 199.019625][T11713] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2204'. [ 199.234161][T11723] netlink: 'syz.3.2207': attribute type 40 has an invalid length. [ 199.290980][T11731] netlink: 129384 bytes leftover after parsing attributes in process `syz.4.2209'. [ 199.470668][T11744] netlink: 'syz.0.2215': attribute type 4 has an invalid length. [ 199.678190][T11755] netlink: 'syz.2.2219': attribute type 1 has an invalid length. [ 199.690479][T11755] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2219'. [ 199.897684][T11761] xt_CT: You must specify a L4 protocol and not use inversions on it [ 200.674600][T11786] netlink: 120 bytes leftover after parsing attributes in process `syz.3.2231'. [ 200.848571][T11794] pimreg: entered allmulticast mode [ 201.930571][T11828] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2245'. [ 201.990119][T11831] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2247'. [ 202.201929][T11845] ieee802154 phy0 wpan0: encryption failed: -90 [ 202.204520][T11843] tap0: tun_chr_ioctl cmd 1074025677 [ 202.223852][T11843] tap0: linktype set to 768 [ 203.108549][T11885] nbd: must specify an index to disconnect [ 203.189692][T11889] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2269'. [ 203.200127][T11889] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2269'. [ 203.818295][T11919] netlink: 508 bytes leftover after parsing attributes in process `syz.2.2279'. [ 203.895241][T11924] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2280'. [ 204.014548][T11928] netlink: 'syz.4.2282': attribute type 21 has an invalid length. [ 204.026331][T11928] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2282'. [ 204.036958][T11928] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2282'. [ 204.154553][T11936] netlink: 'syz.2.2286': attribute type 1 has an invalid length. [ 204.710926][T11979] netlink: 'syz.0.2297': attribute type 9 has an invalid length. [ 204.726203][T11979] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2297'. [ 204.845320][T11962] syzkaller0: entered promiscuous mode [ 204.912732][T11962] syzkaller0: entered allmulticast mode [ 205.000464][T11993] netlink: 228 bytes leftover after parsing attributes in process `syz.2.2303'. [ 205.017948][T11984] netlink: 'syz.0.2297': attribute type 9 has an invalid length. [ 205.038632][T11994] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2302'. [ 205.071705][T11984] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2297'. [ 207.510261][T12005] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2307'. [ 207.546265][T12018] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2311'. [ 208.023629][T12050] macvlan3: entered promiscuous mode [ 208.029004][T12050] macvlan3: entered allmulticast mode [ 208.055398][T12050] bridge0: entered allmulticast mode [ 208.066509][T12050] bridge0: entered promiscuous mode [ 208.080462][T12050] team0: Port device macvlan3 added [ 208.364057][T12077] FAULT_INJECTION: forcing a failure. [ 208.364057][T12077] name failslab, interval 1, probability 0, space 0, times 0 [ 208.391944][T12065] syzkaller0: entered promiscuous mode [ 208.408332][T12065] syzkaller0: entered allmulticast mode [ 208.413595][T12077] CPU: 1 PID: 12077 Comm: syz.1.2330 Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0 [ 208.424133][T12077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 208.434211][T12077] Call Trace: [ 208.437511][T12077] [ 208.440466][T12077] dump_stack_lvl+0x241/0x360 [ 208.445176][T12077] ? __pfx_dump_stack_lvl+0x10/0x10 [ 208.450409][T12077] ? __pfx__printk+0x10/0x10 [ 208.455041][T12077] ? __pfx___might_resched+0x10/0x10 [ 208.460364][T12077] ? prepend_path+0x2f/0xbe0 [ 208.465001][T12077] should_fail_ex+0x3b0/0x4e0 [ 208.469718][T12077] ? tomoyo_encode+0x26f/0x540 [ 208.470379][T12073] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2319'. [ 208.474491][T12077] should_failslab+0x9/0x20 [ 208.474525][T12077] __kmalloc_noprof+0xd8/0x400 [ 208.474549][T12077] tomoyo_encode+0x26f/0x540 [ 208.474572][T12077] tomoyo_realpath_from_path+0x59e/0x5e0 [ 208.474604][T12077] tomoyo_path_number_perm+0x23a/0x880 [ 208.474633][T12077] ? tomoyo_path_number_perm+0x208/0x880 [ 208.474655][T12077] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 208.474711][T12077] ? __fget_files+0x29/0x470 [ 208.525221][T12077] ? __fget_files+0x3f6/0x470 [ 208.529901][T12077] ? __fget_files+0x29/0x470 [ 208.534503][T12077] security_file_ioctl+0x75/0xb0 [ 208.539459][T12077] __se_sys_ioctl+0x47/0x170 [ 208.544062][T12077] do_syscall_64+0xf3/0x230 [ 208.548573][T12077] ? clear_bhb_loop+0x35/0x90 [ 208.553254][T12077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.559187][T12077] RIP: 0033:0x7f3d7ff75b99 [ 208.563612][T12077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 208.583225][T12077] RSP: 002b:00007f3d80ddf048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 208.591637][T12077] RAX: ffffffffffffffda RBX: 00007f3d80104078 RCX: 00007f3d7ff75b99 [ 208.599602][T12077] RDX: 0000000000000301 RSI: 00000000400454cd RDI: 0000000000000003 [ 208.607584][T12077] RBP: 00007f3d80ddf0a0 R08: 0000000000000000 R09: 0000000000000000 [ 208.615552][T12077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 208.623519][T12077] R13: 000000000000006e R14: 00007f3d80104078 R15: 00007ffcb79de608 [ 208.631508][T12077] [ 208.678637][T12077] ERROR: Out of memory at tomoyo_realpath_from_path. [ 210.952563][T12116] netlink: 'syz.0.2344': attribute type 6 has an invalid length. [ 211.076255][ T29] audit: type=1804 audit(1719662070.462:75): pid=12116 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2344" name="/root/syzkaller.tYUdsY/440/cgroup.controllers" dev="sda1" ino=1963 res=1 errno=0 [ 211.345282][ T29] audit: type=1804 audit(1719662070.732:76): pid=12132 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2348" name="/root/syzkaller.HANBaS/472/cgroup.controllers" dev="sda1" ino=1972 res=1 errno=0 [ 211.635291][T12150] syzkaller0: entered promiscuous mode [ 211.641019][T12150] syzkaller0: entered allmulticast mode [ 211.860935][T12161] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2359'. [ 212.064310][T12168] netlink: 'syz.1.2361': attribute type 4 has an invalid length. [ 213.714247][T12175] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2364'. [ 213.776064][ T29] audit: type=1804 audit(1719662073.162:77): pid=12174 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2363" name="/root/syzkaller.YonQGu/552/cgroup.controllers" dev="sda1" ino=1962 res=1 errno=0 [ 213.936523][T12185] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2369'. [ 213.970438][T12185] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2369'. [ 213.985914][T12192] netlink: 9412 bytes leftover after parsing attributes in process `syz.0.2372'. [ 214.266396][T12205] FAULT_INJECTION: forcing a failure. [ 214.266396][T12205] name failslab, interval 1, probability 0, space 0, times 0 [ 214.294821][T12205] CPU: 1 PID: 12205 Comm: syz.2.2376 Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0 [ 214.305036][T12205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 214.315168][T12205] Call Trace: [ 214.318466][T12205] [ 214.321424][T12205] dump_stack_lvl+0x241/0x360 [ 214.326138][T12205] ? __pfx_dump_stack_lvl+0x10/0x10 [ 214.331378][T12205] ? __pfx__printk+0x10/0x10 [ 214.336010][T12205] ? __pfx___might_resched+0x10/0x10 [ 214.341330][T12205] ? bpf_prog_bind_map+0x31a/0x690 [ 214.346560][T12205] should_fail_ex+0x3b0/0x4e0 [ 214.351276][T12205] ? bpf_prog_bind_map+0x408/0x690 [ 214.356426][T12205] should_failslab+0x9/0x20 [ 214.361140][T12205] __kmalloc_noprof+0xd8/0x400 [ 214.365939][T12205] bpf_prog_bind_map+0x408/0x690 [ 214.370914][T12205] ? bpf_lsm_bpf+0x9/0x10 [ 214.375281][T12205] __sys_bpf+0x6bf/0x810 [ 214.379562][T12205] ? __pfx___sys_bpf+0x10/0x10 [ 214.384378][T12205] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 214.390397][T12205] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 214.396845][T12205] ? do_syscall_64+0x100/0x230 [ 214.401649][T12205] __x64_sys_bpf+0x7c/0x90 [ 214.406096][T12205] do_syscall_64+0xf3/0x230 [ 214.410607][T12205] ? clear_bhb_loop+0x35/0x90 [ 214.415290][T12205] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.421183][T12205] RIP: 0033:0x7f0b1df75b99 [ 214.425595][T12205] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 214.445200][T12205] RSP: 002b:00007f0b1d9ff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 214.453613][T12205] RAX: ffffffffffffffda RBX: 00007f0b1e103fa0 RCX: 00007f0b1df75b99 [ 214.461588][T12205] RDX: 000000000000000c RSI: 0000000020000180 RDI: 0000000000000023 [ 214.469559][T12205] RBP: 00007f0b1d9ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 214.477549][T12205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 214.485516][T12205] R13: 000000000000000b R14: 00007f0b1e103fa0 R15: 00007fffb5385268 [ 214.493501][T12205] [ 214.591008][ T29] audit: type=1804 audit(1719662073.972:78): pid=12216 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2381" name="/root/syzkaller.YonQGu/555/cgroup.controllers" dev="sda1" ino=1971 res=1 errno=0 [ 214.992616][T12234] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2388'. [ 215.279076][T12254] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2397'. [ 215.291385][ T29] audit: type=1804 audit(1719662074.652:79): pid=12255 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2396" name="/root/syzkaller.HANBaS/483/cgroup.controllers" dev="sda1" ino=1957 res=1 errno=0 [ 215.442690][T12250] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2396'. [ 215.694122][T12282] tipc: Enabling of bearer rejected, failed to enable media [ 215.718028][T12278] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2406'. [ 215.732853][T12278] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2406'. [ 215.942341][T12295] netlink: 'syz.0.2412': attribute type 1 has an invalid length. [ 216.174415][T12314] ip6tnl1: entered promiscuous mode [ 216.187566][T12314] ip6tnl1: entered allmulticast mode [ 216.517322][T12337] netlink: 'syz.0.2426': attribute type 21 has an invalid length. [ 216.626029][T12343] 8021q: adding VLAN 0 to HW filter on device macvlan4 [ 216.806959][ T29] audit: type=1804 audit(1719662076.192:80): pid=12353 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2429" name="/root/syzkaller.pFMCXd/91/memory.events" dev="sda1" ino=1960 res=1 errno=0 [ 216.837740][ T29] audit: type=1800 audit(1719662076.192:81): pid=12353 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2429" name="memory.events" dev="sda1" ino=1960 res=0 errno=0 [ 216.860693][ T29] audit: type=1804 audit(1719662076.192:82): pid=12353 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.2429" name="/root/syzkaller.pFMCXd/91/memory.events" dev="sda1" ino=1960 res=1 errno=0 [ 216.911714][ T29] audit: type=1804 audit(1719662076.192:83): pid=12353 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.2429" name="/root/syzkaller.pFMCXd/91/memory.events" dev="sda1" ino=1960 res=1 errno=0 [ 216.917891][T12358] netlink: 'syz.0.2435': attribute type 9 has an invalid length. [ 216.953440][T12358] __nla_validate_parse: 5 callbacks suppressed [ 216.953459][T12358] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2435'. [ 217.484221][T12392] netlink: 100 bytes leftover after parsing attributes in process `syz.0.2451'. [ 217.603946][T12398] Â: renamed from pim6reg1 [ 217.859425][T12400] netlink: 'syz.2.2454': attribute type 4 has an invalid length. [ 218.160333][ T29] audit: type=1804 audit(1719662077.542:84): pid=12396 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2451" name="/root/syzkaller.tYUdsY/467/cgroup.controllers" dev="sda1" ino=1967 res=1 errno=0 [ 218.484720][ T29] audit: type=1804 audit(1719662077.862:85): pid=12421 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2461" name="/root/syzkaller.HANBaS/495/cgroup.controllers" dev="sda1" ino=1949 res=1 errno=0 [ 219.374495][T12443] netlink: 'syz.0.2468': attribute type 10 has an invalid length. [ 219.632105][ T29] audit: type=1804 audit(1719662079.022:86): pid=12460 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2474" name="/root/syzkaller.HANBaS/501/cgroup.controllers" dev="sda1" ino=1968 res=1 errno=0 [ 219.753053][T12471] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2477'. [ 219.784186][T12471] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2477'. [ 219.826412][T12471] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2477'. [ 219.908160][T12471] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2477'. [ 219.922241][T12471] tipc: Enabling of bearer rejected, already enabled [ 219.998250][T12480] macsec0: left allmulticast mode [ 220.013850][T12480] macsec0: left promiscuous mode [ 220.025502][T12480] bridge0: port 3(macsec0) entered disabled state [ 220.095018][T12480] bridge_slave_1: left allmulticast mode [ 220.100802][T12480] bridge_slave_1: left promiscuous mode [ 220.112078][T12480] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.180765][T12480] bridge_slave_0: left allmulticast mode [ 220.186678][T12480] bridge_slave_0: left promiscuous mode [ 220.192690][T12480] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.272839][T12483] netlink: 'syz.2.2481': attribute type 33 has an invalid length. [ 220.522924][T12492] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 220.733420][ T29] audit: type=1804 audit(1719662080.122:87): pid=12508 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2488" name="/root/syzkaller.GALFXy/608/cgroup.controllers" dev="sda1" ino=1968 res=1 errno=0 [ 220.893053][T12527] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2495'. [ 221.693343][ T29] audit: type=1804 audit(1719662081.072:88): pid=12565 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2507" name="/root/syzkaller.YonQGu/577/cgroup.controllers" dev="sda1" ino=1949 res=1 errno=0 [ 221.761182][T12564] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2508'. [ 221.943579][T12577] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2513'. [ 221.970240][T12577] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2513'. [ 221.989405][T12577] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 221.999382][T12577] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 222.018191][T12577] batman_adv: batadv0: Removing interface: macvtap1 [ 222.047914][T12582] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2515'. [ 222.217711][T12597] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2520'. [ 222.463981][T12606] xt_CONNSECMARK: invalid mode: 0 [ 222.477087][T12606] x_tables: ip6_tables: DNPT target: used from hooks FORWARD, but only usable from PREROUTING/OUTPUT [ 222.823290][ T29] audit: type=1804 audit(1719662082.212:89): pid=12626 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2531" name="/root/syzkaller.YonQGu/579/memory.events" dev="sda1" ino=1966 res=1 errno=0 [ 222.854568][ T29] audit: type=1800 audit(1719662082.212:90): pid=12626 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2531" name="memory.events" dev="sda1" ino=1966 res=0 errno=0 [ 222.941332][ T29] audit: type=1804 audit(1719662082.232:91): pid=12626 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2531" name="/root/syzkaller.YonQGu/579/memory.events" dev="sda1" ino=1966 res=1 errno=0 [ 222.968382][ T29] audit: type=1804 audit(1719662082.232:92): pid=12626 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2531" name="/root/syzkaller.YonQGu/579/memory.events" dev="sda1" ino=1966 res=1 errno=0 [ 223.062489][ T29] audit: type=1804 audit(1719662082.272:93): pid=12626 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2531" name="/root/syzkaller.YonQGu/579/memory.events" dev="sda1" ino=1966 res=1 errno=0 [ 223.136478][ T29] audit: type=1804 audit(1719662082.272:94): pid=12630 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2531" name="/root/syzkaller.YonQGu/579/memory.events" dev="sda1" ino=1966 res=1 errno=0 [ 223.268708][ T29] audit: type=1804 audit(1719662082.282:95): pid=12626 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2531" name="/root/syzkaller.YonQGu/579/memory.events" dev="sda1" ino=1966 res=1 errno=0 [ 223.392284][T12657] syzkaller0: entered promiscuous mode [ 223.398363][T12657] syzkaller0: entered allmulticast mode [ 223.467508][ T29] audit: type=1804 audit(1719662082.852:96): pid=12656 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2538" name="/root/syzkaller.YonQGu/581/cgroup.controllers" dev="sda1" ino=1948 res=1 errno=0 [ 223.587556][T12668] netlink: 'syz.0.2543': attribute type 1 has an invalid length. [ 223.611600][T12668] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.2543'. [ 225.384556][T12676] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2547'. [ 225.411986][T12675] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 225.582727][T12693] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2551'. [ 225.625314][T12693] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2551'. [ 225.817998][T12707] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2555'. [ 225.857688][ T29] audit: type=1804 audit(1719662085.242:97): pid=12705 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2556" name="/root/syzkaller.HANBaS/514/cgroup.controllers" dev="sda1" ino=1970 res=1 errno=0 [ 226.168760][T12722] syzkaller0: entered promiscuous mode [ 226.174422][T12722] syzkaller0: entered allmulticast mode [ 227.603463][ T5090] Bluetooth: hci0: command 0x0c1a tx timeout [ 228.060212][T12743] netlink: 4079 bytes leftover after parsing attributes in process `syz.0.2566'. [ 228.491004][T12769] macvlan4: entered allmulticast mode [ 228.504330][T12769] mac80211_hwsim hwsim17 wlan0: entered allmulticast mode [ 228.569359][T12769] mac80211_hwsim hwsim17 wlan0: left allmulticast mode [ 228.621005][T12782] FAULT_INJECTION: forcing a failure. [ 228.621005][T12782] name failslab, interval 1, probability 0, space 0, times 0 [ 228.642126][T12782] CPU: 1 PID: 12782 Comm: syz.0.2578 Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0 [ 228.652340][T12782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 228.662415][T12782] Call Trace: [ 228.665709][T12782] [ 228.668657][T12782] dump_stack_lvl+0x241/0x360 [ 228.673362][T12782] ? __pfx_dump_stack_lvl+0x10/0x10 [ 228.678584][T12782] ? __pfx__printk+0x10/0x10 [ 228.683219][T12782] should_fail_ex+0x3b0/0x4e0 [ 228.687925][T12782] should_failslab+0x9/0x20 [ 228.692445][T12782] __kmalloc_node_noprof+0xdf/0x440 [ 228.697641][T12782] ? kvmalloc_node_noprof+0x72/0x190 [ 228.702930][T12782] kvmalloc_node_noprof+0x72/0x190 [ 228.708046][T12782] page_pool_create_percpu+0x2b0/0x7c0 [ 228.713508][T12782] bpf_test_run_xdp_live+0x2cd/0x2110 [ 228.718879][T12782] ? arch_stack_walk+0x16d/0x1b0 [ 228.723821][T12782] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 228.729620][T12782] ? mark_lock+0x9a/0x350 [ 228.733987][T12782] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 228.739893][T12782] ? __might_fault+0xaa/0x120 [ 228.744565][T12782] ? __might_fault+0xc6/0x120 [ 228.749261][T12782] ? _copy_from_user+0xa6/0xe0 [ 228.754027][T12782] ? bpf_test_init+0x15a/0x180 [ 228.758836][T12782] ? xdp_convert_md_to_buff+0x5b/0x330 [ 228.764326][T12782] bpf_prog_test_run_xdp+0x80e/0x11b0 [ 228.769717][T12782] ? __pfx_lock_release+0x10/0x10 [ 228.774740][T12782] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 228.780535][T12782] ? __fget_files+0x29/0x470 [ 228.785145][T12782] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 228.790946][T12782] bpf_prog_test_run+0x33a/0x3b0 [ 228.795879][T12782] __sys_bpf+0x48d/0x810 [ 228.800120][T12782] ? __pfx___sys_bpf+0x10/0x10 [ 228.804898][T12782] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 228.810875][T12782] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 228.817223][T12782] ? do_syscall_64+0x100/0x230 [ 228.821989][T12782] __x64_sys_bpf+0x7c/0x90 [ 228.826423][T12782] do_syscall_64+0xf3/0x230 [ 228.830919][T12782] ? clear_bhb_loop+0x35/0x90 [ 228.835613][T12782] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.841549][T12782] RIP: 0033:0x7f926d175b99 [ 228.845976][T12782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 228.865576][T12782] RSP: 002b:00007f926dec5048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 228.873989][T12782] RAX: ffffffffffffffda RBX: 00007f926d304078 RCX: 00007f926d175b99 [ 228.881953][T12782] RDX: 0000000000000050 RSI: 0000000020000180 RDI: 000000000000000a [ 228.889928][T12782] RBP: 00007f926dec50a0 R08: 0000000000000000 R09: 0000000000000000 [ 228.897891][T12782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 228.905869][T12782] R13: 000000000000006e R14: 00007f926d304078 R15: 00007fff74e74e18 [ 228.913856][T12782] [ 229.000281][T12782] page_pool_create_percpu() gave up with errno -12 [ 229.127845][T12790] syzkaller0: entered promiscuous mode [ 229.135942][T12790] syzkaller0: entered allmulticast mode [ 229.340635][T12799] Bluetooth: hci3: invalid length 0, exp 2 for type 8 [ 229.640198][T12816] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 229.691806][ T5090] Bluetooth: hci0: command 0x0c1a tx timeout [ 229.699140][ T5095] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 231.015062][T12826] netlink: 'syz.3.2594': attribute type 21 has an invalid length. [ 231.030645][T12826] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2594'. [ 231.147283][T12826] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2594'. [ 231.158455][ T29] audit: type=1804 audit(1719662090.542:98): pid=12827 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2593" name="/root/syzkaller.GALFXy/634/cgroup.controllers" dev="sda1" ino=1973 res=1 errno=0 [ 231.164588][T12829] netlink: 'syz.1.2595': attribute type 21 has an invalid length. [ 231.197416][T12829] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2595'. [ 231.209902][T12833] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2595'. [ 231.716515][T12851] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2597'. [ 231.757818][T12862] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2609'. [ 231.808817][T12856] syzkaller0: entered promiscuous mode [ 231.815982][T12856] syzkaller0: entered allmulticast mode [ 231.838042][T12864] netlink: 'syz.3.2610': attribute type 21 has an invalid length. [ 231.846360][T12864] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2610'. [ 231.857160][T12864] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2610'. [ 231.966904][T12870] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2612'. [ 233.511764][T12879] tipc: Started in network mode [ 233.516703][T12879] tipc: Node identity aaaaaaaaaa32, cluster identity 4711 [ 233.538571][T12879] tipc: Enabled bearer , priority 10 [ 233.646098][T12889] netlink: 'syz.1.2617': attribute type 7 has an invalid length. [ 233.655550][T12889] netlink: 'syz.1.2617': attribute type 39 has an invalid length. [ 233.710239][T12894] bridge0: port 1(gretap0) entered blocking state [ 233.738817][T12894] bridge0: port 1(gretap0) entered disabled state [ 233.766736][T12894] gretap0: entered allmulticast mode [ 233.799589][T12894] gretap0: entered promiscuous mode [ 233.963875][T12908] netlink: 'syz.1.2622': attribute type 21 has an invalid length. [ 233.972249][T12908] __nla_validate_parse: 1 callbacks suppressed [ 233.972265][T12908] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2622'. [ 233.989410][T12908] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2622'. [ 234.067166][T12910] netlink: 'syz.0.2623': attribute type 5 has an invalid length. [ 234.302135][T12925] syzkaller0: entered promiscuous mode [ 234.307648][T12925] syzkaller0: entered allmulticast mode [ 234.331812][T12927] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2629'. [ 234.340919][T12927] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2629'. [ 234.565966][T11160] tipc: Node number set to 10005162 [ 234.843260][T12948] netlink: 'syz.3.2637': attribute type 13 has an invalid length. [ 236.292153][T12944] netlink: 'syz.4.2634': attribute type 21 has an invalid length. [ 236.300078][T12944] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2634'. [ 236.309369][T12946] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2634'. [ 236.323295][T12957] dummy0: entered promiscuous mode [ 236.348504][T12957] dummy0: left promiscuous mode [ 236.354344][T12960] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2640'. [ 237.051678][T13003] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2656'. [ 237.420204][ T29] audit: type=1804 audit(1719662096.802:99): pid=13019 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2662" name="/root/syzkaller.GALFXy/646/cgroup.controllers" dev="sda1" ino=1968 res=1 errno=0 [ 237.556426][T13023] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2664'. [ 237.863568][T13046] netlink: 'syz.3.2671': attribute type 1 has an invalid length. [ 237.951128][T13052] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2673'. [ 238.039504][T13052] team0: Port device batadv0 removed [ 238.101149][ T9] tipc: Resetting bearer [ 238.126758][T13049] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 238.136007][T13049] bond2: (slave batadv0): Enslaving as a backup interface with an up link [ 238.153704][ T29] audit: type=1804 audit(1719662097.542:100): pid=13055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2675" name="/root/syzkaller.GALFXy/650/cgroup.controllers" dev="sda1" ino=1972 res=1 errno=0 [ 238.243674][ T29] audit: type=1804 audit(1719662097.632:101): pid=13059 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2674" name="/root/syzkaller.pFMCXd/117/cgroup.controllers" dev="sda1" ino=1974 res=1 errno=0 [ 238.433469][T11160] IPVS: starting estimator thread 0... [ 238.441054][T13080] IPVS: rr: TCP 172.20.20.170:0 - no destination available [ 238.541646][T13081] IPVS: using max 25 ests per chain, 60000 per kthread [ 238.808118][T13103] netlink: set zone limit has 4 unknown bytes [ 238.954893][ T29] audit: type=1804 audit(1719662098.342:102): pid=13111 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2692" name="/root/syzkaller.HANBaS/549/cgroup.controllers" dev="sda1" ino=1950 res=1 errno=0 [ 238.989269][T13117] netlink: 'syz.1.2695': attribute type 10 has an invalid length. [ 239.691940][ T29] audit: type=1804 audit(1719662099.072:103): pid=13168 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2711" name="/root/syzkaller.GALFXy/657/cgroup.controllers" dev="sda1" ino=1971 res=1 errno=0 [ 239.976864][T13172] __nla_validate_parse: 2 callbacks suppressed [ 239.976884][T13172] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2712'. [ 240.182820][T13184] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 240.427938][T13197] macvlan4: entered allmulticast mode [ 240.444335][T13197] mac80211_hwsim hwsim17 wlan0: entered allmulticast mode [ 240.478679][T13197] mac80211_hwsim hwsim17 wlan0: left allmulticast mode [ 241.045147][ T6047] bridge_slave_1: left allmulticast mode [ 241.080776][ T29] audit: type=1804 audit(1719662100.462:104): pid=13237 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2729" name="/root/syzkaller.YonQGu/623/memory.events" dev="sda1" ino=1969 res=1 errno=0 [ 241.106124][ T6047] bridge_slave_1: left promiscuous mode [ 241.123083][ T6047] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.145412][ T29] audit: type=1800 audit(1719662100.462:105): pid=13237 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2729" name="memory.events" dev="sda1" ino=1969 res=0 errno=0 [ 241.170264][ T6047] bridge_slave_0: left allmulticast mode [ 241.183853][ T6047] bridge_slave_0: left promiscuous mode [ 241.198742][ T6047] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.211227][ T29] audit: type=1804 audit(1719662100.462:106): pid=13237 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2729" name="/root/syzkaller.YonQGu/623/memory.events" dev="sda1" ino=1969 res=1 errno=0 [ 241.270906][ T29] audit: type=1804 audit(1719662100.462:107): pid=13237 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2729" name="/root/syzkaller.YonQGu/623/memory.events" dev="sda1" ino=1969 res=1 errno=0 [ 241.452227][ T29] audit: type=1804 audit(1719662100.842:108): pid=13254 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2734" name="/root/syzkaller.HANBaS/559/cgroup.controllers" dev="sda1" ino=1967 res=1 errno=0 [ 241.454685][T13254] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2734'. [ 241.968223][ T6047] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 241.983712][ T6047] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 241.997029][ T6047] bond0 (unregistering): Released all slaves [ 242.098047][T13278] xt_cgroup: path and classid specified [ 242.179020][ T6047] tipc: Disabling bearer [ 242.186013][T13288] netlink: zone id is out of range [ 242.190668][ T6047] tipc: Left network mode [ 242.192873][T13288] netlink: zone id is out of range [ 242.201417][T13288] netlink: zone id is out of range [ 242.218160][T13288] netlink: zone id is out of range [ 242.232138][T13288] netlink: zone id is out of range [ 242.237511][T13288] netlink: zone id is out of range [ 242.243816][T13288] netlink: zone id is out of range [ 242.249545][T13288] netlink: zone id is out of range [ 242.712698][ T6047] hsr_slave_0: left promiscuous mode [ 242.731348][ T6047] hsr_slave_1: left promiscuous mode [ 242.739046][ T6047] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 242.746894][ T6047] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 242.765148][ T6047] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 242.773290][ T6047] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 242.816921][ T6047] macvtap0: left allmulticast mode [ 242.822482][ T6047] veth0_macvtap: left allmulticast mode [ 242.828922][ T6047] macvtap0: left promiscuous mode [ 242.834881][ T6047] veth1_macvtap: left promiscuous mode [ 242.840483][ T6047] veth0_macvtap: left promiscuous mode [ 242.846175][ T6047] veth1_vlan: left promiscuous mode [ 242.851570][ T6047] veth0_vlan: left promiscuous mode [ 243.464317][ T6047] team0 (unregistering): Port device team_slave_1 removed [ 244.000446][T13311] bridge3: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 244.012617][T13311] bridge3: entered promiscuous mode [ 244.017881][T13311] bridge3: entered allmulticast mode [ 244.060374][T13328] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap0 [ 244.239059][T13336] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2760'. [ 244.604347][T13364] netlink: 'syz.0.2769': attribute type 1 has an invalid length. [ 244.620278][T13364] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2769'. [ 244.685053][T13373] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2773'. [ 244.863160][T13383] x_tables: duplicate underflow at hook 1 [ 245.184809][T13406] netlink: 'syz.0.2785': attribute type 3 has an invalid length. [ 245.248034][T13414] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2787'. [ 245.561018][T13439] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2792'. [ 245.705115][T13446] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2792'. [ 245.729746][T13446] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2792'. [ 245.864429][T13442] netlink: 10 bytes leftover after parsing attributes in process `syz.0.2796'. [ 246.064774][T13459] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 246.178613][T13471] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2806'. [ 246.306419][T13483] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2811'. [ 246.638547][T13505] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2817'. [ 246.706847][T13507] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2818'. [ 246.883321][T13522] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2827'. [ 247.075524][T13535] netlink: 'syz.1.2829': attribute type 3 has an invalid length. [ 247.467034][T13545] team0: Port device macvlan1 added [ 248.141356][T13576] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 7 (only 8 groups) [ 248.178052][T13580] xt_CT: You must specify a L4 protocol and not use inversions on it [ 248.373923][T13579] netlink: 'syz.3.2846': attribute type 3 has an invalid length. [ 248.541117][T13596] netlink: 'syz.1.2850': attribute type 10 has an invalid length. [ 248.757024][T13584] team0: Port device macvlan1 added [ 249.705319][T13651] netlink: 'syz.3.2864': attribute type 3 has an invalid length. [ 249.727238][T13654] netlink: 'syz.1.2867': attribute type 1 has an invalid length. [ 250.124829][T13673] netlink: 'syz.1.2873': attribute type 10 has an invalid length. [ 250.134406][T13673] batman_adv: batadv0: Adding interface: team0 [ 250.141930][T13673] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 250.181677][T13673] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 250.199177][T13675] netlink: 'syz.1.2873': attribute type 10 has an invalid length. [ 250.211892][T13675] team0: entered promiscuous mode [ 250.218291][T13675] team_slave_0: entered promiscuous mode [ 250.226236][T13675] team_slave_1: entered promiscuous mode [ 250.233361][T13675] macvlan1: entered promiscuous mode [ 250.241763][T13675] 8021q: adding VLAN 0 to HW filter on device team0 [ 250.248854][T13675] batman_adv: batadv0: Interface activated: team0 [ 250.255854][T13675] batman_adv: batadv0: Interface deactivated: team0 [ 250.262936][T13675] batman_adv: batadv0: Removing interface: team0 [ 250.277531][T13677] netlink: 'syz.3.2875': attribute type 4 has an invalid length. [ 250.419227][T13691] __nla_validate_parse: 5 callbacks suppressed [ 250.419247][T13691] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2878'. [ 250.445457][T13691] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2878'. [ 250.554163][T13699] netlink: 277 bytes leftover after parsing attributes in process `syz.4.2882'. [ 250.645313][T13706] netlink: 'syz.2.2884': attribute type 3 has an invalid length. [ 250.892002][T13711] macvlan1: entered allmulticast mode [ 250.897451][T13711] veth1_vlan: entered allmulticast mode [ 250.923019][T13711] team0: Port device macvlan1 added [ 251.204080][T13730] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2894'. [ 251.627612][T13757] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2899'. [ 251.981560][ T29] kauditd_printk_skb: 2 callbacks suppressed [ 251.981580][ T29] audit: type=1804 audit(1719662111.362:111): pid=13775 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2907" name="/root/syzkaller.GALFXy/701/cgroup.controllers" dev="sda1" ino=1954 res=1 errno=0 [ 252.049103][T13785] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2903'. [ 252.498745][T13812] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2916'. [ 253.190838][T13834] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.2924'. [ 253.200586][T13834] net_ratelimit: 12 callbacks suppressed [ 253.200604][T13834] openvswitch: netlink: IP tunnel attribute has 3060 unknown bytes. [ 253.650537][ T29] audit: type=1804 audit(1719662113.032:112): pid=13857 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2932" name="/root/syzkaller.pFMCXd/141/cgroup.controllers" dev="sda1" ino=1969 res=1 errno=0 [ 253.734335][T13859] netlink: 207496 bytes leftover after parsing attributes in process `syz.4.2933'. [ 254.488977][T13891] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2947'. [ 254.801185][ T5090] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 254.814833][ T5090] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 254.829988][ T5090] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 254.845013][ T5090] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 254.854406][ T5090] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 254.864222][ T5090] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 255.228799][T13895] chnl_net:caif_netlink_parms(): no params data found [ 255.318566][T13918] Bluetooth: MGMT ver 1.22 [ 255.360580][T13921] xt_TPROXY: Can be used only with -p tcp or -p udp [ 255.453170][T13895] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.468879][T13895] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.487969][T13895] bridge_slave_0: entered allmulticast mode [ 255.507461][T13895] bridge_slave_0: entered promiscuous mode [ 255.538624][T13895] bridge0: port 2(bridge_slave_1) entered blocking state [ 255.562870][T13895] bridge0: port 2(bridge_slave_1) entered disabled state [ 255.570165][T13895] bridge_slave_1: entered allmulticast mode [ 255.608948][T13895] bridge_slave_1: entered promiscuous mode [ 255.733600][T13895] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 255.768828][T13895] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 255.811904][T13943] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2963'. [ 255.831372][T13943] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2963'. [ 255.970433][T13895] team0: Port device team_slave_0 added [ 256.000459][T13895] team0: Port device team_slave_1 added [ 256.017411][T13923] batadv_slave_1: entered promiscuous mode [ 256.047155][T13927] vlan1: entered promiscuous mode [ 256.186834][T13895] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 256.200299][ T5090] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 256.203878][T13895] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 256.234591][ T5090] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 256.254362][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.260303][T13895] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 256.272004][ T5090] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 256.306959][ T5090] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 256.314462][T13917] vlan1: left promiscuous mode [ 256.319766][T13917] batadv_slave_1: left promiscuous mode [ 256.327206][T13895] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 256.327762][ T5090] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 256.334770][T13895] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 256.370396][ T5090] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 256.379418][T13895] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 256.565441][T13966] netlink: 4079 bytes leftover after parsing attributes in process `syz.4.2971'. [ 256.663715][T13895] hsr_slave_0: entered promiscuous mode [ 256.674829][T13895] hsr_slave_1: entered promiscuous mode [ 256.684889][T13895] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 256.692709][T13895] Cannot create hsr debugfs directory [ 256.726201][T13975] netlink: 'syz.2.2972': attribute type 1 has an invalid length. [ 256.734329][T13975] netlink: 112860 bytes leftover after parsing attributes in process `syz.2.2972'. [ 256.863317][T11115] bond0: (slave netdevsim0): Releasing backup interface [ 256.962029][ T5095] Bluetooth: hci0: command tx timeout [ 257.124537][T11115] gretap0: left allmulticast mode [ 257.129750][T11115] gretap0: left promiscuous mode [ 257.140653][T11115] bridge0: port 1(gretap0) entered disabled state [ 257.662055][T11115] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 257.672272][T11115] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 257.686679][T11115] bond0 (unregistering): Released all slaves [ 257.698289][T11115] bond1 (unregistering): Released all slaves [ 257.710915][T11115] bond2 (unregistering): Released all slaves [ 257.729262][T11115] bond3 (unregistering): Released all slaves [ 257.747970][T11115] bond4 (unregistering): Released all slaves [ 257.767872][T11115] bond5 (unregistering): Released all slaves [ 257.786406][T11115] bond6 (unregistering): Released all slaves [ 257.812648][T11115] bond7 (unregistering): Released all slaves [ 257.955713][T11115] tipc: Disabling bearer [ 257.971915][T11115] tipc: Left network mode [ 258.206830][T13955] chnl_net:caif_netlink_parms(): no params data found [ 258.345851][T14022] sctp: [Deprecated]: syz.3.2985 (pid 14022) Use of int in maxseg socket option. [ 258.345851][T14022] Use struct sctp_assoc_value instead [ 258.400235][T14026] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2986'. [ 258.429579][T14026] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2986'. [ 258.484819][ T5095] Bluetooth: hci3: command tx timeout [ 258.648931][T11115] hsr_slave_0: left promiscuous mode [ 258.659602][T11115] hsr_slave_1: left promiscuous mode [ 258.668458][T14037] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2988'. [ 258.678507][T11115] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 258.690894][T11115] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 258.816809][T11115] macvlan1 (unregistering): left promiscuous mode [ 258.829585][T11115] team0 (unregistering): Port device macvlan1 removed [ 259.043022][ T5095] Bluetooth: hci0: command tx timeout [ 259.140039][T11115] team_slave_1 (unregistering): left promiscuous mode [ 259.150092][T11115] team0 (unregistering): Port device team_slave_1 removed [ 259.199186][T11115] team_slave_0 (unregistering): left promiscuous mode [ 259.216190][T11115] team0 (unregistering): Port device team_slave_0 removed [ 259.678238][T13955] bridge0: port 1(bridge_slave_0) entered blocking state [ 259.686141][T13955] bridge0: port 1(bridge_slave_0) entered disabled state [ 259.693537][T13955] bridge_slave_0: entered allmulticast mode [ 259.701084][T13955] bridge_slave_0: entered promiscuous mode [ 259.733953][T13955] bridge0: port 2(bridge_slave_1) entered blocking state [ 259.741339][T13955] bridge0: port 2(bridge_slave_1) entered disabled state [ 259.766312][T13955] bridge_slave_1: entered allmulticast mode [ 259.781347][T13955] bridge_slave_1: entered promiscuous mode [ 259.843051][T13955] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 259.864467][T13955] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 259.924724][T14049] xt_connbytes: Forcing CT accounting to be enabled [ 259.958892][T13955] team0: Port device team_slave_0 added [ 259.977085][T13955] team0: Port device team_slave_1 added [ 260.086383][T14053] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2996'. [ 260.091658][T13955] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 260.117828][T13955] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 260.174347][T13955] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 260.208067][T13955] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 260.231535][T13955] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 260.281596][T13955] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 260.380289][T13895] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 260.435319][T13895] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 260.500523][T13895] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 260.530677][T13895] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 260.561888][ T5095] Bluetooth: hci3: command tx timeout [ 260.572607][T11115] IPVS: stop unused estimator thread 0... [ 260.708438][T13955] hsr_slave_0: entered promiscuous mode [ 260.721470][T13955] hsr_slave_1: entered promiscuous mode [ 260.728133][T13955] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 260.743659][T13955] Cannot create hsr debugfs directory [ 261.122729][ T5095] Bluetooth: hci0: command tx timeout [ 261.136733][T13895] 8021q: adding VLAN 0 to HW filter on device bond0 [ 261.183934][T13895] 8021q: adding VLAN 0 to HW filter on device team0 [ 261.202847][ T5139] bridge0: port 1(bridge_slave_0) entered blocking state [ 261.209978][ T5139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 261.223455][ T5139] bridge0: port 2(bridge_slave_1) entered blocking state [ 261.230580][ T5139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 261.260638][T14093] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3009'. [ 261.278719][T14093] xfrm1: entered promiscuous mode [ 261.284163][T14093] xfrm1: entered allmulticast mode [ 261.505021][T13955] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 261.590372][T13955] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 261.619753][T13955] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 261.650146][T13955] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 261.759105][T13895] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 261.973160][T13955] 8021q: adding VLAN 0 to HW filter on device bond0 [ 262.055204][T13895] veth0_vlan: entered promiscuous mode [ 262.100062][T13955] 8021q: adding VLAN 0 to HW filter on device team0 [ 262.148422][T13895] veth1_vlan: entered promiscuous mode [ 262.223474][ T5091] bridge0: port 1(bridge_slave_0) entered blocking state [ 262.230729][ T5091] bridge0: port 1(bridge_slave_0) entered forwarding state [ 262.311382][T13895] veth0_macvtap: entered promiscuous mode [ 262.335712][T13895] veth1_macvtap: entered promiscuous mode [ 262.369388][ T5139] bridge0: port 2(bridge_slave_1) entered blocking state [ 262.376635][ T5139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 262.457548][T14124] netlink: 'syz.3.3018': attribute type 1 has an invalid length. [ 262.469376][T14124] netlink: 236 bytes leftover after parsing attributes in process `syz.3.3018'. [ 262.503506][T13895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 262.517011][T13895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 262.553530][T13895] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 262.580964][T13895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 262.592731][T13895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 262.608073][T13895] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 262.648576][ T5095] Bluetooth: hci3: command tx timeout [ 262.676566][T13895] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.709162][T13895] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.729733][T14131] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3020'. [ 262.740484][T13895] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.755006][T13895] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.773300][T14137] netlink: 'syz.2.3021': attribute type 4 has an invalid length. [ 262.909266][T14145] IPv6: Can't replace route, no match found [ 262.971082][T11115] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 263.010263][T11115] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 263.047251][T13955] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 263.111170][T14147] tap0: tun_chr_ioctl cmd 1074025677 [ 263.120273][ T6009] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 263.129454][ T6009] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 263.140316][T14147] tap0: linktype set to 65534 [ 263.208217][ T5095] Bluetooth: hci0: command tx timeout [ 263.280340][T13955] veth0_vlan: entered promiscuous mode [ 263.310617][T13955] veth1_vlan: entered promiscuous mode [ 263.337135][ T29] audit: type=1804 audit(1719662122.722:113): pid=14157 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2948" name="/root/syzkaller.paEA2h/0/cgroup.controllers" dev="sda1" ino=1953 res=1 errno=0 [ 263.378512][T13955] veth0_macvtap: entered promiscuous mode [ 263.400561][T13955] veth1_macvtap: entered promiscuous mode [ 263.465227][T13955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 263.489377][T13955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 263.511265][T13955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 263.531026][T13955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 263.565726][T13955] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 263.612010][T14173] netlink: 4084 bytes leftover after parsing attributes in process `syz.0.3029'. [ 263.621210][T13955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 263.621235][T13955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 263.621249][T13955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 263.621261][T13955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 263.623485][T13955] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 263.713790][T14173] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3029'. [ 263.716929][T13955] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.744873][T13955] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.753822][T13955] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.763774][T13955] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.950798][T11119] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 263.972930][T11119] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 264.034007][T11115] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 264.064080][T11115] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 264.118117][T14186] netlink: 144 bytes leftover after parsing attributes in process `syz.2.3034'. [ 264.259594][T14173] infiniband syz1: set active [ 264.277374][T14173] infiniband syz1: added veth1_vlan [ 264.396577][T14173] RDS/IB: syz1: added [ 264.431349][T14173] smc: adding ib device syz1 with port count 1 [ 264.451764][T14173] smc: ib device syz1 port 1 has pnetid [ 264.466989][ T29] audit: type=1804 audit(1719662123.852:114): pid=14201 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3038" name="/root/syzkaller.HANBaS/658/cgroup.controllers" dev="sda1" ino=1973 res=1 errno=0 [ 264.593488][T14207] netlink: 191416 bytes leftover after parsing attributes in process `syz.1.3040'. [ 264.613211][T14207] netlink: zone id is out of range [ 264.618382][T14207] netlink: zone id is out of range [ 264.653942][T14207] netlink: zone id is out of range [ 264.659209][T14207] netlink: zone id is out of range [ 264.684130][T14207] netlink: zone id is out of range [ 264.691580][T14207] netlink: zone id is out of range [ 264.717393][T14207] netlink: zone id is out of range [ 264.726293][ T5095] Bluetooth: hci3: command tx timeout [ 264.748987][T14207] netlink: zone id is out of range [ 264.760110][T14207] netlink: zone id is out of range [ 264.770456][T14207] netlink: zone id is out of range [ 265.079665][T14222] syzkaller0: entered promiscuous mode [ 265.115632][T14222] syzkaller0: entered allmulticast mode [ 265.293678][T14238] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 265.533055][T14244] Bluetooth: MGMT ver 1.22 [ 267.428069][T14254] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 267.731790][T14265] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 267.821192][T14263] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 267.919404][T14254] team0: entered allmulticast mode [ 267.938965][T14254] team_slave_0: entered allmulticast mode [ 267.945132][T14254] team_slave_1: entered allmulticast mode [ 267.991132][T14275] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000193: 0000 [#1] PREEMPT SMP KASAN PTI [ 268.003859][T14275] KASAN: null-ptr-deref in range [0x0000000000000c98-0x0000000000000c9f] [ 268.012289][T14275] CPU: 1 PID: 14275 Comm: syz.3.3070 Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0 [ 268.022549][T14275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 268.032624][T14275] RIP: 0010:coalesce_fill_reply+0xcc/0x1b70 [ 268.038548][T14275] Code: e8 a9 ef f8 f7 4c 89 f0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 b3 bd 5e f8 bb 98 0c 00 00 49 03 1e 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 95 bd 5e f8 48 8b 03 48 89 44 24 [ 268.058174][T14275] RSP: 0018:ffffc9000350eee0 EFLAGS: 00010206 [ 268.064278][T14275] RAX: 0000000000000193 RBX: 0000000000000c98 RCX: 0000000000040000 [ 268.072262][T14275] RDX: ffffc9000961a000 RSI: 0000000000000e62 RDI: 0000000000000e63 [ 268.080234][T14275] RBP: ffffc9000350f118 R08: ffffffff899beea7 R09: 006e75745f7a7973 [ 268.088224][T14275] R10: dffffc0000000000 R11: ffffffff899d36b0 R12: ffffffff899d36b0 [ 268.096205][T14275] R13: dffffc0000000000 R14: ffff8880676cb200 R15: ffff888021fcd780 [ 268.104180][T14275] FS: 00007f11accb16c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 268.113104][T14275] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 268.119685][T14275] CR2: 0000001b3381fffc CR3: 000000007849a000 CR4: 00000000003506f0 [ 268.127661][T14275] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 268.135626][T14275] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 268.143772][T14275] Call Trace: [ 268.147043][T14275] [ 268.149979][T14275] ? __die_body+0x88/0xe0 [ 268.154326][T14275] ? die_addr+0x108/0x140 [ 268.158656][T14275] ? exc_general_protection+0x3dd/0x5d0 [ 268.164209][T14275] ? asm_exc_general_protection+0x26/0x30 [ 268.169926][T14275] ? __pfx_coalesce_fill_reply+0x10/0x10 [ 268.175564][T14275] ? __pfx_coalesce_fill_reply+0x10/0x10 [ 268.181195][T14275] ? ethnl_default_dumpit+0x517/0xb30 [ 268.186562][T14275] ? coalesce_fill_reply+0xcc/0x1b70 [ 268.191850][T14275] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 268.197827][T14275] ? __pfx_coalesce_fill_reply+0x10/0x10 [ 268.203458][T14275] ? rcu_is_watching+0x15/0xb0 [ 268.208216][T14275] ? trace_contention_end+0x3c/0x120 [ 268.213510][T14275] ? nla_put+0x131/0x1e0 [ 268.217748][T14275] ? __asan_memcpy+0x40/0x70 [ 268.222333][T14275] ? nla_put+0x131/0x1e0 [ 268.226589][T14275] ? ethnl_fill_reply_header+0x295/0x3c0 [ 268.232217][T14275] ? __pfx_netdev_run_todo+0x10/0x10 [ 268.237500][T14275] ? __pfx_ethnl_fill_reply_header+0x10/0x10 [ 268.243481][T14275] ? ethnl_ops_complete+0xba/0xd0 [ 268.248501][T14275] ? coalesce_prepare_data+0x175/0x1e0 [ 268.253965][T14275] ? __pfx_coalesce_fill_reply+0x10/0x10 [ 268.259599][T14275] ? ethnl_default_dumpit+0x83/0xb30 [ 268.264875][T14275] ethnl_default_dumpit+0x5ac/0xb30 [ 268.270067][T14275] ? ethnl_default_dumpit+0x83/0xb30 [ 268.275369][T14275] genl_dumpit+0x107/0x1a0 [ 268.279782][T14275] netlink_dump+0x647/0xd80 [ 268.284281][T14275] ? __pfx_netlink_dump+0x10/0x10 [ 268.289306][T14275] ? genl_start+0x597/0x6d0 [ 268.293807][T14275] __netlink_dump_start+0x59f/0x780 [ 268.299046][T14275] genl_rcv_msg+0x88c/0xec0 [ 268.303561][T14275] ? mark_lock+0x9a/0x350 [ 268.307904][T14275] ? __pfx_genl_rcv_msg+0x10/0x10 [ 268.312932][T14275] ? __pfx_genl_start+0x10/0x10 [ 268.317782][T14275] ? __pfx_genl_dumpit+0x10/0x10 [ 268.322711][T14275] ? __pfx_genl_done+0x10/0x10 [ 268.327478][T14275] ? __pfx_lock_acquire+0x10/0x10 [ 268.332516][T14275] ? __pfx_ethnl_default_start+0x10/0x10 [ 268.338142][T14275] ? __pfx_ethnl_default_dumpit+0x10/0x10 [ 268.343859][T14275] ? __pfx_ethnl_default_done+0x10/0x10 [ 268.349398][T14275] ? __pfx___might_resched+0x10/0x10 [ 268.354688][T14275] netlink_rcv_skb+0x1e3/0x430 [ 268.359450][T14275] ? __pfx_genl_rcv_msg+0x10/0x10 [ 268.364471][T14275] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 268.369756][T14275] genl_rcv+0x28/0x40 [ 268.373766][T14275] netlink_unicast+0x7f0/0x990 [ 268.378525][T14275] ? __pfx_netlink_unicast+0x10/0x10 [ 268.383799][T14275] ? __virt_addr_valid+0x183/0x520 [ 268.388906][T14275] ? __check_object_size+0x49c/0x900 [ 268.394190][T14275] ? bpf_lsm_netlink_send+0x9/0x10 [ 268.399385][T14275] netlink_sendmsg+0x8e4/0xcb0 [ 268.404144][T14275] ? __pfx_netlink_sendmsg+0x10/0x10 [ 268.409423][T14275] ? __import_iovec+0x536/0x820 [ 268.414266][T14275] ? aa_sock_msg_perm+0x91/0x160 [ 268.419200][T14275] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 268.424472][T14275] ? security_socket_sendmsg+0x87/0xb0 [ 268.429926][T14275] ? __pfx_netlink_sendmsg+0x10/0x10 [ 268.435206][T14275] __sock_sendmsg+0x221/0x270 [ 268.439881][T14275] ____sys_sendmsg+0x525/0x7d0 [ 268.444648][T14275] ? __pfx_____sys_sendmsg+0x10/0x10 [ 268.449978][T14275] __sys_sendmsg+0x2b0/0x3a0 [ 268.454566][T14275] ? __pfx___sys_sendmsg+0x10/0x10 [ 268.459671][T14275] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 268.465575][T14275] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 268.471895][T14275] ? do_syscall_64+0x100/0x230 [ 268.476649][T14275] ? do_syscall_64+0xb6/0x230 [ 268.481317][T14275] do_syscall_64+0xf3/0x230 [ 268.485809][T14275] ? clear_bhb_loop+0x35/0x90 [ 268.490478][T14275] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.496362][T14275] RIP: 0033:0x7f11abf75b99 [ 268.500771][T14275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 268.520370][T14275] RSP: 002b:00007f11accb1048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 268.528777][T14275] RAX: ffffffffffffffda RBX: 00007f11ac103fa0 RCX: 00007f11abf75b99 [ 268.536742][T14275] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003 [ 268.544707][T14275] RBP: 00007f11abff677e R08: 0000000000000000 R09: 0000000000000000 [ 268.552672][T14275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 268.560636][T14275] R13: 000000000000000b R14: 00007f11ac103fa0 R15: 00007ffc13b9c2b8 [ 268.568613][T14275] [ 268.571624][T14275] Modules linked in: [ 268.644113][T14275] ---[ end trace 0000000000000000 ]--- [ 268.649665][T14275] RIP: 0010:coalesce_fill_reply+0xcc/0x1b70 [ 268.655756][T14275] Code: e8 a9 ef f8 f7 4c 89 f0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 b3 bd 5e f8 bb 98 0c 00 00 49 03 1e 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 95 bd 5e f8 48 8b 03 48 89 44 24 [ 268.675580][T14275] RSP: 0018:ffffc9000350eee0 EFLAGS: 00010206 [ 268.682415][T14275] RAX: 0000000000000193 RBX: 0000000000000c98 RCX: 0000000000040000 [ 268.690441][T14275] RDX: ffffc9000961a000 RSI: 0000000000000e62 RDI: 0000000000000e63 [ 268.698536][T14275] RBP: ffffc9000350f118 R08: ffffffff899beea7 R09: 006e75745f7a7973 [ 268.708401][T14275] R10: dffffc0000000000 R11: ffffffff899d36b0 R12: ffffffff899d36b0 [ 268.717177][T14275] R13: dffffc0000000000 R14: ffff8880676cb200 R15: ffff888021fcd780 [ 268.725833][T14275] FS: 00007f11accb16c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 268.737331][T14275] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 268.744034][T14275] CR2: 0000000020001800 CR3: 000000007849a000 CR4: 00000000003506f0 [ 268.752279][T14275] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 268.760260][T14275] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 268.768345][T14275] Kernel panic - not syncing: Fatal exception [ 268.774655][T14275] Kernel Offset: disabled [ 268.778997][T14275] Rebooting in 86400 seconds..