last executing test programs: 1m26.422458579s ago: executing program 3 (id=1175): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_serviced\x00', 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f00000006c0)={0x8, 0x0, 0x0, 0x0, 0x4b1f}) 1m8.341591376s ago: executing program 3 (id=1175): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_serviced\x00', 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f00000006c0)={0x8, 0x0, 0x0, 0x0, 0x4b1f}) 54.17776379s ago: executing program 3 (id=1175): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_serviced\x00', 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f00000006c0)={0x8, 0x0, 0x0, 0x0, 0x4b1f}) 42.464586213s ago: executing program 0 (id=1896): bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x10, 0xe, 0x0, &(0x7f00000001c0)='GPL\x00', 0xe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000000c0), 0x10}, 0x90) 42.358181523s ago: executing program 0 (id=1898): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00'}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2, 0x2}, 0x10) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00'}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r2, r3, 0x2, 0x2}, 0x10) socketpair(0xa, 0x1, 0x0, &(0x7f0000002d00)) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x54}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000070000000000000000000000000a2c000000050a05000000000000000000020000000900010073797a30000000000900030073797a32"], 0x54}}, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000080eff95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) unshare(0x2c060000) unshare(0x24020400) r6 = socket$unix(0x1, 0x1, 0x0) bind$unix(r6, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e) r7 = socket$unix(0x1, 0x2, 0x0) connect$unix(r7, &(0x7f00000004c0)=@file={0x1, './file0\x00'}, 0x6e) r8 = socket$inet6_udp(0xa, 0x2, 0x0) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0x9}, 0x48) r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map=r9, r10, 0x4}, 0x10) r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map=r9, r11, 0x5, 0x0, 0x0, @prog_id}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r9, &(0x7f0000000100), &(0x7f0000000140)=@udp6=r8}, 0x20) close(r8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000002c0)='contention_end\x00', r5}, 0x10) 42.178303032s ago: executing program 0 (id=1902): r0 = socket$inet6(0xa, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}}, 0x1c) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000200000000000000000073010700000000009500009c06000000e1f9386e9df76af0d4cea09b70be1a7de3f6eca03596d7551d5c44a6448865c48e8561f4309a1f0a3d08d44d97512914279f5ef44a0f7c3702f1a87bb9b3aa425318d91ab738bd046e627c4fd1b5ce46c37375b15fc354802e39470f454d09e9959bdfa1ebac1a60715b31724ae833ce57de9902d5c21c29f2b3d5a6666c2aca3fb6c2b1cef3b56b4af450c760052a7d3547c6dd73a887b74dc30049ca1b0c0000cd718a77958a5aa89c7b95c20d034bb6f60bcfc0c801de03128956334706322949a008f37dcde60685fc2706dfb02d471b0167cf2f5e9c10ff3e75fbf8206f7a6d9e87e0bb6998556a88c4d6e62e71a8cb07ea02c2bbb4433a56edcec31fdeb1e9be3482573c2948282f9c911737b192ee73d653333916ac1b6d7dcdf55f72f69a74ae292645775a402a4e8f4f9058977e8599b6ee923bf27b0d30e3d391f6abc007c1c17c83fab7df47f9132ddbf9b182f5f4b1e669bd53726e4ec05ebe51"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xa}, 0x80) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) syz_emit_ethernet(0xfdef, &(0x7f0000000200)={@link_local={0x1, 0x80, 0xc2, 0x3}, @dev, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x8, 0x11, 0x0, @private2, @mcast2, {[], {0x0, 0xe22, 0x8}}}}}}, 0x0) 41.903230221s ago: executing program 0 (id=1909): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="180000007800010600000000000400000700000047"], 0x18}], 0x1}, 0x0) 41.254110653s ago: executing program 3 (id=1175): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_serviced\x00', 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f00000006c0)={0x8, 0x0, 0x0, 0x0, 0x4b1f}) 29.774531201s ago: executing program 0 (id=1909): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="180000007800010600000000000400000700000047"], 0x18}], 0x1}, 0x0) 26.333514603s ago: executing program 3 (id=1175): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_serviced\x00', 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f00000006c0)={0x8, 0x0, 0x0, 0x0, 0x4b1f}) 11.977033097s ago: executing program 0 (id=1909): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="180000007800010600000000000400000700000047"], 0x18}], 0x1}, 0x0) 9.023237785s ago: executing program 3 (id=1175): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_serviced\x00', 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f00000006c0)={0x8, 0x0, 0x0, 0x0, 0x4b1f}) 2.984373972s ago: executing program 1 (id=2264): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@newtaction={0x1044, 0x30, 0x1, 0x0, 0x0, {}, [{0x1030, 0x1, [@m_bpf={0x102c, 0x18, 0x0, 0x0, {{0x8}, {0x4}, {0x1004, 0x6, "ca195aecf40dd9678aa4e4220c6968fba48422a053312a248bb0a94cc60f0ce3f51b29cfd60d2aa6a70fe313a2f464ada9dd8df353c4d0775e08b5c87b3758ee60d565835e0e65db749da53370977542920262dd2502fa983f30f93372505603e161a6abf683106fbe3a71eca9f84a046767ba2ff6c2bc25fc67f4c2754c71303a5e04cebe74739c95a27891e2295202c94b9eee531ddf7b9d8c058cc4f2b9335f3fadd79ffc632e942fce7047a5e158eb692e1ae4d08863b3d316191e4b44d3552b7735788bf71b21ca55fb8eb480b812c6770ad4c1e77b9797a3f52517d021694785e4ac1031301ec60105d048262bdf5c3c2f3533d6487f92fb1ee9cff4d3865e0fa06eaeb3c9679557df0e15471efda4fde61e226bbae835fb79ecab639fa49da59467d1fc785d97a22ce1880e3fd06c3bfed130fc2810ee7b8a397e8627fc87a8fb039dd6cde7790a00579f8afeda5fa2d1c781999a90eb4a8fab386c30e23a88ab506a1d1411c273209a3e1a33bce22631431335c130ac5bba69f4f11aefa6cce86a7c608962b6f6a9fe03a4b787809ae734e2b6532cc5a7687222f00e589e78b129e89eaf450cd29c5a56442119beb5ecb42a2263335b3287a971c053c1ab53e206fb9419af9222c66836abb6c8e92de1d1ec9cb81adb8ecc9d8c8e38a7914aefd3f72e116996830fa4116c5617f2ceef28ebd7236ce0863d0fd45e75a7340403bfb73501f84d9b139c22b006dd00d24cfafc7baddf4e9889186e46e0380f2ca54c70e6a25fc7c52a48815772d95e70fd74e7949325392915c4805a6cea927ead555092a58dcbab876a205da645f921891c21c322e086104cff334b5417344b97dfa1e9233f740e56f9133311b405dadbdc7a8fa9c5ba0e3a30a721104fe6b1fc3e6ebaddd014c0fdaecea19af77c991fac3af4be91177f71e056f1048cec03f8f699be2af1d1f917ffe8648210ba7c9eb32480dee03f4044ecb1592683bf69ac6fc499e09da448dc7ff37527bb7bdb4aa4c2219180a3549813d966e615cdb7ec564588315a926c71f5f08f588446809d0cb273cc9d6e2347015d44cb96c4ca6deb8c196c533b51cee3f02d4aded54ee8d4481ae9d40f67ba5ee1f6053255364ad8f2189d77344a273d982759a6b019006634ec7d3a02bdea4219a2c1ba5e421c0da517b25a263ef95deaac39c826c1b3e02c98113788ea94565ff3e30554998f37d0eb2bb838661f61465149f8151b6ab94a5bd2593beefa015db3d7ae5a9a42add8f3ec4068e7f0c23ee6f27c8ae4832d3b96cacc4c9efa7c35f59e22a0779dbc8307db379b18d6116a54cc642fbecb7a90344e163c61a44f6c1846bc9966cc08d13892a0535fda8307e51608a9f0adc0a585ca8df85eb2d0710e64ce876445c6054c8348764c529bb791ed66b0b5ecce0c98b5f701fadf93e5fee7f6fcf7a985ab61b8d86f0b7d9d467f5e8a4bb07f970eef4dc785c3fa3fa444eef632b754e46961ca7bf7d5d0f00998bfef6036073774aa32780600e8b3ccd1ceebf19fecf895465514bd1261fcae70b9b3884e6a08e5c98493e1644ecebc60536dcd2a816b162d915fd39b87b70766d1e4d7a1948cb37dcb7a50c17e8da8278a5824ba68daa0ecba991f65377b59d08d361e570e2a426c19266a7dab701caad184fb383ad4bfe0239677d3091ad9db3b97442994bf80a6e86248e7170a5dbf6c01b0c79d6c63b374c224925bb8837dcd4b97744247977afd4caf8e8f82a51734fcbaa62f1b7a8256de4df50d80720c05e068a7117fbac3dd9bc7e82ca98dbc1dda69a9ac868d378a86f019fac7f8680fa2729babcd068942f719b4f82ff76c031df4f7204331ee8cf1106242eeb4cbff6ad17c5c1705fbe16dd090e9aa57efad8da74c8c4cbfa605c4e577f6d8422455146b8eac9f6b62e3c4370414be417a067d7ef63af721511cc0e4af473efb073f28bbb6ffc9860002a0c78dfa68ad0d99261a227986a550f5ffc577ff17b501cd3a7225219dc61e26bc560aa8501e1a8aec783b65b342f5c63f6564db961c5673f746af19676cd117ac800c2a690ebce09030d46165abab5e21c967495e5ba7b8811c1a80e7c7360dafb01f94b86b5b2c27e5da221b3b84bb65349f51ce689794bfe13ed36ab2454ea27d47724275102fa6580564958796fa79b39efa97fd59214d9835233cbbdb4dc6e8946866df3f24a8083fa37c06982a9657f437ff140d74ad0da1b8c5c9fc7b8550c233b4fc189a87cf17436163884358ba222ba03b45565d42941b99e5749d06bfc40bdcd62a1a520b14145701233b53cfb5a25a3d9f05522efd8e48e66f19a283dfeeeb83eafe72df109a682b507bfa76977e03016dfdfa5c2259ee31d7c8fc00ad2bcbe883ecbeda5f1db7e31c32e4cfb70657c0d8ce133be3434a7dc788a8a4b33298f670c34122c71a2f94fd30eb4807c331cfdfa0b832c46014e27626afe347f5f185e5ffdd3c85f520d482cf2c15e89bed88f9914a7ef404648754aa25e3e0106e78391b8ff71c12934bd6dbc67687624b1eb1a873d0ecc5e43b70f94261cba857566a5ad11436a187ef309e7259434cece3ac8bbc1c4b873bf704e5d924e676dc17490a2f533dbd32481fdbc97b5e42a5c102f9022ee197fd2440230a41e7cbb95d591fc007ee1ba8d070fb8d1fb98c0344e5cd8dedb7e21be1431b5408c8e599c641bcf9494f41bf3773602904c6cea3b78254d0ee3c279f630dbe4b8a5f41d6f3aefaa546e96f1895369cae74f7856eef3e98574d86fe8919c6e06ae8e37648d2c7564c0a75da659c99876d57ebf12ea036987ff72291a12f979df7784270713f6905bbdbab4b0665d876eb26e25faaf2532072025e22bb3ffb3f2636be38ba0713e60a86e3a747594e940f8abf762dc4ec31613e10837f6463825bd3a0f07108ff41d847315170909a92c2aaaa2904fe0eeb77eb951e69bdfde04f92edfcb8470fd370973f66c2bfb36a197975b5de73ab09ec6d27a86f7797c25811eda1b8b6f0a8510892761e931fbad7a93b7ec9137ea6b8f52a2ad7841d36e422881f6b42698ed6cd9134e8b40bd972483fc7f9a73beeca9a02150abcb2f8b1eb377acbbb520924e7319d8b27a766796eb6ff7d1b4a0c3c396282548d333d5b727fd35c980a90a46c62ddffad551ab0208a3db4e8d719854a98bec1d4b53c0a4d46d775189ea87890918abdf2ab91138ff74571de3c6362dd349a7cdd2ed4769852ae482edf12fad1201505d871df0edd3d15f992d62621eec92e240ee2f638c2bd576d9d882d54295940187c954eca6296d2c050a9b8739da84634e7b64975099f9bafeafeeb28fde0b6f2eb8d29f6372ddb85b2d85a52659ca3ee176ad84dfa8ae32e188f3b010880baf345535d38e07438c0695e63793ecd77b28f8c621ba35193d5336e4fbbee97b21a07228f90286f740318cd26aa2154cc2bed99e5fd59be1cdf43b26b410758345d2a977b73102edd3bcdb45437057e2fc1cb4bb2a7603a705cd63b0a132b550b52c589c15c14fe83174266987e5b4f7dbe42c8a92379052404f5a4d063d48c58f53435de41d01be98ff76d6e97b4b731eecab0f71c72d1cd391fd8e2a94b4c4d2fb279dc486d1dc09d86c6375f81d0a92fccb9dcc8f15485e8c0e8233197c92fcabe95504e24b4ebf8a336082576bbfa70af1a8dc70dd20811295664931fe8aeab0c5da1705869498e020a70ee861f9cf5ee2bb360b470e8e39898e2e0360ce3fd3cac79630d70b8a81a4af179118bff1f56c8ae30d9d0e541bfab37aaaa8f3e074c214e0cc5cd5592e41fe63b500c017017e772227e2427bb13ec3ebdea88178cde57b35e730e9d908a4c9ed969afc8acf4edef8d61b2e6942b76065dca7c9dc3e186235be3df0383db7df3003e562c8f6ffc6de3e4346ac681d03c650f8f3831ca1b3bf16340ffcb40e36f6b65e99714a82de7ca784be6a5e1019255c851435995302a66d2724ee8832c151b0ccda1da63efd54fc8417a59a8176aa3c15ecf5684e76afc522f086dbfda6d6dc9558a037ffba09d94fc2903964caf98b60178ec1c412e1cbe5343e64e8cb842c7ba648bdae1d43ac206b1776e1405420e9c257467ce39919dca697ab9bfb9d1aa6431f1df33e43c2065de5530489e1bd252a37cb4a49311c7ab9036ea781fd453f1c426be969758ab617c3f90cf47e31b06ffedfd41dea95059a9da946d3ea4598d762ff6b7a5ade9573cb620c64da65924a30eff5226d0019a7250f28fef442b412f2d4f43a1c6ac77b437f12a38e298f17134b2ff8c955259378294a77b5ebadbbb25cbaf1994b07f20427eab2577c39947c1ab23a0f7f85686b459353997d4f8130fa448d88aa042cf24248e404071171f6663244ce94e4b59bcbf4095c5f33f1d121f2e0ae3017633fd12903d42f9214bbf395e3c70b97d8b217105e36350e8f0429d135da1ed8c8c63bf3036048e15ea1705b629425883a4373da5748612b8ccf12e43962ae523b22a63dcf0519ad92ef087308109f10b5d818c386d14d6cdc25397416ca0e4d0bdb98c4f0b3ebc019dd1836007f0c2f4f07f4a01bece03b8fbee18b0a19219383d4272774e75b13c8bb3db701ab21ea1ff5700113f5f325843f9d6ae83ffa0e6db32fc2a3a9ad469497c4e9e4f679302099957d76588ee9961891c25210ab97a144b6fd36465e6d1689a7c7f0e8da34e10ab8f1c848e278b463caf9bb002a9deeab22b5f93031472bbf495c7a3bc6aa4c6aaa1178e7e979da78f62d107311eb811da8cfba5a4552b70e72d5a206d24004274e182fba22c9036f3ec2028b5bba0236c22035bacb593418573c77a30143b751090d44c42d130ef4d07da05f183d2dc4c4fa84936e5e10f51d99840e859ed917204d14abaa624ddaeeb27cd16051b0ff4ce3bd124164ebade94c55e2bf328b60c464591d3f9208d77b2589ac9f6736b5e945043cd6b282d62bc51413f5d83b3f6022c48f9d9e22e6be7c0ad3a18fcf730a09e2c12b2d6d5f89e69c04bab311cc6aa1bfe8d8c988f0812e6f7fac80f429a689ebb818eee865ecaface71646354a8b8ae77bdf35c005e51222df7e4e0043071ddc3deb2ca99468fd66bb19c1c2fdd421ba4be45439f0b38368e4f331fdbb8d5d9f9266f08d15a8eee665a8a563ba6810859608010503c9747eed1ed4443c02006f9bf3c7352e1178d18200b42557ca25b9b2fa4c9a2e5cd4b521a73e460999fd015be5af196537153c4533ddc8f9b8ce46e3c7503f42e7fe47b415f8deba402411344dcf1e3160c27988694903c80f9b19f210c069157f2f2674cb7808c763d7c4920e8e338922edc9af24d9baba90308d75685371a5ba5527c27630fae16d3f27de2d208d3b69b68c99e46757e83680db303df74296c3a0b0aa41b69eba815b55aba8f2969136819d6b9eeb88f8c9b276dbe3a89dc9e0f6c8ce8aaa1a5c71f072328fa7e0fdccf6cd44b98e4370442b03df537f6c470f413d50c98774e2b077cb678278fbfeeaa879d21523db832903b61e8c0d191ee7fb0f920d59fa1aa79e66d4031e8abcdbca5d4921ffeefd2dda495204a82b0027dc78fc2fef6f480dc355fb0a25fbe37ad7108bcbe398f02b12d4fac5b0280f8257985e20c4fb71b973288c367e6eb21889f519f42a201cc26fde43fd512e5cf3634dc5327b7fc5e84545e54b54e8c041f6c227b872d911d4b8abf1a50d8303f6d34cd1ec529e7fa514c3ebd389488f3f4e53bd514f482b2e81ead2306afb6bedd697fceb955694cbf3a32"}, {0xc}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x1044}}, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) syz_emit_ethernet(0x6a, &(0x7f0000000140)={@random="a5050f0000b5", @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x0, @local, @local, {[@ssrr={0x89, 0x3}, @rr={0x7, 0x3}, @timestamp_prespec={0x44, 0x24, 0x0, 0x3, 0x0, [{@multicast1}, {@multicast1}, {@initdev={0xac, 0x1e, 0x0, 0x0}}, {@remote}]}]}}}}}}}, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x48}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000ac0)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_XFRM_DREG={0x8}, @NFTA_XFRM_SPNUM={0x8, 0x4, 0x1, 0x0, 0x6}, @NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000140)) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000180)={0x1, &(0x7f0000000280)=[{0x34}]}) 2.688857115s ago: executing program 1 (id=2269): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000040)="415b7ac700000000", 0x8) r2 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000440)={0x0, 0x20, 0xd1, 0x6, 0x8, 0x8, 0x9, 0x7f, {0x0, @in={{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x2, 0x0, 0x9, 0x3, 0xffffffff}}, &(0x7f0000000140)=0xb0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000003c0)={&(0x7f00000002c0)=""/235, 0x300000, 0xc00, 0x101, 0x2}, 0x20) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events.local\x00', 0x275a, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0) setsockopt$X25_QBITINCL(r3, 0x106, 0x1, 0x0, 0x63) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r5 = socket$rxrpc(0x21, 0x2, 0x2) bind$rxrpc(r5, &(0x7f0000000000)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, 0x24) r6 = socket$kcm(0x2, 0x0, 0x2) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(0xffffffffffffffff, 0xf504, 0x0) socket$nl_route(0x10, 0x3, 0x0) r7 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r7, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x300, 0xfc}, 0x1c) setsockopt$packet_tx_ring(r7, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x300, 0xfc}, 0x1c) close(r7) syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 898.226246ms ago: executing program 2 (id=2279): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@newtaction={0x1044, 0x30, 0x1, 0x0, 0x0, {}, [{0x1030, 0x1, [@m_bpf={0x102c, 0x18, 0x0, 0x0, {{0x8}, {0x4}, {0x1004, 0x6, "ca195aecf40dd9678aa4e4220c6968fba48422a053312a248bb0a94cc60f0ce3f51b29cfd60d2aa6a70fe313a2f464ada9dd8df353c4d0775e08b5c87b3758ee60d565835e0e65db749da53370977542920262dd2502fa983f30f93372505603e161a6abf683106fbe3a71eca9f84a046767ba2ff6c2bc25fc67f4c2754c71303a5e04cebe74739c95a27891e2295202c94b9eee531ddf7b9d8c058cc4f2b9335f3fadd79ffc632e942fce7047a5e158eb692e1ae4d08863b3d316191e4b44d3552b7735788bf71b21ca55fb8eb480b812c6770ad4c1e77b9797a3f52517d021694785e4ac1031301ec60105d048262bdf5c3c2f3533d6487f92fb1ee9cff4d3865e0fa06eaeb3c9679557df0e15471efda4fde61e226bbae835fb79ecab639fa49da59467d1fc785d97a22ce1880e3fd06c3bfed130fc2810ee7b8a397e8627fc87a8fb039dd6cde7790a00579f8afeda5fa2d1c781999a90eb4a8fab386c30e23a88ab506a1d1411c273209a3e1a33bce22631431335c130ac5bba69f4f11aefa6cce86a7c608962b6f6a9fe03a4b787809ae734e2b6532cc5a7687222f00e589e78b129e89eaf450cd29c5a56442119beb5ecb42a2263335b3287a971c053c1ab53e206fb9419af9222c66836abb6c8e92de1d1ec9cb81adb8ecc9d8c8e38a7914aefd3f72e116996830fa4116c5617f2ceef28ebd7236ce0863d0fd45e75a7340403bfb73501f84d9b139c22b006dd00d24cfafc7baddf4e9889186e46e0380f2ca54c70e6a25fc7c52a48815772d95e70fd74e7949325392915c4805a6cea927ead555092a58dcbab876a205da645f921891c21c322e086104cff334b5417344b97dfa1e9233f740e56f9133311b405dadbdc7a8fa9c5ba0e3a30a721104fe6b1fc3e6ebaddd014c0fdaecea19af77c991fac3af4be91177f71e056f1048cec03f8f699be2af1d1f917ffe8648210ba7c9eb32480dee03f4044ecb1592683bf69ac6fc499e09da448dc7ff37527bb7bdb4aa4c2219180a3549813d966e615cdb7ec564588315a926c71f5f08f588446809d0cb273cc9d6e2347015d44cb96c4ca6deb8c196c533b51cee3f02d4aded54ee8d4481ae9d40f67ba5ee1f6053255364ad8f2189d77344a273d982759a6b019006634ec7d3a02bdea4219a2c1ba5e421c0da517b25a263ef95deaac39c826c1b3e02c98113788ea94565ff3e30554998f37d0eb2bb838661f61465149f8151b6ab94a5bd2593beefa015db3d7ae5a9a42add8f3ec4068e7f0c23ee6f27c8ae4832d3b96cacc4c9efa7c35f59e22a0779dbc8307db379b18d6116a54cc642fbecb7a90344e163c61a44f6c1846bc9966cc08d13892a0535fda8307e51608a9f0adc0a585ca8df85eb2d0710e64ce876445c6054c8348764c529bb791ed66b0b5ecce0c98b5f701fadf93e5fee7f6fcf7a985ab61b8d86f0b7d9d467f5e8a4bb07f970eef4dc785c3fa3fa444eef632b754e46961ca7bf7d5d0f00998bfef6036073774aa32780600e8b3ccd1ceebf19fecf895465514bd1261fcae70b9b3884e6a08e5c98493e1644ecebc60536dcd2a816b162d915fd39b87b70766d1e4d7a1948cb37dcb7a50c17e8da8278a5824ba68daa0ecba991f65377b59d08d361e570e2a426c19266a7dab701caad184fb383ad4bfe0239677d3091ad9db3b97442994bf80a6e86248e7170a5dbf6c01b0c79d6c63b374c224925bb8837dcd4b97744247977afd4caf8e8f82a51734fcbaa62f1b7a8256de4df50d80720c05e068a7117fbac3dd9bc7e82ca98dbc1dda69a9ac868d378a86f019fac7f8680fa2729babcd068942f719b4f82ff76c031df4f7204331ee8cf1106242eeb4cbff6ad17c5c1705fbe16dd090e9aa57efad8da74c8c4cbfa605c4e577f6d8422455146b8eac9f6b62e3c4370414be417a067d7ef63af721511cc0e4af473efb073f28bbb6ffc9860002a0c78dfa68ad0d99261a227986a550f5ffc577ff17b501cd3a7225219dc61e26bc560aa8501e1a8aec783b65b342f5c63f6564db961c5673f746af19676cd117ac800c2a690ebce09030d46165abab5e21c967495e5ba7b8811c1a80e7c7360dafb01f94b86b5b2c27e5da221b3b84bb65349f51ce689794bfe13ed36ab2454ea27d47724275102fa6580564958796fa79b39efa97fd59214d9835233cbbdb4dc6e8946866df3f24a8083fa37c06982a9657f437ff140d74ad0da1b8c5c9fc7b8550c233b4fc189a87cf17436163884358ba222ba03b45565d42941b99e5749d06bfc40bdcd62a1a520b14145701233b53cfb5a25a3d9f05522efd8e48e66f19a283dfeeeb83eafe72df109a682b507bfa76977e03016dfdfa5c2259ee31d7c8fc00ad2bcbe883ecbeda5f1db7e31c32e4cfb70657c0d8ce133be3434a7dc788a8a4b33298f670c34122c71a2f94fd30eb4807c331cfdfa0b832c46014e27626afe347f5f185e5ffdd3c85f520d482cf2c15e89bed88f9914a7ef404648754aa25e3e0106e78391b8ff71c12934bd6dbc67687624b1eb1a873d0ecc5e43b70f94261cba857566a5ad11436a187ef309e7259434cece3ac8bbc1c4b873bf704e5d924e676dc17490a2f533dbd32481fdbc97b5e42a5c102f9022ee197fd2440230a41e7cbb95d591fc007ee1ba8d070fb8d1fb98c0344e5cd8dedb7e21be1431b5408c8e599c641bcf9494f41bf3773602904c6cea3b78254d0ee3c279f630dbe4b8a5f41d6f3aefaa546e96f1895369cae74f7856eef3e98574d86fe8919c6e06ae8e37648d2c7564c0a75da659c99876d57ebf12ea036987ff72291a12f979df7784270713f6905bbdbab4b0665d876eb26e25faaf2532072025e22bb3ffb3f2636be38ba0713e60a86e3a747594e940f8abf762dc4ec31613e10837f6463825bd3a0f07108ff41d847315170909a92c2aaaa2904fe0eeb77eb951e69bdfde04f92edfcb8470fd370973f66c2bfb36a197975b5de73ab09ec6d27a86f7797c25811eda1b8b6f0a8510892761e931fbad7a93b7ec9137ea6b8f52a2ad7841d36e422881f6b42698ed6cd9134e8b40bd972483fc7f9a73beeca9a02150abcb2f8b1eb377acbbb520924e7319d8b27a766796eb6ff7d1b4a0c3c396282548d333d5b727fd35c980a90a46c62ddffad551ab0208a3db4e8d719854a98bec1d4b53c0a4d46d775189ea87890918abdf2ab91138ff74571de3c6362dd349a7cdd2ed4769852ae482edf12fad1201505d871df0edd3d15f992d62621eec92e240ee2f638c2bd576d9d882d54295940187c954eca6296d2c050a9b8739da84634e7b64975099f9bafeafeeb28fde0b6f2eb8d29f6372ddb85b2d85a52659ca3ee176ad84dfa8ae32e188f3b010880baf345535d38e07438c0695e63793ecd77b28f8c621ba35193d5336e4fbbee97b21a07228f90286f740318cd26aa2154cc2bed99e5fd59be1cdf43b26b410758345d2a977b73102edd3bcdb45437057e2fc1cb4bb2a7603a705cd63b0a132b550b52c589c15c14fe83174266987e5b4f7dbe42c8a92379052404f5a4d063d48c58f53435de41d01be98ff76d6e97b4b731eecab0f71c72d1cd391fd8e2a94b4c4d2fb279dc486d1dc09d86c6375f81d0a92fccb9dcc8f15485e8c0e8233197c92fcabe95504e24b4ebf8a336082576bbfa70af1a8dc70dd20811295664931fe8aeab0c5da1705869498e020a70ee861f9cf5ee2bb360b470e8e39898e2e0360ce3fd3cac79630d70b8a81a4af179118bff1f56c8ae30d9d0e541bfab37aaaa8f3e074c214e0cc5cd5592e41fe63b500c017017e772227e2427bb13ec3ebdea88178cde57b35e730e9d908a4c9ed969afc8acf4edef8d61b2e6942b76065dca7c9dc3e186235be3df0383db7df3003e562c8f6ffc6de3e4346ac681d03c650f8f3831ca1b3bf16340ffcb40e36f6b65e99714a82de7ca784be6a5e1019255c851435995302a66d2724ee8832c151b0ccda1da63efd54fc8417a59a8176aa3c15ecf5684e76afc522f086dbfda6d6dc9558a037ffba09d94fc2903964caf98b60178ec1c412e1cbe5343e64e8cb842c7ba648bdae1d43ac206b1776e1405420e9c257467ce39919dca697ab9bfb9d1aa6431f1df33e43c2065de5530489e1bd252a37cb4a49311c7ab9036ea781fd453f1c426be969758ab617c3f90cf47e31b06ffedfd41dea95059a9da946d3ea4598d762ff6b7a5ade9573cb620c64da65924a30eff5226d0019a7250f28fef442b412f2d4f43a1c6ac77b437f12a38e298f17134b2ff8c955259378294a77b5ebadbbb25cbaf1994b07f20427eab2577c39947c1ab23a0f7f85686b459353997d4f8130fa448d88aa042cf24248e404071171f6663244ce94e4b59bcbf4095c5f33f1d121f2e0ae3017633fd12903d42f9214bbf395e3c70b97d8b217105e36350e8f0429d135da1ed8c8c63bf3036048e15ea1705b629425883a4373da5748612b8ccf12e43962ae523b22a63dcf0519ad92ef087308109f10b5d818c386d14d6cdc25397416ca0e4d0bdb98c4f0b3ebc019dd1836007f0c2f4f07f4a01bece03b8fbee18b0a19219383d4272774e75b13c8bb3db701ab21ea1ff5700113f5f325843f9d6ae83ffa0e6db32fc2a3a9ad469497c4e9e4f679302099957d76588ee9961891c25210ab97a144b6fd36465e6d1689a7c7f0e8da34e10ab8f1c848e278b463caf9bb002a9deeab22b5f93031472bbf495c7a3bc6aa4c6aaa1178e7e979da78f62d107311eb811da8cfba5a4552b70e72d5a206d24004274e182fba22c9036f3ec2028b5bba0236c22035bacb593418573c77a30143b751090d44c42d130ef4d07da05f183d2dc4c4fa84936e5e10f51d99840e859ed917204d14abaa624ddaeeb27cd16051b0ff4ce3bd124164ebade94c55e2bf328b60c464591d3f9208d77b2589ac9f6736b5e945043cd6b282d62bc51413f5d83b3f6022c48f9d9e22e6be7c0ad3a18fcf730a09e2c12b2d6d5f89e69c04bab311cc6aa1bfe8d8c988f0812e6f7fac80f429a689ebb818eee865ecaface71646354a8b8ae77bdf35c005e51222df7e4e0043071ddc3deb2ca99468fd66bb19c1c2fdd421ba4be45439f0b38368e4f331fdbb8d5d9f9266f08d15a8eee665a8a563ba6810859608010503c9747eed1ed4443c02006f9bf3c7352e1178d18200b42557ca25b9b2fa4c9a2e5cd4b521a73e460999fd015be5af196537153c4533ddc8f9b8ce46e3c7503f42e7fe47b415f8deba402411344dcf1e3160c27988694903c80f9b19f210c069157f2f2674cb7808c763d7c4920e8e338922edc9af24d9baba90308d75685371a5ba5527c27630fae16d3f27de2d208d3b69b68c99e46757e83680db303df74296c3a0b0aa41b69eba815b55aba8f2969136819d6b9eeb88f8c9b276dbe3a89dc9e0f6c8ce8aaa1a5c71f072328fa7e0fdccf6cd44b98e4370442b03df537f6c470f413d50c98774e2b077cb678278fbfeeaa879d21523db832903b61e8c0d191ee7fb0f920d59fa1aa79e66d4031e8abcdbca5d4921ffeefd2dda495204a82b0027dc78fc2fef6f480dc355fb0a25fbe37ad7108bcbe398f02b12d4fac5b0280f8257985e20c4fb71b973288c367e6eb21889f519f42a201cc26fde43fd512e5cf3634dc5327b7fc5e84545e54b54e8c041f6c227b872d911d4b8abf1a50d8303f6d34cd1ec529e7fa514c3ebd389488f3f4e53bd514f482b2e81ead2306afb6bedd697fceb955694cbf3a32"}, {0xc}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x1044}}, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) syz_emit_ethernet(0x6a, &(0x7f0000000140)={@random="a5050f0000b5", @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x0, @local, @local, {[@ssrr={0x89, 0x3}, @rr={0x7, 0x3}, @timestamp_prespec={0x44, 0x24, 0x0, 0x3, 0x0, [{@multicast1}, {@multicast1}, {@initdev={0xac, 0x1e, 0x0, 0x0}}, {@remote}]}]}}}}}}}, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x48}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000ac0)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_XFRM_DREG={0x8}, @NFTA_XFRM_SPNUM={0x8, 0x4, 0x1, 0x0, 0x6}, @NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000140)) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000180)={0x1, &(0x7f0000000280)=[{0x34}]}) 840.731755ms ago: executing program 1 (id=2280): sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002540)=[{{0x0, 0x0, &(0x7f0000002800)=[{&(0x7f0000000100)="f9f49aaf0a241c11013a61", 0xb}], 0x1}}], 0x1, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="001c86dd0700100000008000000060ec97000fc83c00fe8000000000000000000000000000aaff02f5ffffffffffffff00000000000106"], 0xffe) 805.607762ms ago: executing program 4 (id=2281): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000080eff95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={0x0, r0}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000540)='kfree\x00', r0}, 0x10) socket$kcm(0x10, 0x2, 0x0) r1 = accept4$tipc(0xffffffffffffffff, &(0x7f0000000100)=@name, &(0x7f0000000140)=0x10, 0x80800) accept4$tipc(r1, &(0x7f0000000180), &(0x7f00000001c0)=0x10, 0x80800) syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x0, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000020000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYRES8], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000180)='ext4_ext_show_extent\x00', r3}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DEL(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000b00)=ANY=[@ANYBLOB="440000000a0601010000000000000000010000000500010006ffef0014000880120007800900120073797a322cef00000900020073797a320000000008000940000000005f0513ab06a4d3d35c2fe002eb34ea97827e834e3f017ef514aa5010c17b9e8998013636ecd8d7a124e4d2e12352fceceb9b63317a248f7886ef82cbe8db3a0ab3db1190e0f15cc22f7e36bd14536cbcb18f8039b45117505d2acb2396b79d2bd8cf4385cc87bc8b0b405eef2e32743c82f45d2b7840e021604e214d40d4c164906eb027700ebde4043e23441387c7b12877c211112194ea7a70b653f8021f9cb8fc977a3bc7b66fe164aabde1a91fe9057a9fe3be4210884338d71db173203a610407e7d6a68adab787c18ac51ad7c1f4191188c6fca64caa0812f40d7875b380883df71f10a8960070324d9fb1a48a5567b797221d576b9f037451b7e5af2a842a9f1f656a59bdd1453e9309b69986727b91eb019b15da24a0b1d1bb8299e0b2627fb06dd8de4ce7fbba78ab334ec7acf9fe17394af96f121b8ffc38d67d1c548c1cee14157d9f855c45180cfcba8a56907abec5810a8a29b5207d45973f30e7254becb7ef91a18f80d7a8552f017ffcede54f34cdf41afc98885d52186c202692b126901755d500e32154471190f3c2250e6c1845518a43196459ca439e1a78f7288b11af7455e05ffaec0c2c"], 0x44}}, 0x0) 710.729166ms ago: executing program 2 (id=2282): sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c000000030800000000000000000000000000000900010073"], 0x3c}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000500), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x303, 0x0, 0x0, {0x6}}, 0x14}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f000000c140), r0) r2 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), r0) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0103000000000000000005"], 0x34}}, 0x0) 651.671661ms ago: executing program 4 (id=2283): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010700000000000000000e00000008000300", @ANYRES32=r2, @ANYBLOB="05003901"], 0x44}}, 0x0) 522.304477ms ago: executing program 4 (id=2284): bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x29, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000001000000bfa30000000000000703000030feffff6203f0fff8ffffff71a4f0ff000000002d040300000000003d030000000000006504000001ed000079110000000000006c440000000000007a0ab0fe000000007913000000000000b5000000000000009500000000000000023bc065b7a379d183f9333379fc9e94af05000000f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a715bc5181554a090f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128c4e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c26f71b29ee35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d0800af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8ea8fcb913466aaa7f6d150352e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d390dd65be2467b373eafd9aa48f2077184b6a89adaf17b0a6041bdef728d236619074d6ebdf098bc908f523d228a40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c5da18ec0ae5630800c5363092adaa1d8964162a27afea62d84f3a10746443d64364f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b93d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d710b651f898ba749e40bc6980fe78683ac5c0c31030699ddd71063be9261b2e1aab1675b34a220488c126aeef5f510a8f1aded94a129e4aec6ffc3a15d96c2ea3e2e04cfe0e669e51731b2875353193f82ade69d0540059fe6c7fe7cd86975023cb08cc7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee96a1c685508e6ca4fe5a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9029bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed82641687f3b3a70bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c5538a294270a1ad10c80fef7c24c87afce829ba0f85da6d888f18ea40ab959f6074ab2a4009b9e5f07ab513cdc6c0e57fb1c1ca571380d7b4ead35a655e0b4a26b702396df7e0cbe02b6e4114f244a9bf93f05beb72f0861f75c345edcb84ac7eeedcf2ba1a9508f9d6aba5823a34a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a9b702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b728fe26e37037f27f277b8a8346962a350845ffa0d829e4f79adc287906943408e6df3adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d0a874c74b777df005c55fc30511d00000000c85265b2bd83d64a532869d708000000000000007baa5b6a682b50f0937f778af083e055f6138a757ebd0ed91114a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a9037d2283c42efc54fa84323a56edbd287eba0af35c35d91f3c62a0ca74836a640224de85f2b4a5fee500bbc584328a6a7a4628c4378c9b71dff64075b74a6520adb187b40d2cccbcb08c0634ee74658d3e23bf511c8b0bf1b69d2b3782b3f481c320e7bd4615dbbf24c06ac95bd639e68d0e6aa7f0d07bf69a93365f803f0144af37236ea133c2255b0613bf8ba1d538e06c2411e8d70053b712084fd0e313de9bb19266e49a3a2190cb039c6f89610acd896319b9c8d1b8aac2eaa5a4f8be7419a09e3fb5be3be2fcdadd2299839cc40e684e6e2b4e1385fde7a0bad3b0be672110268a34dad364fddee69e564119cebb6940c6356ff83ca527c573d700000000000000c6299263e6d9097f225de969485bce3d7dc471c0669bb6a467cf0de54dfcc1857048fe22a19dbb1b3cb9babaa839f1f6e817a62d95a5b971ff96a5c66c338c6f2a2da4644519f40761402e9c81013d76c7152c95ba5efa24ce1930f23a2277f057ffb6b0144f3b434a2adc456ef4d2fbdf7c6238c2bb00ffcf2d23d68cb9b027f3b225ec4e09b089f7956b66c5692b46ea03abb6a404c8ccceaa4ba4161409fcb54b86eaca26b2a0c4b81f7b71cbfcefb9303a7861fce422f3f9c422a1619e6c6c2dd825743b22a6f93604c73d886c25ecaaeafccdeb19bd0cdbc5d22dae879561ea5606fa0c9dc23c0f52621aaae42180aecfd32cd6a66a1efa0949bc195dfcb691a26344362989371f2d5bf274363416b3cafb9a3331285449dc1afe9af7fed27bd4e36fa423d6c05ffa2acee27e2444b5ca28fc16fe31bd1320d4415ec0f5471b0b671d7626f773"], &(0x7f00000000c0)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0xffffffffffffffff}, 0x4e) 497.572458ms ago: executing program 1 (id=2285): bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x10, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000064000000bca31000000000002403000040feffff720af0ff0000000071a4f0ff000000001f030000000000002e0a0200000000002604fdffffff000e61142c00000000001d430000000000007a0a00fe0000001f6114140000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566de74e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48b936e6f9e0fcda88fe4413537528fd79153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b602396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54dd84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f0e6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf699b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a4a274000000000000000000000000000000000000000000000009dd14b38f2f5426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd030000006d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10b0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0c69c2c03f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fb705b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac98708007c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fc52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812dc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795835f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb7ed9d12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca780049d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e2848890522c2288072467d2afe269f589fb7e034b92d3ca245b16b71998711bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb16e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b2676c07bb0fd14020a66718378825d5ed789711b77d40dc31e0b8fc651b45559da463f0000000000000000000000000052d42124e9c26aba885015e69d42ecd710342ac597ebea576ae15fdf611356f622e831741ab15549e0d7a2bd0324e2b3b48a10551607492c19eaf58485feb4cab19c303b30ba2ddea0d792d77724c9fa4ed58b93668fc20484f141ee2b6a0029e88fdc853189b4dafd36ff23b11967090e508f45e3f10857038a52ef275cf9e3e4b5d30b12d138dfa70930c603b5e3f4b7be67be3dba3cbd8d4d143195af0697d779445d67dcfbd922d12a8b49f93eac7a"], &(0x7f00000001c0)='GPL\x00', 0xe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000000c0), 0x10}, 0x90) 466.869785ms ago: executing program 4 (id=2286): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000002680), 0x0, 0x0) shutdown(0xffffffffffffffff, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="380000001200292700000000e0e5ff01000000000000c00e"], 0x38}}, 0x0) 398.450581ms ago: executing program 2 (id=2287): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)={0x2c, r3, 0x201, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x80}]}, 0x2c}}, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0) sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000002c0)={0x0, 0x2, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[], 0x30}}, 0x900) 397.498456ms ago: executing program 1 (id=2288): syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) unshare(0x40600) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) pread64(r0, 0x0, 0x0, 0x0) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r2) sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB="400020d8ecfb5b43810000000000000000", @ANYRES16=r3, @ANYBLOB="01000000000000000000010000000800020001000000080001000000000010000c800c000b8008000c0000000000080002000000000004000480"], 0x40}}, 0x0) close(r1) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout_data(r4, 0x107, 0x16, &(0x7f00000003c0)={0x1, &(0x7f0000000380)=[{0x9, 0x0, 0x1, 0x4}]}, 0x10) socket$packet(0x11, 0x3, 0x300) r5 = socket$can_j1939(0x1d, 0x2, 0x7) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000004c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_EXTERNAL_AUTH(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000500)={0x1c, r7, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x2}, 0x0) 317.987599ms ago: executing program 4 (id=2289): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x0, 0x0}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000780)={@in={{0x2, 0x0, @local}}, 0x0, 0x0, 0x12, 0x0, "1395ab0c9bfb28ec8363181ee2997c5f103c3fa273d4920eb247380efb35d1e1733c730192fb031b4784f677e659afbcc10d98cf3bfa9a93c14a74131830517cb54eddbdf7d4eca87323059c2027e054"}, 0xd8) sendmmsg$inet(r1, &(0x7f0000000d80)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000001140)="c6b8553d5c4bb2dd787d68b45eb9423153e91aefdee5b41d8b786943a80daeced62ee295ee00164228ed28d8032d7a56bb2b5ca15ad23282729949ce7ef207f6f240b37206892def9fe760e40f36dc43d482c26b5ecf6881d7626eba9f49f40c83827f051b2e74d8013e1802c27070a317dc7a51071879b95d104880942c1dfc72d72b9970cc01abc1a3b40f4e8d2228c21abdedba55e137655aa4a26708e2cbd3389146", 0xa4}, {&(0x7f0000000380)="5cb92222afa91c3fb042b6790000000200", 0x11}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x2, 0x48044) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'erspan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r3}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}}, 0x0) 250.108499ms ago: executing program 2 (id=2290): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)={{0x14}, [@NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x301, 0x22, 0x0, {0x5}, [@NFTA_TABLE_FLAGS={0x8}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x14}, @NFT_MSG_NEWSETELEM={0x14}, @NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x5, 0x0, 0x0, {0x5}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x1}]}], {0x14}}, 0x98}}, 0x0) 190.082299ms ago: executing program 1 (id=2291): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'bond0\x00', 0x0}) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20) r4 = socket$pppl2tp(0x18, 0x1, 0x1) r5 = socket$pppl2tp(0x18, 0x1, 0x1) r6 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r5, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r6, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) connect$pppl2tp(r4, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x1, 0x3}}, 0x26) getsockopt$bt_BT_SECURITY(r4, 0x111, 0x4, 0x0, 0x20001f00) bind$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x16, r2, 0x1, 0x0, 0x6, @random="df559fdab89a"}, 0x14) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket(0x1, 0x803, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) r10 = socket(0x1, 0x803, 0x0) getsockname$packet(r10, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a00)=ANY=[@ANYBLOB="940000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="444dc9fe000000006400128009000100766c616e000000005400028006000100000000000c000200020000000a000000040004801c0003800c00010068e30000030000000c0001007f000000070000001c0004800c0001000200000060d506000c000100000000000200000008000500", @ANYRES32=r9, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r11], 0x94}}, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)=ANY=[@ANYBLOB="6c0000000002010400000000000000000a00000004000180180002801400018008000100ac14140008000200000000003c0002802c00018014000300fc02000000000000000000000000000014000400200100000000000000000000000000000c0002800500010000000000"], 0x6c}}, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES16=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r12, 0x0, 0x8, 0x8, &(0x7f00000002c0)=' \x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x20000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x50) socket$inet_udp(0x2, 0x2, 0x0) r13 = socket$unix(0x1, 0x1, 0x0) bind$unix(r13, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r13, 0x0) r14 = epoll_create(0x2) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, r13, &(0x7f0000000040)) epoll_ctl$EPOLL_CTL_MOD(r14, 0x3, r13, &(0x7f0000000000)) 135.776533ms ago: executing program 2 (id=2292): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@newtaction={0x1044, 0x30, 0x1, 0x0, 0x0, {}, [{0x1030, 0x1, [@m_bpf={0x102c, 0x18, 0x0, 0x0, {{0x8}, {0x4}, {0x1004, 0x6, "ca195aecf40dd9678aa4e4220c6968fba48422a053312a248bb0a94cc60f0ce3f51b29cfd60d2aa6a70fe313a2f464ada9dd8df353c4d0775e08b5c87b3758ee60d565835e0e65db749da53370977542920262dd2502fa983f30f93372505603e161a6abf683106fbe3a71eca9f84a046767ba2ff6c2bc25fc67f4c2754c71303a5e04cebe74739c95a27891e2295202c94b9eee531ddf7b9d8c058cc4f2b9335f3fadd79ffc632e942fce7047a5e158eb692e1ae4d08863b3d316191e4b44d3552b7735788bf71b21ca55fb8eb480b812c6770ad4c1e77b9797a3f52517d021694785e4ac1031301ec60105d048262bdf5c3c2f3533d6487f92fb1ee9cff4d3865e0fa06eaeb3c9679557df0e15471efda4fde61e226bbae835fb79ecab639fa49da59467d1fc785d97a22ce1880e3fd06c3bfed130fc2810ee7b8a397e8627fc87a8fb039dd6cde7790a00579f8afeda5fa2d1c781999a90eb4a8fab386c30e23a88ab506a1d1411c273209a3e1a33bce22631431335c130ac5bba69f4f11aefa6cce86a7c608962b6f6a9fe03a4b787809ae734e2b6532cc5a7687222f00e589e78b129e89eaf450cd29c5a56442119beb5ecb42a2263335b3287a971c053c1ab53e206fb9419af9222c66836abb6c8e92de1d1ec9cb81adb8ecc9d8c8e38a7914aefd3f72e116996830fa4116c5617f2ceef28ebd7236ce0863d0fd45e75a7340403bfb73501f84d9b139c22b006dd00d24cfafc7baddf4e9889186e46e0380f2ca54c70e6a25fc7c52a48815772d95e70fd74e7949325392915c4805a6cea927ead555092a58dcbab876a205da645f921891c21c322e086104cff334b5417344b97dfa1e9233f740e56f9133311b405dadbdc7a8fa9c5ba0e3a30a721104fe6b1fc3e6ebaddd014c0fdaecea19af77c991fac3af4be91177f71e056f1048cec03f8f699be2af1d1f917ffe8648210ba7c9eb32480dee03f4044ecb1592683bf69ac6fc499e09da448dc7ff37527bb7bdb4aa4c2219180a3549813d966e615cdb7ec564588315a926c71f5f08f588446809d0cb273cc9d6e2347015d44cb96c4ca6deb8c196c533b51cee3f02d4aded54ee8d4481ae9d40f67ba5ee1f6053255364ad8f2189d77344a273d982759a6b019006634ec7d3a02bdea4219a2c1ba5e421c0da517b25a263ef95deaac39c826c1b3e02c98113788ea94565ff3e30554998f37d0eb2bb838661f61465149f8151b6ab94a5bd2593beefa015db3d7ae5a9a42add8f3ec4068e7f0c23ee6f27c8ae4832d3b96cacc4c9efa7c35f59e22a0779dbc8307db379b18d6116a54cc642fbecb7a90344e163c61a44f6c1846bc9966cc08d13892a0535fda8307e51608a9f0adc0a585ca8df85eb2d0710e64ce876445c6054c8348764c529bb791ed66b0b5ecce0c98b5f701fadf93e5fee7f6fcf7a985ab61b8d86f0b7d9d467f5e8a4bb07f970eef4dc785c3fa3fa444eef632b754e46961ca7bf7d5d0f00998bfef6036073774aa32780600e8b3ccd1ceebf19fecf895465514bd1261fcae70b9b3884e6a08e5c98493e1644ecebc60536dcd2a816b162d915fd39b87b70766d1e4d7a1948cb37dcb7a50c17e8da8278a5824ba68daa0ecba991f65377b59d08d361e570e2a426c19266a7dab701caad184fb383ad4bfe0239677d3091ad9db3b97442994bf80a6e86248e7170a5dbf6c01b0c79d6c63b374c224925bb8837dcd4b97744247977afd4caf8e8f82a51734fcbaa62f1b7a8256de4df50d80720c05e068a7117fbac3dd9bc7e82ca98dbc1dda69a9ac868d378a86f019fac7f8680fa2729babcd068942f719b4f82ff76c031df4f7204331ee8cf1106242eeb4cbff6ad17c5c1705fbe16dd090e9aa57efad8da74c8c4cbfa605c4e577f6d8422455146b8eac9f6b62e3c4370414be417a067d7ef63af721511cc0e4af473efb073f28bbb6ffc9860002a0c78dfa68ad0d99261a227986a550f5ffc577ff17b501cd3a7225219dc61e26bc560aa8501e1a8aec783b65b342f5c63f6564db961c5673f746af19676cd117ac800c2a690ebce09030d46165abab5e21c967495e5ba7b8811c1a80e7c7360dafb01f94b86b5b2c27e5da221b3b84bb65349f51ce689794bfe13ed36ab2454ea27d47724275102fa6580564958796fa79b39efa97fd59214d9835233cbbdb4dc6e8946866df3f24a8083fa37c06982a9657f437ff140d74ad0da1b8c5c9fc7b8550c233b4fc189a87cf17436163884358ba222ba03b45565d42941b99e5749d06bfc40bdcd62a1a520b14145701233b53cfb5a25a3d9f05522efd8e48e66f19a283dfeeeb83eafe72df109a682b507bfa76977e03016dfdfa5c2259ee31d7c8fc00ad2bcbe883ecbeda5f1db7e31c32e4cfb70657c0d8ce133be3434a7dc788a8a4b33298f670c34122c71a2f94fd30eb4807c331cfdfa0b832c46014e27626afe347f5f185e5ffdd3c85f520d482cf2c15e89bed88f9914a7ef404648754aa25e3e0106e78391b8ff71c12934bd6dbc67687624b1eb1a873d0ecc5e43b70f94261cba857566a5ad11436a187ef309e7259434cece3ac8bbc1c4b873bf704e5d924e676dc17490a2f533dbd32481fdbc97b5e42a5c102f9022ee197fd2440230a41e7cbb95d591fc007ee1ba8d070fb8d1fb98c0344e5cd8dedb7e21be1431b5408c8e599c641bcf9494f41bf3773602904c6cea3b78254d0ee3c279f630dbe4b8a5f41d6f3aefaa546e96f1895369cae74f7856eef3e98574d86fe8919c6e06ae8e37648d2c7564c0a75da659c99876d57ebf12ea036987ff72291a12f979df7784270713f6905bbdbab4b0665d876eb26e25faaf2532072025e22bb3ffb3f2636be38ba0713e60a86e3a747594e940f8abf762dc4ec31613e10837f6463825bd3a0f07108ff41d847315170909a92c2aaaa2904fe0eeb77eb951e69bdfde04f92edfcb8470fd370973f66c2bfb36a197975b5de73ab09ec6d27a86f7797c25811eda1b8b6f0a8510892761e931fbad7a93b7ec9137ea6b8f52a2ad7841d36e422881f6b42698ed6cd9134e8b40bd972483fc7f9a73beeca9a02150abcb2f8b1eb377acbbb520924e7319d8b27a766796eb6ff7d1b4a0c3c396282548d333d5b727fd35c980a90a46c62ddffad551ab0208a3db4e8d719854a98bec1d4b53c0a4d46d775189ea87890918abdf2ab91138ff74571de3c6362dd349a7cdd2ed4769852ae482edf12fad1201505d871df0edd3d15f992d62621eec92e240ee2f638c2bd576d9d882d54295940187c954eca6296d2c050a9b8739da84634e7b64975099f9bafeafeeb28fde0b6f2eb8d29f6372ddb85b2d85a52659ca3ee176ad84dfa8ae32e188f3b010880baf345535d38e07438c0695e63793ecd77b28f8c621ba35193d5336e4fbbee97b21a07228f90286f740318cd26aa2154cc2bed99e5fd59be1cdf43b26b410758345d2a977b73102edd3bcdb45437057e2fc1cb4bb2a7603a705cd63b0a132b550b52c589c15c14fe83174266987e5b4f7dbe42c8a92379052404f5a4d063d48c58f53435de41d01be98ff76d6e97b4b731eecab0f71c72d1cd391fd8e2a94b4c4d2fb279dc486d1dc09d86c6375f81d0a92fccb9dcc8f15485e8c0e8233197c92fcabe95504e24b4ebf8a336082576bbfa70af1a8dc70dd20811295664931fe8aeab0c5da1705869498e020a70ee861f9cf5ee2bb360b470e8e39898e2e0360ce3fd3cac79630d70b8a81a4af179118bff1f56c8ae30d9d0e541bfab37aaaa8f3e074c214e0cc5cd5592e41fe63b500c017017e772227e2427bb13ec3ebdea88178cde57b35e730e9d908a4c9ed969afc8acf4edef8d61b2e6942b76065dca7c9dc3e186235be3df0383db7df3003e562c8f6ffc6de3e4346ac681d03c650f8f3831ca1b3bf16340ffcb40e36f6b65e99714a82de7ca784be6a5e1019255c851435995302a66d2724ee8832c151b0ccda1da63efd54fc8417a59a8176aa3c15ecf5684e76afc522f086dbfda6d6dc9558a037ffba09d94fc2903964caf98b60178ec1c412e1cbe5343e64e8cb842c7ba648bdae1d43ac206b1776e1405420e9c257467ce39919dca697ab9bfb9d1aa6431f1df33e43c2065de5530489e1bd252a37cb4a49311c7ab9036ea781fd453f1c426be969758ab617c3f90cf47e31b06ffedfd41dea95059a9da946d3ea4598d762ff6b7a5ade9573cb620c64da65924a30eff5226d0019a7250f28fef442b412f2d4f43a1c6ac77b437f12a38e298f17134b2ff8c955259378294a77b5ebadbbb25cbaf1994b07f20427eab2577c39947c1ab23a0f7f85686b459353997d4f8130fa448d88aa042cf24248e404071171f6663244ce94e4b59bcbf4095c5f33f1d121f2e0ae3017633fd12903d42f9214bbf395e3c70b97d8b217105e36350e8f0429d135da1ed8c8c63bf3036048e15ea1705b629425883a4373da5748612b8ccf12e43962ae523b22a63dcf0519ad92ef087308109f10b5d818c386d14d6cdc25397416ca0e4d0bdb98c4f0b3ebc019dd1836007f0c2f4f07f4a01bece03b8fbee18b0a19219383d4272774e75b13c8bb3db701ab21ea1ff5700113f5f325843f9d6ae83ffa0e6db32fc2a3a9ad469497c4e9e4f679302099957d76588ee9961891c25210ab97a144b6fd36465e6d1689a7c7f0e8da34e10ab8f1c848e278b463caf9bb002a9deeab22b5f93031472bbf495c7a3bc6aa4c6aaa1178e7e979da78f62d107311eb811da8cfba5a4552b70e72d5a206d24004274e182fba22c9036f3ec2028b5bba0236c22035bacb593418573c77a30143b751090d44c42d130ef4d07da05f183d2dc4c4fa84936e5e10f51d99840e859ed917204d14abaa624ddaeeb27cd16051b0ff4ce3bd124164ebade94c55e2bf328b60c464591d3f9208d77b2589ac9f6736b5e945043cd6b282d62bc51413f5d83b3f6022c48f9d9e22e6be7c0ad3a18fcf730a09e2c12b2d6d5f89e69c04bab311cc6aa1bfe8d8c988f0812e6f7fac80f429a689ebb818eee865ecaface71646354a8b8ae77bdf35c005e51222df7e4e0043071ddc3deb2ca99468fd66bb19c1c2fdd421ba4be45439f0b38368e4f331fdbb8d5d9f9266f08d15a8eee665a8a563ba6810859608010503c9747eed1ed4443c02006f9bf3c7352e1178d18200b42557ca25b9b2fa4c9a2e5cd4b521a73e460999fd015be5af196537153c4533ddc8f9b8ce46e3c7503f42e7fe47b415f8deba402411344dcf1e3160c27988694903c80f9b19f210c069157f2f2674cb7808c763d7c4920e8e338922edc9af24d9baba90308d75685371a5ba5527c27630fae16d3f27de2d208d3b69b68c99e46757e83680db303df74296c3a0b0aa41b69eba815b55aba8f2969136819d6b9eeb88f8c9b276dbe3a89dc9e0f6c8ce8aaa1a5c71f072328fa7e0fdccf6cd44b98e4370442b03df537f6c470f413d50c98774e2b077cb678278fbfeeaa879d21523db832903b61e8c0d191ee7fb0f920d59fa1aa79e66d4031e8abcdbca5d4921ffeefd2dda495204a82b0027dc78fc2fef6f480dc355fb0a25fbe37ad7108bcbe398f02b12d4fac5b0280f8257985e20c4fb71b973288c367e6eb21889f519f42a201cc26fde43fd512e5cf3634dc5327b7fc5e84545e54b54e8c041f6c227b872d911d4b8abf1a50d8303f6d34cd1ec529e7fa514c3ebd389488f3f4e53bd514f482b2e81ead2306afb6bedd697fceb955694cbf3a32"}, {0xc}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x1044}}, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) syz_emit_ethernet(0x6a, &(0x7f0000000140)={@random="a5050f0000b5", @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x0, @local, @local, {[@ssrr={0x89, 0x3}, @rr={0x7, 0x3}, @timestamp_prespec={0x44, 0x24, 0x0, 0x3, 0x0, [{@multicast1}, {@multicast1}, {@initdev={0xac, 0x1e, 0x0, 0x0}}, {@remote}]}]}}}}}}}, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x48}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000ac0)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_XFRM_DREG={0x8}, @NFTA_XFRM_SPNUM={0x8, 0x4, 0x1, 0x0, 0x6}, @NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000140)) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000180)={0x1, &(0x7f0000000280)=[{0x34}]}) 44.30281ms ago: executing program 4 (id=2293): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000080eff95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={0x0, r0}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000540)='kfree\x00', r0}, 0x10) socket$kcm(0x10, 0x2, 0x0) r1 = accept4$tipc(0xffffffffffffffff, &(0x7f0000000100)=@name, &(0x7f0000000140)=0x10, 0x80800) accept4$tipc(r1, &(0x7f0000000180), &(0x7f00000001c0)=0x10, 0x80800) syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x0, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000020000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYRES8], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000180)='ext4_ext_show_extent\x00', r3}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DEL(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000b00)=ANY=[@ANYBLOB="440000000a0601010000000000000000010000000500010006ffef0014000880120007800900120073797a322cef00000900020073797a320000000008000940000000005f0513ab06a4d3d35c2fe002eb34ea97827e834e3f017ef514aa5010c17b9e8998013636ecd8d7a124e4d2e12352fceceb9b63317a248f7886ef82cbe8db3a0ab3db1190e0f15cc22f7e36bd14536cbcb18f8039b45117505d2acb2396b79d2bd8cf4385cc87bc8b0b405eef2e32743c82f45d2b7840e021604e214d40d4c164906eb027700ebde4043e23441387c7b12877c211112194ea7a70b653f8021f9cb8fc977a3bc7b66fe164aabde1a91fe9057a9fe3be4210884338d71db173203a610407e7d6a68adab787c18ac51ad7c1f4191188c6fca64caa0812f40d7875b380883df71f10a8960070324d9fb1a48a5567b797221d576b9f037451b7e5af2a842a9f1f656a59bdd1453e9309b69986727b91eb019b15da24a0b1d1bb8299e0b2627fb06dd8de4ce7fbba78ab334ec7acf9fe17394af96f121b8ffc38d67d1c548c1cee14157d9f855c45180cfcba8a56907abec5810a8a29b5207d45973f30e7254becb7ef91a18f80d7a8552f017ffcede54f34cdf41afc98885d52186c202692b126901755d500e32154471190f3c2250e6c1845518a43196459ca439e1a78f7288b11af7455e05ffaec0c2c"], 0x44}}, 0x0) 0s ago: executing program 2 (id=2294): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x1}, 0x8) setsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000180)=@assoc_value={0x0, 0x80000001}, 0x8) sendto$inet6(r0, &(0x7f0000000580)="03", 0x1, 0xe803000000000000, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) kernel console output (not intermixed with test programs): rdirqs_on_prepare+0x10/0x10 [ 195.313006][ T9374] ? do_syscall_64+0x100/0x230 [ 195.317783][ T9374] ? do_syscall_64+0xb6/0x230 [ 195.322470][ T9374] do_syscall_64+0xf3/0x230 [ 195.326981][ T9374] ? clear_bhb_loop+0x35/0x90 [ 195.331681][ T9374] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.337584][ T9374] RIP: 0033:0x7fc087b75b99 [ 195.342014][ T9374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 195.361900][ T9374] RSP: 002b:00007fc0889d6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 195.370329][ T9374] RAX: ffffffffffffffda RBX: 00007fc087d03fa0 RCX: 00007fc087b75b99 [ 195.378310][ T9374] RDX: 0000000000000000 RSI: 00000000200015c0 RDI: 0000000000000003 [ 195.386288][ T9374] RBP: 00007fc0889d60a0 R08: 0000000000000000 R09: 0000000000000000 [ 195.394264][ T9374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 195.402243][ T9374] R13: 000000000000000b R14: 00007fc087d03fa0 R15: 00007ffccbea3e28 [ 195.410418][ T9374] [ 195.465995][ T144] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 195.764595][ T9384] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 196.124756][ T9398] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 196.132118][ T9398] IPv6: NLM_F_CREATE should be set when creating new route [ 196.197381][ T5119] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 196.209600][ T5119] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 196.226493][ T5119] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 196.239704][ T5119] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 196.247570][ T5119] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 196.256049][ T5119] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 196.365976][ T9402] caif0 speed is unknown, defaulting to 1000 [ 196.678599][ T9428] __nla_validate_parse: 5 callbacks suppressed [ 196.678622][ T9428] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1464'. [ 196.704082][ T144] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.802377][ T9432] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1465'. [ 196.874771][ T144] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.001488][ T144] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.226447][ T9443] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 197.259843][ T9443] macvtap1: entered allmulticast mode [ 197.278801][ T9443] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 197.301422][ T9443] netdevsim netdevsim0 netdevsim0: left allmulticast mode [ 197.310287][ T9443] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 197.528452][ T144] bridge_slave_1: left allmulticast mode [ 197.530749][ T9460] netlink: 134312 bytes leftover after parsing attributes in process `syz.4.1476'. [ 197.534160][ T144] bridge_slave_1: left promiscuous mode [ 197.563168][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.596643][ T144] bridge_slave_0: left allmulticast mode [ 197.607508][ T144] bridge_slave_0: left promiscuous mode [ 197.615873][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.165221][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 198.181366][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 198.194144][ T144] bond0 (unregistering): Released all slaves [ 198.208871][ T9460] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 198.217226][ T9402] chnl_net:caif_netlink_parms(): no params data found [ 198.230702][ T9460] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 198.250510][ T9476] netlink: 576 bytes leftover after parsing attributes in process `syz.2.1483'. [ 198.299356][ T5119] Bluetooth: hci2: command tx timeout [ 198.504065][ T9480] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1484'. [ 198.546713][ T9482] erspan0: entered promiscuous mode [ 198.565237][ T9482] vlan2: entered promiscuous mode [ 198.576175][ T9482] erspan0: left promiscuous mode [ 198.884943][ T9501] sctp: [Deprecated]: syz.2.1491 (pid 9501) Use of int in max_burst socket option deprecated. [ 198.884943][ T9501] Use struct sctp_assoc_value instead [ 198.899747][ T9505] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1493'. [ 198.948748][ T9494] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1488'. [ 199.005224][ T9402] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.020342][ T9402] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.040772][ T9402] bridge_slave_0: entered allmulticast mode [ 199.069685][ T9402] bridge_slave_0: entered promiscuous mode [ 199.089580][ T9402] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.096975][ T9402] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.140298][ T9402] bridge_slave_1: entered allmulticast mode [ 199.165986][ T9402] bridge_slave_1: entered promiscuous mode [ 199.191764][ T9515] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1494'. [ 199.250614][ T9514] netlink: 'syz.1.1495': attribute type 1 has an invalid length. [ 199.504052][ T9402] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 199.573805][ T9402] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 199.673134][ T9524] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1498'. [ 199.706125][ T9524] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1498'. [ 199.795115][ T144] hsr_slave_0: left promiscuous mode [ 199.821226][ T144] hsr_slave_1: left promiscuous mode [ 199.843340][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 199.864788][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 199.913140][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 199.929945][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 199.941185][ T9532] FAULT_INJECTION: forcing a failure. [ 199.941185][ T9532] name failslab, interval 1, probability 0, space 0, times 0 [ 199.954526][ T9532] CPU: 1 PID: 9532 Comm: syz.4.1501 Not tainted 6.10.0-rc5-syzkaller-01115-g30972a4ea092 #0 [ 199.964657][ T9532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 199.974903][ T9532] Call Trace: [ 199.978183][ T9532] [ 199.981113][ T9532] dump_stack_lvl+0x241/0x360 [ 199.985817][ T9532] ? __pfx_dump_stack_lvl+0x10/0x10 [ 199.991019][ T9532] ? __pfx__printk+0x10/0x10 [ 199.995629][ T9532] ? __lock_acquire+0x1346/0x1fd0 [ 200.000702][ T9532] should_fail_ex+0x3b0/0x4e0 [ 200.005413][ T9532] ? __alloc_skb+0x1c3/0x440 [ 200.010014][ T9532] should_failslab+0x9/0x20 [ 200.014539][ T9532] kmem_cache_alloc_node_noprof+0x71/0x320 [ 200.020389][ T9532] __alloc_skb+0x1c3/0x440 [ 200.024847][ T9532] ? validate_chain+0x11e/0x5900 [ 200.029814][ T9532] ? __pfx___alloc_skb+0x10/0x10 [ 200.034767][ T9532] alloc_skb_with_frags+0xc3/0x770 [ 200.039898][ T9532] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 200.045284][ T9532] sock_alloc_send_pskb+0x91a/0xa60 [ 200.050549][ T9532] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 200.056329][ T9532] ? aa_sk_perm+0x967/0xab0 [ 200.060876][ T9532] hci_sock_sendmsg+0x22b/0x11c0 [ 200.065861][ T9532] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 200.071247][ T9532] ? aa_sock_msg_perm+0x91/0x160 [ 200.076196][ T9532] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 200.081484][ T9532] ? security_socket_sendmsg+0x87/0xb0 [ 200.086955][ T9532] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 200.092368][ T9532] __sock_sendmsg+0x221/0x270 [ 200.097064][ T9532] sock_write_iter+0x2dd/0x400 [ 200.101856][ T9532] ? __pfx_sock_write_iter+0x10/0x10 [ 200.107172][ T9532] ? bpf_lsm_file_permission+0x9/0x10 [ 200.112552][ T9532] ? security_file_permission+0x7f/0xa0 [ 200.118119][ T9532] vfs_write+0xa72/0xc90 [ 200.122375][ T9532] ? __pfx_sock_write_iter+0x10/0x10 [ 200.127668][ T9532] ? __pfx_vfs_write+0x10/0x10 [ 200.132470][ T9532] ksys_write+0x1a0/0x2c0 [ 200.136812][ T9532] ? __pfx_ksys_write+0x10/0x10 [ 200.141670][ T9532] ? do_syscall_64+0x100/0x230 [ 200.146439][ T9532] ? do_syscall_64+0xb6/0x230 [ 200.151134][ T9532] do_syscall_64+0xf3/0x230 [ 200.155670][ T9532] ? clear_bhb_loop+0x35/0x90 [ 200.160379][ T9532] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.166281][ T9532] RIP: 0033:0x7f1361b75b99 [ 200.170700][ T9532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 200.190317][ T9532] RSP: 002b:00007f1362917048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 200.198753][ T9532] RAX: ffffffffffffffda RBX: 00007f1361d03fa0 RCX: 00007f1361b75b99 [ 200.206758][ T9532] RDX: 000000000000000d RSI: 0000000020000000 RDI: 0000000000000004 [ 200.214753][ T9532] RBP: 00007f13629170a0 R08: 0000000000000000 R09: 0000000000000000 [ 200.222731][ T9532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 200.230706][ T9532] R13: 000000000000000b R14: 00007f1361d03fa0 R15: 00007ffd1c8f2578 [ 200.238693][ T9532] [ 200.276827][ T144] veth1_macvtap: left promiscuous mode [ 200.284915][ T144] veth0_macvtap: left promiscuous mode [ 200.298110][ T144] veth1_vlan: left promiscuous mode [ 200.303515][ T144] veth0_vlan: left promiscuous mode [ 200.378282][ T5119] Bluetooth: hci2: command tx timeout [ 201.092253][ T144] team0 (unregistering): Port device team_slave_1 removed [ 201.153978][ T144] team0 (unregistering): Port device team_slave_0 removed [ 201.640620][ T9402] team0: Port device team_slave_0 added [ 201.664485][ T9539] ip6tnl0: Master is either lo or non-ether device [ 201.685778][ T9547] bridge0: port 2(bridge_slave_1) entered listening state [ 201.760701][ T9402] team0: Port device team_slave_1 added [ 201.916051][ T9402] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 201.917936][ T9565] __nla_validate_parse: 4 callbacks suppressed [ 201.917956][ T9565] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1514'. [ 201.937763][ T9402] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.996320][ T9402] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 202.017461][ T9402] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 202.034989][ T9402] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 202.073042][ T9402] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 202.202512][ T9402] hsr_slave_0: entered promiscuous mode [ 202.247009][ T9402] hsr_slave_1: entered promiscuous mode [ 202.266913][ T9402] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 202.290644][ T9402] Cannot create hsr debugfs directory [ 202.309651][ T9577] netlink: 'syz.1.1519': attribute type 1 has an invalid length. [ 202.317501][ T9577] netlink: 'syz.1.1519': attribute type 1 has an invalid length. [ 202.335872][ T9577] netlink: 'syz.1.1519': attribute type 1 has an invalid length. [ 202.352010][ T9577] netlink: 'syz.1.1519': attribute type 1 has an invalid length. [ 202.360000][ T9577] netlink: 'syz.1.1519': attribute type 1 has an invalid length. [ 202.368140][ T9577] netlink: 'syz.1.1519': attribute type 1 has an invalid length. [ 202.376933][ T9577] netlink: 'syz.1.1519': attribute type 1 has an invalid length. [ 202.387571][ T9577] netlink: 'syz.1.1519': attribute type 1 has an invalid length. [ 202.396890][ T9577] netlink: 'syz.1.1519': attribute type 1 has an invalid length. [ 202.458611][ T5119] Bluetooth: hci2: command tx timeout [ 202.683969][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 202.709709][ T5161] tipc: Resetting bearer [ 202.868936][ T9602] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1530'. [ 203.041022][ T9603] netlink: 191416 bytes leftover after parsing attributes in process `syz.1.1529'. [ 203.063658][ T9603] netlink: zone id is out of range [ 203.078897][ T9603] netlink: zone id is out of range [ 203.100220][ T9603] netlink: zone id is out of range [ 203.105416][ T9603] netlink: zone id is out of range [ 203.149088][ T9603] netlink: zone id is out of range [ 203.167844][ T9603] netlink: zone id is out of range [ 203.173039][ T9603] netlink: zone id is out of range [ 203.197832][ T9603] netlink: zone id is out of range [ 203.203018][ T9603] netlink: zone id is out of range [ 203.215506][ T9614] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1529'. [ 203.231962][ T9617] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1532'. [ 203.465273][ T9402] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 203.521798][ T9402] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 203.575454][ T9402] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 203.593530][ T9634] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1536'. [ 203.599976][ T9636] netlink: 185276 bytes leftover after parsing attributes in process `syz.2.1539'. [ 203.643273][ T9402] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 203.715255][ T9628] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1537'. [ 203.745949][ T9637] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1538'. [ 203.755709][ T9628] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1537'. [ 203.797067][ T9628] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 204.064188][ T9402] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.133358][ T9402] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.181345][ T5110] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.188629][ T5110] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.263147][ T5190] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.270439][ T5190] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.469331][ T9666] netlink: 'syz.0.1547': attribute type 10 has an invalid length. [ 204.538388][ T5111] Bluetooth: hci2: command tx timeout [ 204.646693][ T5118] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 204.665851][ T2479] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 204.686093][ T5118] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 204.696530][ T5118] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 204.705278][ T5118] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 204.713623][ T5118] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 204.727025][ T5118] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 204.876064][ T2479] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.013090][ T9690] netlink: 'syz.1.1553': attribute type 29 has an invalid length. [ 205.014536][ T2479] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.063816][ T9690] netlink: 'syz.1.1553': attribute type 29 has an invalid length. [ 205.108640][ T9695] netlink: 'syz.1.1553': attribute type 29 has an invalid length. [ 205.141436][ T9674] caif0 speed is unknown, defaulting to 1000 [ 205.206070][ T2479] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.598084][ T2479] bridge_slave_1: left allmulticast mode [ 205.610365][ T2479] bridge_slave_1: left promiscuous mode [ 205.622054][ T2479] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.664173][ T2479] bridge_slave_0: left allmulticast mode [ 205.672350][ T2479] bridge_slave_0: left promiscuous mode [ 205.684564][ T2479] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.426385][ T2479] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 206.438496][ T2479] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 206.454160][ T2479] bond0 (unregistering): Released all slaves [ 206.630302][ T2479] ÿÿÿG: left promiscuous mode [ 206.636035][ T5118] Bluetooth: hci2: command 0x0405 tx timeout [ 206.779491][ T5119] Bluetooth: hci1: command tx timeout [ 206.976644][ T9741] __nla_validate_parse: 6 callbacks suppressed [ 206.976668][ T9741] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1568'. [ 207.025821][ T9402] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 207.208301][ T9750] vlan3: entered promiscuous mode [ 207.252546][ T9746] netlink: 'syz.0.1570': attribute type 3 has an invalid length. [ 207.274834][ T9753] netlink: 'syz.1.1571': attribute type 3 has an invalid length. [ 207.283842][ T9753] netlink: 666 bytes leftover after parsing attributes in process `syz.1.1571'. [ 207.476083][ T9759] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1572'. [ 207.554464][ T9674] chnl_net:caif_netlink_parms(): no params data found [ 207.657004][ T9762] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 207.667097][ T9762] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 207.676096][ T9762] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 207.684930][ T9762] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 207.728431][ T9762] vxlan0: entered promiscuous mode [ 207.786252][ T9762] vxlan0: entered allmulticast mode [ 207.803796][ T9762] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 207.813088][ T9762] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 207.822216][ T9762] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 207.831230][ T9762] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 207.921313][ T9402] veth0_vlan: entered promiscuous mode [ 207.928719][ T9766] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1574'. [ 207.941198][ T9766] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1574'. [ 208.033803][ T2479] hsr_slave_0: left promiscuous mode [ 208.045560][ T2479] hsr_slave_1: left promiscuous mode [ 208.080466][ T2479] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 208.090904][ T2479] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 208.109810][ T2479] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 208.117301][ T2479] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 208.136821][ T2479] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 208.150136][ T2479] batman_adv: batadv0: Removing interface: virt_wifi0 [ 208.181697][ T2479] veth1_vlan: left promiscuous mode [ 208.190934][ T2479] veth0_vlan: left promiscuous mode [ 208.832806][ T2479] team0 (unregistering): Port device team_slave_1 removed [ 208.858015][ T5119] Bluetooth: hci1: command tx timeout [ 208.883204][ T2479] team0 (unregistering): Port device team_slave_0 removed [ 209.218587][ T35] smc: removing ib device syz1 [ 209.243038][ T2479] team0 (unregistering): Port device dummy0 removed [ 209.526218][ T9769] netlink: 'syz.1.1575': attribute type 1 has an invalid length. [ 209.541848][ T9769] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 209.549188][ T9769] IPv6: NLM_F_CREATE should be set when creating new route [ 209.556537][ T9769] IPv6: NLM_F_CREATE should be set when creating new route [ 209.712557][ T9402] veth1_vlan: entered promiscuous mode [ 210.110171][ T9800] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1585'. [ 210.162549][ T9674] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.184494][ T9674] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.210836][ T9674] bridge_slave_0: entered allmulticast mode [ 210.264809][ T9674] bridge_slave_0: entered promiscuous mode [ 210.281568][ T9804] xt_CT: No such helper "snmp_trap" [ 210.312030][ T9674] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.352243][ T9674] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.395037][ T9674] bridge_slave_1: entered allmulticast mode [ 210.409540][ T9674] bridge_slave_1: entered promiscuous mode [ 210.580647][ T9674] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 210.709703][ T9674] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 210.893227][ T9402] veth0_macvtap: entered promiscuous mode [ 210.912050][ T9821] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1592'. [ 210.932079][ T9824] netlink: 'syz.1.1592': attribute type 4 has an invalid length. [ 210.938111][ T5118] Bluetooth: hci1: command tx timeout [ 211.008641][ T9826] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1594'. [ 211.055671][ T9674] team0: Port device team_slave_0 added [ 211.092822][ T9402] veth1_macvtap: entered promiscuous mode [ 211.104387][ T9674] team0: Port device team_slave_1 added [ 211.112422][ T9828] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1595'. [ 211.121659][ T9828] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1595'. [ 211.245190][ T9674] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 211.258130][ T9674] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.286702][ T9674] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 211.300236][ T9674] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 211.307219][ T9674] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.336649][ T9674] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 211.510710][ T9402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 211.537393][ T9402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.551304][ T9402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 211.567840][ T9402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.578593][ T9402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 211.582639][ T9842] net_ratelimit: 244 callbacks suppressed [ 211.582660][ T9842] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 211.590376][ T9402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.636791][ T9402] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 211.690032][ T9836] bridge0: port 4(vlan3) entered blocking state [ 211.697280][ T9836] bridge0: port 4(vlan3) entered disabled state [ 211.707951][ T9836] vlan3: entered allmulticast mode [ 211.720151][ T9836] vlan3: left allmulticast mode [ 211.761820][ T9674] hsr_slave_0: entered promiscuous mode [ 211.776925][ T9674] hsr_slave_1: entered promiscuous mode [ 211.803941][ T9674] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 211.811870][ T9674] Cannot create hsr debugfs directory [ 211.830460][ T9402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.842947][ T9402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.854162][ T9402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.877617][ T9402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.895543][ T9402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.906469][ T9402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.920882][ T9402] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 212.006057][ T9402] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.027021][ T9402] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.036538][ T9402] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.048197][ T9402] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.077996][ T9851] __nla_validate_parse: 2 callbacks suppressed [ 212.078019][ T9851] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1604'. [ 212.094609][ T9851] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1604'. [ 212.105822][ T9854] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 212.123849][ T9851] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1604'. [ 212.142911][ T5118] Bluetooth: hci0: command 0x0401 tx timeout [ 212.204071][ T9862] xt_l2tp: missing protocol rule (udp|l2tpip) [ 212.318519][ T9864] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1608'. [ 212.489027][ T9868] netlink: 'syz.4.1610': attribute type 1 has an invalid length. [ 212.496871][ T9868] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 212.504172][ T9868] IPv6: NLM_F_CREATE should be set when creating new route [ 212.511513][ T9868] IPv6: NLM_F_CREATE should be set when creating new route [ 212.517913][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 212.526641][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 212.596409][ T9872] veth0_macvtap: left promiscuous mode [ 212.656243][ T2479] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 212.666965][ T2479] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 212.848608][ T9880] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1616'. [ 212.888627][ T9882] netlink: 88 bytes leftover after parsing attributes in process `syz.4.1617'. [ 213.020996][ T5119] Bluetooth: hci1: command tx timeout [ 213.040680][ T9674] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 213.067428][ T9674] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 213.092444][ T9674] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 213.104965][ T9674] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 213.255145][ T63] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.389226][ T63] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.511980][ T63] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.642787][ T63] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.672854][ T9674] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.701668][ T9889] dvmrp0: entered allmulticast mode [ 213.746323][ T9674] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.841704][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.849243][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.872057][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.879338][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.020283][ T63] bridge_slave_1: left allmulticast mode [ 214.066020][ T63] bridge_slave_1: left promiscuous mode [ 214.078115][ T63] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.100010][ T63] bridge_slave_0: left allmulticast mode [ 214.106574][ T63] bridge_slave_0: left promiscuous mode [ 214.137167][ T63] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.219102][ T9904] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 214.525317][ T5118] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 214.535992][ T5118] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 214.552988][ T5118] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 214.562618][ T5118] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 214.581879][ T5118] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 214.601878][ T5118] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 214.845735][ T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 214.858365][ T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 214.872080][ T63] bond0 (unregistering): Released all slaves [ 214.900773][ T9906] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1625'. [ 214.947970][ T5119] Bluetooth: hci4: command 0x0405 tx timeout [ 215.059687][ T9923] x_tables: duplicate underflow at hook 1 [ 215.081573][ T9923] x_tables: duplicate underflow at hook 2 [ 215.479384][ T29] audit: type=1804 audit(1719800146.833:18): pid=9934 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1634" name="/root/syzkaller.DAwmw1/246/cgroup.controllers" dev="sda1" ino=1959 res=1 errno=0 [ 215.544397][ T9943] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1637'. [ 215.712830][ T9950] netlink: 'syz.4.1641': attribute type 1 has an invalid length. [ 215.721081][ T63] hsr_slave_0: left promiscuous mode [ 215.722560][ T9950] netlink: 'syz.4.1641': attribute type 3 has an invalid length. [ 215.735077][ T9950] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1641'. [ 215.744514][ T63] hsr_slave_1: left promiscuous mode [ 215.767500][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 215.787902][ T63] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 215.805391][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 215.828394][ T63] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 215.836942][ T9956] x_tables: duplicate underflow at hook 1 [ 215.865965][ T9956] x_tables: duplicate underflow at hook 2 [ 215.913690][ T63] veth1_macvtap: left promiscuous mode [ 215.920714][ T63] veth0_macvtap: left promiscuous mode [ 215.927513][ T63] veth1_vlan: left promiscuous mode [ 215.933044][ T63] veth0_vlan: left promiscuous mode [ 215.990846][ T9955] netlink: 'syz.4.1641': attribute type 1 has an invalid length. [ 216.017653][ T9955] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1641'. [ 216.493442][ T63] team0 (unregistering): Port device team_slave_1 removed [ 216.540550][ T63] team0 (unregistering): Port device team_slave_0 removed [ 216.710911][ T5119] Bluetooth: hci2: command tx timeout [ 217.129901][ T9674] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.213010][ T9971] netlink: 'syz.0.1646': attribute type 1 has an invalid length. [ 217.237619][ T9971] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 217.244979][ T9971] IPv6: NLM_F_CREATE should be set when creating new route [ 217.252311][ T9971] IPv6: NLM_F_CREATE should be set when creating new route [ 217.429238][ T9987] netlink: 'syz.0.1651': attribute type 4 has an invalid length. [ 217.544281][ T9913] chnl_net:caif_netlink_parms(): no params data found [ 217.617386][ T9674] veth0_vlan: entered promiscuous mode [ 217.694750][ T9996] x_tables: duplicate underflow at hook 1 [ 217.718607][ T9674] veth1_vlan: entered promiscuous mode [ 217.736206][ T9996] x_tables: duplicate underflow at hook 2 [ 217.914905][ T9913] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.923980][ T9913] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.925840][ T29] audit: type=1804 audit(1719800149.283:19): pid=10003 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1656" name="/root/syzkaller.VNmZv4/422/cgroup.controllers" dev="sda1" ino=1975 res=1 errno=0 [ 217.938083][ T9913] bridge_slave_0: entered allmulticast mode [ 217.965078][ T9913] bridge_slave_0: entered promiscuous mode [ 217.975840][T10005] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 217.993509][T10008] __nla_validate_parse: 2 callbacks suppressed [ 217.993529][T10008] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1657'. [ 218.020803][ T9913] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.034530][ T9913] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.046688][ T9913] bridge_slave_1: entered allmulticast mode [ 218.062907][ T9913] bridge_slave_1: entered promiscuous mode [ 218.153981][ T63] dvmrp0 (unregistering): left allmulticast mode [ 218.256173][T10013] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1660'. [ 218.311070][ T9913] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 218.342025][ T9674] veth0_macvtap: entered promiscuous mode [ 218.361602][ T9913] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 218.427387][ T9674] veth1_macvtap: entered promiscuous mode [ 218.533284][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 218.541430][ T9913] team0: Port device team_slave_0 added [ 218.559554][ T9913] team0: Port device team_slave_1 added [ 218.583996][T10024] netlink: 'syz.1.1663': attribute type 3 has an invalid length. [ 218.595141][T10024] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1663'. [ 218.604901][T10024] netlink: 'syz.1.1663': attribute type 3 has an invalid length. [ 218.613130][T10024] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1663'. [ 218.640467][T10026] netlink: 192 bytes leftover after parsing attributes in process `syz.0.1664'. [ 218.662720][ T9913] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 218.670741][ T9913] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 218.699768][ T9913] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 218.726995][ T9674] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 218.749182][ T9674] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.760068][ T9674] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 218.771130][ T9674] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.781295][ T5119] Bluetooth: hci2: command tx timeout [ 218.785976][ T9674] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 218.797326][ T9674] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.811231][T10030] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1666'. [ 218.819613][ T9674] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 218.828736][ T9913] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 218.843703][ T9913] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 218.873486][ T9913] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 218.893303][T10032] netlink: 47 bytes leftover after parsing attributes in process `syz.1.1665'. [ 218.955223][ T9674] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 218.969327][ T9674] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.980763][ T9674] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 218.991487][ T9674] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.001918][ T9674] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 219.012672][ T9674] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.029877][ T9674] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 219.039765][ T29] audit: type=1804 audit(1719800150.383:20): pid=10037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1668" name="/root/syzkaller.VNmZv4/426/cgroup.controllers" dev="sda1" ino=1964 res=1 errno=0 [ 219.082509][ T5158] IPVS: starting estimator thread 0... [ 219.115990][ T9913] hsr_slave_0: entered promiscuous mode [ 219.130587][ T9913] hsr_slave_1: entered promiscuous mode [ 219.137242][ T9913] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 219.153597][ T9913] Cannot create hsr debugfs directory [ 219.187885][T10038] IPVS: using max 17 ests per chain, 40800 per kthread [ 219.207441][ T9674] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.218572][ T9674] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.227343][ T9674] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.236797][ T9674] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.349924][T10044] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1671'. [ 219.418866][T10048] netlink: 'syz.1.1673': attribute type 7 has an invalid length. [ 219.464330][T10048] Êü: entered promiscuous mode [ 219.561589][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 219.606625][T10052] netlink: 'syz.4.1674': attribute type 3 has an invalid length. [ 219.616357][T10055] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1675'. [ 219.633568][T10052] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1674'. [ 219.645256][T10052] netlink: 'syz.4.1674': attribute type 3 has an invalid length. [ 219.666087][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 219.690484][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 219.859819][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 219.885754][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 220.080138][T10073] debugfs: Directory 'ü !' with parent 'ieee80211' already present! [ 220.858900][ T5119] Bluetooth: hci2: command tx timeout [ 221.741256][ T9913] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 221.776705][ T9913] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 221.789063][T10096] netlink: 'syz.4.1691': attribute type 3 has an invalid length. [ 221.817156][T10096] netlink: 'syz.4.1691': attribute type 1 has an invalid length. [ 221.826553][ T9913] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 221.854130][ T9913] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 222.238669][ T9913] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.310450][ T9913] 8021q: adding VLAN 0 to HW filter on device team0 [ 222.314199][T10120] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 222.366750][ T5190] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.374017][ T5190] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.408637][ T5160] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.415836][ T5160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.606503][T10131] x_tables: duplicate underflow at hook 1 [ 222.659843][T10131] xt_SECMARK: invalid mode: 0 [ 222.839084][T10145] netlink: 'syz.0.1710': attribute type 2 has an invalid length. [ 222.948638][ T5119] Bluetooth: hci2: command tx timeout [ 223.055356][T10156] __nla_validate_parse: 15 callbacks suppressed [ 223.055378][T10156] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1713'. [ 223.061244][T10157] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1712'. [ 223.106075][ T9913] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 223.164415][T10160] syzkaller1: entered promiscuous mode [ 223.178830][T10160] syzkaller1: entered allmulticast mode [ 223.249390][T10164] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1716'. [ 223.274555][T10164] vxcan3: entered promiscuous mode [ 223.284630][T10162] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1715'. [ 223.313120][T10169] netlink: 576 bytes leftover after parsing attributes in process `syz.4.1718'. [ 223.315494][T10162] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1715'. [ 223.390180][T10167] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1716'. [ 223.538717][T10182] sctp: [Deprecated]: syz.1.1721 (pid 10182) Use of int in maxseg socket option. [ 223.538717][T10182] Use struct sctp_assoc_value instead [ 223.591980][T10176] netlink: 'syz.2.1719': attribute type 1 has an invalid length. [ 223.606928][T10176] netlink: 'syz.2.1719': attribute type 4 has an invalid length. [ 223.616864][T10176] netlink: 15334 bytes leftover after parsing attributes in process `syz.2.1719'. [ 223.633018][T10183] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1722'. [ 223.646268][T10185] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1722'. [ 223.753880][ T9913] veth0_vlan: entered promiscuous mode [ 223.783858][T10189] xfrm1: entered promiscuous mode [ 223.790535][T10189] xfrm1: entered allmulticast mode [ 223.816479][ T9913] veth1_vlan: entered promiscuous mode [ 223.973158][ T9913] veth0_macvtap: entered promiscuous mode [ 224.012503][ T9913] veth1_macvtap: entered promiscuous mode [ 224.029443][T10195] netlink: 'syz.2.1726': attribute type 10 has an invalid length. [ 224.050197][T10195] bridge0: port 3(dummy0) entered blocking state [ 224.056842][T10195] bridge0: port 3(dummy0) entered disabled state [ 224.071216][T10195] dummy0: entered allmulticast mode [ 224.083187][T10195] dummy0: entered promiscuous mode [ 224.094643][T10195] bridge0: port 3(dummy0) entered blocking state [ 224.101225][T10195] bridge0: port 3(dummy0) entered forwarding state [ 224.246975][ T9913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 224.284100][ T9913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.295642][ T9913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 224.310216][ T9913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.320383][ T9913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 224.331526][ T9913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.341466][ T9913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 224.367068][ T9913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.394374][ T9913] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 224.421245][ T9913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 224.431817][ T9913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.462680][ T9913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 224.482044][ T9913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.497092][ T9913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 224.509830][ T9913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.528329][ T9913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 224.541337][ T9913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.553595][ T9913] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 224.592768][T10220] netlink: 'syz.4.1734': attribute type 11 has an invalid length. [ 224.626323][ T9913] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.655500][T10213] sctp: [Deprecated]: syz.0.1733 (pid 10213) Use of int in maxseg socket option. [ 224.655500][T10213] Use struct sctp_assoc_value instead [ 224.670311][ T9913] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.697313][ T9913] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.708130][ T9913] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.034530][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.060223][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.172154][ T2479] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.202679][ T2479] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.373196][T10251] geneve2: entered promiscuous mode [ 225.425889][T10251] geneve2: entered allmulticast mode [ 226.044149][T10282] veth0_macvtap: left promiscuous mode [ 227.036762][T10331] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 227.063211][T10331] bond0: (slave macvlan2): Enslaving as an active interface with an up link [ 227.067307][T10339] tipc: Trying to set illegal importance in message [ 227.283965][T10353] netlink: 'syz.0.1781': attribute type 10 has an invalid length. [ 227.484076][ T144] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.605410][ T144] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.677507][ T144] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.770301][ T144] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.866165][ T144] bridge_slave_1: left allmulticast mode [ 227.872631][ T144] bridge_slave_1: left promiscuous mode [ 227.878611][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.888244][ T144] bridge_slave_0: left allmulticast mode [ 227.893905][ T144] bridge_slave_0: left promiscuous mode [ 227.900718][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.137181][T10359] __nla_validate_parse: 11 callbacks suppressed [ 228.137204][T10359] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1783'. [ 228.159975][T10363] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1785'. [ 228.634030][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 228.654303][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 228.669673][ T144] bond0 (unregistering): Released all slaves [ 228.682863][ T5118] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 228.692845][T10363] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1785'. [ 228.703734][ T5118] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 228.713562][T10374] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1788'. [ 228.733951][ T5118] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 228.767386][ T5118] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 228.784584][ T5118] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 228.796889][ T5118] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 229.053001][T10388] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1793'. [ 229.071623][T10388] ipvlan0: entered allmulticast mode [ 229.077116][T10388] veth0_vlan: entered allmulticast mode [ 229.577879][ T144] hsr_slave_0: left promiscuous mode [ 229.596884][ T144] hsr_slave_1: left promiscuous mode [ 229.662468][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 229.710974][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 229.804971][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 229.833775][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 229.930169][ T144] veth1_macvtap: left promiscuous mode [ 229.943889][ T144] veth0_macvtap: left promiscuous mode [ 229.956515][ T144] veth1_vlan: left promiscuous mode [ 229.967811][ T144] veth0_vlan: left promiscuous mode [ 230.537859][T10435] netlink: 'syz.1.1805': attribute type 1 has an invalid length. [ 230.794670][ T144] team0 (unregistering): Port device team_slave_1 removed [ 230.846049][ T144] team0 (unregistering): Port device team_slave_0 removed [ 230.864874][ T5119] Bluetooth: hci2: command tx timeout [ 231.556518][T10377] chnl_net:caif_netlink_parms(): no params data found [ 231.767162][T10446] ebtables: ebtables: counters copy to user failed while replacing table [ 232.041111][T10377] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.070207][T10377] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.077542][T10377] bridge_slave_0: entered allmulticast mode [ 232.109962][T10377] bridge_slave_0: entered promiscuous mode [ 232.128882][T10377] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.136169][T10377] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.159170][T10377] bridge_slave_1: entered allmulticast mode [ 232.181890][T10377] bridge_slave_1: entered promiscuous mode [ 232.211873][T10466] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1817'. [ 232.239745][T10467] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1816'. [ 232.320747][T10470] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 232.440198][T10377] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 232.508912][T10471] 8021q: adding VLAN 0 to HW filter on device team1 [ 232.537168][T10471] bond0: (slave team1): Enslaving as an active interface with an up link [ 232.583641][T10377] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 232.741157][T10377] team0: Port device team_slave_0 added [ 232.766419][T10377] team0: Port device team_slave_1 added [ 232.825340][T10484] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 232.903452][T10377] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 232.931723][T10377] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 232.938260][ T5119] Bluetooth: hci2: command tx timeout [ 232.972779][T10490] netlink: 'syz.0.1824': attribute type 29 has an invalid length. [ 232.975280][T10377] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 232.998206][T10490] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1824'. [ 233.007563][T10490] netlink: 'syz.0.1824': attribute type 29 has an invalid length. [ 233.048668][T10490] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1824'. [ 233.059011][T10377] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 233.066000][T10377] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 233.114063][T10377] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 233.189556][T10497] tipc: Can't bind to reserved service type 0 [ 233.283759][T10377] hsr_slave_0: entered promiscuous mode [ 233.313384][T10377] hsr_slave_1: entered promiscuous mode [ 233.332081][T10377] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 233.354942][T10377] Cannot create hsr debugfs directory [ 233.415749][T10505] veth0_vlan: left promiscuous mode [ 233.603426][T10514] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1835'. [ 233.792732][T10520] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.794791][T10524] FAULT_INJECTION: forcing a failure. [ 233.794791][T10524] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 233.815851][T10524] CPU: 1 PID: 10524 Comm: syz.0.1839 Not tainted 6.10.0-rc5-syzkaller-01115-g30972a4ea092 #0 [ 233.826078][T10524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 233.836179][T10524] Call Trace: [ 233.839493][T10524] [ 233.842452][T10524] dump_stack_lvl+0x241/0x360 [ 233.847173][T10524] ? __pfx_dump_stack_lvl+0x10/0x10 [ 233.852480][T10524] ? __pfx__printk+0x10/0x10 [ 233.857135][T10524] ? __pfx_lock_release+0x10/0x10 [ 233.862214][T10524] should_fail_ex+0x3b0/0x4e0 [ 233.866944][T10524] _copy_from_user+0x2f/0xe0 [ 233.871574][T10524] copy_msghdr_from_user+0xae/0x680 [ 233.876801][T10524] ? _parse_integer_limit+0x1b5/0x200 [ 233.882199][T10524] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 233.888031][T10524] __sys_sendmmsg+0x374/0x740 [ 233.892733][T10524] ? __pfx___sys_sendmmsg+0x10/0x10 [ 233.897977][T10524] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 233.903886][T10524] ? ksys_write+0x23e/0x2c0 [ 233.908413][T10524] ? __pfx_lock_release+0x10/0x10 [ 233.913468][T10524] ? vfs_write+0x7c4/0xc90 [ 233.917932][T10524] ? __mutex_unlock_slowpath+0x21d/0x750 [ 233.923638][T10524] ? __pfx_vfs_write+0x10/0x10 [ 233.928477][T10524] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 233.934490][T10524] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 233.940856][T10524] ? do_syscall_64+0x100/0x230 [ 233.945637][T10524] __x64_sys_sendmmsg+0xa0/0xb0 [ 233.950511][T10524] do_syscall_64+0xf3/0x230 [ 233.955031][T10524] ? clear_bhb_loop+0x35/0x90 [ 233.959724][T10524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.965722][T10524] RIP: 0033:0x7fd198175b99 [ 233.970180][T10524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 233.989815][T10524] RSP: 002b:00007fd198f99048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 233.998280][T10524] RAX: ffffffffffffffda RBX: 00007fd198303fa0 RCX: 00007fd198175b99 [ 234.006262][T10524] RDX: 0000000000000001 RSI: 000000002000cf00 RDI: 0000000000000004 [ 234.014241][T10524] RBP: 00007fd198f990a0 R08: 0000000000000000 R09: 0000000000000000 [ 234.022230][T10524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 234.030235][T10524] R13: 000000000000000b R14: 00007fd198303fa0 R15: 00007fff4f9769f8 [ 234.038230][T10524] [ 234.077353][T10523] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1836'. [ 234.452719][T10536] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 234.721847][T10547] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1847'. [ 234.826208][T10377] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 234.877187][T10377] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 234.911293][T10377] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 234.944783][T10377] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 234.998862][T10558] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1849'. [ 235.018569][ T5119] Bluetooth: hci2: command tx timeout [ 235.107794][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 235.340278][T10377] 8021q: adding VLAN 0 to HW filter on device bond0 [ 235.408252][T10377] 8021q: adding VLAN 0 to HW filter on device team0 [ 235.437445][ T5160] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.444722][ T5160] bridge0: port 1(bridge_slave_0) entered forwarding state [ 235.479805][T10572] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1854'. [ 235.502739][ T5160] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.510001][ T5160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 236.051839][T10377] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 236.171939][T10377] veth0_vlan: entered promiscuous mode [ 236.201616][T10377] veth1_vlan: entered promiscuous mode [ 236.291082][T10377] veth0_macvtap: entered promiscuous mode [ 236.324104][T10377] veth1_macvtap: entered promiscuous mode [ 236.361606][T10377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 236.388232][T10377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.400240][T10377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 236.416591][T10377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.439141][T10377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 236.464221][T10377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.470213][T10619] FAULT_INJECTION: forcing a failure. [ 236.470213][T10619] name failslab, interval 1, probability 0, space 0, times 0 [ 236.491885][T10377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 236.503698][T10619] CPU: 1 PID: 10619 Comm: syz.4.1867 Not tainted 6.10.0-rc5-syzkaller-01115-g30972a4ea092 #0 [ 236.505198][T10377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.513889][T10619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 236.513908][T10619] Call Trace: [ 236.513918][T10619] [ 236.513928][T10619] dump_stack_lvl+0x241/0x360 [ 236.525975][T10377] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 236.533781][T10619] ? __pfx_dump_stack_lvl+0x10/0x10 [ 236.533814][T10619] ? __pfx__printk+0x10/0x10 [ 236.541131][T10377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.544725][T10619] ? __pfx___might_resched+0x10/0x10 [ 236.559594][T10377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.561802][T10619] ? __lruvec_stat_mod_folio+0x7d/0x300 [ 236.561847][T10619] should_fail_ex+0x3b0/0x4e0 [ 236.573540][T10377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.577519][T10619] should_failslab+0x9/0x20 [ 236.587487][T10377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.592861][T10619] __kmalloc_node_noprof+0xdf/0x440 [ 236.592888][T10619] ? kvmalloc_node_noprof+0x72/0x190 [ 236.592913][T10619] ? hash_ipportnet_create+0x2fa/0x1040 [ 236.598356][T10377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.607972][T10619] kvmalloc_node_noprof+0x72/0x190 [ 236.608006][T10619] hash_ipportnet_create+0x3de/0x1040 [ 236.608046][T10619] ? __pfx_hash_ipportnet_create+0x10/0x10 [ 236.616804][T10377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.622322][T10619] ip_set_create+0xa5c/0x1900 [ 236.622357][T10619] ? ip_set_create+0x45e/0x1900 [ 236.622382][T10619] ? __mutex_trylock_common+0x2/0x2e0 [ 236.627762][T10377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.632846][T10619] ? __pfx_ip_set_create+0x10/0x10 [ 236.632872][T10619] ? trace_contention_end+0x3c/0x120 [ 236.638533][T10377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.648918][T10619] ? nfnetlink_rcv_msg+0x225/0x1180 [ 236.648953][T10619] nfnetlink_rcv_msg+0xbec/0x1180 [ 236.648980][T10619] ? kernel_text_address+0xa7/0xe0 [ 236.649011][T10619] ? nfnetlink_rcv_msg+0x225/0x1180 [ 236.649065][T10619] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 236.649128][T10619] ? netlink_deliver_tap+0x19d/0x1b0 [ 236.649152][T10619] ? netlink_unicast+0x7be/0x990 [ 236.649173][T10619] ? netlink_sendmsg+0x8e4/0xcb0 [ 236.649197][T10619] ? __sock_sendmsg+0x221/0x270 [ 236.649220][T10619] ? ____sys_sendmsg+0x525/0x7d0 [ 236.649251][T10619] ? __sys_sendmsg+0x2b0/0x3a0 [ 236.649281][T10619] ? do_syscall_64+0xf3/0x230 [ 236.649303][T10619] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.649348][T10619] netlink_rcv_skb+0x1e3/0x430 [ 236.649376][T10619] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 236.649408][T10619] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 236.649449][T10619] ? apparmor_capable+0x138/0x1b0 [ 236.649480][T10619] ? bpf_lsm_capable+0x9/0x10 [ 236.649509][T10619] ? security_capable+0x90/0xb0 [ 236.649542][T10619] nfnetlink_rcv+0x297/0x2a90 [ 236.649577][T10619] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 236.649609][T10619] ? __dev_queue_xmit+0x2da/0x3e90 [ 236.649646][T10619] ? __dev_queue_xmit+0x1763/0x3e90 [ 236.649677][T10619] ? kasan_save_track+0x51/0x80 [ 236.649712][T10619] ? do_syscall_64+0xf3/0x230 [ 236.660772][T10377] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 236.665979][T10619] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 236.666015][T10619] ? __dev_queue_xmit+0x2da/0x3e90 [ 236.728680][T10377] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.731648][T10619] ? __pfx___dev_queue_xmit+0x10/0x10 [ 236.742271][T10377] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.747432][T10619] ? ref_tracker_free+0x643/0x7e0 [ 236.762035][T10377] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.762562][T10619] ? __asan_memcpy+0x40/0x70 [ 236.906504][T10619] ? __pfx_ref_tracker_free+0x10/0x10 [ 236.911924][T10619] ? netlink_deliver_tap+0x2e/0x1b0 [ 236.917136][T10619] ? skb_clone+0x240/0x390 [ 236.921593][T10619] ? __pfx_lock_release+0x10/0x10 [ 236.926651][T10619] ? __netlink_deliver_tap+0x77e/0x7c0 [ 236.932146][T10619] ? netlink_deliver_tap+0x2e/0x1b0 [ 236.937367][T10619] netlink_unicast+0x7f0/0x990 [ 236.942160][T10619] ? __pfx_netlink_unicast+0x10/0x10 [ 236.947457][T10619] ? __virt_addr_valid+0x183/0x520 [ 236.952591][T10619] ? __check_object_size+0x49c/0x900 [ 236.957896][T10619] ? bpf_lsm_netlink_send+0x9/0x10 [ 236.963027][T10619] netlink_sendmsg+0x8e4/0xcb0 [ 236.967820][T10619] ? __pfx_netlink_sendmsg+0x10/0x10 [ 236.973118][T10619] ? __import_iovec+0x536/0x820 [ 236.977981][T10619] ? aa_sock_msg_perm+0x91/0x160 [ 236.982951][T10619] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 236.988336][T10619] ? security_socket_sendmsg+0x87/0xb0 [ 236.993823][T10619] ? __pfx_netlink_sendmsg+0x10/0x10 [ 236.999117][T10619] __sock_sendmsg+0x221/0x270 [ 237.003810][T10619] ____sys_sendmsg+0x525/0x7d0 [ 237.008699][T10619] ? __pfx_____sys_sendmsg+0x10/0x10 [ 237.014014][T10619] __sys_sendmsg+0x2b0/0x3a0 [ 237.018622][T10619] ? __pfx___sys_sendmsg+0x10/0x10 [ 237.023744][T10619] ? vfs_write+0x7c4/0xc90 [ 237.028215][T10619] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 237.034566][T10619] ? do_syscall_64+0x100/0x230 [ 237.039425][T10619] ? do_syscall_64+0xb6/0x230 [ 237.044114][T10619] do_syscall_64+0xf3/0x230 [ 237.048626][T10619] ? clear_bhb_loop+0x35/0x90 [ 237.053318][T10619] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.059245][T10619] RIP: 0033:0x7f1361b75b99 [ 237.063666][T10619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 237.083295][T10619] RSP: 002b:00007f1362917048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 237.091808][T10619] RAX: ffffffffffffffda RBX: 00007f1361d03fa0 RCX: 00007f1361b75b99 [ 237.099791][T10619] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 237.107855][T10619] RBP: 00007f13629170a0 R08: 0000000000000000 R09: 0000000000000000 [ 237.115839][T10619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 237.123814][T10619] R13: 000000000000000b R14: 00007f1361d03fa0 R15: 00007ffd1c8f2578 [ 237.131822][T10619] [ 237.140536][ T5119] Bluetooth: hci2: command tx timeout [ 237.155124][T10377] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.208231][T10627] vlan3: entered allmulticast mode [ 237.474408][T10637] netlink: 210620 bytes leftover after parsing attributes in process `syz.0.1874'. [ 237.490905][T10637] openvswitch: netlink: ufid size 2296 bytes exceeds the range (1, 16) [ 237.548662][ T29] audit: type=1804 audit(1719800168.893:21): pid=10639 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1876" name="/root/syzkaller.hGgUks/50/cgroup.controllers" dev="sda1" ino=1975 res=1 errno=0 [ 237.577883][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 237.629568][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 237.668854][T10647] xt_l2tp: missing protocol rule (udp|l2tpip) [ 237.767763][T10647] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1877'. [ 237.789330][ T2479] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 237.798328][T10647] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1877'. [ 237.811577][ T2479] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 237.816848][T10647] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1877'. [ 238.486016][T10677] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1887'. [ 238.901714][T10687] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1892'. [ 238.997311][T10688] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 239.024960][T10693] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1895'. [ 239.390040][T10708] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1903'. [ 239.915481][T10737] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 239.937936][T10737] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 239.962727][T10737] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 239.963915][T10739] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1912'. [ 239.990288][T10739] openvswitch: netlink: Key type 29 is not supported [ 240.007443][T10737] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 240.008516][T10739] xt_connbytes: Forcing CT accounting to be enabled [ 240.365517][ T144] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.451726][ T5118] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 240.476910][ T5118] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 240.488080][ T5118] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 240.509452][ T5118] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 240.520080][ T5118] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 240.528314][ T5118] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 240.700231][T10751] chnl_net:caif_netlink_parms(): no params data found [ 240.786306][T10751] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.793895][T10751] bridge0: port 1(bridge_slave_0) entered disabled state [ 240.802108][T10751] bridge_slave_0: entered allmulticast mode [ 240.810880][T10751] bridge_slave_0: entered promiscuous mode [ 240.819826][T10751] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.827005][T10751] bridge0: port 2(bridge_slave_1) entered disabled state [ 240.834613][T10751] bridge_slave_1: entered allmulticast mode [ 240.842558][T10751] bridge_slave_1: entered promiscuous mode [ 240.883706][T10751] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 240.896202][T10751] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 240.934125][T10751] team0: Port device team_slave_0 added [ 240.946947][T10751] team0: Port device team_slave_1 added [ 240.978756][T10751] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 240.985745][T10751] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 241.012896][T10751] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 241.028770][T10751] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 241.035846][T10751] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 241.062004][T10751] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 241.113434][T10751] hsr_slave_0: entered promiscuous mode [ 241.121252][T10751] hsr_slave_1: entered promiscuous mode [ 241.127533][T10751] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 241.138404][T10751] Cannot create hsr debugfs directory [ 241.378450][T10767] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 0, id = 0 [ 241.398035][T10766] IPVS: stopping backup sync thread 10767 ... [ 241.447378][T10769] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1919'. [ 241.707273][T10751] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.840282][ T5118] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 241.855824][ T5118] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 241.867025][ T5118] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 241.876571][ T5118] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 241.900269][ T5118] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 241.909562][ T5118] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 241.982695][T10751] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.124013][T10796] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1928'. [ 242.137656][T10796] block nbd0: not configured, cannot reconfigure [ 242.179176][T10751] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.229037][T10791] dummy0: entered promiscuous mode [ 242.255575][T10791] dummy0: left promiscuous mode [ 242.364541][ T144] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.411091][T10801] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1930'. [ 242.501240][T10751] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.566343][T10801] Êü: entered promiscuous mode [ 242.620089][ T5118] Bluetooth: hci2: command tx timeout [ 242.640352][ T144] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.734426][T10809] syz.1.1933 (10809) used obsolete PPPIOCDETACH ioctl [ 242.767388][ T144] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.819015][T10809] syzkaller0: entered allmulticast mode [ 243.044193][T10817] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1934'. [ 243.064954][T10815] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 243.073043][T10815] pim6reg0: linktype set to 773 [ 243.191898][T10819] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1937'. [ 243.221426][ T144] bridge_slave_1: left allmulticast mode [ 243.236131][ T144] bridge_slave_1: left promiscuous mode [ 243.248751][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 243.260630][ T144] bridge_slave_0: left allmulticast mode [ 243.262556][T10824] x_tables: duplicate underflow at hook 2 [ 243.266322][ T144] bridge_slave_0: left promiscuous mode [ 243.266573][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 243.775994][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 243.790023][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 243.805001][ T144] bond0 (unregistering): Released all slaves [ 243.823785][T10751] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 243.970287][T10751] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 243.979062][ T5118] Bluetooth: hci4: command tx timeout [ 244.028920][T10751] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 244.104133][T10841] xt_CT: You must specify a L4 protocol and not use inversions on it [ 244.186117][T10751] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 244.254282][T10847] netlink: 576 bytes leftover after parsing attributes in process `syz.1.1947'. [ 244.440770][T10847] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1947'. [ 244.508918][T10855] batman_adv: batadv0: Adding interface: gretap1 [ 244.521729][T10855] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 244.549112][T10855] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active [ 244.594889][ T144] hsr_slave_0: left promiscuous mode [ 244.619616][ T144] hsr_slave_1: left promiscuous mode [ 244.653503][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 244.668265][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 244.682911][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 244.685563][T10866] netlink: 'syz.1.1955': attribute type 13 has an invalid length. [ 244.692973][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 244.699718][ T5118] Bluetooth: hci2: command tx timeout [ 244.741861][ T144] veth1_macvtap: left promiscuous mode [ 244.747570][ T144] veth0_macvtap: left promiscuous mode [ 244.753370][ T144] veth1_vlan: left promiscuous mode [ 244.759077][ T144] veth0_vlan: left promiscuous mode [ 245.000894][T10879] x_tables: duplicate underflow at hook 2 [ 245.122099][T10882] netlink: 210620 bytes leftover after parsing attributes in process `syz.1.1960'. [ 245.466331][ T144] team0 (unregistering): Port device team_slave_1 removed [ 245.526842][ T144] team0 (unregistering): Port device team_slave_0 removed [ 245.983651][T10785] chnl_net:caif_netlink_parms(): no params data found [ 246.015695][T10868] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 246.025536][T10868] pim6reg0: linktype set to 773 [ 246.058552][ T5118] Bluetooth: hci4: command tx timeout [ 246.244350][T10893] netlink: 'syz.4.1961': attribute type 39 has an invalid length. [ 246.321281][T10899] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1964'. [ 246.432062][T10904] xt_CT: You must specify a L4 protocol and not use inversions on it [ 246.480003][T10785] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.512051][T10785] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.520331][T10785] bridge_slave_0: entered allmulticast mode [ 246.528003][T10785] bridge_slave_0: entered promiscuous mode [ 246.536989][T10785] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.561661][T10785] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.572268][T10785] bridge_slave_1: entered allmulticast mode [ 246.582639][T10785] bridge_slave_1: entered promiscuous mode [ 246.620077][T10785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 246.635173][T10913] netlink: 'syz.4.1968': attribute type 3 has an invalid length. [ 246.652585][T10909] vlan3: entered promiscuous mode [ 246.652648][T10913] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1968'. [ 246.710899][T10785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 246.778642][ T5118] Bluetooth: hci2: command tx timeout [ 246.853049][T10785] team0: Port device team_slave_0 added [ 246.923573][T10785] team0: Port device team_slave_1 added [ 247.017643][T10751] 8021q: adding VLAN 0 to HW filter on device bond0 [ 247.073857][T10785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 247.083967][T10785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 247.114685][T10785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 247.145068][T10785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 247.157781][T10785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 247.194988][T10785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 247.240582][T10932] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 247.246484][T10932] pim6reg0: linktype set to 773 [ 247.314559][T10924] x_tables: duplicate underflow at hook 2 [ 247.327188][T10751] 8021q: adding VLAN 0 to HW filter on device team0 [ 247.372631][ T5160] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.379880][ T5160] bridge0: port 1(bridge_slave_0) entered forwarding state [ 247.390795][ T5160] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.398073][ T5160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 247.544378][T10785] hsr_slave_0: entered promiscuous mode [ 247.568229][T10785] hsr_slave_1: entered promiscuous mode [ 247.576713][T10785] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 247.585149][T10785] Cannot create hsr debugfs directory [ 247.698474][T10946] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1981'. [ 247.938626][T10952] vlan1: entered promiscuous mode [ 248.141690][ T5118] Bluetooth: hci4: command tx timeout [ 248.453856][T10751] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 248.641833][T10988] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1992'. [ 248.664778][T10986] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 248.672091][T10986] pim6reg0: linktype set to 773 [ 248.677238][T10988] FAULT_INJECTION: forcing a failure. [ 248.677238][T10988] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 248.720793][T10988] CPU: 1 PID: 10988 Comm: syz.1.1992 Not tainted 6.10.0-rc5-syzkaller-01115-g30972a4ea092 #0 [ 248.728895][T10751] veth0_vlan: entered promiscuous mode [ 248.731008][T10988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 248.746591][T10988] Call Trace: [ 248.749906][T10988] [ 248.752870][T10988] dump_stack_lvl+0x241/0x360 [ 248.757598][T10988] ? __pfx_dump_stack_lvl+0x10/0x10 [ 248.762582][T10751] veth1_vlan: entered promiscuous mode [ 248.762824][T10988] ? __pfx__printk+0x10/0x10 [ 248.772914][T10988] ? snprintf+0xda/0x120 [ 248.777206][T10988] should_fail_ex+0x3b0/0x4e0 [ 248.782023][T10988] _copy_to_user+0x2f/0xb0 [ 248.786479][T10988] simple_read_from_buffer+0xca/0x150 [ 248.791030][T10986] x_tables: duplicate underflow at hook 2 [ 248.791874][T10988] proc_fail_nth_read+0x1e9/0x250 [ 248.802655][T10988] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 248.808250][T10988] ? rw_verify_area+0x514/0x6b0 [ 248.813189][T10988] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 248.818784][T10988] vfs_read+0x204/0xbd0 [ 248.822991][T10988] ? __pfx_lock_release+0x10/0x10 [ 248.828062][T10988] ? __pfx_vfs_read+0x10/0x10 [ 248.832779][T10988] ? __fget_files+0x29/0x470 [ 248.837421][T10988] ? __fget_files+0x3f6/0x470 [ 248.842156][T10988] ksys_read+0x1a0/0x2c0 [ 248.846450][T10988] ? __pfx_ksys_read+0x10/0x10 [ 248.851256][T10988] ? do_syscall_64+0x100/0x230 [ 248.856064][T10988] ? do_syscall_64+0xb6/0x230 [ 248.860779][T10988] do_syscall_64+0xf3/0x230 [ 248.865329][T10988] ? clear_bhb_loop+0x35/0x90 [ 248.870052][T10988] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 248.876003][T10988] RIP: 0033:0x7fa688d7467c [ 248.880453][T10988] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 248.900269][T10988] RSP: 002b:00007fa689bde040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 248.908728][T10988] RAX: ffffffffffffffda RBX: 00007fa688f03fa0 RCX: 00007fa688d7467c [ 248.916723][T10988] RDX: 000000000000000f RSI: 00007fa689bde0b0 RDI: 0000000000000004 [ 248.924724][T10988] RBP: 00007fa689bde0a0 R08: 0000000000000000 R09: 0000000000000000 [ 248.932732][T10988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 248.940728][T10988] R13: 000000000000000b R14: 00007fa688f03fa0 R15: 00007fffebef8308 [ 248.948732][T10988] [ 248.958754][ T5118] Bluetooth: hci2: command tx timeout [ 249.107081][T10751] veth0_macvtap: entered promiscuous mode [ 249.126439][T10997] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1995'. [ 249.149417][T10751] veth1_macvtap: entered promiscuous mode [ 249.198506][T11000] netlink: 80 bytes leftover after parsing attributes in process `syz.4.1996'. [ 249.292597][T10751] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 249.305130][T10751] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.316452][T10751] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 249.328351][T10751] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.339550][T10751] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 249.350683][T10751] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.365823][T10751] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 249.383130][T10785] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 249.400643][T10785] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 249.443312][T10751] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 249.473470][T10751] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.502080][T11014] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 249.518272][T10751] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 249.536336][T10751] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.549780][T10751] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 249.577719][T10751] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.601555][T10751] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 249.626595][T10785] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 249.670631][T11015] vlan1: entered promiscuous mode [ 249.702062][T10785] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 249.723694][T11023] EXT4-fs warning (device sda1): verify_group_input:167: Cannot read last block (281374) [ 249.756236][T10751] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.765862][T10751] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.774938][T10751] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.784384][T10751] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 250.028604][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 250.036493][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 250.137341][ T1092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 250.172492][ T1092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 250.174962][T10785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 250.220138][ T5118] Bluetooth: hci4: command tx timeout [ 250.340900][T10785] 8021q: adding VLAN 0 to HW filter on device team0 [ 250.375074][ T5158] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.382324][ T5158] bridge0: port 1(bridge_slave_0) entered forwarding state [ 250.476672][T11047] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2013'. [ 250.512339][ T5158] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.519607][ T5158] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.033080][T10785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 251.099657][T11070] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2020'. [ 251.156353][T10785] veth0_vlan: entered promiscuous mode [ 251.186184][T10785] veth1_vlan: entered promiscuous mode [ 251.243031][T10785] veth0_macvtap: entered promiscuous mode [ 251.263699][T10785] veth1_macvtap: entered promiscuous mode [ 251.307055][T10785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 251.347233][T10785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 251.367861][T10785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 251.398981][T10785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 251.420272][T10785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 251.442420][T10785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 251.456880][T10785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 251.473372][T10785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 251.496755][T10785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 251.550676][T10785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 251.587738][T10785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 251.597638][T10785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 251.616059][T10785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 251.634325][T10785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 251.646172][T10785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 251.667209][T10785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 251.707964][T10785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 251.740090][T10785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 251.781642][T11091] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2027'. [ 251.783843][T10785] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.809681][T11096] netlink: 134312 bytes leftover after parsing attributes in process `syz.1.2029'. [ 251.832877][T10785] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.843703][T10785] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.852649][T10785] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.940335][ T2845] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.996574][T11096] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 252.026937][T11096] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 252.270052][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 252.291680][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 252.344004][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 252.362707][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 252.465539][ T2845] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.590430][ T5119] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 252.619774][ T5119] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 252.658045][T11116] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2036'. [ 252.658236][ T5119] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 252.684834][ T5119] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 252.702294][ T5119] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 252.721347][ T5119] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 252.752076][ T2845] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.985878][T11128] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2040'. [ 253.139956][ T2845] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.185434][T11134] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2042'. [ 253.496978][T11142] sctp: [Deprecated]: syz.4.2045 (pid 11142) Use of int in maxseg socket option. [ 253.496978][T11142] Use struct sctp_assoc_value instead [ 253.801964][T11110] chnl_net:caif_netlink_parms(): no params data found [ 254.050222][ T2845] bridge_slave_1: left allmulticast mode [ 254.056180][ T2845] bridge_slave_1: left promiscuous mode [ 254.077321][T11165] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 254.078076][ T2845] bridge0: port 2(bridge_slave_1) entered disabled state [ 254.084192][T11165] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 254.114045][ T2845] bridge_slave_0: left allmulticast mode [ 254.117539][T11170] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2056'. [ 254.119859][ T2845] bridge_slave_0: left promiscuous mode [ 254.120101][ T2845] bridge0: port 1(bridge_slave_0) entered disabled state [ 254.640601][ T2845] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 254.653156][ T2845] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 254.666098][ T2845] bond0 (unregistering): Released all slaves [ 254.768983][T11110] bridge0: port 1(bridge_slave_0) entered blocking state [ 254.777121][T11110] bridge0: port 1(bridge_slave_0) entered disabled state [ 254.787300][ T5118] Bluetooth: hci2: command tx timeout [ 254.795412][T11110] bridge_slave_0: entered allmulticast mode [ 254.817293][T11110] bridge_slave_0: entered promiscuous mode [ 254.871736][T11110] bridge0: port 2(bridge_slave_1) entered blocking state [ 254.881930][T11110] bridge0: port 2(bridge_slave_1) entered disabled state [ 254.889838][T11110] bridge_slave_1: entered allmulticast mode [ 254.899026][T11110] bridge_slave_1: entered promiscuous mode [ 254.915338][T11185] sctp: [Deprecated]: syz.1.2059 (pid 11185) Use of int in maxseg socket option. [ 254.915338][T11185] Use struct sctp_assoc_value instead [ 254.935768][T11184] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2060'. [ 255.121322][T11110] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 255.153038][T11110] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 255.297218][ T2845] hsr_slave_0: left promiscuous mode [ 255.307017][ T2845] hsr_slave_1: left promiscuous mode [ 255.346910][ T2845] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 255.367251][T11193] can: request_module (can-proto-0) failed. [ 255.376175][ T2845] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 255.395062][ T2845] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 255.405777][ T2845] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 255.479605][ T2845] veth1_macvtap: left promiscuous mode [ 255.485215][ T2845] veth0_macvtap: left promiscuous mode [ 255.492487][ T2845] veth1_vlan: left promiscuous mode [ 255.498177][ T2845] veth0_vlan: left promiscuous mode [ 256.006265][ T2845] team0 (unregistering): Port device team_slave_1 removed [ 256.059945][ T2845] team0 (unregistering): Port device team_slave_0 removed [ 256.146909][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.498984][T11209] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2068'. [ 256.756415][T11217] sctp: [Deprecated]: syz.2.2071 (pid 11217) Use of int in maxseg socket option. [ 256.756415][T11217] Use struct sctp_assoc_value instead [ 256.767515][ T5111] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 256.792262][ T5111] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 256.811761][ T5111] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 256.824118][ T5111] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 256.835474][ T5111] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 256.843099][ T5111] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 256.859007][ T5122] Bluetooth: hci2: command 0x041b tx timeout [ 257.179456][T11110] team0: Port device team_slave_0 added [ 257.223420][T11110] team0: Port device team_slave_1 added [ 257.342573][T11110] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 257.350404][T11110] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 257.386462][T11110] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 257.417467][T11230] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2075'. [ 257.421320][T11228] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2074'. [ 257.454724][T11110] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 257.464163][T11110] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 257.500747][T11110] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 257.569677][T11234] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 257.661247][T11236] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2077'. [ 257.815742][T11110] hsr_slave_0: entered promiscuous mode [ 257.843043][T11110] hsr_slave_1: entered promiscuous mode [ 257.880132][T11110] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 257.903835][T11110] Cannot create hsr debugfs directory [ 258.105639][ T2845] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.141348][T11253] netlink: 112 bytes leftover after parsing attributes in process `syz.4.2084'. [ 258.153389][T11253] tipc: Started in network mode [ 258.161135][T11253] tipc: Node identity aaaaaaaaaa0c, cluster identity 4711 [ 258.168901][T11253] tipc: Enabled bearer , priority 10 [ 258.208884][T11256] sctp: [Deprecated]: syz.2.2083 (pid 11256) Use of int in maxseg socket option. [ 258.208884][T11256] Use struct sctp_assoc_value instead [ 258.238135][T11258] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2085'. [ 258.247473][T11258] block nbd0: not configured, cannot reconfigure [ 258.282165][ T2845] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.471767][ T2845] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.510827][T11268] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2090'. [ 258.612914][ T2845] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.745058][T11279] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 258.751642][T11279] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 258.836142][T11218] chnl_net:caif_netlink_parms(): no params data found [ 258.859196][T11283] netlink: 'syz.4.2096': attribute type 4 has an invalid length. [ 258.867532][T11283] netlink: 'syz.4.2096': attribute type 1 has an invalid length. [ 258.886631][T11283] netlink: 88156 bytes leftover after parsing attributes in process `syz.4.2096'. [ 258.937962][ T5119] Bluetooth: hci4: command tx timeout [ 258.938074][ T5122] Bluetooth: hci2: command 0x041b tx timeout [ 258.993106][T11287] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2099'. [ 259.095710][T11289] sctp: [Deprecated]: syz.1.2098 (pid 11289) Use of int in maxseg socket option. [ 259.095710][T11289] Use struct sctp_assoc_value instead [ 259.278504][ T2845] bridge_slave_1: left allmulticast mode [ 259.290549][ T5161] tipc: Node number set to 10922666 [ 259.307222][ T2845] bridge_slave_1: left promiscuous mode [ 259.335299][ T2845] bridge0: port 2(bridge_slave_1) entered disabled state [ 259.385147][ T2845] bridge_slave_0: left allmulticast mode [ 259.394272][ T2845] bridge_slave_0: left promiscuous mode [ 259.409239][ T2845] bridge0: port 1(bridge_slave_0) entered disabled state [ 259.984327][ T2845] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 260.007224][ T2845] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 260.025970][ T2845] bond0 (unregistering): Released all slaves [ 260.064018][T11304] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2104'. [ 260.088839][T11304] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 260.230278][T11309] gre0: entered promiscuous mode [ 260.245151][T11309] vlan1: entered promiscuous mode [ 260.254241][T11309] gre0: left promiscuous mode [ 260.411150][T11218] bridge0: port 1(bridge_slave_0) entered blocking state [ 260.420473][T11218] bridge0: port 1(bridge_slave_0) entered disabled state [ 260.427881][T11218] bridge_slave_0: entered allmulticast mode [ 260.436164][T11218] bridge_slave_0: entered promiscuous mode [ 260.448071][T11319] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 260.454550][T11319] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 260.513398][T11218] bridge0: port 2(bridge_slave_1) entered blocking state [ 260.527876][T11218] bridge0: port 2(bridge_slave_1) entered disabled state [ 260.535662][T11218] bridge_slave_1: entered allmulticast mode [ 260.565032][T11218] bridge_slave_1: entered promiscuous mode [ 260.629319][T11320] syzkaller0: entered promiscuous mode [ 260.636177][T11320] syzkaller0: entered allmulticast mode [ 260.823628][T11218] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 260.861475][T11218] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 260.927464][ T2845] hsr_slave_0: left promiscuous mode [ 260.945196][ T2845] hsr_slave_1: left promiscuous mode [ 260.952174][ T2845] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 260.960046][ T2845] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 260.969452][ T2845] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 260.977052][ T2845] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 261.005446][ T2845] veth1_macvtap: left promiscuous mode [ 261.012291][ T2845] veth0_macvtap: left promiscuous mode [ 261.018367][ T2845] veth1_vlan: left promiscuous mode [ 261.018397][ T5122] Bluetooth: hci4: command tx timeout [ 261.023603][ T5119] Bluetooth: hci2: command 0x041b tx timeout [ 261.023866][ T2845] veth0_vlan: left promiscuous mode [ 261.646021][ T2845] team0 (unregistering): Port device team_slave_1 removed [ 261.699404][ T2845] team0 (unregistering): Port device team_slave_0 removed [ 262.342112][T11336] sctp: [Deprecated]: syz.1.2113 (pid 11336) Use of int in maxseg socket option. [ 262.342112][T11336] Use struct sctp_assoc_value instead [ 263.098063][ T5122] Bluetooth: hci2: command 0x041b tx timeout [ 263.100143][ T5119] Bluetooth: hci4: command tx timeout [ 264.002221][T11110] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 264.021013][T11218] team0: Port device team_slave_0 added [ 264.037196][T11110] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 264.056778][T11110] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 264.093898][T11218] team0: Port device team_slave_1 added [ 264.181310][T11110] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 264.268431][T11218] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 264.284182][T11218] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 264.327186][T11218] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 264.377034][T11344] __nla_validate_parse: 1 callbacks suppressed [ 264.377056][T11344] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2116'. [ 264.383597][T11218] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 264.383617][T11218] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 264.383647][T11218] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 264.522035][T11351] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2120'. [ 264.538806][T11351] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2120'. [ 264.605093][T11218] hsr_slave_0: entered promiscuous mode [ 264.630044][T11218] hsr_slave_1: entered promiscuous mode [ 264.638475][T11218] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 264.646093][T11218] Cannot create hsr debugfs directory [ 264.723206][T11355] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2122'. [ 264.749375][T11359] sctp: [Deprecated]: syz.2.2124 (pid 11359) Use of int in maxseg socket option. [ 264.749375][T11359] Use struct sctp_assoc_value instead [ 264.787280][T11355] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2122'. [ 264.992203][T11110] 8021q: adding VLAN 0 to HW filter on device bond0 [ 265.057136][T11369] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2129'. [ 265.115404][T11110] 8021q: adding VLAN 0 to HW filter on device team0 [ 265.181868][ T5119] Bluetooth: hci4: command tx timeout [ 265.196176][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.203463][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 265.229873][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.237125][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 265.319288][T11375] netlink: 'syz.1.2131': attribute type 9 has an invalid length. [ 265.412012][T11378] bridge0: port 4(gretap0) entered blocking state [ 265.431072][T11378] bridge0: port 4(gretap0) entered disabled state [ 265.446267][T11378] gretap0: entered allmulticast mode [ 265.460596][T11378] gretap0: entered promiscuous mode [ 265.479408][T11378] bridge0: port 4(gretap0) entered blocking state [ 265.486021][T11378] bridge0: port 4(gretap0) entered forwarding state [ 265.495681][T11378] tipc: Resetting bearer [ 265.531626][T11384] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2134'. [ 265.544134][T11384] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2134'. [ 265.610417][T11391] bridge0: entered promiscuous mode [ 265.630933][T11391] ip6gretap0: entered promiscuous mode [ 265.733310][T11395] sctp: [Deprecated]: syz.1.2136 (pid 11395) Use of int in maxseg socket option. [ 265.733310][T11395] Use struct sctp_assoc_value instead [ 265.737622][T11396] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2137'. [ 265.753574][T11110] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 265.863276][T11398] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2139'. [ 266.107392][T11218] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 266.157574][T11218] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 266.198819][T11218] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 266.263510][T11218] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 266.601943][T11110] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 266.921759][T11435] sctp: [Deprecated]: syz.2.2150 (pid 11435) Use of int in maxseg socket option. [ 266.921759][T11435] Use struct sctp_assoc_value instead [ 267.000328][T11110] veth0_vlan: entered promiscuous mode [ 267.066139][T11110] veth1_vlan: entered promiscuous mode [ 267.096157][T11437] tipc: Started in network mode [ 267.104216][T11437] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 267.116927][T11437] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 267.134524][T11437] tipc: Enabled bearer , priority 10 [ 267.169182][T11218] 8021q: adding VLAN 0 to HW filter on device bond0 [ 267.315746][T11218] 8021q: adding VLAN 0 to HW filter on device team0 [ 267.339867][T11441] sctp: [Deprecated]: syz.1.2153 (pid 11441) Use of int in maxseg socket option. [ 267.339867][T11441] Use struct sctp_assoc_value instead [ 267.371300][T11110] veth0_macvtap: entered promiscuous mode [ 267.392976][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 267.400323][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 267.447055][ T5189] bridge0: port 2(bridge_slave_1) entered blocking state [ 267.454347][ T5189] bridge0: port 2(bridge_slave_1) entered forwarding state [ 267.489835][T11110] veth1_macvtap: entered promiscuous mode [ 267.575548][T11110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 267.601296][T11110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.631606][T11110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 267.677789][T11110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.707932][T11110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 267.743611][T11110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.774501][T11110] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 267.829783][T11110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 267.877734][T11110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.907878][T11110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 267.927729][T11110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.944149][T11110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 267.957366][T11110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.976597][T11110] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 268.042710][T11110] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.073118][T11110] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.084398][T11110] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.107727][T11110] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.147482][T11463] netlink: 'syz.1.2160': attribute type 3 has an invalid length. [ 268.248534][ T5189] tipc: Node number set to 1 [ 268.291900][T11465] sctp: [Deprecated]: syz.4.2162 (pid 11465) Use of int in maxseg socket option. [ 268.291900][T11465] Use struct sctp_assoc_value instead [ 268.422367][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 268.448705][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 268.514434][ T1092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 268.573705][ T1092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 268.589619][T11218] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 268.844839][T11218] veth0_vlan: entered promiscuous mode [ 268.911805][T11218] veth1_vlan: entered promiscuous mode [ 269.020685][T11218] veth0_macvtap: entered promiscuous mode [ 269.051266][T11218] veth1_macvtap: entered promiscuous mode [ 269.111503][T11218] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 269.132614][T11218] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.145591][T11218] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 269.158765][T11218] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.169575][T11218] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 269.181495][T11218] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.191923][T11218] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 269.204692][T11218] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.220733][T11218] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 269.264581][T11218] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 269.281486][T11218] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.295695][T11218] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 269.306454][T11218] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.325271][T11218] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 269.344865][T11218] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.360767][T11218] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 269.371533][T11218] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.383543][T11218] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 269.391890][T11493] __nla_validate_parse: 5 callbacks suppressed [ 269.391910][T11493] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2172'. [ 269.436027][T11496] batman_adv: batadv1: Adding interface: netdevsim0 [ 269.445379][T11496] batman_adv: batadv1: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 269.477342][T11496] batman_adv: batadv1: Interface activated: netdevsim0 [ 269.552565][T11218] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 269.577463][T11218] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 269.604416][T11218] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 269.624719][T11218] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 269.635159][T11505] sctp: [Deprecated]: syz.4.2175 (pid 11505) Use of int in maxseg socket option. [ 269.635159][T11505] Use struct sctp_assoc_value instead [ 269.820996][ T51] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 269.885778][T11512] netlink: 'syz.4.2179': attribute type 10 has an invalid length. [ 269.933965][ T29] audit: type=1804 audit(1719800201.283:22): pid=11513 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2179" name="/root/syzkaller.QZIS9J/501/cgroup.controllers" dev="sda1" ino=1984 res=1 errno=0 [ 269.984705][T11512] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 270.362461][ T51] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 270.447218][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 270.461055][ T5122] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 270.474819][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 270.486578][ T5122] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 270.501795][T11529] netlink: 5 bytes leftover after parsing attributes in process `syz.1.2183'. [ 270.502128][ T5122] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 270.527423][ T5122] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 270.538026][ T5122] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 270.546136][ T5122] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 270.614210][ T51] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 270.690833][T11535] A link change request failed with some changes committed already. Interface macvlan0 may have been left with an inconsistent configuration, please check. [ 270.698755][T11537] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2186'. [ 270.829726][ T51] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 270.890767][T11544] sctp: [Deprecated]: syz.2.2189 (pid 11544) Use of int in maxseg socket option. [ 270.890767][T11544] Use struct sctp_assoc_value instead [ 270.896798][ T2845] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 270.921593][ T2845] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 271.128903][T11553] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2193'. [ 271.416405][ T51] bridge_slave_1: left allmulticast mode [ 271.439100][ T51] bridge_slave_1: left promiscuous mode [ 271.445196][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 271.478546][T11569] netlink: 'syz.2.2199': attribute type 1 has an invalid length. [ 271.494753][ T51] bridge_slave_0: left allmulticast mode [ 271.510978][ T51] bridge_slave_0: left promiscuous mode [ 271.516825][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 271.664396][T11579] sctp: [Deprecated]: syz.2.2202 (pid 11579) Use of int in maxseg socket option. [ 271.664396][T11579] Use struct sctp_assoc_value instead [ 272.043779][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 272.055965][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 272.071392][ T51] bond0 (unregistering): Released all slaves [ 272.414031][T11522] chnl_net:caif_netlink_parms(): no params data found [ 272.419348][T11595] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2208'. [ 272.618455][ T5119] Bluetooth: hci2: command tx timeout [ 272.822035][ T51] hsr_slave_0: left promiscuous mode [ 272.828452][ T51] hsr_slave_1: left promiscuous mode [ 272.834573][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 272.847535][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 272.857971][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 272.865538][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 272.893548][ T51] veth1_macvtap: left promiscuous mode [ 272.899647][ T51] veth0_macvtap: left promiscuous mode [ 272.905280][ T51] veth1_vlan: left promiscuous mode [ 272.911292][ T51] veth0_vlan: left promiscuous mode [ 273.428447][ T51] team0 (unregistering): Port device team_slave_1 removed [ 273.482812][ T51] team0 (unregistering): Port device team_slave_0 removed [ 273.980923][T11621] sctp: [Deprecated]: syz.1.2215 (pid 11621) Use of int in maxseg socket option. [ 273.980923][T11621] Use struct sctp_assoc_value instead [ 274.105291][ T5122] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 274.141117][ T5122] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 274.160472][ T5122] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 274.173286][ T5122] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 274.183561][ T5122] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 274.198350][ T5122] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 274.416124][T11522] bridge0: port 1(bridge_slave_0) entered blocking state [ 274.423972][T11522] bridge0: port 1(bridge_slave_0) entered disabled state [ 274.431975][T11522] bridge_slave_0: entered allmulticast mode [ 274.439892][T11522] bridge_slave_0: entered promiscuous mode [ 274.451037][T11522] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.461706][T11522] bridge0: port 2(bridge_slave_1) entered disabled state [ 274.469312][T11522] bridge_slave_1: entered allmulticast mode [ 274.478383][T11522] bridge_slave_1: entered promiscuous mode [ 274.642183][T11522] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 274.698574][ T5122] Bluetooth: hci2: command tx timeout [ 274.719688][T11522] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 274.796468][T11629] netlink: 'syz.1.2217': attribute type 5 has an invalid length. [ 274.845634][T11633] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2217'. [ 274.930696][T11522] team0: Port device team_slave_0 added [ 274.989767][T11522] team0: Port device team_slave_1 added [ 275.097498][T11522] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 275.115219][T11522] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 275.180580][T11522] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 275.244647][T11522] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 275.264596][T11522] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 275.294100][T11522] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 275.383627][T11657] ieee802154 phy0 wpan0: encryption failed: -22 [ 275.436387][T11522] hsr_slave_0: entered promiscuous mode [ 275.478856][T11522] hsr_slave_1: entered promiscuous mode [ 275.497911][T11522] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 275.505605][T11522] Cannot create hsr debugfs directory [ 275.846793][ T51] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 276.183299][ T51] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 276.216042][T11689] netlink: 'syz.1.2239': attribute type 10 has an invalid length. [ 276.224300][ T5122] Bluetooth: hci4: command tx timeout [ 276.245530][T11689] netlink: 55 bytes leftover after parsing attributes in process `syz.1.2239'. [ 276.399776][ T51] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 276.434008][T11623] chnl_net:caif_netlink_parms(): no params data found [ 276.538493][ T51] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 276.778100][ T5122] Bluetooth: hci2: command tx timeout [ 276.792334][T11712] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2247'. [ 276.824254][T11712] xt_CT: You must specify a L4 protocol and not use inversions on it [ 276.916982][T11721] bond0: entered promiscuous mode [ 276.952783][T11725] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2251'. [ 276.963530][T11721] bond_slave_0: entered promiscuous mode [ 276.970880][T11721] bond_slave_1: entered promiscuous mode [ 276.976982][T11721] team1: entered promiscuous mode [ 276.985469][T11623] bridge0: port 1(bridge_slave_0) entered blocking state [ 276.995226][T11623] bridge0: port 1(bridge_slave_0) entered disabled state [ 277.002787][T11623] bridge_slave_0: entered allmulticast mode [ 277.007455][T11727] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2251'. [ 277.029138][T11623] bridge_slave_0: entered promiscuous mode [ 277.046387][T11623] bridge0: port 2(bridge_slave_1) entered blocking state [ 277.053797][T11623] bridge0: port 2(bridge_slave_1) entered disabled state [ 277.061230][T11623] bridge_slave_1: entered allmulticast mode [ 277.069209][T11623] bridge_slave_1: entered promiscuous mode [ 277.109384][T11728] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2249'. [ 277.130274][T11728] netlink: 'syz.2.2249': attribute type 25 has an invalid length. [ 277.185991][T11728] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 277.186150][T11732] netlink: 209744 bytes leftover after parsing attributes in process `syz.1.2253'. [ 277.195454][T11728] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 277.195536][T11728] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 277.195571][T11728] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 277.252897][ T51] bridge_slave_1: left allmulticast mode [ 277.264000][ T51] bridge_slave_1: left promiscuous mode [ 277.279665][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 277.290889][ T51] bridge_slave_0: left allmulticast mode [ 277.296609][ T51] bridge_slave_0: left promiscuous mode [ 277.316882][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 277.766250][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 277.783638][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 277.795606][ T51] bond0 (unregistering): Released all slaves [ 277.845151][T11719] bond0: left promiscuous mode [ 277.850711][T11719] bond_slave_0: left promiscuous mode [ 277.857064][T11719] bond_slave_1: left promiscuous mode [ 277.868899][T11719] team1: left promiscuous mode [ 277.889944][T11732] debugfs: Directory 'ü !' with parent 'ieee80211' already present! [ 277.921849][T11623] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 277.966849][T11623] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 278.068181][T11738] netlink: 'syz.2.2255': attribute type 1 has an invalid length. [ 278.076030][T11738] netlink: 'syz.2.2255': attribute type 1 has an invalid length. [ 278.193238][T11623] team0: Port device team_slave_0 added [ 278.246849][T11623] team0: Port device team_slave_1 added [ 278.299389][ T5122] Bluetooth: hci4: command tx timeout [ 278.429411][T11623] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 278.439499][T11623] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 278.480216][T11623] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 278.546890][T11623] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 278.589229][T11623] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 278.605433][T11758] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2265'. [ 278.647242][T11623] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 278.840959][ T51] hsr_slave_0: left promiscuous mode [ 278.856725][ T51] hsr_slave_1: left promiscuous mode [ 278.857941][ T5122] Bluetooth: hci2: command tx timeout [ 278.869419][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 278.885033][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 278.905570][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 278.915533][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 278.946790][ T51] veth1_macvtap: left promiscuous mode [ 278.952743][ T51] veth0_macvtap: left promiscuous mode [ 278.959441][ T51] veth1_vlan: left promiscuous mode [ 278.965044][ T51] veth0_vlan: left promiscuous mode [ 279.046737][T11778] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2270'. [ 279.836518][ T51] team0 (unregistering): Port device team_slave_1 removed [ 279.892651][ T51] team0 (unregistering): Port device team_slave_0 removed [ 280.377923][ T5122] Bluetooth: hci4: command tx timeout [ 280.407468][T11522] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 280.430681][T11522] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 280.479459][T11623] hsr_slave_0: entered promiscuous mode [ 280.508396][T11623] hsr_slave_1: entered promiscuous mode [ 280.545585][T11623] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 280.559247][T11623] Cannot create hsr debugfs directory [ 280.572975][T11522] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 280.609740][T11522] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 280.925478][T11803] netlink: 'syz.2.2282': attribute type 1 has an invalid length. [ 280.933799][T11803] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2282'. [ 281.101090][T11812] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2286'. [ 281.469021][T11821] vlan1: entered promiscuous mode [ 281.526763][T11522] 8021q: adding VLAN 0 to HW filter on device bond0 [ 281.567825][ T63] ================================================================== [ 281.575958][ T63] BUG: KASAN: slab-use-after-free in l2tp_tunnel_del_work+0xe5/0x330 [ 281.584150][ T63] Read of size 8 at addr ffff888024aea0b8 by task kworker/u8:4/63 [ 281.591988][ T63] [ 281.594337][ T63] CPU: 1 PID: 63 Comm: kworker/u8:4 Not tainted 6.10.0-rc5-syzkaller-01115-g30972a4ea092 #0 [ 281.597329][T11522] 8021q: adding VLAN 0 to HW filter on device team0 [ 281.604408][ T63] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 281.604425][ T63] Workqueue: l2tp l2tp_tunnel_del_work [ 281.604454][ T63] Call Trace: [ 281.604464][ T63] [ 281.604473][ T63] dump_stack_lvl+0x241/0x360 [ 281.637491][ T63] ? __pfx_dump_stack_lvl+0x10/0x10 [ 281.642726][ T63] ? __pfx__printk+0x10/0x10 [ 281.647364][ T63] ? _printk+0xd5/0x120 [ 281.651564][ T63] ? __virt_addr_valid+0x183/0x520 [ 281.656717][ T63] ? __virt_addr_valid+0x183/0x520 [ 281.661878][ T63] print_report+0x169/0x550 [ 281.666428][ T63] ? __virt_addr_valid+0x183/0x520 [ 281.671587][ T63] ? __virt_addr_valid+0x183/0x520 [ 281.676741][ T63] ? __virt_addr_valid+0x44e/0x520 [ 281.681905][ T63] ? __phys_addr+0xba/0x170 [ 281.686513][ T63] ? l2tp_tunnel_del_work+0xe5/0x330 [ 281.691803][ T63] kasan_report+0x143/0x180 [ 281.696494][ T63] ? l2tp_tunnel_del_work+0xe5/0x330 [ 281.701786][ T63] l2tp_tunnel_del_work+0xe5/0x330 [ 281.706905][ T63] ? process_scheduled_works+0x945/0x1830 [ 281.712719][ T63] process_scheduled_works+0xa2c/0x1830 [ 281.718303][ T63] ? __pfx_process_scheduled_works+0x10/0x10 [ 281.724321][ T63] ? assign_work+0x364/0x3d0 [ 281.728937][ T63] worker_thread+0x86d/0xd50 [ 281.733548][ T63] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 281.739455][ T63] ? __kthread_parkme+0x169/0x1d0 [ 281.744490][ T63] ? __pfx_worker_thread+0x10/0x10 [ 281.749608][ T63] kthread+0x2f0/0x390 [ 281.753687][ T63] ? __pfx_worker_thread+0x10/0x10 [ 281.758817][ T63] ? __pfx_kthread+0x10/0x10 [ 281.763416][ T63] ret_from_fork+0x4b/0x80 [ 281.767866][ T63] ? __pfx_kthread+0x10/0x10 [ 281.772491][ T63] ret_from_fork_asm+0x1a/0x30 [ 281.777272][ T63] [ 281.780299][ T63] [ 281.782622][ T63] Allocated by task 11821: [ 281.787031][ T63] kasan_save_track+0x3f/0x80 [ 281.791718][ T63] __kasan_kmalloc+0x98/0xb0 [ 281.796316][ T63] __kmalloc_noprof+0x1f9/0x400 [ 281.801191][ T63] l2tp_session_create+0x3b/0xc20 [ 281.806224][ T63] pppol2tp_connect+0xca3/0x17a0 [ 281.811186][ T63] __sys_connect+0x2df/0x310 [ 281.815785][ T63] __x64_sys_connect+0x7a/0x90 [ 281.820581][ T63] do_syscall_64+0xf3/0x230 [ 281.825085][ T63] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.830984][ T63] [ 281.833310][ T63] Freed by task 5104: [ 281.837310][ T63] kasan_save_track+0x3f/0x80 [ 281.842006][ T63] kasan_save_free_info+0x40/0x50 [ 281.847034][ T63] poison_slab_object+0xe0/0x150 [ 281.852011][ T63] __kasan_slab_free+0x37/0x60 [ 281.856779][ T63] kfree+0x149/0x360 [ 281.860684][ T63] __sk_destruct+0x58/0x5f0 [ 281.865220][ T63] rcu_core+0xafd/0x1830 [ 281.869466][ T63] handle_softirqs+0x2c4/0x970 [ 281.874232][ T63] __irq_exit_rcu+0xf4/0x1c0 [ 281.878822][ T63] irq_exit_rcu+0x9/0x30 [ 281.883154][ T63] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 281.888804][ T63] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 281.894788][ T63] [ 281.897117][ T63] Last potentially related work creation: [ 281.902829][ T63] kasan_save_stack+0x3f/0x60 [ 281.907529][ T63] __kasan_record_aux_stack+0xac/0xc0 [ 281.912931][ T63] call_rcu+0x167/0xa70 [ 281.917102][ T63] pppol2tp_release+0x24b/0x350 [ 281.921970][ T63] sock_close+0xbc/0x240 [ 281.926228][ T63] __fput+0x406/0x8b0 [ 281.930223][ T63] task_work_run+0x24f/0x310 [ 281.935259][ T63] syscall_exit_to_user_mode+0x168/0x370 [ 281.940910][ T63] do_syscall_64+0x100/0x230 [ 281.945503][ T63] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.951398][ T63] [ 281.953717][ T63] The buggy address belongs to the object at ffff888024aea000 [ 281.953717][ T63] which belongs to the cache kmalloc-1k of size 1024 [ 281.967768][ T63] The buggy address is located 184 bytes inside of [ 281.967768][ T63] freed 1024-byte region [ffff888024aea000, ffff888024aea400) [ 281.981660][ T63] [ 281.983982][ T63] The buggy address belongs to the physical page: [ 281.990422][ T63] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x24ae8 [ 281.999186][ T63] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 282.007689][ T63] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 282.015235][ T63] page_type: 0xffffefff(slab) [ 282.019913][ T63] raw: 00fff00000000040 ffff888015041dc0 ffffea0000ad4c00 dead000000000002 [ 282.028498][ T63] raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 [ 282.037085][ T63] head: 00fff00000000040 ffff888015041dc0 ffffea0000ad4c00 dead000000000002 [ 282.045759][ T63] head: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 [ 282.054433][ T63] head: 00fff00000000003 ffffea000092ba01 ffffffffffffffff 0000000000000000 [ 282.063104][ T63] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 282.071767][ T63] page dumped because: kasan: bad access detected [ 282.078192][ T63] page_owner tracks the page as allocated [ 282.083917][ T63] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5103, tgid 5103 (syz-executor), ts 70894987023, free_ts 70893647280 [ 282.103197][ T63] post_alloc_hook+0x1f3/0x230 [ 282.107980][ T63] get_page_from_freelist+0x2e4c/0x2f10 [ 282.113528][ T63] __alloc_pages_noprof+0x256/0x6c0 [ 282.118725][ T63] alloc_slab_page+0x5f/0x120 [ 282.123405][ T63] allocate_slab+0x5a/0x2f0 [ 282.127917][ T63] ___slab_alloc+0xcd1/0x14b0 [ 282.132607][ T63] __slab_alloc+0x58/0xa0 [ 282.136936][ T63] kmalloc_trace_noprof+0x1d5/0x2c0 [ 282.142139][ T63] batadv_hard_if_event+0xe71/0x1620 [ 282.147428][ T63] notifier_call_chain+0x19f/0x3e0 [ 282.152548][ T63] register_netdevice+0x167f/0x1b00 [ 282.157756][ T63] veth_newlink+0x84f/0xcd0 [ 282.162273][ T63] rtnl_newlink+0x1591/0x20a0 [ 282.166960][ T63] rtnetlink_rcv_msg+0x89b/0x1180 [ 282.171986][ T63] netlink_rcv_skb+0x1e3/0x430 [ 282.176749][ T63] netlink_unicast+0x7f0/0x990 [ 282.181518][ T63] page last free pid 5103 tgid 5103 stack trace: [ 282.187847][ T63] free_unref_page+0xd22/0xea0 [ 282.192621][ T63] __put_partials+0xeb/0x130 [ 282.197214][ T63] put_cpu_partial+0x17c/0x250 [ 282.201982][ T63] __slab_free+0x2ea/0x3d0 [ 282.206403][ T63] qlist_free_all+0x9e/0x140 [ 282.210999][ T63] kasan_quarantine_reduce+0x14f/0x170 [ 282.216463][ T63] __kasan_slab_alloc+0x23/0x80 [ 282.221319][ T63] kmalloc_trace_noprof+0x132/0x2c0 [ 282.226528][ T63] ref_tracker_alloc+0x14b/0x490 [ 282.231476][ T63] register_netdevice+0x150b/0x1b00 [ 282.236683][ T63] veth_newlink+0x84f/0xcd0 [ 282.241200][ T63] rtnl_newlink+0x1591/0x20a0 [ 282.245896][ T63] rtnetlink_rcv_msg+0x89b/0x1180 [ 282.250923][ T63] netlink_rcv_skb+0x1e3/0x430 [ 282.255692][ T63] netlink_unicast+0x7f0/0x990 [ 282.260454][ T63] netlink_sendmsg+0x8e4/0xcb0 [ 282.265223][ T63] [ 282.267544][ T63] Memory state around the buggy address: [ 282.273171][ T63] ffff888024ae9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 282.281239][ T63] ffff888024aea000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 282.289297][ T63] >ffff888024aea080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 282.297353][ T63] ^ [ 282.303240][ T63] ffff888024aea100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 282.311305][ T63] ffff888024aea180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 282.319361][ T63] ================================================================== [ 282.327523][ T63] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 282.334745][ T63] CPU: 1 PID: 63 Comm: kworker/u8:4 Not tainted 6.10.0-rc5-syzkaller-01115-g30972a4ea092 #0 [ 282.344842][ T63] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 282.354908][ T63] Workqueue: l2tp l2tp_tunnel_del_work [ 282.360417][ T63] Call Trace: [ 282.363699][ T63] [ 282.366632][ T63] dump_stack_lvl+0x241/0x360 [ 282.371321][ T63] ? __pfx_dump_stack_lvl+0x10/0x10 [ 282.376523][ T63] ? __pfx__printk+0x10/0x10 [ 282.381187][ T63] ? vscnprintf+0x5d/0x90 [ 282.385622][ T63] panic+0x349/0x860 [ 282.389562][ T63] ? check_panic_on_warn+0x21/0xb0 [ 282.394687][ T63] ? __pfx_panic+0x10/0x10 [ 282.399115][ T63] ? mark_lock+0x9a/0x350 [ 282.403454][ T63] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 282.409355][ T63] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 282.415272][ T63] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 282.421615][ T63] ? print_report+0x502/0x550 [ 282.426306][ T63] check_panic_on_warn+0x86/0xb0 [ 282.431257][ T63] ? l2tp_tunnel_del_work+0xe5/0x330 [ 282.436547][ T63] end_report+0x77/0x160 [ 282.440806][ T63] kasan_report+0x154/0x180 [ 282.445319][ T63] ? l2tp_tunnel_del_work+0xe5/0x330 [ 282.450616][ T63] l2tp_tunnel_del_work+0xe5/0x330 [ 282.455739][ T63] ? process_scheduled_works+0x945/0x1830 [ 282.461462][ T63] process_scheduled_works+0xa2c/0x1830 [ 282.467024][ T63] ? __pfx_process_scheduled_works+0x10/0x10 [ 282.473013][ T63] ? assign_work+0x364/0x3d0 [ 282.477607][ T63] worker_thread+0x86d/0xd50 [ 282.482228][ T63] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 282.488168][ T63] ? __kthread_parkme+0x169/0x1d0 [ 282.493220][ T63] ? __pfx_worker_thread+0x10/0x10 [ 282.498354][ T63] kthread+0x2f0/0x390 [ 282.502439][ T63] ? __pfx_worker_thread+0x10/0x10 [ 282.507555][ T63] ? __pfx_kthread+0x10/0x10 [ 282.512151][ T63] ret_from_fork+0x4b/0x80 [ 282.516577][ T63] ? __pfx_kthread+0x10/0x10 [ 282.521177][ T63] ret_from_fork_asm+0x1a/0x30 [ 282.525993][ T63] [ 282.529340][ T63] Kernel Offset: disabled [ 282.533671][ T63] Rebooting in 86400 seconds..