last executing test programs: 2.497124748s ago: executing program 1: epoll_create1(0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x0, 0x8, 0x8}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='ext4_fc_track_range\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='blkio.throttle.io_serviced\x00', 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x7f, 0x0, 0xffffffffffffffff, 0xe3, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x4}, 0x48) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x0, 0x0, r0}, 0x48) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0, 0x0, r1}, 0x38) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = socket(0xa, 0x3, 0x3a) socket$inet_sctp(0x2, 0x5, 0x84) r3 = socket$inet(0x2, 0x0, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f00000000c0)={r4}, 0x8) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x5e080, 0x0) setsockopt$MRT6_INIT(r2, 0x29, 0xc8, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1e, 0x5, &(0x7f0000000940)=@framed={{0x18, 0x9, 0x0, 0x0, 0xfffffffd}, [@map_idx={0x18, 0x0, 0x5, 0x0, 0x2}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$inet6(0xa, 0x6, 0x0) r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x8914, &(0x7f0000000080)={'dummy0\x00'}) 2.057722928s ago: executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000c80)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x30, r3, 0xc39a95e20ac8eedb, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0x14, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME={0x6, 0xd, 0x6}, @NL80211_MESHCONF_HWMP_ROOTMODE={0x5}]}]}, 0x30}}, 0x0) sendmsg$alg(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@assoc={0x18, 0x117, 0x4, 0x200}], 0x18}, 0x0) sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0) recvmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000300)=""/222, 0xde}, {&(0x7f0000000840)=""/134, 0x86}, {&(0x7f0000000400)=""/115, 0x73}, {&(0x7f00000000c0)=""/33, 0x21}, {&(0x7f00000004c0)=""/21, 0x15}], 0x5}}], 0x2, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1) syz_emit_ethernet(0x86, &(0x7f0000000040)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x50, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "5b29ab", 0x0, 0x11, 0x0, @private1, @mcast1, [@dstopts={0x0, 0x0, '\x00', [@ra={0x5, 0x3a}]}], "fb36eeca6fad50b375a22a584d16ca55"}}}}}}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@private0, @in6=@remote, 0x4e23, 0xfffc, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x6c}, 0x0, @in6=@loopback}}, 0xe8) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0xd, 0x5, 0x0, 0x0}, 0x90) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETTXFILTER(r7, 0x400454ca, &(0x7f0000000100)=ANY=[@ANYBLOB="2e2e000c371303ed6a33fe86890df20e87"]) 1.962116176s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000000200000000000000000000850000002700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000080)='GPL\x00'}, 0x90) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) socketpair(0x1, 0x2, 0x0, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x6, 0x101, 0x82}, 0x48) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='percpu_alloc_percpu\x00', r2}, 0x10) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000300)={0x6, 0x4, 0x4001}, 0x48) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r3}, 0x10) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1204"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r4, 0x4010744d, 0x20000000) 1.876965478s ago: executing program 0: socket$inet6_sctp(0xa, 0x0, 0x84) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x79, 0x0, 0x0) 1.872792787s ago: executing program 2: r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000080)=ANY=[@ANYBLOB="180318", @ANYRES32, @ANYBLOB="0000000000000000660000000000000018000000000000000000000000000000950000000000000047030000000000009500000000000000"], &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @local}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000e0ff00000000000000bd0000000000000000000000e4ec010000000040000000000000000000000000000000000000013da51fd47aa2e2f700"/122], 0x310) setsockopt$inet6_group_source_req(r2, 0x29, 0x2b, &(0x7f0000000040)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) mmap(&(0x7f0000104000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000680)={'syztnl1\x00', &(0x7f0000000440)={'gre0\x00', 0x0, 0x8, 0x1, 0xffffffff, 0x8, {{0x8, 0x4, 0x2, 0x3, 0x20, 0x0, 0x0, 0xc1, 0x2f, 0x0, @broadcast, @private=0xa010000, {[@ra={0x94, 0x4}, @ssrr={0x89, 0x7, 0x2e, [@empty]}, @end]}}}}}) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000005c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f00000006c0)={&(0x7f0000000400)="cda1083532b77303a6f0190e2667d24ca6711c", &(0x7f0000000840)=""/161, 0x0, 0x0}, 0x38) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)}], 0x1}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00', r3}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x0}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xe, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b7020000f53f6314bfa300000000000024020000fffeff7f7a03f0fff0ffffff79a4f0ff00000000b7060000ffffffff2e64050000000000750afaff07cd02020404000000247d60b7030000030a00006a0a00fe0000000c8500000032000000b70000000000002995000000000000001da5ad3548ebb63d18c5071c7e821c9b767ac8308fbcd5c5e4a5ad1065b572c2c9ff215ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078d4ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5cac0ceafdbb126eb02a1f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed786b782ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a6211e52bb3598e9b5d4f22d8c19f958e8b34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee86a75b0100000042127a8f84538a9a311c757f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d32e3f4ee367c5a769c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c436432b70a80cce69df30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48e7565efff2dbbb512218c98442406333c890923a797e00b75481739952fe87fde27ce81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7025759d4b45576c205c70631e8ad585951950e521f4e210b6494e3c52d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7fd0d9338923789a1edcd8043fe83919088383268324a25df14010c8ed6b8d43400eaa00ff9bc46e1cfecbdc0e451ac53b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404e0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37deee7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa69e0380be0d66649dcf3bf8a906b029faca75ce34c41aec7aa86e596119109ea8b3f7c65c902499227c087301643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e77a0de32e356521df06f995cb57f97052fc4158250ccecfb67ea8faf509593fadc7eafb613327b052397af1ede94d87590ce90a0a7579766f0e5eb09d38ac46e99e7ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535c87dbdeb0dcca5303eed6689ea91e1665c691df736368dde47e6672e93a314c5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f76668b2b9bf8b32b99b7daf34b2d825d192ade90a1162acfe9749d516d014cef5f99126324ea02baea5808c430985749901b09e4902a6f5addc0103756b894418e4591c624a9b206abbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6e0b4212b6cb55b9c207bbe08f483b1bea05f41b9a1d3af087047c568ae6ebfc0bb5ec10b6290dc757a4903a88fb2c035b2349b6d2f0c051b8b7718384eebd5fc19928cea713ff09e179c308fbe9bd64374d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad1030a79517a88de7596429a20793e12616aa32b3e720c6521fbe93963e9536d16f3db211fca7dd99c0a0125ff8ef534b93dcb34e1da2c008a9f2a29e30823bf0ec3639cadaf9be9608358e1e5ab17eea477b1754f78f45468c9568471667f82f5e250b979b9f2bd0d1b6bc03d11811ac6eec9a3ecd9e3c3299ee5eb3c6cac8fbd06514b7ee743ece79c04566d02a08fd5fcabbab3d129c0cced3ce11dafa380700000000000000c114d0b423e64c6157fac5e4e2168f33541daeff9983d0e488a78bef538f870b84798272b2101e0abf1cd64500b79e01e11d727389653bd80a39d5bbe2e23d2f5ff10047423429981bd9b4ce680e174c266391e3e7689452654e5cd5ada6e025327a1942b5a068f15fa58eaa267d4e0881783dddbdd777f8be0824ffdf6d06c621880dbbe9534f15e8c2e364d3ec67deb6ab9f2a0f03212972dbd38500000008173553a67be48633103809eee0be51d67d7ce230b389607b4c3b18da1c48f3180f2e0d79e54565fdd9a099b5b5ba2761905b88b7cbfc39c35dd153609da3da263438f12769602c2195245ff83e249119d4f6cabfbdef84ada19ef4a67ed66d7043036515d0be5a231f99e71aba5d5ae04676eff3e85f0844c41bbcfde7a931d1ec55c01f703bfd1b97756bfe55a91f6b379f34a018906339771157c66dbd7471d1beec7f029ef552cf5e92a1a0db21b59355763967ce26a577bc514b6d22a09c385c5ba6caf524e1688fc0f29f8bb35ae7bc8eb5ba51aebdf7d972c3267cedbe77ed70d9c539bc455a6f88b39196c8a224b0acf4d796fea59a07baa34cc270fb096ef330fbebdf872d7d0bc4f9a963355c554abc5cdb91464faabcd09cd9a53f5d1b2ea7e96f428f7cd6735c19c61dc9942d30bf29ef85ed01c2fcd6060aa40eeff971477b4fde48507b7bad95a496540adff7e4a72fd1f94d7c703ab1525c946c54e0da3d7ebfcc8cea2e84c3b310aaea5a1627df898c00a9aaf2d88a36afa4c5b1816384310600001c33125ad7f7970beeb256aec06e39fc6c66544e1d1dc5fea4b68a82e3568ca30aea9a1d097f06f11dc362f4bae5ef57c67686a15855cd351bf26f40fb1348cfce79897682228e6d9643530c81bab27bf7b1c4a76a5be180bb830cf06827c3f38a9c9c580c732c30aaceda78b0297de35a922b1375b129655beb31899e26052cc216f832fdb0a0015f93c9cff77f59cda1ec5f3e358848756cebb074266a47e39ae26e80e8c65aaf73c24925458520a9ca98760d1005c9f81846459ae6d5baa4f02807939ddc29c3520f7c58ed9bc5a569c7a1bc33cf4f330a18276ffb4550b9166c3939e8041094bec034aa0ec6638b74fe34f0f1ec6903a1135808d5d8d26c9203c3f87e66c407b7c5c0888d4558dd657cc0213efad68e76fdd7b23e68064fd4b271ed79c50abacdd2871b0c1f8c971df59a5a1901ddf804bed43e391f882d2a45c51cdbba86b2a1b7c0c4923642a731ea4dcbad2b6ebbebe787a8e28e781d75beee924b3b1e390750f316648133922c021f98fd2d5d71a7a3679397ef6cf432837b7e264831ec01c4c3146ba0caac3b13d55945ec00e978a1c1712cd51187936200606c9cd6877b2f72125295c54721f8e15df2ae282a8becb99a726fd92acc92141e1f574b4b0b3c992a61af3372d0d9217776b1a42cd2cee816a70bf1ddd69b590d53e28ba356e74b38e23e50d898e95cdc7cc809e462c884b53f672aab1411ecfd4c91e7a9782fc6763f0efd4bcbaf1fc3a00000000000000000000000000000000500000000000000000000000048e510340087caf22439d5304bd704a6a78a512269a9b1cbd13bea78c807bbc73853ae187cbb768673e9d1bf74a3b0a6c234accd8506adf314f4c5e08174540b69d3c0da660052b43b86baf49e7ac64d9c21598b1e01dc1e1b5a53626b090496dbf7af441e397016c3c094d5c91ffe0a7ceacfd225ed9a6c905f79ad7052747dd6cceef4c310e0e935311118bc6bf0e5ca6c7cca7d5c03be570308da8a40578b4db14961fbccf6e2f2d56e9509c434126515b56d032e20c12e830d1bc64826fc9b318da5911e466878dbb81edeff69363fb75af5cd80536f14d2eaa7764db23acdbd394bbbbccfd8b129258bb0a93cee1d44f8665172c06933d20f184b78b435462c52a85149451ffd564c56a7cbf11a1127c77242915e43b2bc"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x200000, 0x10, &(0x7f0000000000), 0x143}, 0x48) 1.592425618s ago: executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0xc, &(0x7f0000000000)=0x8, 0x4) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x18, 0x3e, 0x229, 0x0, 0x0, {0xa}, [@typed={0x4, 0x0, 0x0, 0x0, @binary}]}, 0x18}}, 0x0) 1.408243795s ago: executing program 1: sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000000100000008000100040000002c000480"], 0x50}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001a000100000000000000000081000000", @ANYRES32=0x0, @ANYBLOB="00000000140001"], 0x30}}, 0x0) 1.305215692s ago: executing program 1: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r1, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)='veth1_to_bond\x00', 0x10) connect$inet6(r1, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @private1}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)="ff", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e22, 0x0, @private1}, 0x1c) 1.00221342s ago: executing program 4: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=ANY=[@ANYBLOB="850000002a00000084000000000000009500000000000000"], &(0x7f0000000180)='GPL\x00'}, 0x48) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000040)=r3, 0x4) write$binfmt_misc(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="72b9800007"], 0xd) 929.874977ms ago: executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(r0, 0x0, 0x33, 0x0, &(0x7f0000000080)) 900.08953ms ago: executing program 0: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={0x2, 0xe, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, @sadb_address={0x3, 0x6}, @sadb_x_policy={0x8, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@mcast2, @in=@empty}}]}, 0x80}}, 0x0) 818.276543ms ago: executing program 0: socket$nl_route(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe15, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8, 0xffffffffffffff4b, 0x0}}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r0, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) 778.126608ms ago: executing program 2: r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x18, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {0x4}}}, &(0x7f0000000200)='syzkaller\x00', 0x5, 0x1003, &(0x7f0000001e40)=""/4099}, 0x90) 734.285882ms ago: executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@NL802154_ATTR_PAGE={0x5, 0x7, 0x15}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_CHANNEL={0x5}]}, 0x2c}}, 0x0) 709.308673ms ago: executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc}]}}}]}, 0x40}}, 0x0) 605.918443ms ago: executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000400)='kfree\x00', r0}, 0x10) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000140)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r1, &(0x7f0000001780)={&(0x7f0000000500)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f00000001c0)=[@mask_fadd={0x58, 0x114, 0x8, {{}, &(0x7f00000000c0), 0x0}}], 0x58}, 0x0) 552.307389ms ago: executing program 3: r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb4, 0x7f}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x5, &(0x7f00000002c0)=@framed={{0x18, 0x8}, [@map_fd={0x18, 0x0, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x20000000}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xee, &(0x7f0000000340)=""/238}, 0x90) 527.806011ms ago: executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="500000000102010800000000000000000a0000003c0001802c0001"], 0x50}}, 0x0) 519.536989ms ago: executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=@getnexthop={0x20, 0x6a, 0x48e274f25096b26b, 0x0, 0x0, {0x0, 0x0, 0x2}, [@NHA_MASTER={0x8}]}, 0x20}}, 0x0) 402.155796ms ago: executing program 4: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="e003020028000b05d25a806f8c6394f90924fc600d00090003000100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 366.504666ms ago: executing program 3: r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)=ANY=[@ANYBLOB="140100001f000100000000000000000006"], 0x114}], 0x1}, 0x0) 364.215651ms ago: executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={0x2, 0xe, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, @sadb_address={0x3, 0x6}, @sadb_x_policy={0x8, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@mcast2, @in=@empty}}]}, 0x80}}, 0x0) 342.543645ms ago: executing program 1: r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000080)=ANY=[@ANYBLOB="180318", @ANYRES32, @ANYBLOB="0000000000000000660000000000000018000000000000000000000000000000950000000000000047030000000000009500000000000000"], &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @local}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000e0ff00000000000000bd0000000000000000000000e4ec010000000040000000000000000000000000000000000000013da51fd47aa2e2f700"/122], 0x310) setsockopt$inet6_group_source_req(r2, 0x29, 0x2b, &(0x7f0000000040)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) mmap(&(0x7f0000104000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000680)={'syztnl1\x00', &(0x7f0000000440)={'gre0\x00', 0x0, 0x8, 0x1, 0xffffffff, 0x8, {{0x8, 0x4, 0x2, 0x3, 0x20, 0x0, 0x0, 0xc1, 0x2f, 0x0, @broadcast, @private=0xa010000, {[@ra={0x94, 0x4}, @ssrr={0x89, 0x7, 0x2e, [@empty]}, @end]}}}}}) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000005c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f00000006c0)={&(0x7f0000000400)="cda1083532b77303a6f0190e2667d24ca6711c", &(0x7f0000000840)=""/161, 0x0, 0x0}, 0x38) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)}], 0x1}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00', r3}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x0}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xe, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b7020000f53f6314bfa300000000000024020000fffeff7f7a03f0fff0ffffff79a4f0ff00000000b7060000ffffffff2e64050000000000750afaff07cd02020404000000247d60b7030000030a00006a0a00fe0000000c8500000032000000b70000000000002995000000000000001da5ad3548ebb63d18c5071c7e821c9b767ac8308fbcd5c5e4a5ad1065b572c2c9ff215ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078d4ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5cac0ceafdbb126eb02a1f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed786b782ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a6211e52bb3598e9b5d4f22d8c19f958e8b34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee86a75b0100000042127a8f84538a9a311c757f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d32e3f4ee367c5a769c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c436432b70a80cce69df30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48e7565efff2dbbb512218c98442406333c890923a797e00b75481739952fe87fde27ce81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7025759d4b45576c205c70631e8ad585951950e521f4e210b6494e3c52d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7fd0d9338923789a1edcd8043fe83919088383268324a25df14010c8ed6b8d43400eaa00ff9bc46e1cfecbdc0e451ac53b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404e0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37deee7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa69e0380be0d66649dcf3bf8a906b029faca75ce34c41aec7aa86e596119109ea8b3f7c65c902499227c087301643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e77a0de32e356521df06f995cb57f97052fc4158250ccecfb67ea8faf509593fadc7eafb613327b052397af1ede94d87590ce90a0a7579766f0e5eb09d38ac46e99e7ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535c87dbdeb0dcca5303eed6689ea91e1665c691df736368dde47e6672e93a314c5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f76668b2b9bf8b32b99b7daf34b2d825d192ade90a1162acfe9749d516d014cef5f99126324ea02baea5808c430985749901b09e4902a6f5addc0103756b894418e4591c624a9b206abbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6e0b4212b6cb55b9c207bbe08f483b1bea05f41b9a1d3af087047c568ae6ebfc0bb5ec10b6290dc757a4903a88fb2c035b2349b6d2f0c051b8b7718384eebd5fc19928cea713ff09e179c308fbe9bd64374d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad1030a79517a88de7596429a20793e12616aa32b3e720c6521fbe93963e9536d16f3db211fca7dd99c0a0125ff8ef534b93dcb34e1da2c008a9f2a29e30823bf0ec3639cadaf9be9608358e1e5ab17eea477b1754f78f45468c9568471667f82f5e250b979b9f2bd0d1b6bc03d11811ac6eec9a3ecd9e3c3299ee5eb3c6cac8fbd06514b7ee743ece79c04566d02a08fd5fcabbab3d129c0cced3ce11dafa380700000000000000c114d0b423e64c6157fac5e4e2168f33541daeff9983d0e488a78bef538f870b84798272b2101e0abf1cd64500b79e01e11d727389653bd80a39d5bbe2e23d2f5ff10047423429981bd9b4ce680e174c266391e3e7689452654e5cd5ada6e025327a1942b5a068f15fa58eaa267d4e0881783dddbdd777f8be0824ffdf6d06c621880dbbe9534f15e8c2e364d3ec67deb6ab9f2a0f03212972dbd38500000008173553a67be48633103809eee0be51d67d7ce230b389607b4c3b18da1c48f3180f2e0d79e54565fdd9a099b5b5ba2761905b88b7cbfc39c35dd153609da3da263438f12769602c2195245ff83e249119d4f6cabfbdef84ada19ef4a67ed66d7043036515d0be5a231f99e71aba5d5ae04676eff3e85f0844c41bbcfde7a931d1ec55c01f703bfd1b97756bfe55a91f6b379f34a018906339771157c66dbd7471d1beec7f029ef552cf5e92a1a0db21b59355763967ce26a577bc514b6d22a09c385c5ba6caf524e1688fc0f29f8bb35ae7bc8eb5ba51aebdf7d972c3267cedbe77ed70d9c539bc455a6f88b39196c8a224b0acf4d796fea59a07baa34cc270fb096ef330fbebdf872d7d0bc4f9a963355c554abc5cdb91464faabcd09cd9a53f5d1b2ea7e96f428f7cd6735c19c61dc9942d30bf29ef85ed01c2fcd6060aa40eeff971477b4fde48507b7bad95a496540adff7e4a72fd1f94d7c703ab1525c946c54e0da3d7ebfcc8cea2e84c3b310aaea5a1627df898c00a9aaf2d88a36afa4c5b1816384310600001c33125ad7f7970beeb256aec06e39fc6c66544e1d1dc5fea4b68a82e3568ca30aea9a1d097f06f11dc362f4bae5ef57c67686a15855cd351bf26f40fb1348cfce79897682228e6d9643530c81bab27bf7b1c4a76a5be180bb830cf06827c3f38a9c9c580c732c30aaceda78b0297de35a922b1375b129655beb31899e26052cc216f832fdb0a0015f93c9cff77f59cda1ec5f3e358848756cebb074266a47e39ae26e80e8c65aaf73c24925458520a9ca98760d1005c9f81846459ae6d5baa4f02807939ddc29c3520f7c58ed9bc5a569c7a1bc33cf4f330a18276ffb4550b9166c3939e8041094bec034aa0ec6638b74fe34f0f1ec6903a1135808d5d8d26c9203c3f87e66c407b7c5c0888d4558dd657cc0213efad68e76fdd7b23e68064fd4b271ed79c50abacdd2871b0c1f8c971df59a5a1901ddf804bed43e391f882d2a45c51cdbba86b2a1b7c0c4923642a731ea4dcbad2b6ebbebe787a8e28e781d75beee924b3b1e390750f316648133922c021f98fd2d5d71a7a3679397ef6cf432837b7e264831ec01c4c3146ba0caac3b13d55945ec00e978a1c1712cd51187936200606c9cd6877b2f72125295c54721f8e15df2ae282a8becb99a726fd92acc92141e1f574b4b0b3c992a61af3372d0d9217776b1a42cd2cee816a70bf1ddd69b590d53e28ba356e74b38e23e50d898e95cdc7cc809e462c884b53f672aab1411ecfd4c91e7a9782fc6763f0efd4bcbaf1fc3a00000000000000000000000000000000500000000000000000000000048e510340087caf22439d5304bd704a6a78a512269a9b1cbd13bea78c807bbc73853ae187cbb768673e9d1bf74a3b0a6c234accd8506adf314f4c5e08174540b69d3c0da660052b43b86baf49e7ac64d9c21598b1e01dc1e1b5a53626b090496dbf7af441e397016c3c094d5c91ffe0a7ceacfd225ed9a6c905f79ad7052747dd6cceef4c310e0e935311118bc6bf0e5ca6c7cca7d5c03be570308da8a40578b4db14961fbccf6e2f2d56e9509c434126515b56d032e20c12e830d1bc64826fc9b318da5911e466878dbb81edeff69363fb75af5cd80536f14d2eaa7764db23acdbd394bbbbccfd8b129258bb0a93cee1d44f8665172c06933d20f184b78b435462c52a85149451ffd564c56a7cbf11a1127c77242915e43b2bc"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x200000, 0x10, &(0x7f0000000000), 0x143}, 0x48) 293.943355ms ago: executing program 0: unshare(0x24020400) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) 207.442274ms ago: executing program 3: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=ANY=[@ANYBLOB="850000002a00000084000000000000009500000000000000"], &(0x7f0000000180)='GPL\x00'}, 0x48) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000040)=r3, 0x4) write$binfmt_misc(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="72b9800007"], 0xd) 159.650427ms ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x2f}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit={0x95, 0x0, 0xc00}], {0x95, 0x0, 0x7000}}, &(0x7f0000000000)='GPL\x00', 0x4}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r1, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000180)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, 0x0}}, 0x10) 148.244684ms ago: executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_MCAST_RATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x24, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x6e}]}, 0x24}}, 0x0) 94.98304ms ago: executing program 2: socket$nl_route(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe15, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8, 0xffffffffffffff4b, 0x0}}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r0, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) 26.943674ms ago: executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x2, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0xfffff014}, {0x6}]}, 0x10) 0s ago: executing program 4: r0 = socket$rxrpc(0x21, 0x2, 0xa) connect$rxrpc(r0, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @loopback}}, 0x62) kernel console output (not intermixed with test programs): bond0 [ 216.313783][ T9244] 8021q: adding VLAN 0 to HW filter on device team0 [ 216.344587][ T5171] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.351954][ T5171] bridge0: port 1(bridge_slave_0) entered forwarding state [ 216.396448][ T9374] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 216.423925][ T9374] netlink: 9280 bytes leftover after parsing attributes in process `syz-executor.0'. [ 216.456930][ T9374] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 216.470637][ T5171] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.478755][ T5171] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.489957][ T9374] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.0'. [ 216.629975][ T9244] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 216.929021][ T9244] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.306275][ T5120] Bluetooth: hci6: command tx timeout [ 217.382807][ T9244] veth0_vlan: entered promiscuous mode [ 217.442259][ T9244] veth1_vlan: entered promiscuous mode [ 217.545519][ T9244] veth0_macvtap: entered promiscuous mode [ 217.571398][ T9244] veth1_macvtap: entered promiscuous mode [ 217.639888][ T9244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 217.672881][ T9244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.693835][ T9244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 217.711222][ T9244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.736172][ T9244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 217.754200][ T9244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.764782][ T9244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 217.796098][ T9244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.825714][ T9244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 217.866759][ T9244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.887897][ T9244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 217.905184][ T9244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.919925][ T9422] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 217.941522][ T9244] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 217.976792][ T9422] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 218.003594][ T9244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 218.029696][ T9244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.046556][ T9244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 218.065034][ T9244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.076462][ T9244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 218.100619][ T9244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.124474][ T9244] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 218.132914][ T9428] No such timeout policy "syz0" [ 218.142457][ T9244] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.155069][ T9244] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.163956][ T9244] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.175318][ T9244] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.194984][ T9430] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 218.457490][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 218.465402][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 218.573063][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 218.616251][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 219.339807][ T9474] gretap0: entered promiscuous mode [ 219.366305][ T9474] vlan3: entered promiscuous mode [ 219.386568][ T5120] Bluetooth: hci6: command tx timeout [ 219.397207][ T9474] gretap0: left promiscuous mode [ 220.339537][ T9523] gretap0: entered promiscuous mode [ 220.346145][ T9523] vlan3: entered promiscuous mode [ 220.354235][ T9523] gretap0: left promiscuous mode [ 220.918743][ T9542] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 221.610563][ T9575] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 222.523602][ T9614] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. [ 224.128196][ T9694] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 224.967505][ T9723] trusted_key: syz-executor.0 sent an empty control message without MSG_MORE. [ 232.505911][ T4490] Bluetooth: hci1: command 0x0406 tx timeout [ 232.512283][ T4490] Bluetooth: hci2: command 0x0406 tx timeout [ 233.388358][ T9873] syzkaller0: entered promiscuous mode [ 233.394787][ T9873] syzkaller0: entered allmulticast mode [ 233.523677][ T9886] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.0'. [ 235.534722][ T9897] netlink: 830 bytes leftover after parsing attributes in process `syz-executor.3'. [ 235.858765][ T9917] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.4'. [ 236.282658][ T9939] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.4'. [ 236.456309][ T9947] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.4'. [ 236.906719][ T9973] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.0'. [ 237.232017][ T9990] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 237.439358][T10003] dccp_invalid_packet: P.Data Offset(144) too large [ 238.721769][T10062] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 238.735863][T10062] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 238.755145][T10062] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 239.284195][T10097] dccp_invalid_packet: P.Data Offset(144) too large [ 239.818910][T10120] dccp_invalid_packet: P.Data Offset(144) too large [ 241.358569][T10189] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 241.711479][T10202] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 241.739377][T10202] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 241.749771][ T5116] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 241.766278][ T5116] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 241.778657][ T5116] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 241.787225][T10202] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 241.818502][ T5116] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 241.827092][ T5116] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 241.834907][ T5116] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 242.201202][T10203] chnl_net:caif_netlink_parms(): no params data found [ 242.254647][T10222] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 242.292637][T10222] team_slave_1: entered promiscuous mode [ 242.313854][T10222] macvtap1: entered promiscuous mode [ 242.323461][T10222] team0: entered promiscuous mode [ 242.342115][T10222] macvtap1: entered allmulticast mode [ 242.354605][T10222] team0: entered allmulticast mode [ 242.365910][T10222] team_slave_1: entered allmulticast mode [ 242.373250][T10222] vlan2: entered allmulticast mode [ 242.386199][T10222] xfrm0: entered allmulticast mode [ 242.394834][T10222] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 242.559738][T10203] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.594198][T10203] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.610878][T10203] bridge_slave_0: entered allmulticast mode [ 242.626175][T10203] bridge_slave_0: entered promiscuous mode [ 242.651264][T10203] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.676214][T10203] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.697690][T10203] bridge_slave_1: entered allmulticast mode [ 242.707195][T10203] bridge_slave_1: entered promiscuous mode [ 242.862865][T10203] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 242.892237][T10203] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 243.051988][T10203] team0: Port device team_slave_0 added [ 243.093373][T10203] team0: Port device team_slave_1 added [ 243.110348][T10243] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 243.160123][T10243] team_slave_1: entered promiscuous mode [ 243.166483][T10243] bridge0: entered promiscuous mode [ 243.172187][T10243] bridge2: entered promiscuous mode [ 243.193211][T10243] macvtap1: entered promiscuous mode [ 243.207921][T10243] team0: entered promiscuous mode [ 243.223028][T10243] macvtap1: entered allmulticast mode [ 243.245949][T10243] team0: entered allmulticast mode [ 243.260831][T10243] team_slave_1: entered allmulticast mode [ 243.283656][T10243] bridge0: entered allmulticast mode [ 243.345939][T10243] bridge2: entered allmulticast mode [ 243.354373][T10243] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 243.511334][T10203] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 243.543990][T10203] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 243.584714][T10203] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 243.649310][T10203] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 243.667184][T10203] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 243.722055][T10203] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 243.867892][ T5116] Bluetooth: hci7: command tx timeout [ 243.961566][T10203] hsr_slave_0: entered promiscuous mode [ 243.969988][T10203] hsr_slave_1: entered promiscuous mode [ 243.977809][T10203] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 243.996132][T10203] Cannot create hsr debugfs directory [ 244.005491][T10271] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 244.317864][T10288] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 244.455051][T10294] netlink: 'syz-executor.3': attribute type 3 has an invalid length. [ 244.682074][T10203] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.752056][T10305] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 244.860802][T10203] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.092858][T10203] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.249133][T10203] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.479291][T10339] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 245.579791][T10203] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 245.601802][T10203] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 245.616633][T10203] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 245.653382][T10203] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 245.946581][ T5116] Bluetooth: hci7: command tx timeout [ 246.055393][T10203] 8021q: adding VLAN 0 to HW filter on device bond0 [ 246.142833][T10203] 8021q: adding VLAN 0 to HW filter on device team0 [ 246.179579][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.187252][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 246.203385][T10367] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 246.290501][ T5171] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.298193][ T5171] bridge0: port 2(bridge_slave_1) entered forwarding state [ 246.961444][T10402] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 247.045272][T10203] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 247.126611][T10406] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 247.221179][T10203] veth0_vlan: entered promiscuous mode [ 247.260133][T10203] veth1_vlan: entered promiscuous mode [ 247.370635][T10203] veth0_macvtap: entered promiscuous mode [ 247.390378][T10203] veth1_macvtap: entered promiscuous mode [ 247.413477][T10414] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 247.523398][T10203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.556186][T10203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.589658][T10203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.623731][T10203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.668681][T10203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.696053][T10203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.730315][T10425] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 247.736695][T10203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.770178][T10203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.795417][T10203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.823781][T10203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.837186][T10203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.874277][T10203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.898949][T10203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.926829][T10203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.956551][T10203] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 248.022268][T10203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 248.036415][T10203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.036555][ T5116] Bluetooth: hci7: command tx timeout [ 248.046473][T10203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 248.062799][T10203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.073629][T10203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 248.110217][T10203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.143350][T10203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 248.190906][T10203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.229105][T10203] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 248.318275][T10203] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.362794][T10203] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.393232][T10203] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.409436][T10203] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.442793][T10444] netlink: 'syz-executor.4': attribute type 2 has an invalid length. [ 248.659699][T10452] bridge0: port 3(macvtap1) entered blocking state [ 248.679439][T10452] bridge0: port 3(macvtap1) entered disabled state [ 248.687430][T10452] macvtap1: entered allmulticast mode [ 248.696164][T10452] macvtap1: left allmulticast mode [ 248.720138][T10458] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 248.883945][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 248.926049][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 249.022869][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 249.053716][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 249.522576][T10489] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 249.631078][T10493] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 250.116240][ T5116] Bluetooth: hci7: command tx timeout [ 251.194233][T10542] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.4'. [ 251.223601][T10542] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 251.240287][T10542] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 251.274835][T10548] Bluetooth: hci3: expected 2 bytes, got 7 bytes [ 251.521144][T10563] netlink: 'syz-executor.1': attribute type 12 has an invalid length. [ 252.885611][T10611] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. [ 253.825531][T10645] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'. [ 254.677293][T10673] netlink: 'syz-executor.0': attribute type 12 has an invalid length. [ 255.054946][T10683] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 255.836757][T10717] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 255.952803][T10718] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.4'. [ 256.036068][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.042635][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.043493][T10759] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 257.907379][T10792] netlink: 'syz-executor.4': attribute type 6 has an invalid length. [ 257.976495][T10796] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 258.867263][T10830] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 259.665578][T10874] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 259.726445][T10880] syz-executor.0: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 259.744717][T10880] CPU: 0 PID: 10880 Comm: syz-executor.0 Not tainted 6.9.0-syzkaller-12116-g782471db6c72 #0 [ 259.754869][T10880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 259.765698][T10880] Call Trace: [ 259.769212][T10880] [ 259.772380][T10880] dump_stack_lvl+0x241/0x360 [ 259.777776][T10880] ? __pfx_dump_stack_lvl+0x10/0x10 [ 259.783119][T10880] ? __pfx__printk+0x10/0x10 [ 259.787791][T10880] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 259.794724][T10880] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 259.801623][T10880] warn_alloc+0x278/0x410 [ 259.806112][T10880] ? stack_depot_save_flags+0x29/0x830 [ 259.811649][T10880] ? __vmalloc_node_range_noprof+0x106/0x1490 [ 259.817791][T10880] ? __pfx_warn_alloc+0x10/0x10 [ 259.822827][T10880] ? kasan_save_track+0x3f/0x80 [ 259.827768][T10880] ? __kasan_kmalloc+0x98/0xb0 [ 259.832697][T10880] ? xsk_setsockopt+0x598/0x950 [ 259.837631][T10880] ? do_sock_setsockopt+0x3af/0x720 [ 259.843001][T10880] ? __sys_setsockopt+0x1ae/0x250 [ 259.848311][T10880] ? __x64_sys_setsockopt+0xb5/0xd0 [ 259.853735][T10880] ? do_syscall_64+0xf3/0x230 [ 259.858537][T10880] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.864691][T10880] __vmalloc_node_range_noprof+0x126/0x1490 [ 259.870690][T10880] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 259.877259][T10880] ? __kasan_kmalloc+0x98/0xb0 [ 259.882096][T10880] ? xskq_create+0x54/0x170 [ 259.886667][T10880] vmalloc_user_noprof+0x74/0x80 [ 259.891826][T10880] ? xskq_create+0xb6/0x170 [ 259.897012][T10880] xskq_create+0xb6/0x170 [ 259.901654][T10880] xsk_init_queue+0xa1/0x100 [ 259.906651][T10880] xsk_setsockopt+0x598/0x950 [ 259.912718][T10880] ? __pfx_xsk_setsockopt+0x10/0x10 [ 259.918571][T10880] ? __pfx_lock_acquire+0x10/0x10 [ 259.924232][T10880] ? aa_sock_opt_perm+0x79/0x120 [ 259.929650][T10880] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 259.935558][T10880] ? security_socket_setsockopt+0x87/0xb0 [ 259.941588][T10880] ? __pfx_xsk_setsockopt+0x10/0x10 [ 259.946970][T10880] do_sock_setsockopt+0x3af/0x720 [ 259.952944][T10880] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 259.958963][T10880] ? __fget_files+0x29/0x470 [ 259.963770][T10880] ? __fget_files+0x3f6/0x470 [ 259.968515][T10880] __sys_setsockopt+0x1ae/0x250 [ 259.973417][T10880] __x64_sys_setsockopt+0xb5/0xd0 [ 259.978475][T10880] do_syscall_64+0xf3/0x230 [ 259.983376][T10880] ? clear_bhb_loop+0x35/0x90 [ 259.988224][T10880] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.994212][T10880] RIP: 0033:0x7f180e27cee9 [ 259.998761][T10880] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 260.019629][T10880] RSP: 002b:00007f180ddff0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 260.028732][T10880] RAX: ffffffffffffffda RBX: 00007f180e3b3fa0 RCX: 00007f180e27cee9 [ 260.038633][T10880] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000003 [ 260.046666][T10880] RBP: 00007f180e2c947f R08: 0000000000000020 R09: 0000000000000000 [ 260.055373][T10880] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000 [ 260.063478][T10880] R13: 000000000000000b R14: 00007f180e3b3fa0 R15: 00007fffe5097678 [ 260.071750][T10880] [ 260.089252][T10880] Mem-Info: [ 260.092697][T10880] active_anon:14253 inactive_anon:0 isolated_anon:0 [ 260.092697][T10880] active_file:0 inactive_file:46948 isolated_file:0 [ 260.092697][T10880] unevictable:768 dirty:57 writeback:0 [ 260.092697][T10880] slab_reclaimable:10696 slab_unreclaimable:104849 [ 260.092697][T10880] mapped:26018 shmem:1566 pagetables:693 [ 260.092697][T10880] sec_pagetables:0 bounce:0 [ 260.092697][T10880] kernel_misc_reclaimable:0 [ 260.092697][T10880] free:1354686 free_pcp:1111 free_cma:0 [ 260.172010][T10880] Node 0 active_anon:57112kB inactive_anon:0kB active_file:0kB inactive_file:187724kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:104072kB dirty:224kB writeback:0kB shmem:4728kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11268kB pagetables:2772kB sec_pagetables:0kB all_unreclaimable? no [ 260.231132][T10880] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 260.309675][T10880] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 260.350082][T10880] lowmem_reserve[]: 0 2571 2571 0 0 [ 260.392577][T10880] Node 0 DMA32 free:1461696kB boost:0kB min:35108kB low:43884kB high:52660kB reserved_highatomic:0KB active_anon:56768kB inactive_anon:0kB active_file:0kB inactive_file:187516kB unevictable:1536kB writepending:320kB present:3129332kB managed:2659884kB mlocked:0kB bounce:0kB free_pcp:2588kB local_pcp:1800kB free_cma:0kB [ 260.459550][T10880] lowmem_reserve[]: 0 0 0 0 0 [ 260.523552][T10880] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:312kB unevictable:0kB writepending:4kB present:1048576kB managed:360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 260.637464][T10880] lowmem_reserve[]: 0 0 0 0 0 [ 260.665396][T10880] Node 1 Normal free:3947688kB boost:0kB min:54788kB low:68484kB high:82180kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB writepending:4kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:500kB local_pcp:0kB free_cma:0kB [ 260.736632][T10880] lowmem_reserve[]: 0 0 0 0 0 [ 260.742122][T10880] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 260.788524][T10880] Node 0 DMA32: 7*4kB (M) 40*8kB (UME) 66*16kB (UME) 205*32kB (UME) 196*64kB (UME) 111*128kB (UME) 66*256kB (UME) 37*512kB (UM) 32*1024kB (UME) 5*2048kB (UM) 329*4096kB (UM) = 1461148kB [ 260.865719][T10880] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 260.893446][T10880] Node 1 Normal: 2*4kB (U) 6*8kB (U) 7*16kB (U) 10*32kB (U) 9*64kB (UM) 1*128kB (U) 4*256kB (UM) 6*512kB (UM) 4*1024kB (U) 1*2048kB (U) 961*4096kB (M) = 3947688kB [ 260.949316][T10880] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 260.976174][T10880] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 261.007781][T10880] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 261.063534][T10880] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 261.104979][T10880] 48540 total pagecache pages [ 261.118009][T10880] 0 pages in swap cache [ 261.139165][T10880] Free swap = 124996kB [ 261.175399][T10880] Total swap = 124996kB [ 261.181968][T10880] 2097051 pages RAM [ 261.212396][T10880] 0 pages HighMem/MovableOnly [ 261.249191][T10880] 400870 pages reserved [ 261.253469][T10880] 0 pages cma reserved [ 262.877527][T10996] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 263.537291][T11027] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 263.736947][T11035] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 264.320266][T11067] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 265.561846][T11122] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 266.667800][T11180] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 266.992761][T11195] netlink: 80 bytes leftover after parsing attributes in process `syz-executor.0'. [ 267.037730][T11196] sctp: [Deprecated]: syz-executor.3 (pid 11196) Use of struct sctp_assoc_value in delayed_ack socket option. [ 267.037730][T11196] Use struct sctp_sack_info instead [ 267.736021][T11225] sctp: [Deprecated]: syz-executor.1 (pid 11225) Use of struct sctp_assoc_value in delayed_ack socket option. [ 267.736021][T11225] Use struct sctp_sack_info instead [ 267.950764][T11232] Dead loop on virtual device ipvlan1, fix it urgently! [ 268.133192][T11246] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 268.157811][T11246] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 268.345989][ T5120] Bluetooth: hci3: command 0x0406 tx timeout [ 268.652165][T11268] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 268.673981][T11270] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 268.742544][T11232] syz-executor.4 (11232) used greatest stack depth: 7544 bytes left [ 268.810920][T11277] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 268.856117][T11277] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 269.079504][T11290] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 269.119416][T11290] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 269.175590][T11293] ebtables: ebtables: counters copy to user failed while replacing table [ 269.216002][ T29] audit: type=1804 audit(1717006108.254:12): pid=11298 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir72986506/syzkaller.j1ygWf/185/cgroup.controllers" dev="sda1" ino=1950 res=1 errno=0 [ 269.266202][T11298] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 269.342040][T11298] vlan2: entered promiscuous mode [ 269.356132][T11298] bridge0: entered promiscuous mode [ 269.380914][T11298] bridge0: left promiscuous mode [ 269.479299][T11308] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 269.994550][T11331] ebtables: ebtables: counters copy to user failed while replacing table [ 271.373383][T11345] tap0: tun_chr_ioctl cmd 1074025677 [ 271.395433][T11345] tap0: linktype set to 769 [ 271.723044][T11355] ebtables: ebtables: counters copy to user failed while replacing table [ 273.831101][T11347] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 274.029124][T11359] ebtables: ebtables: counters copy to user failed while replacing table [ 274.042183][T11366] netlink: 'syz-executor.1': attribute type 6 has an invalid length. [ 274.324888][T11378] tls_set_device_offload_rx: netdev not found [ 274.377966][T11380] macsec1: entered promiscuous mode [ 274.395275][T11380] macvlan1: entered promiscuous mode [ 274.406657][T11380] macsec1: entered allmulticast mode [ 274.412419][T11380] macvlan1: entered allmulticast mode [ 274.426942][T11380] veth1_vlan: entered allmulticast mode [ 274.458966][T11380] macvlan1: left allmulticast mode [ 274.476677][T11380] veth1_vlan: left allmulticast mode [ 274.492401][T11380] macvlan1: left promiscuous mode [ 274.943337][T11393] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 274.967914][T11396] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 277.803713][ C1] Dead loop on virtual device ipvlan1, fix it urgently! [ 278.515792][T11432] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 282.917054][T11523] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 283.332911][ T29] audit: type=1804 audit(1717006122.374:13): pid=11535 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1311811133/syzkaller.Vy4xzA/629/cgroup.controllers" dev="sda1" ino=1949 res=1 errno=0 [ 283.671684][T11559] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 283.699803][T11559] netlink: 112860 bytes leftover after parsing attributes in process `syz-executor.2'. [ 283.729232][T11559] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 283.941215][ T29] audit: type=1800 audit(1717006122.984:14): pid=11567 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="memory.events" dev="sda1" ino=1967 res=0 errno=0 [ 283.987970][ T29] audit: type=1804 audit(1717006123.024:15): pid=11567 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir586056586/syzkaller.Pqrhsw/114/memory.events" dev="sda1" ino=1967 res=1 errno=0 [ 284.334926][ T29] audit: type=1804 audit(1717006123.374:16): pid=11575 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1311811133/syzkaller.Vy4xzA/632/cgroup.controllers" dev="sda1" ino=1962 res=1 errno=0 [ 285.390249][T11608] ieee802154 phy0 wpan0: encryption failed: -22 [ 285.870945][ T29] audit: type=1804 audit(1717006124.914:17): pid=11614 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1311811133/syzkaller.Vy4xzA/642/cgroup.controllers" dev="sda1" ino=1971 res=1 errno=0 [ 286.950740][T11637] ieee802154 phy0 wpan0: encryption failed: -22 [ 287.229479][T11641] ieee802154 phy0 wpan0: encryption failed: -22 [ 287.955127][T11664] syz_tun: entered allmulticast mode [ 288.001220][T11664] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 288.532525][T11697] syz_tun: entered allmulticast mode [ 288.548726][T11697] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 288.874278][T11711] ieee802154 phy0 wpan0: encryption failed: -22 [ 289.068838][T11727] ieee802154 phy0 wpan0: encryption failed: -22 [ 289.112176][T11723] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 289.205960][T11723] veth0_to_bond: entered promiscuous mode [ 289.298376][T11739] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.1'. [ 289.334465][T11739] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 290.093612][T11764] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.196251][T11781] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 290.319763][T11764] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.515094][T11764] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.585065][T11797] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.3'. [ 290.692191][T11764] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.871713][T11809] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'. [ 290.969430][T11764] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.032742][T11764] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.098425][T11818] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 291.147185][T11764] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.197262][T11764] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.527971][T11833] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.1'. [ 291.611164][T11837] Dead loop on virtual device ipvlan1, fix it urgently! [ 291.677760][T11845] Dead loop on virtual device ipvlan1, fix it urgently! [ 291.929158][T11851] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 292.088898][T11857] nla_validate_range_unsigned: 2 callbacks suppressed [ 292.088923][T11857] netlink: 'syz-executor.3': attribute type 11 has an invalid length. [ 292.330571][T11873] sctp: [Deprecated]: syz-executor.1 (pid 11873) Use of int in max_burst socket option. [ 292.330571][T11873] Use struct sctp_assoc_value instead [ 292.509833][T11879] Dead loop on virtual device ipvlan1, fix it urgently! [ 292.551267][T11879] Dead loop on virtual device ipvlan1, fix it urgently! [ 292.833001][T11890] netlink: 'syz-executor.4': attribute type 32 has an invalid length. [ 292.999019][T11896] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 293.202257][T11905] sctp: [Deprecated]: syz-executor.4 (pid 11905) Use of int in max_burst socket option. [ 293.202257][T11905] Use struct sctp_assoc_value instead [ 293.267549][T11908] netlink: 'syz-executor.2': attribute type 11 has an invalid length. [ 293.433081][T11918] Dead loop on virtual device ipvlan1, fix it urgently! [ 293.456947][T11918] Dead loop on virtual device ipvlan1, fix it urgently! [ 293.773648][T11932] sctp: [Deprecated]: syz-executor.3 (pid 11932) Use of int in max_burst socket option. [ 293.773648][T11932] Use struct sctp_assoc_value instead [ 294.237628][T11954] __nla_validate_parse: 1 callbacks suppressed [ 294.237652][T11954] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 294.390918][T11959] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 294.454212][T11964] sctp: [Deprecated]: syz-executor.4 (pid 11964) Use of int in max_burst socket option. [ 294.454212][T11964] Use struct sctp_assoc_value instead [ 294.734168][T11978] bond0: entered promiscuous mode [ 294.758212][T11978] bond_slave_0: entered promiscuous mode [ 294.764539][T11978] bond_slave_1: entered promiscuous mode [ 294.858887][T11987] tipc: Enabled bearer , priority 0 [ 295.123155][T11994] Dead loop on virtual device ipvlan1, fix it urgently! [ 295.265258][T12004] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 295.492362][T12016] bond0: entered promiscuous mode [ 295.509836][T12016] bond_slave_0: entered promiscuous mode [ 295.533929][T12016] bond_slave_1: entered promiscuous mode [ 295.959368][ T45] tipc: Node number set to 372918601 [ 296.133788][T12040] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 296.214740][T12046] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 296.332749][T12053] netlink: 224 bytes leftover after parsing attributes in process `syz-executor.3'. [ 296.481100][T12059] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 296.699056][T12065] Dead loop on virtual device ipvlan1, fix it urgently! [ 296.824871][T12076] tipc: Enabling of bearer rejected, already enabled [ 297.420279][T12099] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 297.789590][T12109] syzkaller0: entered allmulticast mode [ 297.805530][T12115] tipc: Enabled bearer , priority 0 [ 297.841805][T12109] syzkaller0 (unregistering): left allmulticast mode [ 298.676583][T12148] Dead loop on virtual device ipvlan1, fix it urgently! [ 298.917603][ T786] tipc: Node number set to 372918601 [ 299.056621][T12165] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. [ 299.259440][T12175] xt_l2tp: invalid flags combination: 0 [ 299.427406][ T5171] IPVS: starting estimator thread 0... [ 299.507477][T12193] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 299.524761][T12193] netlink: 'syz-executor.3': attribute type 30 has an invalid length. [ 299.533596][T12187] IPVS: using max 17 ests per chain, 40800 per kthread [ 300.133800][ T786] IPVS: starting estimator thread 0... [ 300.246048][T12219] IPVS: using max 17 ests per chain, 40800 per kthread [ 300.466063][T12231] No such timeout policy "syz0" [ 300.828102][T12247] hsr_slave_0: left promiscuous mode [ 300.873364][T12247] hsr_slave_1: left promiscuous mode [ 300.989643][T12257] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 301.029787][T12257] netlink: 'syz-executor.1': attribute type 30 has an invalid length. [ 301.212210][T12264] sctp: [Deprecated]: syz-executor.3 (pid 12264) Use of struct sctp_assoc_value in delayed_ack socket option. [ 301.212210][T12264] Use struct sctp_sack_info instead [ 301.898650][T12299] xt_HMARK: spi-set and port-set can't be combined [ 302.180147][T10203] syz_tun (unregistering): left allmulticast mode [ 302.402800][ T3524] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.472249][T12319] netlink: 144 bytes leftover after parsing attributes in process `syz-executor.2'. [ 302.591994][ T3524] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.622130][T12319] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.2'. [ 302.653552][T12319] 0XD: renamed from gretap0 (while UP) [ 302.676065][T12319] 0XD: entered allmulticast mode [ 302.692499][T12319] A link change request failed with some changes committed already. Interface 50XD may have been left with an inconsistent configuration, please check. [ 302.870643][ T3524] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.368585][ T3524] bridge_slave_1: left allmulticast mode [ 303.406011][ T3524] bridge_slave_1: left promiscuous mode [ 303.426036][ T3524] bridge0: port 2(bridge_slave_1) entered disabled state [ 303.460235][ T3524] bridge_slave_0: left allmulticast mode [ 303.476711][ T3524] bridge_slave_0: left promiscuous mode [ 303.490757][ T3524] bridge0: port 1(bridge_slave_0) entered disabled state [ 303.540667][ T4490] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 303.553299][ T4490] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 303.564440][ T4490] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 303.576783][ T4490] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 303.590016][ T4490] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 303.606105][ T4490] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 304.190921][ T5120] Bluetooth: hci5: command 0x041b tx timeout [ 304.359669][ T3524] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 304.378269][ T3524] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 304.401484][ T3524] bond0 (unregistering): Released all slaves [ 304.432836][T12343] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 304.644154][T12357] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.899454][T12357] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.132068][T12357] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.251699][T12375] pim6reg1: entered promiscuous mode [ 305.260294][T12375] pim6reg1: entered allmulticast mode [ 305.406793][T12388] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 305.458638][ T3524] hsr_slave_0: left promiscuous mode [ 305.490416][ T3524] hsr_slave_1: left promiscuous mode [ 305.506754][ T3524] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 305.523861][ T3524] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 305.534710][T12392] syz-executor.4[12392] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 305.535150][T12392] syz-executor.4[12392] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 305.549321][ T3524] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 305.575547][ T3524] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 305.610355][ T3524] veth1_macvtap: left promiscuous mode [ 305.616756][ T3524] veth0_macvtap: left promiscuous mode [ 305.623243][ T3524] veth1_vlan: left promiscuous mode [ 305.629364][ T3524] veth0_vlan: left promiscuous mode [ 305.706000][ T5120] Bluetooth: hci7: command tx timeout [ 306.796415][ T3524] team0 (unregistering): Port device team_slave_1 removed [ 306.870186][ T3524] team0 (unregistering): Port device team_slave_0 removed [ 307.625409][T12357] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.651487][T12357] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.766142][T12357] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.787140][ T5120] Bluetooth: hci7: command tx timeout [ 307.870854][T12357] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.979695][T12424] pim6reg1: entered promiscuous mode [ 308.007312][T12424] pim6reg1: entered allmulticast mode [ 308.024443][T12344] chnl_net:caif_netlink_parms(): no params data found [ 308.753892][T12344] bridge0: port 1(bridge_slave_0) entered blocking state [ 308.770187][T12344] bridge0: port 1(bridge_slave_0) entered disabled state [ 308.777974][T12344] bridge_slave_0: entered allmulticast mode [ 308.788176][T12344] bridge_slave_0: entered promiscuous mode [ 308.818955][T12344] bridge0: port 2(bridge_slave_1) entered blocking state [ 308.847039][T12344] bridge0: port 2(bridge_slave_1) entered disabled state [ 308.884024][T12344] bridge_slave_1: entered allmulticast mode [ 308.913791][T12344] bridge_slave_1: entered promiscuous mode [ 309.048013][ T3524] IPVS: stop unused estimator thread 0... [ 309.064568][T12344] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 309.103165][T12344] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 309.188293][T12344] team0: Port device team_slave_0 added [ 309.201090][T12344] team0: Port device team_slave_1 added [ 309.269268][T12344] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 309.282479][T12344] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 309.310760][T12344] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 309.326985][T12463] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 309.345963][T12344] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 309.355528][T12344] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 309.390396][T12344] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 309.412349][T12463] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 309.501584][T12463] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 309.538075][T12344] hsr_slave_0: entered promiscuous mode [ 309.549784][T12344] hsr_slave_1: entered promiscuous mode [ 309.576937][T12344] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 309.584654][T12344] Cannot create hsr debugfs directory [ 309.600377][T12463] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 309.830526][T12469] pim6reg1: entered promiscuous mode [ 309.838735][T12469] pim6reg1: entered allmulticast mode [ 309.847194][T12473] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 309.866159][ T5120] Bluetooth: hci7: command tx timeout [ 309.914782][T12473] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 309.998138][T12463] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.020033][T12472] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 310.096669][T12474] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.2'. [ 310.150823][T12474] 0XD: entered promiscuous mode [ 310.158603][T12474] 0XD: left allmulticast mode [ 310.216573][T12463] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.579922][T12463] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.605024][T12463] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.434606][T12344] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 311.451173][T12344] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 311.480982][T12344] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 311.499535][T12344] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 311.565548][T12520] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.628731][T12520] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.694744][T12520] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.753614][T12344] 8021q: adding VLAN 0 to HW filter on device bond0 [ 311.767899][T12520] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.815106][T12344] 8021q: adding VLAN 0 to HW filter on device team0 [ 311.845123][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 311.852522][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 311.884690][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 311.891981][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 311.946193][ T5120] Bluetooth: hci7: command tx timeout [ 312.197365][T12532] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 0, id = 0 [ 312.479137][T12545] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 312.557812][T12548] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 312.565913][T12548] IPv6: NLM_F_CREATE should be set when creating new route [ 312.635404][T12344] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 312.785170][T12344] veth0_vlan: entered promiscuous mode [ 312.806163][T12344] veth1_vlan: entered promiscuous mode [ 312.948708][T12344] veth0_macvtap: entered promiscuous mode [ 312.979601][T12344] veth1_macvtap: entered promiscuous mode [ 313.024257][T12344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 313.053657][T12344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.064557][T12344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 313.076374][T12344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.091023][T12344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 313.104481][T12344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.114795][T12344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 313.125634][T12344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.136866][T12344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 313.162920][T12344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.179250][T12344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 313.196583][T12344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.215474][T12344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 313.227670][T12344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.252797][T12344] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 313.304577][T12344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 313.328711][T12344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.348199][T12344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 313.368320][T12344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.385872][T12344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 313.405761][T12344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.428709][T12344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 313.445773][T12344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.462974][T12344] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 313.477485][T12568] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 313.513137][T12344] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 313.542023][T12344] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 313.567803][T12344] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 313.585124][T12344] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 313.844037][ T746] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 313.863957][ T746] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 313.944350][ T1109] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 313.971940][ T1109] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 314.395196][T12595] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 314.489058][T12597] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 315.682655][T12520] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.741172][T12520] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.797777][T12520] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.862221][T12520] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.248182][T12674] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 316.606760][T12689] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 316.929404][ T29] audit: type=1804 audit(1717006155.964:18): pid=12697 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1311811133/syzkaller.Vy4xzA/739/cgroup.controllers" dev="sda1" ino=1958 res=1 errno=0 [ 317.080829][T12694] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 317.469535][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.477043][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.606249][T12735] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 318.039518][T12754] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.1'. [ 318.079148][T12762] team0: No ports can be present during mode change [ 318.080510][T12754] openvswitch: netlink: IP tunnel attribute has 3048 unknown bytes. [ 318.403776][T12775] syz-executor.1[12775] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 318.403957][T12775] syz-executor.1[12775] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 318.608775][T12783] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.3'. [ 318.658280][T12765] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 318.662798][T12783] openvswitch: netlink: IP tunnel attribute has 3048 unknown bytes. [ 318.898038][T12797] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.1'. [ 318.936254][T12797] openvswitch: netlink: IP tunnel attribute has 3048 unknown bytes. [ 319.428324][T12820] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.4'. [ 319.464114][T12820] openvswitch: netlink: IP tunnel attribute has 3048 unknown bytes. [ 319.713962][T12837] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 319.826833][T12832] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.1'. [ 320.348898][T12871] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 320.583963][T12888] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 321.298734][T12917] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 321.666541][T12933] Bluetooth: hci3: service_discovery: too big uuid_count value 65535 [ 322.580530][T12978] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 323.380567][T13018] Dead loop on virtual device ipvlan1, fix it urgently! [ 323.407026][T13017] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 323.427076][T13017] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'. [ 323.512822][T13024] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.1'. [ 323.678576][T13034] Dead loop on virtual device ipvlan1, fix it urgently! [ 324.165985][T13054] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 324.238331][T13058] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 324.918638][T13096] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 326.037158][T13146] syz-executor.4[13146] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 326.037338][T13146] syz-executor.4[13146] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 326.133479][T13152] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 326.277246][T13156] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 326.641634][T13175] syz-executor.2[13175] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 326.641823][T13175] syz-executor.2[13175] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 326.686479][T13179] xt_CT: You must specify a L4 protocol and not use inversions on it [ 326.901477][T13192] netem: change failed [ 328.152308][T13227] syzkaller0: entered promiscuous mode [ 328.197360][T13227] syzkaller0: entered allmulticast mode [ 328.297243][T13233] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 328.831901][T13249] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 331.691528][T13275] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 331.819208][T13284] gretap0: entered promiscuous mode [ 331.997075][T13292] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.4'. [ 332.219722][T13303] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 332.269607][T13296] syzkaller0: entered promiscuous mode [ 332.275281][T13296] syzkaller0: entered allmulticast mode [ 333.942503][T13326] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.4'. [ 335.073025][T13309] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 335.294193][T13334] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.0'. [ 335.307114][T13336] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x2 [ 336.661517][T13359] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.0'. [ 336.894729][T13372] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x2 [ 336.955068][T13363] syzkaller0: entered promiscuous mode [ 336.978038][T13363] syzkaller0: entered allmulticast mode [ 337.075794][T13378] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00bb with DS=0x1 [ 337.555914][T13392] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.1'. [ 337.951659][ C1] Dead loop on virtual device ipvlan1, fix it urgently! [ 340.168211][T13433] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x2 [ 340.296148][T13439] tipc: Enabling of bearer rejected, failed to enable media [ 340.629950][T13457] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 340.657923][T13460] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'. [ 340.679247][T13460] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 340.753471][T13460] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'. [ 340.816850][T13460] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'. [ 341.845951][T13522] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 342.166853][T13541] netlink: 'syz-executor.3': attribute type 14 has an invalid length. [ 342.375541][T13553] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 342.904820][T13580] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 343.297710][T13598] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap2 [ 343.392451][T13607] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 343.441739][T13607] netlink: 'syz-executor.2': attribute type 10 has an invalid length. [ 343.532205][T13607] team0: Port device dummy0 added [ 343.555360][T13609] IPVS: Unknown mcast interface: netdevsim0 [ 343.650973][T13617] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 343.678092][T13617] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 343.708032][T13622] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 344.171627][T13651] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 344.209644][T13654] IPVS: sync thread started: state = BACKUP, mcast_ifn = netdevsim0, syncid = 0, id = 0 [ 344.210321][T13649] IPVS: stopping backup sync thread 13654 ... [ 344.515892][T13663] A link change request failed with some changes committed already. Interface veth1_to_team may have been left with an inconsistent configuration, please check. [ 344.586280][T13671] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 344.946425][T13690] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 345.138043][T13697] A link change request failed with some changes committed already. Interface veth1_to_team may have been left with an inconsistent configuration, please check. [ 345.169367][ T5116] Bluetooth: hci6: command 0x0406 tx timeout [ 345.838082][T13733] netlink: 100 bytes leftover after parsing attributes in process `syz-executor.4'. [ 345.898449][T13733] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.4'. [ 345.962353][T13733] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.4'. [ 346.049540][T13733] openvswitch: netlink: VXLAN extension 1 has unexpected len 6 expected 4 [ 346.374358][T13758] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 346.746748][T13774] netlink: 100 bytes leftover after parsing attributes in process `syz-executor.1'. [ 346.785229][T13774] openvswitch: netlink: VXLAN extension 1 has unexpected len 6 expected 4 [ 346.990046][T13782] openvswitch: netlink: VXLAN extension 1 has unexpected len 6 expected 4 [ 347.260122][ T5116] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 347.272407][ T5116] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 347.281464][ T5116] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 347.299863][T13794] netlink: 'syz-executor.4': attribute type 6 has an invalid length. [ 347.322502][ T5116] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 347.334581][ T5116] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 347.344806][ T5116] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 347.576256][T13805] openvswitch: netlink: VXLAN extension 1 has unexpected len 6 expected 4 [ 347.800646][T13814] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 347.894141][T13790] chnl_net:caif_netlink_parms(): no params data found [ 347.906190][T13822] __nla_validate_parse: 10 callbacks suppressed [ 347.906218][T13822] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.3'. [ 347.986292][T13822] openvswitch: netlink: VXLAN extension 1 has unexpected len 6 expected 4 [ 348.104745][T13835] Bluetooth: hci3: invalid len left 7, exp >= 35 [ 348.152096][T13839] Dead loop on virtual device ipvlan1, fix it urgently! [ 348.188090][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 348.249299][T13790] bridge0: port 1(bridge_slave_0) entered blocking state [ 348.277712][T13790] bridge0: port 1(bridge_slave_0) entered disabled state [ 348.285156][T13790] bridge_slave_0: entered allmulticast mode [ 348.306994][T13790] bridge_slave_0: entered promiscuous mode [ 348.336817][T13790] bridge0: port 2(bridge_slave_1) entered blocking state [ 348.346534][T13790] bridge0: port 2(bridge_slave_1) entered disabled state [ 348.366264][T13790] bridge_slave_1: entered allmulticast mode [ 348.395859][T13790] bridge_slave_1: entered promiscuous mode [ 348.428131][T13850] netlink: 'syz-executor.4': attribute type 3 has an invalid length. [ 348.500701][T13790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 348.560227][T13790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 348.664014][T13790] team0: Port device team_slave_0 added [ 348.693617][T13790] team0: Port device team_slave_1 added [ 348.798242][T13790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 348.811468][T13790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 348.866084][T13790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 348.920616][T13790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 348.939011][T13790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 348.953315][T13872] Dead loop on virtual device ipvlan1, fix it urgently! [ 349.013670][T13876] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 349.027864][T13790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 349.039666][T13876] netlink: 636 bytes leftover after parsing attributes in process `syz-executor.2'. [ 349.272216][T13790] hsr_slave_0: entered promiscuous mode [ 349.317313][T13790] hsr_slave_1: entered promiscuous mode [ 349.324361][T13790] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 349.346112][T13790] Cannot create hsr debugfs directory [ 349.387376][ T5116] Bluetooth: hci0: command tx timeout [ 349.629321][T13902] Dead loop on virtual device ipvlan1, fix it urgently! [ 349.891822][T13790] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 349.946648][T13790] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.153792][T13790] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 350.179056][T13790] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.263070][T13930] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 350.301358][T13930] netlink: 168864 bytes leftover after parsing attributes in process `syz-executor.4'. [ 350.375226][T13790] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 350.414265][T13790] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.543054][T13790] netdevsim netdevsim0  (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 350.571313][T13790] netdevsim netdevsim0  (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.899687][T13790] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 350.922413][T13958] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 350.940441][T13790] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 350.954194][T13958] netlink: 168864 bytes leftover after parsing attributes in process `syz-executor.2'. [ 350.982002][T13790] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 351.038440][T13790] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 351.212601][ T29] audit: type=1800 audit(1717006190.254:19): pid=13965 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="memory.events" dev="sda1" ino=1967 res=0 errno=0 [ 351.311813][ T29] audit: type=1804 audit(1717006190.264:20): pid=13965 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir3156587911/syzkaller.1MDhbj/577/memory.events" dev="sda1" ino=1967 res=1 errno=0 [ 351.391553][T13790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 351.468472][T13790] 8021q: adding VLAN 0 to HW filter on device team0 [ 351.477782][ T5116] Bluetooth: hci0: command tx timeout [ 351.517594][ T786] bridge0: port 1(bridge_slave_0) entered blocking state [ 351.524831][ T786] bridge0: port 1(bridge_slave_0) entered forwarding state [ 351.593645][ T786] bridge0: port 2(bridge_slave_1) entered blocking state [ 351.601045][ T786] bridge0: port 2(bridge_slave_1) entered forwarding state [ 351.614605][T13976] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 352.350127][T13790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 352.448285][T13790] veth0_vlan: entered promiscuous mode [ 352.505444][T13790] veth1_vlan: entered promiscuous mode [ 352.592007][T13790] veth0_macvtap: entered promiscuous mode [ 352.627153][T13790] veth1_macvtap: entered promiscuous mode [ 352.689210][T14009] dummy0: entered promiscuous mode [ 352.695040][T14009] macsec1: entered promiscuous mode [ 352.717613][T14009] macsec1: entered allmulticast mode [ 352.723081][T14009] dummy0: entered allmulticast mode [ 352.755997][T14009] dummy0: left allmulticast mode [ 352.761857][T14009] dummy0: left promiscuous mode [ 352.942662][T13790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 352.977828][T13790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.003607][T13790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 353.024051][T13790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.035900][T13790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 353.059208][T13790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.072280][T13790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 353.086639][T13790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.096997][T13790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 353.102695][T14017] netlink: 41 bytes leftover after parsing attributes in process `syz-executor.2'. [ 353.108059][T13790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.108086][T13790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 353.108108][T13790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.108135][T13790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 353.108152][T13790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.108174][T13790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 353.108191][T13790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.120108][T13790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 353.214599][T14017] netlink: 41 bytes leftover after parsing attributes in process `syz-executor.2'. [ 353.266855][T13790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 353.300801][T14019] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 353.302872][T13790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.345821][T13790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 353.365651][T13790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.376483][T13790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 353.402148][T13790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.412805][T13790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 353.423580][T13790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.433507][T13790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 353.452035][T13790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.464611][T13790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 353.482223][T13790] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.495510][T13790] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.505343][T13790] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.514397][T13790] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.558964][ T5116] Bluetooth: hci0: command tx timeout [ 353.883390][ T2824] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 353.904879][ T2824] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 354.093590][ T1109] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 354.113770][ T1109] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 354.427672][T14045] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 355.008184][T14068] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 355.171831][ T746] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.323982][T14077] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 355.394505][ T746] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.567593][ T746] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.627544][ T5116] Bluetooth: hci0: command tx timeout [ 355.897469][ T5120] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 355.909109][ T5120] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 355.918268][ T5120] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 355.928499][ T5120] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 355.942887][ T5120] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 355.956264][ T5120] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 356.154024][ T746] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.275538][T14107] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 356.581052][ T746] bridge_slave_1: left allmulticast mode [ 356.611263][ T746] bridge_slave_1: left promiscuous mode [ 356.626417][ T746] bridge0: port 2(bridge_slave_1) entered disabled state [ 356.649500][ T746] bridge_slave_0: left allmulticast mode [ 356.655224][ T746] bridge_slave_0: left promiscuous mode [ 356.676831][ T746] bridge0: port 1(bridge_slave_0) entered disabled state [ 357.321113][ T746] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 357.334768][ T746] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 357.349706][ T746] bond0 (unregistering): Released all slaves [ 357.368034][ T746] bond1 (unregistering): Released all slaves [ 357.391901][ T746] bond2 (unregistering): Released all slaves [ 357.833208][T14095] chnl_net:caif_netlink_parms(): no params data found [ 358.029762][T14151] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 358.033953][T14153] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 358.049759][ T5116] Bluetooth: hci7: command tx timeout [ 358.497190][ T746] hsr_slave_0: left promiscuous mode [ 358.524169][ T746] hsr_slave_1: left promiscuous mode [ 358.538692][ T746] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 358.556002][ T746] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 358.576559][ T746] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 358.586484][ T746] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 358.890352][ T746] veth1_macvtap: left promiscuous mode [ 358.908155][ T746] veth0_macvtap: left promiscuous mode [ 358.915564][ T746] veth1_vlan: left promiscuous mode [ 358.921927][ T746] veth0_vlan: left promiscuous mode [ 359.945460][ T746] team0 (unregistering): Port device team_slave_1 removed [ 360.023601][ T746] team0 (unregistering): Port device team_slave_0 removed [ 360.112920][ T5116] Bluetooth: hci7: command tx timeout [ 360.771025][T14095] bridge0: port 1(bridge_slave_0) entered blocking state [ 360.778847][T14095] bridge0: port 1(bridge_slave_0) entered disabled state [ 360.786658][T14095] bridge_slave_0: entered allmulticast mode [ 360.794531][T14095] bridge_slave_0: entered promiscuous mode [ 360.805159][T14095] bridge0: port 2(bridge_slave_1) entered blocking state [ 360.812654][T14095] bridge0: port 2(bridge_slave_1) entered disabled state [ 360.822125][T14095] bridge_slave_1: entered allmulticast mode [ 360.831195][T14095] bridge_slave_1: entered promiscuous mode [ 361.003351][T14095] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 361.024837][T14201] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.4'. [ 361.039598][T14095] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 361.249953][T14095] team0: Port device team_slave_0 added [ 361.271776][T14095] team0: Port device team_slave_1 added [ 361.373631][T14095] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 361.389567][T14095] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 361.435934][T14095] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 361.453787][T14095] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 361.465859][T14095] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 361.530786][T14095] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 361.701423][T14095] hsr_slave_0: entered promiscuous mode [ 361.714073][T14095] hsr_slave_1: entered promiscuous mode [ 361.725559][T14095] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 361.745237][T14095] Cannot create hsr debugfs directory [ 362.204553][ T5116] Bluetooth: hci7: command tx timeout [ 362.644728][T14095] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 362.661015][T14095] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 362.681873][T14095] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 362.701784][T14095] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 362.944793][T14095] 8021q: adding VLAN 0 to HW filter on device bond0 [ 363.030027][T14095] 8021q: adding VLAN 0 to HW filter on device team0 [ 363.053359][ T786] bridge0: port 1(bridge_slave_0) entered blocking state [ 363.060631][ T786] bridge0: port 1(bridge_slave_0) entered forwarding state [ 363.092149][ T786] bridge0: port 2(bridge_slave_1) entered blocking state [ 363.099502][ T786] bridge0: port 2(bridge_slave_1) entered forwarding state [ 363.110051][T14268] netlink: 'syz-executor.0': attribute type 6 has an invalid length. [ 363.211788][T14095] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 363.517407][T14095] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 363.641409][T14095] veth0_vlan: entered promiscuous mode [ 363.669616][T14095] veth1_vlan: entered promiscuous mode [ 363.681254][T14287] netlink: 'syz-executor.2': attribute type 3 has an invalid length. [ 363.722187][T14287] netlink: 'syz-executor.2': attribute type 3 has an invalid length. [ 363.737604][T14095] veth0_macvtap: entered promiscuous mode [ 363.759375][T14095] veth1_macvtap: entered promiscuous mode [ 363.880686][T14289] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 364.061289][T14095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 364.094172][T14095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.104205][T14095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 364.118178][T14095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.128141][T14095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 364.141456][T14095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.152054][T14095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 364.164642][T14095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.175919][T14095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 364.192555][T14095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.202725][T14095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 364.213671][T14095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.225414][T14095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 364.240305][T14095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.251239][T14095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 364.262350][T14095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.274595][ T5120] Bluetooth: hci7: command tx timeout [ 364.283623][T14095] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 364.357958][T14095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 364.393537][T14095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.414828][T14095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 364.427289][T14095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.448048][T14095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 364.468703][T14095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.489585][T14095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 364.511618][T14095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.530895][T14095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 364.543953][T14095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.560622][T14095] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 364.602305][T14095] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.627035][T14095] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.637304][T14095] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.650772][T14095] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.918903][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 364.947349][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 365.012191][ T746] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 365.030208][ T746] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 365.144015][T14325] dummy0: entered promiscuous mode [ 365.154703][T14325] macsec1: entered promiscuous mode [ 365.167972][T14325] macsec1: entered allmulticast mode [ 365.173390][T14325] dummy0: entered allmulticast mode [ 365.203635][T14325] dummy0: left allmulticast mode [ 365.211269][T14325] dummy0: left promiscuous mode [ 365.462150][T14333] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 365.529281][T14335] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 366.356179][ T5120] Bluetooth: hci7: command 0x0405 tx timeout [ 366.403256][T14372] IPVS: set_ctl: invalid protocol: 60 10.1.1.1:20003 [ 366.498877][T14372] IPVS: Scheduler module ip_vs_sip not found [ 366.515393][T14373] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 366.918400][T14387] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 367.418924][T14400] IPVS: set_ctl: invalid protocol: 60 10.1.1.1:20003 [ 367.552666][T14400] IPVS: Scheduler module ip_vs_sip not found [ 367.572379][T14405] IPVS: set_ctl: invalid protocol: 33 100.1.1.2:20004 [ 367.593151][T14407] IPv6: Can't replace route, no match found [ 367.742337][T14408] (unnamed net_device) (uninitialized): Unable to set up delay as MII monitoring is disabled [ 368.059127][ T3524] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 368.096096][ T3524] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 368.105493][T14433] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 368.139458][T14437] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 369.636810][T14482] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 369.645778][T14482] netlink: 112860 bytes leftover after parsing attributes in process `syz-executor.1'. [ 369.656588][T14482] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 369.978836][T14495] syz_tun: entered promiscuous mode [ 369.985177][T14495] macsec1: entered promiscuous mode [ 369.994752][T14495] syz_tun: left promiscuous mode [ 370.439343][T14505] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 370.956103][T14529] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 370.965871][T14529] netlink: 112860 bytes leftover after parsing attributes in process `syz-executor.1'. [ 370.985408][T14529] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 371.036485][T14532] netlink: 128124 bytes leftover after parsing attributes in process `syz-executor.4'. [ 371.194278][T14537] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 371.215090][T14537] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 371.256540][T14540] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 371.267292][T14540] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 371.278238][T14540] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 371.480779][T14549] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 372.597669][T14571] IPv6: NLM_F_REPLACE set, but no existing node found! [ 372.720387][T14576] tipc: Started in network mode [ 372.734162][T14576] tipc: Node identity ac1414aa, cluster identity 4711 [ 372.752890][T14576] tipc: New replicast peer: 0.0.0.0 [ 372.762448][T14576] tipc: Enabled bearer , priority 0 [ 372.846346][T14582] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 372.875031][T14582] __nla_validate_parse: 16 callbacks suppressed [ 372.875059][T14582] netlink: 112860 bytes leftover after parsing attributes in process `syz-executor.1'. [ 372.911670][T14582] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 373.752297][T14621] tipc: Started in network mode [ 373.775888][T14621] tipc: Node identity ac1414aa, cluster identity 4711 [ 373.783906][T14621] tipc: New replicast peer: 0.0.0.0 [ 373.806427][T14621] tipc: Enabled bearer , priority 0 [ 373.875820][ T5140] tipc: Node number set to 2886997162 [ 374.500228][T14650] tipc: Enabling of bearer rejected, already enabled [ 374.511792][T14651] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 374.767729][T14660] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 374.915769][ T5140] tipc: Node number set to 2886997162 [ 374.931502][T14668] IPv6: NLM_F_REPLACE set, but no existing node found! [ 375.155558][T14680] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 375.352851][T14688] tipc: Enabling of bearer rejected, already enabled [ 375.518897][T14696] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 375.876111][T14712] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 376.092466][ T29] audit: type=1804 audit(1717006215.134:21): pid=14717 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir2422432771/syzkaller.fZQrkH/45/memory.events" dev="sda1" ino=1974 res=1 errno=0 [ 376.148471][T14717] dummy0: entered promiscuous mode [ 376.170903][T14717] dummy0: left promiscuous mode [ 376.283381][T14726] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 376.320487][T14726] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 376.487652][T14726] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 378.563067][T14800] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 378.596298][T14800] netlink: 112860 bytes leftover after parsing attributes in process `syz-executor.1'. [ 378.624344][T14800] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 378.909557][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.916879][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.027741][T14818] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 379.160839][T14820] xt_CT: No such helper "pptp" [ 379.177429][T14822] xt_CT: You must specify a L4 protocol and not use inversions on it [ 379.242446][T14820] netlink: 'syz-executor.4': attribute type 27 has an invalid length. [ 379.251254][T14820] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 380.176884][T14820] bridge0: port 2(bridge_slave_1) entered disabled state [ 380.185402][T14820] bridge0: port 1(bridge_slave_0) entered disabled state [ 380.948752][T14820] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 381.016734][T14820] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 381.560039][ T5120] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 381.571260][ T5120] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 381.581515][ T5120] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 381.590433][ T5120] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 381.600616][ T5120] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 381.608730][ T5120] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 381.927185][T14820] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.951559][T14820] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.964059][T14820] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.972546][T14820] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.117901][T14845] netlink: 'syz-executor.0': attribute type 15 has an invalid length. [ 382.327936][T14861] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 382.534383][ T29] audit: type=1107 audit(1717006221.574:22): pid=14869 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='Z 6$5G%w [ 382.534383][ T29] [ 382.534383][ T29] [ 382.534383][ T29] dav;AO1?p_ZʿM/R޴dx.P†M^z]^)A@?\e>hu_I;l̲ ǀqMZ]4sz]ހ0gd]cJ[cd&@R VhƲ,.gQ'wojX"N OUޕUqa+|T6Nb;N)\; Q-4PGh*…Ñ.I{׹f:%ybER\Gߊ kC:F$c'͕+a#g78o'?\M~2~h?2|$A3泥zaSQ9LN򪜤i.ru4ӷT8Raf71y詶l[ D4~rHSBN (VYz 6/c<7kO+H~Ѭ,qlMhOq}`!^?nm'X'Y-!_1nk]Ur>1'!x0О1#3FO=}NqAD|7 6glA(w3>*!gΦgB# N)- [ 382.534383][ T29] ޴tI:Ś"wBɥxlbs[ s}QEsܟqIGhzC Ja0J ҵ~ͳڷ[jҤ|>IflQTjТ:|{gq"|kӂ[Z |EJIzɈT0m#R~F^왙r [ 382.658268][T14874] xt_limit: Overflow, try lower: 0/0 [ 382.785224][T14851] chnl_net:caif_netlink_parms(): no params data found [ 383.016530][T14851] bridge0: port 1(bridge_slave_0) entered blocking state [ 383.033729][T14851] bridge0: port 1(bridge_slave_0) entered disabled state [ 383.051296][T14851] bridge_slave_0: entered allmulticast mode [ 383.072930][T14851] bridge_slave_0: entered promiscuous mode [ 383.111482][T14851] bridge0: port 2(bridge_slave_1) entered blocking state [ 383.122374][T14889] xt_CT: You must specify a L4 protocol and not use inversions on it [ 383.148332][T14851] bridge0: port 2(bridge_slave_1) entered disabled state [ 383.176876][T14851] bridge_slave_1: entered allmulticast mode [ 383.191600][T14886] xt_CT: No such helper "pptp" [ 383.207827][T14851] bridge_slave_1: entered promiscuous mode [ 383.311622][T14893] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 383.336202][T14886] netlink: 'syz-executor.0': attribute type 27 has an invalid length. [ 383.368139][T14886] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 383.706089][ T5120] Bluetooth: hci8: command tx timeout [ 384.232815][T14926] xt_limit: Overflow, try lower: 0/0 [ 384.428609][T14886] bridge0: port 2(bridge_slave_1) entered disabled state [ 384.436752][T14886] bridge0: port 1(bridge_slave_0) entered disabled state [ 385.176686][T14886] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 385.257576][T14886] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 385.786539][ T5120] Bluetooth: hci8: command tx timeout [ 385.907638][T14886] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 385.925914][T14886] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 385.942238][T14886] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 385.954055][T14886] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 386.176509][T14851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 386.203068][T14924] netlink: 'syz-executor.2': attribute type 15 has an invalid length. [ 386.231164][T14930] tun0: tun_chr_ioctl cmd 1074025677 [ 386.247656][T14930] tun0: linktype set to 805 [ 386.318649][T14851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 386.432812][T14851] team0: Port device team_slave_0 added [ 386.468061][T14851] team0: Port device team_slave_1 added [ 386.584684][T14851] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 386.612774][T14851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 386.663141][T14851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 386.682497][T14851] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 386.690262][T14851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 386.722588][T14851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 386.909703][T14958] netlink: 'syz-executor.0': attribute type 15 has an invalid length. [ 386.938810][T14851] hsr_slave_0: entered promiscuous mode [ 386.971054][T14851] hsr_slave_1: entered promiscuous mode [ 386.991110][T14851] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 387.007628][T14851] Cannot create hsr debugfs directory [ 387.073473][T14965] tun0: tun_chr_ioctl cmd 1074025677 [ 387.081441][T14965] tun0: linktype set to 805 [ 387.398903][T14851] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.507598][T14851] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.599013][T14851] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.701745][T14851] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.867454][ T5120] Bluetooth: hci8: command tx timeout [ 387.989471][T14851] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 388.017684][T14851] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 388.056923][T14851] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 388.091048][T14851] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 388.443698][T14851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 388.520725][T14851] 8021q: adding VLAN 0 to HW filter on device team0 [ 388.525082][T15020] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 388.560131][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 388.567747][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 388.596812][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 388.604790][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 388.739686][T14851] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 388.974726][T15040] netlink: 96 bytes leftover after parsing attributes in process `syz-executor.2'. [ 389.251130][T15053] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.4'. [ 389.262664][T14851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 389.336650][T15056] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.2'. [ 389.455048][T14851] veth0_vlan: entered promiscuous mode [ 389.528070][T14851] veth1_vlan: entered promiscuous mode [ 389.640075][T14851] veth0_macvtap: entered promiscuous mode [ 389.694005][T14851] veth1_macvtap: entered promiscuous mode [ 389.772320][T14851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 389.807470][T14851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 389.838025][T14851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 389.875659][T14851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 389.901955][T14851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 389.929280][T14851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 389.943914][T14851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 389.955052][ T5120] Bluetooth: hci8: command tx timeout [ 389.962396][T14851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 389.972583][T14851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 389.983335][T14851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 389.993797][T14851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 390.004597][T14851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 390.014879][T14851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 390.026280][T14851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 390.041327][T14851] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 390.072910][T14851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 390.096987][T14851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 390.108840][T14851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 390.121595][T14851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 390.132293][T14851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 390.144298][T14851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 390.157983][T14851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 390.170738][T14851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 390.199104][T14851] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 390.213036][T14851] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.223333][T14851] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.232997][T14851] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.242576][T14851] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.410630][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 390.437257][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 390.492436][ T2824] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 390.501915][ T2824] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 391.307506][T15097] netlink: 18 bytes leftover after parsing attributes in process `syz-executor.2'. [ 391.324972][T15097] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'. [ 391.566130][T15104] netlink: 47 bytes leftover after parsing attributes in process `syz-executor.3'. [ 392.125399][T15124] netlink: 156 bytes leftover after parsing attributes in process `syz-executor.3'. [ 392.440384][T15138] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 393.440832][T15169] netlink: 47 bytes leftover after parsing attributes in process `syz-executor.2'. [ 393.487872][T15171] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 394.048153][T15197] netlink: 47 bytes leftover after parsing attributes in process `syz-executor.3'. [ 394.120013][T15201] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 394.281273][T15207] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 394.305799][T15207] netlink: 'syz-executor.3': attribute type 15 has an invalid length. [ 394.326111][T15207] netlink: 'syz-executor.3': attribute type 18 has an invalid length. [ 394.342188][T15207] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 394.353223][T15207] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 394.363845][T15207] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 394.373620][T15207] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 394.384739][T15207] vxlan0: entered promiscuous mode [ 397.615208][T15231] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 398.122098][T15257] Bluetooth: MGMT ver 1.22 [ 398.129519][T15257] netlink: 'syz-executor.2': attribute type 9 has an invalid length. [ 399.188945][T15274] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 399.216155][T15274] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 399.709435][T15287] xt_CT: You must specify a L4 protocol and not use inversions on it [ 400.322913][T15313] ieee802154 phy0 wpan0: encryption failed: -90 [ 400.335280][T15312] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 400.482924][T15318] xt_CT: You must specify a L4 protocol and not use inversions on it [ 400.571576][T15324] xt_l2tp: v2 doesn't support IP mode [ 400.728039][T15331] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.2'. [ 400.772015][T15331] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 400.800534][T15331] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 401.078492][T15339] ieee802154 phy0 wpan0: encryption failed: -90 [ 401.593784][T15359] xt_l2tp: v2 doesn't support IP mode [ 402.022777][T15377] pim6reg: entered allmulticast mode [ 402.737037][T15399] xt_l2tp: v2 doesn't support IP mode [ 404.201987][T15457] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 404.245250][T15457] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 405.217525][T15494] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 405.248028][T15494] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 405.433939][T15477] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 405.516579][T15503] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 405.539721][T15503] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 406.911915][T15550] xt_hashlimit: max too large, truncated to 1048576 [ 406.974500][T15553] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 406.984442][T15553] netlink: 112860 bytes leftover after parsing attributes in process `syz-executor.2'. [ 406.994910][T15553] netlink: 1 bytes leftover after parsing attributes in process `syz-executor.2'. [ 407.217940][T15557] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 407.257816][T15557] bond4: entered promiscuous mode [ 407.284577][T15557] bond0: (slave bond_slave_0): Releasing backup interface [ 407.297553][T15557] bond_slave_0: entered promiscuous mode [ 407.307785][T15557] bond4: (slave bond_slave_0): Enslaving as an active interface with an up link [ 407.343199][T15557] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 407.373879][T15557] bond4 (unregistering): (slave bond_slave_0): Releasing backup interface [ 407.407204][T15557] bond_slave_0: left promiscuous mode [ 407.427644][T15557] bond4 (unregistering): Released all slaves [ 407.820059][T15578] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 407.881889][T15578] netlink: 112860 bytes leftover after parsing attributes in process `syz-executor.0'. [ 407.920008][T15578] netlink: 1 bytes leftover after parsing attributes in process `syz-executor.0'. [ 408.256249][T15600] netlink: 'syz-executor.3': attribute type 3 has an invalid length. [ 408.264725][T15600] netlink: 224 bytes leftover after parsing attributes in process `syz-executor.3'. [ 408.521124][T15606] syzkaller0: entered promiscuous mode [ 408.536563][T15606] syzkaller0: entered allmulticast mode [ 408.560770][ T11] syzkaller0: tun_net_xmit 48 [ 408.581391][T15612] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 408.637068][T15606] syzkaller0: create flow: hash 1059735748 index 3 [ 408.951059][T15605] syzkaller0: delete flow: hash 1059735748 index 3 [ 411.162991][T15668] netlink: 'syz-executor.0': attribute type 30 has an invalid length. [ 412.190249][T15678] netlink: 'syz-executor.4': attribute type 3 has an invalid length. [ 412.202557][T15678] netlink: 224 bytes leftover after parsing attributes in process `syz-executor.4'. [ 412.324583][T15680] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 413.166444][T15686] syzkaller1: entered promiscuous mode [ 413.187352][T15686] syzkaller1: entered allmulticast mode [ 413.765546][ T5116] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 413.781256][ T5116] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 413.794284][ T5116] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 413.813976][ T5116] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 413.834739][ T5116] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 413.875967][ T5116] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 414.066766][T15717] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 414.128825][T15722] netlink: 244 bytes leftover after parsing attributes in process `syz-executor.0'. [ 414.710626][T15706] chnl_net:caif_netlink_parms(): no params data found [ 414.963334][T15756] netlink: 244 bytes leftover after parsing attributes in process `syz-executor.2'. [ 415.124210][T15706] bridge0: port 1(bridge_slave_0) entered blocking state [ 415.146776][T15706] bridge0: port 1(bridge_slave_0) entered disabled state [ 415.167882][T15706] bridge_slave_0: entered allmulticast mode [ 415.192919][T15706] bridge_slave_0: entered promiscuous mode [ 415.227830][T15706] bridge0: port 2(bridge_slave_1) entered blocking state [ 415.256672][T15706] bridge0: port 2(bridge_slave_1) entered disabled state [ 415.306465][T15706] bridge_slave_1: entered allmulticast mode [ 415.324120][T15706] bridge_slave_1: entered promiscuous mode [ 415.384263][T15775] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 415.549786][T15706] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 415.612507][T15706] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 415.793442][T15706] team0: Port device team_slave_0 added [ 415.850712][T15706] team0: Port device team_slave_1 added [ 415.946247][ T5120] Bluetooth: hci9: command tx timeout [ 416.013297][T15706] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 416.037748][T15706] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 416.104112][T15706] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 416.105143][T15806] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 416.140772][T15798] syz-executor.0[15798] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 416.141300][T15798] syz-executor.0[15798] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 416.154509][T15706] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 416.176208][T15706] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 416.217792][T15706] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 416.534769][T15706] hsr_slave_0: entered promiscuous mode [ 416.557906][T15706] hsr_slave_1: entered promiscuous mode [ 416.566695][T15706] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 416.609837][T15706] Cannot create hsr debugfs directory [ 416.841519][T15836] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 417.142162][T15848] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 417.389725][T15706] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.767507][T15706] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.840048][T15874] macvlan0: entered promiscuous mode [ 417.876942][T15874] ipvlan0: entered promiscuous mode [ 417.900145][T15874] ipvlan0: left promiscuous mode [ 417.916851][T15874] macvlan0: left promiscuous mode [ 418.025859][ T5120] Bluetooth: hci9: command tx timeout [ 418.104775][T15706] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 418.196800][T15884] team0: Failed to send port change of device virt_wifi0 via netlink (err -105) [ 418.226491][T15884] team0: Failed to send options change via netlink (err -105) [ 418.246758][T15884] team0: Port device virt_wifi0 added [ 418.504886][T15706] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 418.935999][T15706] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 418.972684][T15706] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 419.016610][T15920] team0: Failed to send port change of device virt_wifi0 via netlink (err -105) [ 419.041901][T15920] team0: Failed to send options change via netlink (err -105) [ 419.066174][T15920] team0: Port device virt_wifi0 added [ 419.081339][T15706] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 419.120178][T15706] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 419.235290][T15932] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 419.492622][T15706] 8021q: adding VLAN 0 to HW filter on device bond0 [ 419.601182][T15706] 8021q: adding VLAN 0 to HW filter on device team0 [ 419.650053][ T5204] bridge0: port 1(bridge_slave_0) entered blocking state [ 419.657417][ T5204] bridge0: port 1(bridge_slave_0) entered forwarding state [ 419.722890][ T5204] bridge0: port 2(bridge_slave_1) entered blocking state [ 419.730781][ T5204] bridge0: port 2(bridge_slave_1) entered forwarding state [ 419.791185][T15953] team0: Failed to send port change of device virt_wifi0 via netlink (err -105) [ 419.803781][T15953] team0: Failed to send options change via netlink (err -105) [ 419.827662][T15953] team0: Port device virt_wifi0 added [ 419.965281][T15706] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 420.106151][ T5120] Bluetooth: hci9: command tx timeout [ 420.299530][T15975] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 420.341485][T15975] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 420.475045][T15706] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 420.698841][T15706] veth0_vlan: entered promiscuous mode [ 420.742476][T15706] veth1_vlan: entered promiscuous mode [ 420.961573][T15706] veth0_macvtap: entered promiscuous mode [ 421.020884][T15706] veth1_macvtap: entered promiscuous mode [ 421.104145][T16003] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 421.155231][T16008] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 421.260530][T15706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 421.291593][T15706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.317867][T15706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 421.343013][T15706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.362174][T15706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 421.374484][T15706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.388074][T15706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 421.399563][T15706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.410173][T15706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 421.421758][T15706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.432989][T15706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 421.445094][T15706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.456240][T15706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 421.474935][T15706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.488181][T15706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 421.499636][T15706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.513229][T15706] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 421.527765][T16010] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0) [ 421.573355][T16017] netlink: 'syz-executor.0': attribute type 13 has an invalid length. [ 421.584933][T16017] digital: digital_start_poll: Unknown protocol [ 421.611319][T16015] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 421.675135][T15706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 421.699134][T16019] xt_CT: You must specify a L4 protocol and not use inversions on it [ 421.717421][T15706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.737220][T15706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 421.756208][T15706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.762623][T16019] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 421.774401][T15706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 421.834352][T15706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.853601][T15706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 421.873035][T16028] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 421.879309][T15706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.896385][T15706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 421.908461][T15706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.929327][T15706] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 421.945059][T15706] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.959888][T15706] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.974099][T15706] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.985444][T15706] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 422.035326][T16029] bridge0: port 2(bridge_slave_1) entered disabled state [ 422.043131][T16029] bridge0: port 1(bridge_slave_0) entered disabled state [ 422.067231][T16029] bridge0: entered allmulticast mode [ 422.103721][T16030] bridge0: port 2(bridge_slave_1) entered blocking state [ 422.112711][T16030] bridge0: port 2(bridge_slave_1) entered forwarding state [ 422.121242][T16030] bridge0: port 1(bridge_slave_0) entered blocking state [ 422.129107][T16030] bridge0: port 1(bridge_slave_0) entered forwarding state [ 422.148874][T16030] bridge0: entered promiscuous mode [ 422.196471][ T5120] Bluetooth: hci9: command tx timeout [ 422.216147][T16035] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 422.271339][T16035] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 422.590052][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 422.617734][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 422.740840][T16048] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0) [ 422.808901][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 422.850766][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 423.050712][T16058] netlink: 'syz-executor.0': attribute type 13 has an invalid length. [ 423.076170][T16058] digital: digital_start_poll: Unknown protocol [ 423.248141][T16064] bridge0: port 2(bridge_slave_1) entered disabled state [ 423.255501][T16064] bridge0: port 1(bridge_slave_0) entered disabled state [ 423.280225][T16064] bridge0: left promiscuous mode [ 423.363191][T16066] bridge0: port 2(bridge_slave_1) entered disabled state [ 423.371079][T16066] bridge0: port 1(bridge_slave_0) entered disabled state [ 423.388190][T16066] bridge0: entered allmulticast mode [ 423.479522][T16069] bridge0: port 2(bridge_slave_1) entered blocking state [ 423.487062][T16069] bridge0: port 2(bridge_slave_1) entered forwarding state [ 423.495157][T16069] bridge0: port 1(bridge_slave_0) entered blocking state [ 423.502553][T16069] bridge0: port 1(bridge_slave_0) entered forwarding state [ 423.552056][T16069] bridge0: entered promiscuous mode [ 423.585636][T16070] bridge0: port 2(bridge_slave_1) entered blocking state [ 423.593050][T16070] bridge0: port 2(bridge_slave_1) entered forwarding state [ 423.600725][T16070] bridge0: port 1(bridge_slave_0) entered blocking state [ 423.608381][T16070] bridge0: port 1(bridge_slave_0) entered forwarding state [ 423.670016][T16070] bridge0: entered promiscuous mode [ 423.829032][T16088] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0) [ 424.924384][T16128] __nla_validate_parse: 4 callbacks suppressed [ 424.924412][T16128] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 425.073694][T16134] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0) [ 425.125159][T16136] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 425.733011][T16166] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 425.801641][T16169] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 425.861558][T16166] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0) [ 425.933337][T16173] tap0: tun_chr_ioctl cmd 2147767520 [ 426.002207][T16175] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 426.169161][T16183] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 426.672178][T16201] tap0: tun_chr_ioctl cmd 2147767520 [ 426.823449][T16211] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.0'. [ 428.120547][T16270] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.0'. [ 428.693205][T16293] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 428.733996][T16293] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 428.744621][T16298] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 428.753311][T16293] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 428.779794][T16293] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 428.801694][T16293] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 428.839881][T16293] geneve2: entered allmulticast mode [ 430.348078][T16345] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 430.646735][T16359] __nla_validate_parse: 1 callbacks suppressed [ 430.646759][T16359] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 431.947671][T16404] netlink: 'syz-executor.4': attribute type 2 has an invalid length. [ 432.047936][T16407] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 432.089174][T16407] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0 [ 432.123154][T16407] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0 [ 432.147215][T16407] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0 [ 432.166239][T16407] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0 [ 432.205103][T16407] geneve2: entered allmulticast mode [ 432.268447][T16408] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 433.558090][T16457] netlink: 'syz-executor.2': attribute type 27 has an invalid length. [ 434.233319][T16485] netlink: 'syz-executor.2': attribute type 27 has an invalid length. [ 434.577657][T16500] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 437.011672][T16602] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 437.049725][T16602] netlink: 113592 bytes leftover after parsing attributes in process `syz-executor.3'. [ 437.624790][T16626] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 437.654569][T16627] atomic_op ffff88807ac3a198 conn xmit_atomic 0000000000000000 [ 437.676466][T16626] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.0'. [ 437.782202][T16631] netlink: 256 bytes leftover after parsing attributes in process `syz-executor.3'. [ 437.796072][T16630] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 437.808951][T16630] netlink: 113592 bytes leftover after parsing attributes in process `syz-executor.4'. [ 438.042973][T16643] ------------[ cut here ]------------ [ 438.049025][T16643] wlan0: Failed check-sdata-in-driver check, flags: 0x0 [ 438.087263][T16643] WARNING: CPU: 0 PID: 16643 at net/mac80211/main.c:410 ieee80211_link_info_change_notify+0x273/0x330 [ 438.099010][T16643] Modules linked in: [ 438.103074][T16643] CPU: 0 PID: 16643 Comm: syz-executor.0 Not tainted 6.9.0-syzkaller-12116-g782471db6c72 #0 [ 438.114029][T16643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 438.124976][T16643] RIP: 0010:ieee80211_link_info_change_notify+0x273/0x330 2024/05/29 18:11:17 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 438.132865][T16643] Code: 08 00 00 48 85 c0 48 0f 44 e9 42 0f b6 04 23 84 c0 0f 85 ab 00 00 00 41 8b 17 48 c7 c7 20 28 e1 8c 48 89 ee e8 6e e6 69 f6 90 <0f> 0b 90 90 e9 da fe ff ff 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 13 [ 438.153107][T16643] RSP: 0018:ffffc9001d02f318 EFLAGS: 00010246 [ 438.159857][T16643] RAX: 128eb97bbe5a4200 RBX: 1ffff1100c15229e RCX: 0000000000040000 [ 438.168020][T16643] RDX: ffffc900180b1000 RSI: 00000000000038f4 RDI: 00000000000038f5 [ 438.177310][T16643] RBP: ffff888060a90130 R08: ffffffff815847a2 R09: fffffbfff1c3996c [ 438.185402][T16643] R10: dffffc0000000000 R11: fffffbfff1c3996c R12: dffffc0000000000 [ 438.194964][T16643] R13: 0000000002000000 R14: ffff888060a90ca0 R15: ffff888060a914f0 [ 438.203459][T16643] FS: 00007f2148e306c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 438.213000][T16643] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 438.220258][T16643] CR2: ffffffffffffffe8 CR3: 000000007e5c6000 CR4: 00000000003506f0 [ 438.228548][T16643] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 438.237402][T16643] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 438.246457][T16643] Call Trace: [ 438.249871][T16643] [ 438.252977][T16643] ? __warn+0x163/0x4e0 [ 438.257416][T16643] ? ieee80211_link_info_change_notify+0x273/0x330 [ 438.264407][T16643] ? report_bug+0x2b3/0x500 [ 438.269647][T16643] ? ieee80211_link_info_change_notify+0x273/0x330 [ 438.278201][T16643] ? handle_bug+0x3e/0x70 [ 438.283757][T16643] ? exc_invalid_op+0x1a/0x50 [ 438.288768][T16643] ? asm_exc_invalid_op+0x1a/0x20 [ 438.293863][T16643] ? __warn_printk+0x292/0x360 [ 438.298972][T16643] ? ieee80211_link_info_change_notify+0x273/0x330 [ 438.306058][T16643] ? ieee80211_link_info_change_notify+0x272/0x330 [ 438.312779][T16643] ieee80211_set_mcast_rate+0x46/0x60 [ 438.318367][T16643] ? __pfx_ieee80211_set_mcast_rate+0x10/0x10 [ 438.324507][T16643] nl80211_set_mcast_rate+0xaff/0xeb0 [ 438.330212][T16643] ? __pfx_nl80211_set_mcast_rate+0x10/0x10 [ 438.337052][T16643] genl_rcv_msg+0xb14/0xec0 [ 438.341959][T16643] ? mark_lock+0x9a/0x350 [ 438.346554][T16643] ? __pfx_genl_rcv_msg+0x10/0x10 [ 438.351690][T16643] ? __pfx_lock_acquire+0x10/0x10 [ 438.357312][T16643] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 438.363026][T16643] ? __pfx_nl80211_set_mcast_rate+0x10/0x10 [ 438.369610][T16643] ? __pfx_nl80211_post_doit+0x10/0x10 [ 438.375248][T16643] ? __pfx___might_resched+0x10/0x10 [ 438.381848][T16643] netlink_rcv_skb+0x1e3/0x430 [ 438.387462][T16643] ? __pfx_genl_rcv_msg+0x10/0x10 [ 438.392579][T16643] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 438.398422][T16643] genl_rcv+0x28/0x40 [ 438.402485][T16643] netlink_unicast+0x7ea/0x980 [ 438.407474][T16643] ? __pfx_netlink_unicast+0x10/0x10 [ 438.412993][T16643] ? __virt_addr_valid+0x183/0x520 [ 438.418329][T16643] ? __check_object_size+0x49c/0x900 [ 438.424028][T16643] ? bpf_lsm_netlink_send+0x9/0x10 [ 438.430591][T16643] netlink_sendmsg+0x8db/0xcb0 [ 438.435473][T16643] ? __pfx_netlink_sendmsg+0x10/0x10 [ 438.441229][T16643] ? __import_iovec+0x536/0x820 [ 438.446427][T16643] ? aa_sock_msg_perm+0x91/0x160 [ 438.451532][T16643] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 438.457455][T16643] ? security_socket_sendmsg+0x87/0xb0 [ 438.463170][T16643] ? __pfx_netlink_sendmsg+0x10/0x10 [ 438.468755][T16643] __sock_sendmsg+0x221/0x270 [ 438.473545][T16643] ____sys_sendmsg+0x525/0x7d0 [ 438.478432][T16643] ? __pfx_____sys_sendmsg+0x10/0x10 [ 438.484818][T16643] __sys_sendmsg+0x2b0/0x3a0 [ 438.490559][T16643] ? __pfx___sys_sendmsg+0x10/0x10 [ 438.495923][T16643] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 438.502412][T16643] ? do_syscall_64+0x100/0x230 [ 438.508019][T16643] ? do_syscall_64+0xb6/0x230 [ 438.512939][T16643] do_syscall_64+0xf3/0x230 [ 438.518549][T16643] ? clear_bhb_loop+0x35/0x90 [ 438.523343][T16643] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 438.529607][T16643] RIP: 0033:0x7f214807cee9 [ 438.534175][T16643] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 438.555292][T16643] RSP: 002b:00007f2148e300c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 438.564726][T16643] RAX: ffffffffffffffda RBX: 00007f21481b3fa0 RCX: 00007f214807cee9 [ 438.573889][T16643] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 438.583359][T16643] RBP: 00007f21480c947f R08: 0000000000000000 R09: 0000000000000000 [ 438.592332][T16643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 438.600645][T16643] R13: 000000000000000b R14: 00007f21481b3fa0 R15: 00007ffc41ff3018 [ 438.609213][T16643] [ 438.612309][T16643] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 438.619771][T16643] CPU: 0 PID: 16643 Comm: syz-executor.0 Not tainted 6.9.0-syzkaller-12116-g782471db6c72 #0 [ 438.630020][T16643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 438.641267][T16643] Call Trace: [ 438.644933][T16643] [ 438.648064][T16643] dump_stack_lvl+0x241/0x360 [ 438.653069][T16643] ? __pfx_dump_stack_lvl+0x10/0x10 [ 438.658684][T16643] ? __pfx__printk+0x10/0x10 [ 438.663348][T16643] ? _printk+0xd5/0x120 [ 438.668230][T16643] ? vscnprintf+0x5d/0x90 [ 438.672731][T16643] panic+0x349/0x860 [ 438.676824][T16643] ? __warn+0x172/0x4e0 [ 438.681239][T16643] ? __pfx_panic+0x10/0x10 [ 438.685906][T16643] ? show_trace_log_lvl+0x4e6/0x520 [ 438.691439][T16643] __warn+0x346/0x4e0 [ 438.695467][T16643] ? ieee80211_link_info_change_notify+0x273/0x330 [ 438.702001][T16643] report_bug+0x2b3/0x500 [ 438.706396][T16643] ? ieee80211_link_info_change_notify+0x273/0x330 [ 438.712973][T16643] handle_bug+0x3e/0x70 [ 438.717345][T16643] exc_invalid_op+0x1a/0x50 [ 438.721879][T16643] asm_exc_invalid_op+0x1a/0x20 [ 438.726774][T16643] RIP: 0010:ieee80211_link_info_change_notify+0x273/0x330 [ 438.734032][T16643] Code: 08 00 00 48 85 c0 48 0f 44 e9 42 0f b6 04 23 84 c0 0f 85 ab 00 00 00 41 8b 17 48 c7 c7 20 28 e1 8c 48 89 ee e8 6e e6 69 f6 90 <0f> 0b 90 90 e9 da fe ff ff 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 13 [ 438.754021][T16643] RSP: 0018:ffffc9001d02f318 EFLAGS: 00010246 [ 438.760293][T16643] RAX: 128eb97bbe5a4200 RBX: 1ffff1100c15229e RCX: 0000000000040000 [ 438.768372][T16643] RDX: ffffc900180b1000 RSI: 00000000000038f4 RDI: 00000000000038f5 [ 438.776362][T16643] RBP: ffff888060a90130 R08: ffffffff815847a2 R09: fffffbfff1c3996c [ 438.785043][T16643] R10: dffffc0000000000 R11: fffffbfff1c3996c R12: dffffc0000000000 [ 438.793055][T16643] R13: 0000000002000000 R14: ffff888060a90ca0 R15: ffff888060a914f0 [ 438.801062][T16643] ? __warn_printk+0x292/0x360 [ 438.805871][T16643] ? ieee80211_link_info_change_notify+0x272/0x330 [ 438.812415][T16643] ieee80211_set_mcast_rate+0x46/0x60 [ 438.817808][T16643] ? __pfx_ieee80211_set_mcast_rate+0x10/0x10 [ 438.824161][T16643] nl80211_set_mcast_rate+0xaff/0xeb0 [ 438.829632][T16643] ? __pfx_nl80211_set_mcast_rate+0x10/0x10 [ 438.835590][T16643] genl_rcv_msg+0xb14/0xec0 [ 438.840114][T16643] ? mark_lock+0x9a/0x350 [ 438.844638][T16643] ? __pfx_genl_rcv_msg+0x10/0x10 [ 438.849705][T16643] ? __pfx_lock_acquire+0x10/0x10 [ 438.854929][T16643] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 438.860315][T16643] ? __pfx_nl80211_set_mcast_rate+0x10/0x10 [ 438.866535][T16643] ? __pfx_nl80211_post_doit+0x10/0x10 [ 438.872589][T16643] ? __pfx___might_resched+0x10/0x10 [ 438.878178][T16643] netlink_rcv_skb+0x1e3/0x430 [ 438.883159][T16643] ? __pfx_genl_rcv_msg+0x10/0x10 [ 438.889301][T16643] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 438.894710][T16643] genl_rcv+0x28/0x40 [ 438.898756][T16643] netlink_unicast+0x7ea/0x980 [ 438.903580][T16643] ? __pfx_netlink_unicast+0x10/0x10 [ 438.909030][T16643] ? __virt_addr_valid+0x183/0x520 [ 438.914218][T16643] ? __check_object_size+0x49c/0x900 [ 438.919588][T16643] ? bpf_lsm_netlink_send+0x9/0x10 [ 438.924742][T16643] netlink_sendmsg+0x8db/0xcb0 [ 438.929542][T16643] ? __pfx_netlink_sendmsg+0x10/0x10 [ 438.934939][T16643] ? __import_iovec+0x536/0x820 [ 438.939822][T16643] ? aa_sock_msg_perm+0x91/0x160 [ 438.944875][T16643] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 438.950234][T16643] ? security_socket_sendmsg+0x87/0xb0 [ 438.955806][T16643] ? __pfx_netlink_sendmsg+0x10/0x10 [ 438.961115][T16643] __sock_sendmsg+0x221/0x270 [ 438.965854][T16643] ____sys_sendmsg+0x525/0x7d0 [ 438.970729][T16643] ? __pfx_____sys_sendmsg+0x10/0x10 [ 438.976112][T16643] __sys_sendmsg+0x2b0/0x3a0 [ 438.980746][T16643] ? __pfx___sys_sendmsg+0x10/0x10 [ 438.985929][T16643] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 438.992279][T16643] ? do_syscall_64+0x100/0x230 [ 438.997110][T16643] ? do_syscall_64+0xb6/0x230 [ 439.001851][T16643] do_syscall_64+0xf3/0x230 [ 439.006441][T16643] ? clear_bhb_loop+0x35/0x90 [ 439.011229][T16643] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 439.017138][T16643] RIP: 0033:0x7f214807cee9 [ 439.021569][T16643] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 439.041574][T16643] RSP: 002b:00007f2148e300c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 439.050293][T16643] RAX: ffffffffffffffda RBX: 00007f21481b3fa0 RCX: 00007f214807cee9 [ 439.058972][T16643] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 439.067393][T16643] RBP: 00007f21480c947f R08: 0000000000000000 R09: 0000000000000000 [ 439.075466][T16643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 439.083450][T16643] R13: 000000000000000b R14: 00007f21481b3fa0 R15: 00007ffc41ff3018 [ 439.091448][T16643] [ 439.094805][T16643] Kernel Offset: disabled [ 439.099361][T16643] Rebooting in 86400 seconds..