last executing test programs: 2m41.603188319s ago: executing program 2 (id=3): ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000000c0)={'gretap0\x00', &(0x7f00000002c0)={'gre0\x00', 0x0, 0x7, 0x80, 0x1, 0x5990, {{0x8, 0x4, 0x3, 0x3e, 0x20, 0x67, 0x0, 0x4e, 0x29, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, {[@timestamp={0x44, 0xc, 0x23, 0x0, 0x0, [0x101, 0x101]}]}}}}}) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000180)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file0\x00'}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000006a80), 0x101101, 0x0) write$vga_arbiter(r5, &(0x7f0000000540)=@target={'target ', {'PCI:', '1e', ':', '7', ':', '18', '.', '14'}}, 0x16) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x0, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', r0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20}, 0x94) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x800, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r6}, 0x18) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r7) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_BINDTODEVICE(r10, 0x1, 0x19, &(0x7f00000001c0)='syz_tun\x00', 0x10) bind$inet6(r10, &(0x7f00000001c0)={0xa, 0x8000002, 0x0, @mcast2}, 0x50) sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)={0x24, r8, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}]}, 0x24}}, 0x0) syz_80211_join_ibss(&(0x7f0000000280)='wlan0\x00', &(0x7f0000000340)=@random='\r', 0x1, 0x0) 2m37.676498676s ago: executing program 4 (id=5): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x2010004, &(0x7f00000000c0)={[{@nobh}, {@jqfmt_vfsv0}, {@data_err_ignore}]}, 0xff, 0x4f8, &(0x7f0000000140)="$eJzs3E1sFGUfAPD/bLv9gBfoy8vL+4IoBTQ2JrZQUDiYGExMPGhixIMcm1IJUsDQHoQQKYnBM4lXQzwab5p41aPxZOIVDx5MDJEYLnwkJmNmd6Yf+9UuXVrL/n7Jdp9n5pl5nv/MPLOz83QngK41nP1JIv4VEbciYls1u7TAcPXt/t0rkw/uXpmMuTQ98WdSKXcvy+eK5TbnmZFSROmTpGaFVTOXLp+dmJ6eupjnx2bPfTg2c+nyi2fOTZyeOj11fvzYsSOHDx19efyl9oNqUF8W173dH1/Ys+uNkzfemuwtpg/k74vjaKq3vWYMt5j3XHur+sfbsiid1G+nq2vaGFZsID+sy1n/vzK9/+R6NwhYM2mapv3NZ8+lta7VTQE2rCTWuwXA+ig+6LPvv/fullf2PfgJcud49gUoqcR9P39V5/RGKS9Trvl+20nDEfHe3MObg/HwZrS6D/HrY2oAANB1vj9eXAlm13/VV3VOKXYuKrc1H0MZioh/R8T2iPhPROyIiP9GVMr+LyL+X1tBEpG2qH9HTX6h/m/yUYTS7VUH2UJ2/fdKPra19PqvuPqLoZ48tyWiuGCeOphvk5Eo979/ZnrqUJP19y1Tf3H9V7yy+rP3hRKl2701N+hOTcxOPFq09e5ci9jdWxt/0pvtuGIYJ4mIXRGxu431Di1Kn3nhyz3zmfLScsvHX5E2GNJrezyukfSLiOer+38uluz/hRqT1uOTYwMxPXVwLDsKDjas48efrr/drP5l4//2t9pFXj/63YnVhj0v2/+bqvGXI4+9Mn67EP9QEpHMj9fORKQ97dVx/ZdPK+sdPlA/7xGO/76YmJ3oS97NM1UfTczOXjwU0Ze8WT99fGHhIl+Uz+IfOdC4/2/Pl8m2xFMRkR3ET0fEMxGxN2/7vojYHxH1of38R5H64bVnP2i2bZbGv7XZ8T8/Tt1pWfynGp7/luz/hfH6FSaKhbMpPWf33XrQ5OSxsv1/pJIayac0Pv8lS04RK23p6rYeAAAAbAylqPzvf2l0Pl0qjY5W7wHtiE2l6Qszs3sj4vyp6m8EhqJcKu50Ve8Hl5Pi/ufQovx4Tf5wft/4s57BSn508sJyt0aBx2xzpc8ndf0/83ub93mBDagD42jABrVc/995Y40aAqw5n//QvRb1/7kmReb8pww8mXz+Q/dq1P+vxlctB+icM2DjS/Vl6Gr6P3Sv3nhnPl352XPDX9sCTyKf/9CV2v1df3uJtH966tWIqJ01UDfl0uUYeDzNGGxQ17oksiurDq6wHBErKzz4KFUUl4DNn/BQam+F/VE/qydaLZW0fI7DX2ma1s/Ktsqy7Tm9s+MHf/FMlE4fNl8v9NNy5SFL87M+37aCSFeRWJfTEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQMf9HQAA//8V1NEi") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './bus'}, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) 2m34.774911727s ago: executing program 4 (id=10): prlimit64(0x0, 0xe, 0x0, 0x0) chdir(0x0) ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000004340)=""/102376, 0x18fe8) socket$netlink(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000780)='netlink_extack\x00', r1, 0x0, 0xb0}, 0x18) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="300000001d00210000000000000000000700000005000000000000000a00020077a9c6f76f000000080005"], 0x30}}, 0x0) 2m25.204739413s ago: executing program 32 (id=3): ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000000c0)={'gretap0\x00', &(0x7f00000002c0)={'gre0\x00', 0x0, 0x7, 0x80, 0x1, 0x5990, {{0x8, 0x4, 0x3, 0x3e, 0x20, 0x67, 0x0, 0x4e, 0x29, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, {[@timestamp={0x44, 0xc, 0x23, 0x0, 0x0, [0x101, 0x101]}]}}}}}) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000180)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file0\x00'}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000006a80), 0x101101, 0x0) write$vga_arbiter(r5, &(0x7f0000000540)=@target={'target ', {'PCI:', '1e', ':', '7', ':', '18', '.', '14'}}, 0x16) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x0, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', r0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20}, 0x94) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x800, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r6}, 0x18) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r7) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_BINDTODEVICE(r10, 0x1, 0x19, &(0x7f00000001c0)='syz_tun\x00', 0x10) bind$inet6(r10, &(0x7f00000001c0)={0xa, 0x8000002, 0x0, @mcast2}, 0x50) sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)={0x24, r8, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}]}, 0x24}}, 0x0) syz_80211_join_ibss(&(0x7f0000000280)='wlan0\x00', &(0x7f0000000340)=@random='\r', 0x1, 0x0) 2m18.980147411s ago: executing program 33 (id=10): prlimit64(0x0, 0xe, 0x0, 0x0) chdir(0x0) ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000004340)=""/102376, 0x18fe8) socket$netlink(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000780)='netlink_extack\x00', r1, 0x0, 0xb0}, 0x18) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="300000001d00210000000000000000000700000005000000000000000a00020077a9c6f76f000000080005"], 0x30}}, 0x0) 7.174700333s ago: executing program 5 (id=407): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=@newtfilter={0x158, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0xe, 0x7}, {}, {0x1001d, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x128, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x54, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5}]}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x44, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0xfffffffffffffe09}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xa}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x38d}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x80000000}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x40}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}]}]}, @TCA_FLOWER_KEY_ICMPV6_TYPE_MASK={0x5}, @TCA_FLOWER_KEY_ENC_OPTS_MASK={0xa4, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xa0}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x2c}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x0, 0x1, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x10}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0xfe}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x2c, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x5}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x46}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x1}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}, @TCA_FLOWER_KEY_ARP_THA={0xa, 0x41, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x37}}, @TCA_FLOWER_KEY_TCP_SRC={0x6}, @TCA_FLOWER_KEY_ICMPV6_CODE_MASK]}}]}, 0x158}, 0x1, 0x0, 0x0, 0x80}, 0x0) 7.133713456s ago: executing program 1 (id=408): r0 = socket(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket(0x400000000010, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000880)=ANY=[@ANYBLOB, @ANYBLOB], 0x18}], 0x1}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge0\x00'}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-ssse3\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) accept4(r2, 0x0, 0x0, 0x800) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'veth1_vlan\x00', 0x0}) r5 = gettid() syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r6 = socket(0x10, 0x803, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304f9fffffffedbdf2500007400", @ANYRES32=r4, @ANYBLOB="049c01000750050008001300", @ANYRES32=r5, @ANYBLOB="14000300766574683000006972745f1e32666900e57a0bdf7248fd6b972850ea1dd73f727e5439affad82a46a0c2bb5f970ea064693da6f7b8d03874dd12d093291c4ce750a1cc970b281b4e2a55fba300418fd811cfe90ae3c3d4bd53ffc3effe51360e2bd55877ac722ced13680000e938f6ca2afb50d163c97f8ead7809c0131ac6af7e421c9250bbd291939b567d367d21b40615da4ca33c29a687d40ac603c906990729c3a08437481248670d1ac1fd64cc43246f7a05fd466309fee2b617d7f11efd2e88a8945eea55bd63f75825819b4d00d00fa0dbbb7833a393d550f6"], 0x3c}, 0x1, 0x0, 0x0, 0x4802}, 0x0) 5.690731631s ago: executing program 5 (id=412): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r0}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8000) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f00000008c0)={0x1, {{0x2, 0x0, @multicast2}}}, 0x88) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x2000000}, 0x0) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x84, &(0x7f0000000440)={r5, @in6={{0xa, 0x0, 0x6, @empty}}, 0x0, 0x80}, &(0x7f0000000100)=0x90) 5.570814056s ago: executing program 1 (id=413): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x28, r1, 0x1, 0x0, 0x25dfdbfc, {0x3}, [@TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'ipvlan1\x00'}}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4091}, 0x0) 5.570347266s ago: executing program 6 (id=414): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x1c}}, 0x20048800) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000002440), 0x0, 0x9) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600894f000020"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000) openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000300)={0x0, r0}, 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x10, 0x2, &(0x7f00000001c0)=ANY=[@ANYRESHEX=r3], 0x0, 0x61, 0x0, 0x0, 0x41000, 0x54, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x13, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x10001}, 0x94) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xe, 0x0, 0x0, 0x2, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xa30}, 0x94) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000002c0)='ip6_vti0\x00') r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x5a, &(0x7f0000000540)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaabb08004000004c0500000000539078ac14bbe0000001442c9a23ac1614aa0000001cfdd1f42f7ea626e826a3899f79f06c0405010102000080ff640101000000000300937fd28870fd77d6cb9200000900000000000c90780100000f0000"], 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000340)={0x0, r5}, 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x1, 0x6a, 0x0, 0x0, 0xf7ffff7e, 0x0, 0x0, 0x0, 0xe}, 0x94) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r8 = accept4(r7, 0x0, 0x0, 0x800) sendmmsg$alg(r8, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r8, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r9, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r10, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 5.481190666s ago: executing program 3 (id=415): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x4e22, @rand_addr=0x64010102}]}, &(0x7f00000001c0)=0x10) unshare(0x22020600) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum]}}, 0x0, 0x26}, 0x28) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={r1, 0x58, &(0x7f0000000040)}, 0x5) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f00000004c0)=0x8) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0xd, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb714000008"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0x0, 0x0, 0x0, 0x2000004, 0x0, 0x0, 0x1f00, 0x39, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x2, 0x200008, 0x5, 0x20000}, 0x10}, 0x94) unshare(0x20000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r2], 0x4c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000100001080000000000000000020000", @ANYRES32=0x0, @ANYBLOB="b4020000000000000800"], 0x28}}, 0x0) 5.162974101s ago: executing program 0 (id=416): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x77, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x1, 0x0, 0xe0}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000c40)="5c5eafd3ae55a73702d6befaee97f47f4be65587e1fca708cee084691e4587d887a5eaab43ac5edc4886496910cd7a153cd84b93208c7b1a625b3ea990092389b19dab4f61e30ee60a4d7e51ffc9a5", 0x4f}, {&(0x7f0000000800)="104b0b7073fbd7f77a847bdbfdf6da474f700bf113b18d16d8380f42e296b49f1326c7d0d97be798e205654b8a885df6ee57ec7b690491c55ca484b54170549c7a72b8a579005ffcb0b309dae34571b17126534a763ca881f12d750072abc05a7cb8f0e32fc3ec3ed14c3322630ae8e710fb68299cbb5accee8813185c77248ddec7b5688599f1bfccbec448bc6ce5c139c2095da22c9d7edf7bfa1392c76ab0dddf4d", 0xa3}], 0x2}}], 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000180)="17", 0x59a, 0x0, 0x0, 0xffffffffffffffa1) 4.830639608s ago: executing program 1 (id=417): syz_usb_connect(0x0, 0x5a, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000060f94d100d05020027230102030109024840020000000009047d04031d5abf0009050400005539000009050b00000000000009050200000005000009047d01013481af0009a00e00230000690009047dbe"], 0x0) socket$packet(0x11, 0x3, 0x300) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) open$dir(&(0x7f0000000180)='./file0\x00', 0x28a201, 0x10) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) 4.830333921s ago: executing program 5 (id=418): syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x4885, 0x100, 0x0, 0x1d}, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe"], 0xf0}, 0x1, 0xe}, 0x10) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @void}, 0x10) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/65, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000580)=0x1) 4.349647879s ago: executing program 0 (id=419): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x4) bind$inet6(r1, &(0x7f0000000540)={0xa, 0x4e22, 0x7, @empty, 0x200}, 0x1c) listen(r1, 0x0) listen(r0, 0x0) 4.161700545s ago: executing program 6 (id=420): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000240)='\x00', 0x1, 0x0, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000000)=0x81, 0x4) recvmmsg(r0, &(0x7f0000000840)=[{{&(0x7f0000000280)=@un=@abs, 0x80, &(0x7f0000000540)=[{&(0x7f0000000300)=""/174, 0xae}, {0x0}], 0x2, &(0x7f0000000200)=""/24, 0x18}, 0x6}, {{0x0, 0x0, 0x0}, 0xf90}], 0x2, 0x140, 0x0) 4.087741056s ago: executing program 3 (id=421): bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[], 0x48) r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[], 0x20}}, 0x0) recvmmsg(r1, &(0x7f0000002340)=[{{0x0, 0x0, 0x0}, 0xffffffe1}, {{0x0, 0x0, &(0x7f0000001700)=[{&(0x7f0000000440)=""/4096, 0x1000}, {0x0}, {&(0x7f0000001500)=""/155, 0x9b}], 0x3}, 0x9}, {{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, 0x0}, 0x6}, {{0x0, 0x0, 0x0}, 0xab}], 0x6, 0x2000, 0x0) sendmsg$key(r0, &(0x7f00000014c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000015c0)=ANY=[@ANYBLOB="020b01000700000000000000040000000500050000a000000a004e2100000003200100000000000000000000000000ea084008bf4f3ec2d137e59ea015010008000000000000d414f8462b2ed943f82a8607d37bc53847ddf890c5b106662d3a9caef9083f79ad7e8000f427e9152636c6f62ae036a48196b997a9603219bffa465585c8014db5968e20d0d9312c41e37615e9ddf110d503d92ee40efbc866610e6b1196f9e09b1b79e889f7ddbb60dae0ebebe75cb53f47a77520403c0765dead70eb379055b14577b4284bb38a02b2e44d5e362ee0e18a8b"], 0x38}}, 0x11) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[], 0x64}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x4c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_SEQ_ADJ_REPLY={0x14, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x1ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x2}]}, @CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x0) r2 = gettid() r3 = socket(0x10, 0x803, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000180)={'vxcan1\x00', 0x0}) bind$can_raw(r4, &(0x7f0000000200)={0x1d, r5}, 0x10) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="4c00000010000304f9fffffffedbdf2500007400", @ANYRES32=r5, @ANYBLOB="049c01004600050008001300", @ANYRES32=r2, @ANYBLOB], 0x4c}, 0x1, 0x0, 0x0, 0x4802}, 0x8080) 4.042547988s ago: executing program 5 (id=422): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=@newtfilter={0x158, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0xe, 0x7}, {}, {0x1001d, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x128, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x54, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5}]}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x44, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0xfffffffffffffe09}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xa}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x38d}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x80000000}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x40}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}]}]}, @TCA_FLOWER_KEY_ICMPV6_TYPE_MASK={0x5}, @TCA_FLOWER_KEY_ENC_OPTS_MASK={0xa4, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xa0}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x2c}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x0, 0x1, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x10}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0xfe}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x2c, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x5}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x46}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x1}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}, @TCA_FLOWER_KEY_ARP_THA={0xa, 0x41, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x37}}, @TCA_FLOWER_KEY_TCP_SRC={0x6}, @TCA_FLOWER_KEY_ICMPV6_CODE_MASK]}}]}, 0x158}, 0x1, 0x0, 0x0, 0x80}, 0x0) 3.494367562s ago: executing program 0 (id=423): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0x503, 0x0, 0x0, {}, [{0x8, 0x1, 0x2}]}, 0x20}}, 0x0) 2.854975341s ago: executing program 6 (id=424): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), r0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000010c0)={'wpan0\x00'}) sendmsg$NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x4040001}, 0x810) 2.370403431s ago: executing program 3 (id=425): setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) 2.232500974s ago: executing program 5 (id=426): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000010000004000000040"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580), &(0x7f00000004c0), 0x1000, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 2.03066964s ago: executing program 0 (id=427): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x15, 0x3, 'lc\x00', 0x1, 0x4, 0x8}, 0x2c) sendmsg$sock(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 1.893878583s ago: executing program 1 (id=428): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000240), r0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x15, 0x301, 0x1, 0x0, {0xa}}, 0x14}}, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) 1.84267578s ago: executing program 6 (id=429): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x77, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x1, 0x0, 0xe0}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000c40)="5c5eafd3ae55a73702d6befaee97f47f4be65587e1fca708cee084691e4587d887a5eaab43ac5edc4886496910cd7a153cd84b93208c7b1a625b3ea990092389b19dab4f61e30ee60a4d7e51ffc9a5", 0x4f}, {&(0x7f0000000800)="104b0b7073fbd7f77a847bdbfdf6da474f700bf113b18d16d8380f42e296b49f1326c7d0d97be798e205654b8a885df6ee57ec7b690491c55ca484b54170549c7a72b8a579005ffcb0b309dae34571b17126534a763ca881f12d750072abc05a7cb8f0e32fc3ec3ed14c3322630ae8e710fb68299cbb5accee8813185c77248ddec7b5688599f1bfccbec448bc6ce5c139c2095da22c9d7edf7bfa1392c76ab0dddf4d", 0xa3}, {0x0}], 0x3}}], 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000180)="17", 0x59a, 0x0, 0x0, 0xffffffffffffffa1) 1.558923797s ago: executing program 3 (id=430): unshare(0x20000400) r0 = socket(0x2a, 0x2, 0x0) bind$tipc(r0, 0x0, 0x0) 1.188653675s ago: executing program 0 (id=431): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) 965.914158ms ago: executing program 6 (id=432): syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x4885, 0x100, 0x0, 0x1d}, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe"], 0xf0}, 0x1, 0xe}, 0x10) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @void}, 0x10) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/65, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000580)=0x1) 963.08356ms ago: executing program 1 (id=433): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x4) bind$inet6(r1, &(0x7f0000000540)={0xa, 0x4e22, 0x7, @empty, 0x200}, 0x1c) listen(r1, 0x0) listen(r0, 0x0) 734.544292ms ago: executing program 3 (id=434): setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback, 0x7ff}], 0x2c) sendto$inet6(0xffffffffffffffff, &(0x7f0000000240)='\x00', 0x1, 0x0, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f0000000000)=0x81, 0x4) recvmmsg(0xffffffffffffffff, &(0x7f0000000840)=[{{&(0x7f0000000280)=@un=@abs, 0x80, &(0x7f0000000540)=[{&(0x7f0000000300)=""/174, 0xae}, {0x0}], 0x2, &(0x7f0000000200)=""/24, 0x18}, 0x6}, {{0x0, 0x0, 0x0}, 0xf90}], 0x2, 0x140, 0x0) 510.365796ms ago: executing program 5 (id=435): bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[], 0x48) r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[], 0x20}}, 0x0) recvmmsg(r1, &(0x7f0000002340)=[{{0x0, 0x0, 0x0}, 0xffffffe1}, {{0x0, 0x0, &(0x7f0000001700)=[{&(0x7f0000000440)=""/4096, 0x1000}, {0x0}, {&(0x7f0000001500)=""/155, 0x9b}], 0x3}, 0x9}, {{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, 0x0}, 0x6}, {{0x0, 0x0, 0x0}, 0xab}], 0x6, 0x2000, 0x0) sendmsg$key(r0, &(0x7f00000014c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000015c0)=ANY=[@ANYBLOB="020b01000700000000000000040000000500050000a000000a004e2100000003200100000000000000000000000000ea084008bf4f3ec2d137e59ea015010008000000000000d414f8462b2ed943f82a8607d37bc53847ddf890c5b106662d3a9caef9083f79ad7e8000f427e9152636c6f62ae036a48196b997a9603219bffa465585c8014db5968e20d0d9312c41e37615e9ddf110d503d92ee40efbc866610e6b1196f9e09b1b79e889f7ddbb60dae0ebebe75cb53f47a77520403c0765dead70eb379055b14577b4284bb38a02b2e44d5e362ee0e18a8b"], 0x38}}, 0x11) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[], 0x64}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x4c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_SEQ_ADJ_REPLY={0x14, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x1ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x2}]}, @CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x0) r2 = gettid() r3 = socket(0x10, 0x803, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000180)={'vxcan1\x00', 0x0}) bind$can_raw(r4, &(0x7f0000000200)={0x1d, r5}, 0x10) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="4c00000010000304f9fffffffedbdf2500007400", @ANYRES32=r5, @ANYBLOB="049c01004600050008001300", @ANYRES32=r2, @ANYBLOB], 0x4c}, 0x1, 0x0, 0x0, 0x4802}, 0x8080) 391.078742ms ago: executing program 0 (id=436): setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$kcm(0x29, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[], 0x0}, 0x94) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[], 0x24}, 0x1, 0x5502000000000000}, 0x4000) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r1, 0x0, 0xd2, &(0x7f0000000000)={@remote, @multicast1, 0x4, "d30f388c52647612d91de4353d68b0fa00", 0x0, 0x0, 0x4000000, 0x8}, 0x3c) setsockopt$MRT_ADD_MFC(r1, 0x0, 0xcc, &(0x7f0000000280)={@broadcast, @multicast1, 0x0, "7ea97ddb2ac127ffa5b7216fe75ebaa2855a422a8bf8ec7caf003751804500", 0x0, 0x0, 0x4, 0xfffffffe}, 0x3c) setsockopt$MRT_ADD_MFC(r1, 0x0, 0xcc, &(0x7f0000000200)={@empty, @private, 0x0, "606b177019716ea6ff1f4d7ed79c31e2e0f1da00000000230000002000", 0x1, 0x0, 0x3}, 0x3c) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), 0xffffffffffffffff) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) setsockopt$inet_mreq(r2, 0x0, 0x23, 0x0, 0x0) setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe000031f, 0x0, "ff00000058b274e6d845167fefe428970548fc3c7b00000000000000fcff00", 0xb2, 0xb, 0x6, 0x6}, 0x3c) setsockopt$MRT_FLUSH(r1, 0x0, 0xd4, &(0x7f00000003c0)=0xa, 0x4) 197.744354ms ago: executing program 1 (id=437): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{}, 0x0, 0x0}, 0x20) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000fdffffff0000000000000000850000002c00000095"], &(0x7f0000000040)='GPL\x00', 0x5}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002740)={r1, r2, 0x25, 0x0, @val=@iter={0x0}}, 0x20) syz_emit_ethernet(0xfdef, &(0x7f0000000240)=ANY=[], 0x0) 2.290366ms ago: executing program 3 (id=438): syz_usb_connect(0x0, 0x5a, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000060f94d100d05020027230102030109024840020000000009047d04031d5abf0009050400005539000009050b00000000000009050200000005000009047d01013481af0009a00e00230000690009047dbe"], 0x0) socket$packet(0x11, 0x3, 0x300) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) open$dir(&(0x7f0000000180)='./file0\x00', 0x28a201, 0x10) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) 0s ago: executing program 6 (id=439): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), r0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000010c0)={'wpan0\x00'}) sendmsg$NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x4040001}, 0x810) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.10.17' (ED25519) to the list of known hosts. [ 202.022118][ T5789] cgroup: Unknown subsys name 'net' [ 202.154416][ T5789] cgroup: Unknown subsys name 'cpuset' [ 202.170361][ T5789] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 209.194679][ T5789] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 214.973338][ T5806] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 214.982543][ T5806] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 214.991587][ T5806] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 215.013908][ T5806] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 215.021958][ T5806] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 215.028152][ T5813] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 215.031945][ T5806] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 215.039390][ T5813] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 215.044869][ T5806] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 215.059515][ T5806] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 215.073305][ T5816] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 215.092560][ T5816] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 215.093028][ T5810] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 215.110757][ T5816] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 215.122464][ T5105] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 215.198213][ T49] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 215.206389][ T5811] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 215.224939][ T49] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 215.226130][ T5811] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 215.244273][ T49] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 215.245416][ T5811] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 215.267054][ T49] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 215.278849][ T5811] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 215.289026][ T49] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 215.304122][ T49] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 217.031288][ T5808] chnl_net:caif_netlink_parms(): no params data found [ 217.113826][ T49] Bluetooth: hci0: command tx timeout [ 217.194143][ T49] Bluetooth: hci2: command tx timeout [ 217.199800][ T49] Bluetooth: hci1: command tx timeout [ 217.277824][ T5805] chnl_net:caif_netlink_parms(): no params data found [ 217.379364][ T5812] chnl_net:caif_netlink_parms(): no params data found [ 217.444331][ T49] Bluetooth: hci3: command tx timeout [ 217.538557][ T49] Bluetooth: hci4: command tx timeout [ 217.734379][ T5817] chnl_net:caif_netlink_parms(): no params data found [ 218.473860][ T5818] chnl_net:caif_netlink_parms(): no params data found [ 218.498308][ T5808] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.505987][ T5808] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.513863][ T5808] bridge_slave_0: entered allmulticast mode [ 218.524379][ T5808] bridge_slave_0: entered promiscuous mode [ 218.727801][ T5808] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.736264][ T5808] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.744208][ T5808] bridge_slave_1: entered allmulticast mode [ 218.754588][ T5808] bridge_slave_1: entered promiscuous mode [ 218.820378][ T5812] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.829108][ T5812] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.837150][ T5812] bridge_slave_0: entered allmulticast mode [ 218.847424][ T5812] bridge_slave_0: entered promiscuous mode [ 218.885826][ T5805] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.894394][ T5805] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.902087][ T5805] bridge_slave_0: entered allmulticast mode [ 218.915311][ T5805] bridge_slave_0: entered promiscuous mode [ 218.998572][ T5808] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.009393][ T5812] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.017315][ T5812] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.025167][ T5812] bridge_slave_1: entered allmulticast mode [ 219.035056][ T5812] bridge_slave_1: entered promiscuous mode [ 219.059620][ T5808] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.120922][ T5805] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.128946][ T5805] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.136988][ T5805] bridge_slave_1: entered allmulticast mode [ 219.147077][ T5805] bridge_slave_1: entered promiscuous mode [ 219.221784][ T49] Bluetooth: hci0: command tx timeout [ 219.291580][ T49] Bluetooth: hci1: command tx timeout [ 219.298230][ T49] Bluetooth: hci2: command tx timeout [ 219.518329][ T5816] Bluetooth: hci3: command tx timeout [ 219.525338][ T5808] team0: Port device team_slave_0 added [ 219.593253][ T5816] Bluetooth: hci4: command tx timeout [ 219.686068][ T5808] team0: Port device team_slave_1 added [ 219.718327][ T5812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.728785][ T5817] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.738620][ T5817] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.746487][ T5817] bridge_slave_0: entered allmulticast mode [ 219.758332][ T5817] bridge_slave_0: entered promiscuous mode [ 219.781984][ T5805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.840849][ T5812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.895436][ T5817] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.903287][ T5817] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.910826][ T5817] bridge_slave_1: entered allmulticast mode [ 219.920195][ T5817] bridge_slave_1: entered promiscuous mode [ 219.980405][ T5805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 220.034474][ T5808] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 220.041634][ T5808] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 220.068129][ T5808] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 220.087947][ T5808] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 220.095264][ T5808] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 220.122009][ T5808] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 220.353757][ T5818] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.361377][ T5818] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.369453][ T5818] bridge_slave_0: entered allmulticast mode [ 220.379212][ T5818] bridge_slave_0: entered promiscuous mode [ 220.436985][ T5812] team0: Port device team_slave_0 added [ 220.463861][ T5817] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 220.478395][ T5818] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.486689][ T5818] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.494565][ T5818] bridge_slave_1: entered allmulticast mode [ 220.504689][ T5818] bridge_slave_1: entered promiscuous mode [ 220.524180][ T5805] team0: Port device team_slave_0 added [ 220.546918][ T5805] team0: Port device team_slave_1 added [ 220.565346][ T5812] team0: Port device team_slave_1 added [ 220.631573][ T5817] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 220.888515][ T5817] team0: Port device team_slave_0 added [ 221.027064][ T5808] hsr_slave_0: entered promiscuous mode [ 221.037914][ T5808] hsr_slave_1: entered promiscuous mode [ 221.057737][ T5817] team0: Port device team_slave_1 added [ 221.067425][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 221.074943][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.101618][ T5805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 221.126927][ T5818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 221.139071][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 221.146649][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.173335][ T5812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 221.191629][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 221.199057][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.225513][ T5812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 221.273192][ T5816] Bluetooth: hci0: command tx timeout [ 221.274669][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 221.285998][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.312427][ T5805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 221.356201][ T5816] Bluetooth: hci2: command tx timeout [ 221.356704][ T5818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 221.361831][ T5816] Bluetooth: hci1: command tx timeout [ 221.504061][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 221.511332][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.538575][ T5817] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 221.628058][ T5816] Bluetooth: hci3: command tx timeout [ 221.666677][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 221.674269][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.683340][ T5816] Bluetooth: hci4: command tx timeout [ 221.701035][ T5817] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 221.773207][ T5818] team0: Port device team_slave_0 added [ 221.921617][ T5818] team0: Port device team_slave_1 added [ 222.056603][ T5805] hsr_slave_0: entered promiscuous mode [ 222.067668][ T5805] hsr_slave_1: entered promiscuous mode [ 222.077037][ T5805] debugfs: 'hsr0' already exists in 'hsr' [ 222.083247][ T5805] Cannot create hsr debugfs directory [ 222.107333][ T5812] hsr_slave_0: entered promiscuous mode [ 222.116551][ T5812] hsr_slave_1: entered promiscuous mode [ 222.125671][ T5812] debugfs: 'hsr0' already exists in 'hsr' [ 222.131692][ T5812] Cannot create hsr debugfs directory [ 222.412742][ T5817] hsr_slave_0: entered promiscuous mode [ 222.423736][ T5817] hsr_slave_1: entered promiscuous mode [ 222.432649][ T5817] debugfs: 'hsr0' already exists in 'hsr' [ 222.438701][ T5817] Cannot create hsr debugfs directory [ 222.490125][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 222.497398][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 222.524664][ T5818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 222.672123][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 222.679423][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 222.705950][ T5818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 223.353455][ T5816] Bluetooth: hci0: command tx timeout [ 223.452344][ T5816] Bluetooth: hci1: command tx timeout [ 223.458227][ T5816] Bluetooth: hci2: command tx timeout [ 223.573187][ T5818] hsr_slave_0: entered promiscuous mode [ 223.583345][ T5818] hsr_slave_1: entered promiscuous mode [ 223.591377][ T5818] debugfs: 'hsr0' already exists in 'hsr' [ 223.597520][ T5818] Cannot create hsr debugfs directory [ 223.674418][ T49] Bluetooth: hci3: command tx timeout [ 223.763243][ T49] Bluetooth: hci4: command tx timeout [ 224.090116][ T5808] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 224.226804][ T5808] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 224.292636][ T5808] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 224.357295][ T5808] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 224.470031][ T5812] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 224.598686][ T5812] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 224.653122][ T5812] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 224.679057][ T5812] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 224.967720][ T5805] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 225.044184][ T5805] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 225.118118][ T5805] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 225.178449][ T5805] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 225.274056][ T5817] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 225.427523][ T5817] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 225.461910][ T5817] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 225.496373][ T5817] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 225.522622][ T5818] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 225.604373][ T5818] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 225.691358][ T5818] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 225.774734][ T5818] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 226.388357][ T5808] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.534626][ T5812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.629516][ T5808] 8021q: adding VLAN 0 to HW filter on device team0 [ 226.798183][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.806029][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 226.867879][ T5812] 8021q: adding VLAN 0 to HW filter on device team0 [ 226.888127][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.895857][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 226.944349][ T5805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 227.005589][ T5817] 8021q: adding VLAN 0 to HW filter on device bond0 [ 227.021792][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.029496][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 227.048185][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.055884][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.217128][ T5805] 8021q: adding VLAN 0 to HW filter on device team0 [ 227.337698][ T1795] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.345380][ T1795] bridge0: port 1(bridge_slave_0) entered forwarding state [ 227.399112][ T5817] 8021q: adding VLAN 0 to HW filter on device team0 [ 227.584306][ T1795] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.592070][ T1795] bridge0: port 1(bridge_slave_0) entered forwarding state [ 227.609594][ T1795] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.617530][ T1795] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.756074][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.763922][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.794940][ T5818] 8021q: adding VLAN 0 to HW filter on device bond0 [ 227.987585][ T5812] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 228.042249][ T5818] 8021q: adding VLAN 0 to HW filter on device team0 [ 228.309208][ T5805] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 228.322359][ T5805] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 228.350239][ T5817] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 228.362277][ T5817] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 228.418832][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.427829][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 228.454251][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.462091][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 230.394436][ T5812] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 230.513710][ T5808] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 230.662228][ T5817] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 230.743445][ T5805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 231.256720][ T5808] veth0_vlan: entered promiscuous mode [ 231.400033][ T5805] veth0_vlan: entered promiscuous mode [ 231.437646][ T5808] veth1_vlan: entered promiscuous mode [ 231.497775][ T5817] veth0_vlan: entered promiscuous mode [ 231.542185][ T5818] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 231.619769][ T5805] veth1_vlan: entered promiscuous mode [ 231.709383][ T5817] veth1_vlan: entered promiscuous mode [ 231.977801][ T5808] veth0_macvtap: entered promiscuous mode [ 232.098586][ T5808] veth1_macvtap: entered promiscuous mode [ 232.119653][ T5805] veth0_macvtap: entered promiscuous mode [ 232.184147][ T5818] veth0_vlan: entered promiscuous mode [ 232.276224][ T5805] veth1_macvtap: entered promiscuous mode [ 232.364377][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 232.377028][ T5817] veth0_macvtap: entered promiscuous mode [ 232.414833][ T5818] veth1_vlan: entered promiscuous mode [ 232.458449][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 232.534509][ T5817] veth1_macvtap: entered promiscuous mode [ 232.610512][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 232.677819][ T58] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.736335][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 232.788573][ T4220] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.875971][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 232.914700][ T4220] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.992242][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.027004][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 233.096102][ T5818] veth0_macvtap: entered promiscuous mode [ 233.109661][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.162156][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.227201][ T5818] veth1_macvtap: entered promiscuous mode [ 233.244896][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.305707][ T1788] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.370311][ T1788] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.405689][ T1788] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.485079][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 233.548058][ T1788] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.604608][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 233.654979][ T1788] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.709541][ T35] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.767916][ T35] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.829846][ T35] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.924567][ T35] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.349414][ T5812] veth0_vlan: entered promiscuous mode [ 234.537071][ T5812] veth1_vlan: entered promiscuous mode [ 234.903415][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 234.910150][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 235.051036][ T5812] veth0_macvtap: entered promiscuous mode [ 235.154222][ T5812] veth1_macvtap: entered promiscuous mode [ 235.397393][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 235.482249][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 235.675052][ T3643] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.743258][ T3643] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.752433][ T3643] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.867690][ T3643] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.255085][ T1788] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 241.264612][ T1788] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.596119][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 241.605046][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.637086][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 241.645348][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.726227][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 241.734400][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.880683][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 241.892555][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 242.045267][ T5808] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 242.120344][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 242.128700][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 242.442453][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 242.452007][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 242.579529][ T1788] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 242.588078][ T1788] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 242.800618][ T5994] genirq: Flags mismatch irq 31. 00200000 (comedi_parport) vs. 00200000 (virtio1-input.0) [ 243.016722][ T5994] IPVS: Error joining to the multicast group [ 243.730720][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 243.833970][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 244.345266][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 244.858169][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 245.445649][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 245.454166][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 246.197369][ T4069] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 246.206338][ T4069] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 246.702551][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 247.111796][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 247.213764][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 247.361444][ T49] Bluetooth: hci3: unexpected subevent 0x0c length: 30 > 5 [ 247.931330][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 248.134980][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 248.401494][ T6007] loop4: detected capacity change from 0 to 512 [ 248.445665][ T6007] EXT4-fs: Ignoring removed nobh option [ 248.568223][ T6007] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 248.812564][ T6007] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.5: iget: bad i_size value: 38620345925642 [ 248.876034][ T6007] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.5: couldn't read orphan inode 15 (err -117) [ 248.935371][ T6007] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 249.263108][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 249.275618][ T6009] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 249.468063][ T6011] ======================================================= [ 249.468063][ T6011] WARNING: The mand mount option has been deprecated and [ 249.468063][ T6011] and is ignored by this kernel. Remove the mand [ 249.468063][ T6011] option from the mount to silence this warning. [ 249.468063][ T6011] ======================================================= [ 250.013970][ T6015] Zero length message leads to an empty skb [ 250.074015][ T6015] loop1: detected capacity change from 0 to 256 [ 250.153358][ T5812] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 250.187272][ T6015] exfat: Deprecated parameter 'namecase' [ 250.443430][ T6015] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 250.933860][ T49] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 254.973801][ T6028] loop1: detected capacity change from 0 to 64 [ 255.942798][ T6032] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 261.264140][ T6050] warning: `syz.3.20' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 262.156732][ T5816] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 262.184892][ T5816] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 262.197489][ T5816] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 262.232414][ T5816] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 262.249970][ T5816] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 263.569940][ T6063] loop1: detected capacity change from 0 to 2048 [ 264.404572][ T49] Bluetooth: hci5: command tx timeout [ 264.800947][ T6054] chnl_net:caif_netlink_parms(): no params data found [ 266.251813][ T6081] loop3: detected capacity change from 0 to 4096 [ 266.473900][ T49] Bluetooth: hci5: command tx timeout [ 267.481682][ T6054] bridge0: port 1(bridge_slave_0) entered blocking state [ 267.498062][ T6054] bridge0: port 1(bridge_slave_0) entered disabled state [ 267.506255][ T6054] bridge_slave_0: entered allmulticast mode [ 267.520118][ T6054] bridge_slave_0: entered promiscuous mode [ 267.689179][ T6054] bridge0: port 2(bridge_slave_1) entered blocking state [ 267.703839][ T6054] bridge0: port 2(bridge_slave_1) entered disabled state [ 267.711655][ T6054] bridge_slave_1: entered allmulticast mode [ 267.722196][ T6054] bridge_slave_1: entered promiscuous mode [ 268.294052][ T6096] pim6reg1: entered promiscuous mode [ 268.299625][ T6096] pim6reg1: entered allmulticast mode [ 268.343629][ T5816] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 268.389421][ T5816] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 268.425992][ T5816] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 268.460372][ T5816] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 268.506246][ T5816] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 268.554688][ T49] Bluetooth: hci5: command tx timeout [ 268.598306][ T6054] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 268.795257][ T6054] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 269.665731][ T6054] team0: Port device team_slave_0 added [ 270.161931][ T6054] team0: Port device team_slave_1 added [ 270.553279][ T49] Bluetooth: hci6: command tx timeout [ 270.633949][ T49] Bluetooth: hci5: command tx timeout [ 271.007795][ T6054] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 271.016640][ T6054] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 271.043980][ T6054] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 271.263033][ T6054] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 271.270208][ T6054] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 271.301625][ T6054] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 272.489276][ T6099] chnl_net:caif_netlink_parms(): no params data found [ 272.553606][ T6054] hsr_slave_0: entered promiscuous mode [ 272.564921][ T6054] hsr_slave_1: entered promiscuous mode [ 272.574395][ T6054] debugfs: 'hsr0' already exists in 'hsr' [ 272.580327][ T6054] Cannot create hsr debugfs directory [ 272.653798][ T49] Bluetooth: hci6: command tx timeout [ 273.166806][ T6128] loop3: detected capacity change from 0 to 4096 [ 273.908012][ T6134] syzkaller0: refused to change device tx_queue_len [ 274.723267][ T49] Bluetooth: hci6: command tx timeout [ 274.807314][ T6054] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 275.044208][ T6054] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 275.190350][ T6054] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 275.585267][ T6054] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 276.296136][ T6142] loop0: detected capacity change from 0 to 2048 [ 276.348897][ T6099] bridge0: port 1(bridge_slave_0) entered blocking state [ 276.356775][ T6099] bridge0: port 1(bridge_slave_0) entered disabled state [ 276.365469][ T6099] bridge_slave_0: entered allmulticast mode [ 276.376471][ T6099] bridge_slave_0: entered promiscuous mode [ 276.407903][ T6142] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=18576, location=18576 [ 276.588066][ T6142] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 276.591576][ T6099] bridge0: port 2(bridge_slave_1) entered blocking state [ 276.610975][ T6099] bridge0: port 2(bridge_slave_1) entered disabled state [ 276.619190][ T6099] bridge_slave_1: entered allmulticast mode [ 276.629517][ T6099] bridge_slave_1: entered promiscuous mode [ 276.794935][ T49] Bluetooth: hci6: command tx timeout [ 277.332433][ T6099] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 277.478559][ T6099] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 278.226737][ T6099] team0: Port device team_slave_0 added [ 278.323721][ T6099] team0: Port device team_slave_1 added [ 278.810499][ T6099] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 278.817884][ T6099] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 278.844619][ T6099] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 279.091981][ T6099] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 279.099420][ T6099] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 279.125954][ T6099] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 279.418964][ T6054] 8021q: adding VLAN 0 to HW filter on device bond0 [ 279.491608][ T1788] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.795146][ T1788] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.221293][ T1788] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.463718][ T6099] hsr_slave_0: entered promiscuous mode [ 280.475051][ T6099] hsr_slave_1: entered promiscuous mode [ 280.484540][ T6099] debugfs: 'hsr0' already exists in 'hsr' [ 280.495950][ T6099] Cannot create hsr debugfs directory [ 280.664443][ T1788] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.009121][ T6054] 8021q: adding VLAN 0 to HW filter on device team0 [ 281.021810][ T6166] loop3: detected capacity change from 0 to 4096 [ 281.154863][ T4247] bridge0: port 1(bridge_slave_0) entered blocking state [ 281.162675][ T4247] bridge0: port 1(bridge_slave_0) entered forwarding state [ 281.473758][ T4247] bridge0: port 2(bridge_slave_1) entered blocking state [ 281.481278][ T4247] bridge0: port 2(bridge_slave_1) entered forwarding state [ 282.167850][ T1788] bridge_slave_1: left allmulticast mode [ 282.174364][ T1788] bridge_slave_1: left promiscuous mode [ 282.181196][ T1788] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.349519][ T1788] bridge_slave_0: left allmulticast mode [ 282.355927][ T1788] bridge_slave_0: left promiscuous mode [ 282.362672][ T1788] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.571677][ T6174] loop1: detected capacity change from 0 to 2048 [ 282.803939][ T6174] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=18576, location=18576 [ 282.908687][ T6174] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 283.268223][ T1788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 283.340399][ T1788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 283.356498][ T1788] bond0 (unregistering): Released all slaves [ 284.640265][ T1788] hsr_slave_0: left promiscuous mode [ 284.714773][ T1788] hsr_slave_1: left promiscuous mode [ 284.725168][ T1788] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 284.732792][ T1788] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 284.865428][ T1788] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 284.873285][ T1788] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 285.113647][ T1788] veth1_macvtap: left promiscuous mode [ 285.119667][ T1788] veth0_macvtap: left promiscuous mode [ 285.125941][ T1788] veth1_vlan: left promiscuous mode [ 285.131566][ T1788] veth0_vlan: left promiscuous mode [ 286.570979][ T1788] team0 (unregistering): Port device team_slave_1 removed [ 288.138075][ T1788] team0 (unregistering): Port device team_slave_0 removed [ 289.237193][ T6217] loop3: detected capacity change from 0 to 2048 [ 289.308932][ T6217] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=18576, location=18576 [ 290.161528][ T6217] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 290.580975][ T6099] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 290.727461][ T6099] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 290.898358][ T6099] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 291.020759][ T6099] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 291.671306][ T6054] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 293.196497][ T6099] 8021q: adding VLAN 0 to HW filter on device bond0 [ 293.429093][ T6099] 8021q: adding VLAN 0 to HW filter on device team0 [ 293.571463][ T4220] bridge0: port 1(bridge_slave_0) entered blocking state [ 293.579616][ T4220] bridge0: port 1(bridge_slave_0) entered forwarding state [ 293.752430][ T4220] bridge0: port 2(bridge_slave_1) entered blocking state [ 293.760197][ T4220] bridge0: port 2(bridge_slave_1) entered forwarding state [ 296.366530][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 296.373839][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 296.948864][ T6266] loop3: detected capacity change from 0 to 2048 [ 297.083789][ T6266] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=18576, location=18576 [ 297.336041][ T6266] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 297.615415][ T6054] veth0_vlan: entered promiscuous mode [ 297.818107][ T6054] veth1_vlan: entered promiscuous mode [ 298.161924][ T30] audit: type=1804 audit(1757689748.010:2): pid=6273 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.84" name="/newroot/25/file0/file1" dev="overlay" ino=150 res=1 errno=0 [ 298.527106][ T6054] veth0_macvtap: entered promiscuous mode [ 298.612487][ T6054] veth1_macvtap: entered promiscuous mode [ 298.975514][ T6054] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 299.138306][ T6054] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 299.284763][ T35] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.366113][ T35] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.440321][ T35] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.547668][ T35] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.609899][ T6099] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 301.969385][ T6315] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 304.780236][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 305.537185][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880524a4000: rx timeout, send abort [ 306.046164][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880524a4000: abort rx timeout. Force session deactivation [ 306.326340][ T6337] syz_tun: entered allmulticast mode [ 306.400923][ T6337] dvmrp8: entered allmulticast mode [ 307.156924][ T6099] veth0_vlan: entered promiscuous mode [ 307.310723][ T6099] veth1_vlan: entered promiscuous mode [ 307.586143][ T6333] syz_tun: left allmulticast mode [ 307.591905][ T6333] dvmrp8: left allmulticast mode [ 308.485908][ T6099] veth0_macvtap: entered promiscuous mode [ 308.678561][ T6099] veth1_macvtap: entered promiscuous mode [ 309.106077][ T6099] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 309.286572][ T6360] netlink: 20 bytes leftover after parsing attributes in process `syz.3.104'. [ 309.305303][ T6099] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 309.547313][ T4659] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.630832][ T4659] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.744490][ T4659] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.864251][ T4408] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.164078][ T6368] syz.0.105 uses obsolete (PF_INET,SOCK_PACKET) [ 312.147301][ T35] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.444854][ T35] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.759003][ T35] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.047152][ T35] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.153631][ T35] bridge_slave_1: left allmulticast mode [ 314.159644][ T35] bridge_slave_1: left promiscuous mode [ 314.166517][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 314.318574][ T35] bridge_slave_0: left allmulticast mode [ 314.324721][ T35] bridge_slave_0: left promiscuous mode [ 314.331398][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 314.334908][ T6413] netlink: 20 bytes leftover after parsing attributes in process `syz.0.115'. [ 315.828436][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 315.927423][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 315.978348][ T35] bond0 (unregistering): Released all slaves [ 316.348557][ T1861] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 316.356756][ T1861] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 316.802658][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 316.812492][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 317.167377][ T6433] netlink: 'syz.0.122': attribute type 4 has an invalid length. [ 317.225068][ T35] hsr_slave_0: left promiscuous mode [ 317.257083][ T35] hsr_slave_1: left promiscuous mode [ 317.267686][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 317.275587][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 317.345262][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 317.357773][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 317.461200][ T35] veth1_macvtap: left promiscuous mode [ 317.467558][ T35] veth0_macvtap: left promiscuous mode [ 317.469144][ T6438] loop1: detected capacity change from 0 to 128 [ 317.473858][ T35] veth1_vlan: left promiscuous mode [ 317.485704][ T35] veth0_vlan: left promiscuous mode [ 318.432332][ T35] team0 (unregistering): Port device team_slave_1 removed [ 318.466073][ T35] team0 (unregistering): Port device team_slave_0 removed [ 320.620262][ T6465] netlink: 'syz.3.131': attribute type 5 has an invalid length. [ 320.949030][ T6469] loop0: detected capacity change from 0 to 64 [ 322.009276][ T6478] netlink: 'syz.5.137': attribute type 4 has an invalid length. [ 322.111060][ T6482] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 322.132753][ T6482] QAT: failed to copy from user. [ 324.509777][ T5805] hfs: walked past end of dir [ 324.689444][ T6494] netlink: 'syz.3.142': attribute type 1 has an invalid length. [ 324.941930][ T6494] 8021q: adding VLAN 0 to HW filter on device bond1 [ 325.041767][ T6500] bond1: (slave geneve2): making interface the new active one [ 325.058621][ T6500] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 325.375534][ T14] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 325.383908][ T14] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 325.767839][ T1788] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 325.776426][ T1788] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 326.248213][ T6512] tipc: Started in network mode [ 326.253826][ T6512] tipc: Node identity 52af69363ab4, cluster identity 4711 [ 326.261954][ T6512] tipc: Enabled bearer , priority 0 [ 326.312756][ T6513] syzkaller0: entered promiscuous mode [ 326.318709][ T6513] syzkaller0: entered allmulticast mode [ 326.382448][ T6512] tipc: Resetting bearer [ 326.405356][ T6511] tipc: Resetting bearer [ 326.443311][ T6511] tipc: Disabling bearer [ 326.847496][ T6520] netlink: 'syz.0.150': attribute type 4 has an invalid length. [ 327.426028][ T6524] loop3: detected capacity change from 0 to 64 [ 328.490142][ T5816] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 328.584129][ T6533] QAT: failed to copy from user. [ 328.611408][ T5816] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 328.690450][ T5816] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 328.779832][ T5816] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 328.836764][ T5816] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 329.985298][ T11] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 330.367661][ T11] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 330.379313][ T11] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 330.389888][ T11] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 330.399504][ T11] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.821829][ T6538] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 330.971617][ T11] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 331.030926][ T5817] hfs: walked past end of dir [ 331.070377][ T5816] Bluetooth: hci2: command tx timeout [ 331.364823][ T11] usb 2-1: USB disconnect, device number 2 [ 331.833188][ T6550] syz.3.160 (6550) used obsolete PPPIOCDETACH ioctl [ 332.125210][ T6530] chnl_net:caif_netlink_parms(): no params data found [ 332.288744][ T6178] udevd[6178]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 333.127236][ T5816] Bluetooth: hci2: command tx timeout [ 333.725251][ T6570] tipc: Started in network mode [ 333.730467][ T6570] tipc: Node identity c2a39ce9e1e6, cluster identity 4711 [ 333.743168][ T6570] tipc: Enabled bearer , priority 0 [ 333.933497][ T6573] syzkaller0: entered promiscuous mode [ 333.939359][ T6573] syzkaller0: entered allmulticast mode [ 334.092060][ T6576] loop1: detected capacity change from 0 to 64 [ 334.131835][ T12] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.218066][ T6577] tipc: Resetting bearer [ 334.280657][ T6569] tipc: Resetting bearer [ 334.331941][ T6569] tipc: Disabling bearer [ 334.538466][ T12] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.989271][ T12] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.225940][ T5816] Bluetooth: hci2: command tx timeout [ 335.291849][ T6584] QAT: failed to copy from user. [ 336.379957][ T5869] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 336.423598][ T12] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.756286][ T5869] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 336.767955][ T5869] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 336.778398][ T5869] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 336.787845][ T5869] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.129758][ T6589] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 337.202308][ T6530] bridge0: port 1(bridge_slave_0) entered blocking state [ 337.210509][ T6530] bridge0: port 1(bridge_slave_0) entered disabled state [ 337.219572][ T6530] bridge_slave_0: entered allmulticast mode [ 337.235808][ T6530] bridge_slave_0: entered promiscuous mode [ 337.332270][ T5816] Bluetooth: hci2: command tx timeout [ 337.374671][ T5869] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 337.710026][ T6530] bridge0: port 2(bridge_slave_1) entered blocking state [ 337.717867][ T6530] bridge0: port 2(bridge_slave_1) entered disabled state [ 337.725933][ T6530] bridge_slave_1: entered allmulticast mode [ 337.738769][ T5808] hfs: walked past end of dir [ 337.740484][ T6530] bridge_slave_1: entered promiscuous mode [ 337.811674][ T12] bridge_slave_1: left allmulticast mode [ 337.818085][ T12] bridge_slave_1: left promiscuous mode [ 337.825136][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 337.958488][ T12] bridge_slave_0: left allmulticast mode [ 337.964639][ T12] bridge_slave_0: left promiscuous mode [ 337.971448][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 338.025622][ T5869] usb 6-1: USB disconnect, device number 2 [ 338.918838][ T6539] udevd[6539]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 339.353846][ T5105] Bluetooth: hci0: command 0x0406 tx timeout [ 339.360134][ T5105] Bluetooth: hci1: command 0x0406 tx timeout [ 339.363233][ T5811] Bluetooth: hci3: command 0x0406 tx timeout [ 339.424813][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 339.504766][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 339.541886][ T12] bond0 (unregistering): Released all slaves [ 340.217291][ T6530] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 340.475866][ T6530] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 340.718260][ T6621] loop0: detected capacity change from 0 to 64 [ 341.220194][ T12] hsr_slave_0: left promiscuous mode [ 341.275123][ T12] hsr_slave_1: left promiscuous mode [ 341.284798][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 341.292402][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 341.392141][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 341.400159][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 341.562989][ T12] veth1_macvtap: left promiscuous mode [ 341.569398][ T12] veth0_macvtap: left promiscuous mode [ 341.575842][ T12] veth1_vlan: left promiscuous mode [ 341.581434][ T12] veth0_vlan: left promiscuous mode [ 342.153879][ T6630] QAT: failed to copy from user. [ 342.795376][ T5894] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 343.106231][ T5894] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 343.118096][ T5894] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 343.129584][ T5894] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 343.139152][ T5894] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 343.439240][ T6634] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 343.533098][ T5894] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 344.313151][ T5894] usb 6-1: USB disconnect, device number 3 [ 344.539060][ T5805] hfs: walked past end of dir [ 345.219516][ T12] team0 (unregistering): Port device team_slave_1 removed [ 345.351033][ T12] team0 (unregistering): Port device team_slave_0 removed [ 345.746459][ T6530] team0: Port device team_slave_0 added [ 345.893223][ T6530] team0: Port device team_slave_1 added [ 346.180283][ T6530] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 346.187722][ T6530] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 346.214403][ T6530] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 346.415185][ T6530] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 346.422715][ T6530] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 346.452088][ T6530] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 346.791989][ T6655] overlayfs: failed to resolve './file2': -2 [ 347.067118][ T6661] syz_tun: entered allmulticast mode [ 347.109037][ T6530] hsr_slave_0: entered promiscuous mode [ 347.120066][ T6530] hsr_slave_1: entered promiscuous mode [ 347.129974][ T6530] debugfs: 'hsr0' already exists in 'hsr' [ 347.136239][ T6530] Cannot create hsr debugfs directory [ 347.180475][ T6660] dvmrp8: entered allmulticast mode [ 347.266044][ T6658] syz_tun: left allmulticast mode [ 347.271762][ T6658] dvmrp8: left allmulticast mode [ 347.556324][ T6664] loop0: detected capacity change from 0 to 64 [ 348.718096][ T6674] QAT: failed to copy from user. [ 349.809468][ T6681] netlink: 'syz.3.208': attribute type 29 has an invalid length. [ 349.941888][ T6683] netlink: 'syz.3.208': attribute type 29 has an invalid length. [ 351.147440][ T5805] hfs: walked past end of dir [ 351.288754][ T6691] overlayfs: failed to resolve './file2': -2 [ 352.591610][ T6530] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 352.687295][ T6530] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 352.804880][ T6530] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 352.915032][ T6530] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 353.367400][ T6714] netlink: 'syz.5.221': attribute type 29 has an invalid length. [ 353.435603][ T6716] netlink: 'syz.5.221': attribute type 29 has an invalid length. [ 353.888315][ T6720] loop1: detected capacity change from 0 to 64 [ 354.266427][ T6530] 8021q: adding VLAN 0 to HW filter on device bond0 [ 354.721101][ T6530] 8021q: adding VLAN 0 to HW filter on device team0 [ 354.849539][ T4069] bridge0: port 1(bridge_slave_0) entered blocking state [ 354.857309][ T4069] bridge0: port 1(bridge_slave_0) entered forwarding state [ 355.020811][ T6729] QAT: failed to copy from user. [ 355.929268][ T4069] bridge0: port 2(bridge_slave_1) entered blocking state [ 355.937051][ T4069] bridge0: port 2(bridge_slave_1) entered forwarding state [ 356.747000][ T6530] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 356.758451][ T6530] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 357.450085][ T5808] hfs: walked past end of dir [ 357.822200][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 357.832035][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 359.750229][ T6530] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 361.936955][ T6803] loop3: detected capacity change from 0 to 128 [ 362.014576][ T6803] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 362.171964][ T6805] overlayfs: failed to resolve './file2': -2 [ 362.454198][ T6808] Driver unsupported XDP return value 0 on prog (id 24) dev N/A, expect packet loss! [ 363.362026][ T6530] veth0_vlan: entered promiscuous mode [ 363.470949][ T6530] veth1_vlan: entered promiscuous mode [ 363.875261][ T6530] veth0_macvtap: entered promiscuous mode [ 363.929834][ T6530] veth1_macvtap: entered promiscuous mode [ 364.150551][ T6530] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 364.247283][ T6530] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 364.384539][ T12] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.434751][ T12] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.484783][ T12] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.553679][ T1788] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.844626][ T6844] loop0: detected capacity change from 0 to 128 [ 365.932133][ T6844] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 367.486095][ T6863] netlink: 12 bytes leftover after parsing attributes in process `syz.3.269'. [ 368.181838][ T6877] netlink: 36 bytes leftover after parsing attributes in process `syz.0.272'. [ 369.442013][ T6893] loop0: detected capacity change from 0 to 128 [ 369.591102][ T6893] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 370.206039][ T6900] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 370.522852][ C1] hrtimer: interrupt took 300233 ns [ 370.999843][ T6910] netlink: 12 bytes leftover after parsing attributes in process `syz.0.282'. [ 371.501656][ T6915] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3266037421 (52256598736 ns) > initial count (18298455776 ns). Using initial count to start timer. [ 371.624217][ T6915] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 372.248966][ T6933] netlink: 36 bytes leftover after parsing attributes in process `syz.0.286'. [ 373.583220][ T6947] loop0: detected capacity change from 0 to 128 [ 373.735563][ T6947] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 373.905774][ T6950] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns [ 373.915201][ T6950] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 374.643919][ T4408] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 374.651984][ T4408] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 374.822107][ T6959] netlink: 12 bytes leftover after parsing attributes in process `syz.3.295'. [ 375.161066][ T4069] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 375.169448][ T4069] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 375.474667][ T6962] tipc: Started in network mode [ 375.485079][ T6962] tipc: Node identity 629499c4fdf2, cluster identity 4711 [ 375.493466][ T6962] tipc: Enabled bearer , priority 0 [ 375.589757][ T6969] syzkaller0: entered promiscuous mode [ 375.596645][ T6969] syzkaller0: entered allmulticast mode [ 375.647328][ T6967] loop3: detected capacity change from 0 to 512 [ 375.694178][ T6967] EXT4-fs: Ignoring removed nomblk_io_submit option [ 375.714575][ T6962] tipc: Resetting bearer [ 375.829443][ T6960] tipc: Resetting bearer [ 375.882350][ T6967] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.299: corrupted in-inode xattr: e_value size too large [ 375.943532][ T6960] tipc: Disabling bearer [ 375.956739][ T6967] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.299: couldn't read orphan inode 15 (err -117) [ 376.053521][ T6967] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 376.295716][ T6979] netlink: 36 bytes leftover after parsing attributes in process `syz.1.300'. [ 376.347184][ T30] audit: type=1800 audit(1757689826.180:3): pid=6967 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.299" name="file2" dev="loop3" ino=16 res=0 errno=0 [ 376.992613][ T5817] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 377.855186][ T6991] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 378.643798][ T7006] netlink: 12 bytes leftover after parsing attributes in process `syz.5.309'. [ 379.563349][ T7019] loop5: detected capacity change from 0 to 512 [ 379.607837][ T7019] EXT4-fs: Ignoring removed nomblk_io_submit option [ 379.687356][ T30] audit: type=1804 audit(1757689829.530:4): pid=7020 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.315" name="/newroot/4/file0/file1" dev="overlay" ino=46 res=1 errno=0 [ 379.810276][ T7019] EXT4-fs error (device loop5): ext4_iget_extra_inode:5104: inode #15: comm syz.5.314: corrupted in-inode xattr: e_value size too large [ 379.927242][ T7019] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.314: couldn't read orphan inode 15 (err -117) [ 379.986450][ T7019] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 380.190947][ T30] audit: type=1800 audit(1757689830.040:5): pid=7019 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.314" name="file2" dev="loop5" ino=16 res=0 errno=0 [ 380.615260][ T6054] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 380.860444][ T24] IPVS: starting estimator thread 0... [ 380.887231][ T7039] IPVS: lc: FWM 3 0x00000003 - no destination available [ 380.896918][ C1] IPVS: lc: FWM 3 0x00000003 - no destination available [ 380.963533][ T7040] IPVS: using max 192 ests per chain, 9600 per kthread [ 381.216182][ T7045] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3266037421 (52256598736 ns) > initial count (18298455776 ns). Using initial count to start timer. [ 381.226936][ T7048] netlink: 12 bytes leftover after parsing attributes in process `syz.6.324'. [ 381.317646][ T7050] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 382.331606][ T7062] netlink: 'syz.3.328': attribute type 10 has an invalid length. [ 382.378098][ T7062] bond1: (slave geneve2): Releasing active interface [ 382.424056][ T7062] bond0: (slave geneve2): Enslaving as an active interface with an up link [ 382.604188][ T30] audit: type=1804 audit(1757689832.450:6): pid=7065 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.329" name="/newroot/52/file0/file1" dev="overlay" ino=295 res=1 errno=0 [ 382.715387][ T7070] loop1: detected capacity change from 0 to 512 [ 382.767599][ T7070] EXT4-fs: Ignoring removed nomblk_io_submit option [ 382.857164][ T7070] EXT4-fs error (device loop1): ext4_iget_extra_inode:5104: inode #15: comm syz.1.331: corrupted in-inode xattr: e_value size too large [ 382.965487][ T7070] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.331: couldn't read orphan inode 15 (err -117) [ 383.036569][ T7070] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 383.182276][ T7077] netlink: 'syz.6.332': attribute type 4 has an invalid length. [ 383.275889][ T30] audit: type=1800 audit(1757689833.120:7): pid=7070 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.331" name="file2" dev="loop1" ino=16 res=0 errno=0 [ 383.576380][ C0] Unknown status report in ack skb [ 383.710481][ T5808] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 383.969628][ T7087] netlink: 12 bytes leftover after parsing attributes in process `syz.6.337'. [ 384.297441][ T7090] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3266037421 (52256598736 ns) > initial count (18298455776 ns). Using initial count to start timer. [ 384.394505][ T7090] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 384.724956][ T7096] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3266037421 (52256598736 ns) > initial count (18298455776 ns). Using initial count to start timer. [ 384.945952][ T7102] netlink: 4 bytes leftover after parsing attributes in process `syz.0.342'. [ 385.205152][ T30] audit: type=1804 audit(1757689835.050:8): pid=7104 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.344" name="/newroot/96/file0/file1" dev="overlay" ino=525 res=1 errno=0 [ 385.433465][ T5816] Bluetooth: hci5: command 0x0406 tx timeout [ 386.081381][ T7110] netdevsim netdevsim6 netdevsim0: entered allmulticast mode [ 386.102227][ T7110] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 386.269002][ T7115] loop3: detected capacity change from 0 to 512 [ 386.325303][ T7115] EXT4-fs: Ignoring removed nomblk_io_submit option [ 386.528288][ T7115] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.348: corrupted in-inode xattr: e_value size too large [ 386.585164][ T7115] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.348: couldn't read orphan inode 15 (err -117) [ 386.657710][ T7115] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 386.966542][ T30] audit: type=1800 audit(1757689836.810:9): pid=7115 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.348" name="file2" dev="loop3" ino=16 res=0 errno=0 [ 387.119474][ T7122] macsec1: entered allmulticast mode [ 387.175242][ T7124] netlink: 12 bytes leftover after parsing attributes in process `syz.1.351'. [ 387.510841][ T5817] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 388.676134][ T11] IPVS: starting estimator thread 0... [ 388.783643][ T7141] IPVS: using max 144 ests per chain, 7200 per kthread [ 389.010995][ T30] audit: type=1804 audit(1757689838.830:10): pid=7144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.358" name="/newroot/14/file0/file1" dev="overlay" ino=104 res=1 errno=0 [ 390.048084][ T7155] loop3: detected capacity change from 0 to 512 [ 390.115238][ T7155] EXT4-fs: Ignoring removed nomblk_io_submit option [ 390.199823][ T7155] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.363: corrupted in-inode xattr: e_value size too large [ 390.279380][ T7159] netlink: 12 bytes leftover after parsing attributes in process `syz.1.364'. [ 390.289307][ T7161] netlink: 'syz.6.366': attribute type 1 has an invalid length. [ 390.303892][ T7155] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.363: couldn't read orphan inode 15 (err -117) [ 390.433142][ T7161] 8021q: adding VLAN 0 to HW filter on device bond1 [ 390.465223][ T7155] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 390.735455][ T30] audit: type=1800 audit(1757689840.570:11): pid=7155 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.363" name="file2" dev="loop3" ino=16 res=0 errno=0 [ 391.222688][ T5817] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 391.227703][ T7171] netlink: 4 bytes leftover after parsing attributes in process `syz.5.369'. [ 391.766386][ T11] IPVS: starting estimator thread 0... [ 391.837328][ T7179] IPVS: lc: FWM 3 0x00000003 - no destination available [ 391.845220][ C0] IPVS: lc: FWM 3 0x00000003 - no destination available [ 391.864147][ T7180] IPVS: using max 144 ests per chain, 7200 per kthread [ 391.949295][ T30] audit: type=1804 audit(1757689841.790:12): pid=7181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.372" name="/newroot/17/file0/file1" dev="overlay" ino=127 res=1 errno=0 [ 392.634874][ T7191] netlink: 'syz.0.374': attribute type 4 has an invalid length. [ 392.864107][ T7195] netlink: 12 bytes leftover after parsing attributes in process `syz.1.378'. [ 393.656833][ T7203] netlink: 'syz.1.382': attribute type 1 has an invalid length. [ 393.761774][ T7203] 8021q: adding VLAN 0 to HW filter on device bond1 [ 394.124396][ T7209] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3266037421 (52256598736 ns) > initial count (18298455776 ns). Using initial count to start timer. [ 394.506550][ T7219] netlink: 36 bytes leftover after parsing attributes in process `syz.6.386'. [ 394.629633][ T30] audit: type=1804 audit(1757689844.470:13): pid=7218 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.387" name="/newroot/65/file0/file1" dev="overlay" ino=368 res=1 errno=0 [ 395.622617][ T7233] netlink: 12 bytes leftover after parsing attributes in process `syz.1.392'. [ 395.641267][ T7232] netlink: 'syz.3.393': attribute type 4 has an invalid length. [ 396.335075][ T7243] netlink: 'syz.1.398': attribute type 1 has an invalid length. [ 396.894507][ T7248] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3266037421 (52256598736 ns) > initial count (18298455776 ns). Using initial count to start timer. [ 397.418327][ T7261] netlink: 36 bytes leftover after parsing attributes in process `syz.3.404'. [ 398.490262][ T7273] veth0: renamed from veth1_vlan [ 398.780231][ T7279] netlink: 'syz.0.409': attribute type 4 has an invalid length. [ 399.544908][ T7287] tipc: Started in network mode [ 399.550247][ T7287] tipc: Node identity aaaaaaaaaa3, cluster identity 4711 [ 399.558833][ T7287] tipc: Enabled bearer , priority 10 [ 399.840810][ T7292] netlink: 8 bytes leftover after parsing attributes in process `syz.3.415'. [ 400.544198][ T5895] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 400.683612][ T5894] tipc: Node number set to 10136234 [ 400.743148][ T5895] usb 2-1: Using ep0 maxpacket: 16 [ 400.818502][ T5895] usb 2-1: config index 0 descriptor too short (expected 16456, got 72) [ 400.828648][ T5895] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 400.838309][ T5895] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 400.847217][ T5895] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 400.855952][ T5895] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 400.865220][ T5895] usb 2-1: config 0 has no interface number 0 [ 400.871562][ T5895] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 400.883014][ T5895] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 400.893217][ T5895] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 400.903871][ T5895] usb 2-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 400.921406][ T5895] usb 2-1: config 0 interface 125 has no altsetting 0 [ 400.929413][ T5895] usb 2-1: config 0 interface 125 has no altsetting 2 [ 401.228633][ T5895] usb 2-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 401.238338][ T5895] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 401.246867][ T5895] usb 2-1: Product: syz [ 401.251286][ T5895] usb 2-1: Manufacturer: syz [ 401.256338][ T5895] usb 2-1: SerialNumber: syz [ 401.284346][ T5895] usb 2-1: config 0 descriptor?? [ 401.356367][ T7315] netlink: 36 bytes leftover after parsing attributes in process `syz.3.421'. [ 401.413096][ T5895] usb 2-1: selecting invalid altsetting 2 [ 401.832620][ C1] usb 2-1: async_complete: urb error -71 [ 401.841509][ C1] usb 2-1: async_complete: urb error -71 [ 401.850637][ C1] usb 2-1: async_complete: urb error -71 [ 401.860479][ C1] usb 2-1: async_complete: urb error -71 [ 401.947701][ T5895] get_1284_register: usb error -71 [ 401.957737][ T5895] uss720 2-1:0.125: probe with driver uss720 failed with error -71 [ 402.157221][ T5895] usb 2-1: USB disconnect, device number 3 [ 403.230157][ T11] IPVS: starting estimator thread 0... [ 403.344870][ T7333] IPVS: using max 192 ests per chain, 9600 per kthread [ 404.999119][ T7355] netlink: 36 bytes leftover after parsing attributes in process `syz.5.435'. [ 405.086891][ T7354] ===================================================== [ 405.094387][ T7354] BUG: KMSAN: uninit-value in bpf_prog_run_generic_xdp+0x1a74/0x1ff0 [ 405.103008][ T7354] bpf_prog_run_generic_xdp+0x1a74/0x1ff0 [ 405.109017][ T7354] do_xdp_generic+0xd52/0x1690 [ 405.114283][ T7354] tun_get_user+0x45be/0x6ca0 [ 405.119180][ T7354] tun_chr_write_iter+0x3e9/0x5c0 [ 405.124572][ T7354] vfs_write+0xbe2/0x15d0 [ 405.129131][ T7354] __x64_sys_write+0x1fb/0x4d0 [ 405.134341][ T7354] x64_sys_call+0x3014/0x3e20 [ 405.139310][ T7354] do_syscall_64+0xd9/0x210 [ 405.144133][ T7354] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.151021][ T7354] [ 405.153596][ T7354] Uninit was stored to memory at: [ 405.158937][ T7354] pskb_expand_head+0x310/0x1610 [ 405.164289][ T7354] do_xdp_generic+0xa79/0x1690 [ 405.169318][ T7354] tun_get_user+0x45be/0x6ca0 [ 405.174364][ T7354] tun_chr_write_iter+0x3e9/0x5c0 [ 405.179615][ T7354] vfs_write+0xbe2/0x15d0 [ 405.184307][ T7354] __x64_sys_write+0x1fb/0x4d0 [ 405.189300][ T7354] x64_sys_call+0x3014/0x3e20 [ 405.194360][ T7354] do_syscall_64+0xd9/0x210 [ 405.199056][ T7354] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.205295][ T7354] [ 405.207720][ T7354] Uninit was created at: [ 405.212240][ T7354] __kmalloc_node_track_caller_noprof+0x96d/0x12f0 [ 405.219170][ T7354] kmalloc_reserve+0x22f/0x4b0 [ 405.224299][ T7354] __alloc_skb+0x347/0x7d0 [ 405.228942][ T7354] alloc_skb_with_frags+0xc5/0xa60 [ 405.234428][ T7354] sock_alloc_send_pskb+0xad8/0xc70 [ 405.239899][ T7354] tun_get_user+0x113f/0x6ca0 [ 405.244920][ T7354] tun_chr_write_iter+0x3e9/0x5c0 [ 405.250160][ T7354] vfs_write+0xbe2/0x15d0 [ 405.254847][ T7354] __x64_sys_write+0x1fb/0x4d0 [ 405.259861][ T7354] x64_sys_call+0x3014/0x3e20 [ 405.264919][ T7354] do_syscall_64+0xd9/0x210 [ 405.269603][ T7354] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.275930][ T7354] [ 405.278375][ T7354] CPU: 1 UID: 0 PID: 7354 Comm: syz.1.437 Not tainted syzkaller #0 PREEMPT(none) [ 405.287935][ T7354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 405.298359][ T7354] ===================================================== [ 405.305569][ T7354] Disabling lock debugging due to kernel taint [ 405.311840][ T7354] Kernel panic - not syncing: kmsan.panic set ... [ 405.318418][ T7354] CPU: 1 UID: 0 PID: 7354 Comm: syz.1.437 Tainted: G B syzkaller #0 PREEMPT(none) [ 405.329431][ T7354] Tainted: [B]=BAD_PAGE [ 405.333705][ T7354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 405.343913][ T7354] Call Trace: [ 405.347321][ T7354] [ 405.350366][ T7354] __dump_stack+0x26/0x30 [ 405.354943][ T7354] dump_stack_lvl+0x53/0x270 [ 405.359777][ T7354] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 405.365936][ T7354] dump_stack+0x1e/0x25 [ 405.370322][ T7354] vpanic+0x361/0xc50 [ 405.374544][ T7354] panic+0x15d/0x160 [ 405.378702][ T7354] kmsan_report+0x31c/0x320 [ 405.383420][ T7354] ? __msan_warning+0x1b/0x30 [ 405.388269][ T7354] ? bpf_prog_run_generic_xdp+0x1a74/0x1ff0 [ 405.394495][ T7354] ? do_xdp_generic+0xd52/0x1690 [ 405.399658][ T7354] ? tun_get_user+0x45be/0x6ca0 [ 405.404704][ T7354] ? tun_chr_write_iter+0x3e9/0x5c0 [ 405.411762][ T7354] ? vfs_write+0xbe2/0x15d0 [ 405.416498][ T7354] ? __x64_sys_write+0x1fb/0x4d0 [ 405.422010][ T7354] ? x64_sys_call+0x3014/0x3e20 [ 405.427177][ T7354] ? do_syscall_64+0xd9/0x210 [ 405.432022][ T7354] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.438288][ T7354] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 405.444321][ T7354] ? ___bpf_prog_run+0xea65/0xeba0 [ 405.449661][ T7354] ? __bpf_prog_run32+0xc2/0xf0 [ 405.454699][ T7354] ? kmsan_get_metadata+0xfb/0x160 [ 405.460018][ T7354] __msan_warning+0x1b/0x30 [ 405.464701][ T7354] bpf_prog_run_generic_xdp+0x1a74/0x1ff0 [ 405.470743][ T7354] do_xdp_generic+0xd52/0x1690 [ 405.475727][ T7354] ? tun_get_user+0x4131/0x6ca0 [ 405.480775][ T7354] ? filter_irq_stacks+0x49/0x190 [ 405.485993][ T7354] ? kmsan_get_metadata+0xfb/0x160 [ 405.491331][ T7354] ? tun_get_user+0x453a/0x6ca0 [ 405.496421][ T7354] tun_get_user+0x45be/0x6ca0 [ 405.501488][ T7354] ? stack_depot_save_flags+0x35/0x7b0 [ 405.507145][ T7354] ? kmsan_get_metadata+0xfb/0x160 [ 405.512460][ T7354] ? kmsan_get_metadata+0xfb/0x160 [ 405.517783][ T7354] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 405.526791][ T7354] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 405.533144][ T7354] tun_chr_write_iter+0x3e9/0x5c0 [ 405.538407][ T7354] vfs_write+0xbe2/0x15d0 [ 405.542976][ T7354] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 405.548743][ T7354] __x64_sys_write+0x1fb/0x4d0 [ 405.553751][ T7354] x64_sys_call+0x3014/0x3e20 [ 405.558662][ T7354] do_syscall_64+0xd9/0x210 [ 405.563336][ T7354] ? irqentry_exit+0x16/0x60 [ 405.568149][ T7354] ? clear_bhb_loop+0x40/0x90 [ 405.573022][ T7354] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.579110][ T7354] RIP: 0033:0x7f939458d65f [ 405.583662][ T7354] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 405.603457][ T7354] RSP: 002b:00007f939541e000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 405.613382][ T7354] RAX: ffffffffffffffda RBX: 00007f93947d5fa0 RCX: 00007f939458d65f [ 405.621633][ T7354] RDX: 000000000000fdef RSI: 0000200000000240 RDI: 00000000000000c8 [ 405.629749][ T7354] RBP: 00007f9394611e19 R08: 0000000000000000 R09: 0000000000000000 [ 405.637861][ T7354] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 405.645973][ T7354] R13: 00007f93947d6038 R14: 00007f93947d5fa0 R15: 00007fff59b4a1a8 [ 405.654136][ T7354] [ 405.657437][ T7354] Kernel Offset: disabled [ 405.661828][ T7354] Rebooting in 86400 seconds..