last executing test programs: 1m9.100762538s ago: executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000001c0)='sched_process_wait\x00', r2}, 0x10) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8) close(r3) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) 56.43974723s ago: executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000001c0)='sched_process_wait\x00', r2}, 0x10) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8) close(r3) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) 44.624534503s ago: executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000001c0)='sched_process_wait\x00', r2}, 0x10) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8) close(r3) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) 32.800692939s ago: executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000001c0)='sched_process_wait\x00', r2}, 0x10) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8) close(r3) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) 15.622293375s ago: executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000001c0)='sched_process_wait\x00', r2}, 0x10) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8) close(r3) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) 3.075613461s ago: executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4) (async) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x0, 0x0, 0x0, 0xfffffffa, 0x0, 0x0, 0x41100, 0x51, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x90) (async) r1 = socket(0x10, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) (async, rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x71, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90) (async, rerun: 32) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'xfrm0\x00', 0x0}) (async) socket$inet6_udplite(0xa, 0x2, 0x88) (async, rerun: 64) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0) (async, rerun: 64) socket$inet(0x2, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f00000002c0)="400000fa130722502a8b931cb6820411afa117bdbf762f5a1a8356367762646e6ea0bd7a5a7e252c3b38d255a5484038b17097f2dc2ab53e1a667bb427f729", 0x8, r4}, 0x82) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000340)=ANY=[@ANYRESHEX=r3, @ANYRESOCT=r1, @ANYBLOB="006355b1772f5fb12e080000000000007b8af8ff00000000bfa200000000000007020000f8ffff5e3daa8bffb703000008000000b704000000000000850000000300000001000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) socket$inet6(0xa, 0x1, 0x0) (async) r5 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000280)={@empty, 0x0, 0x1, 0x1, 0x1, 0x2, 0x4}, 0x20) (async) setsockopt$inet6_int(r5, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x23) (async, rerun: 32) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x200, 0x380000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) (async, rerun: 32) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000300)={@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff}, &(0x7f00000004c0)=0x20) (async) setsockopt$MRT6_DEL_MFC_PROXY(r5, 0x29, 0xd3, &(0x7f0000000000)={{0xa, 0x4e22, 0x5, @dev={0xfe, 0x80, '\x00', 0x1b}, 0x6}, {0xa, 0x4e1d, 0x8, @private1={0xfc, 0x1, '\x00', 0x1}, 0x80000000}, 0x1, {[0x82, 0x8, 0x0, 0x8, 0x25, 0x2, 0x5, 0x4]}}, 0x5c) (async) bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e21, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0xb}, 0x1c) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@mcast1, 0x7, 0x2, 0x1, 0x0, 0x274, 0x3ff}, 0x20) sendto$inet6(r5, &(0x7f0000000500)="7804ca2b7bdef249166a19961bb0c3c49194a0b2ef46c3aeee3d32ae100460cc9b6f692604205b9459b6cdf23b9546369ec3721efc90a891a1a71d4f497bd109a995ff093dc78cd9aae8c2ca0d7f35210d323e95ebf1ab6f5b8697d9d5730bbad7956de87a55326a4b296001c05c23b87d35914fe461b6bf4ff4b5876d6bf0126dacdd510ab0fc023eaa3d2352edf56ded5601b77eaa8b8b9a5a99b03bf36c35b620076f8ff29093e2c34ed3e53f3100db943ba254f1aeb8c107595c2eec7324231248", 0xc3, 0xa0f15a6d21a68a81, &(0x7f00000000c0)={0xa, 0x4e23, 0x8001, @local, 0x2e67}, 0x1c) (async, rerun: 64) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e1f, @local}, 0x10) (rerun: 64) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) (async) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03859bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b037511bf746bec66ba", 0x2acf, 0x11, 0x0, 0x27) (async) recvmsg(r0, &(0x7f0000001500)={0x0, 0x0, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0, 0x407006}, 0x144) 2.792509364s ago: executing program 3: bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000140)=@framed={{}, [@printk={@lli, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x99}}]}, &(0x7f0000000000)='syzkaller\x00', 0xd, 0xfe7, &(0x7f0000001e00)=""/4071}, 0x90) bind$can_j1939(r1, &(0x7f0000000240)={0x1d, r2}, 0x18) connect$can_j1939(r1, &(0x7f0000000200)={0x1d, r2, 0x1}, 0x18) sendmmsg(r1, &(0x7f00000038c0)=[{{0x0, 0x0, 0x0}}], 0x3ffffffffffff06, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r4, &(0x7f0000000000), 0x180000) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000073012a000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe}, 0x90) setsockopt$ALG_SET_AEAD_AUTHSIZE(r4, 0x117, 0x5, 0x0, 0x3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f00000000c0)={0x3, &(0x7f0000000040)=[{0x50}, {0xb1, 0x0, 0x0, 0xbffff038}, {0x6}]}, 0x10) sendmsg$inet(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000280)="9d", 0x1}], 0x10000192}, 0x0) bind$bt_hci(r0, &(0x7f0000001ac0), 0x6) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r10, 0x8933, &(0x7f0000000300)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r9, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000280)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000000000001e00000038002f800c00020000000000000000002800038008000100000000001c00038006000300000000000600010000000000080002000200000008000300", @ANYRES32=r11], 0x54}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x17, 0x17, &(0x7f0000000680)=@framed={{0x18, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x6}, [@map_idx_val={0x18, 0x7, 0x6, 0x0, 0x6, 0x0, 0x0, 0x0, 0xbec}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0x1fb5}, @alu={0x4, 0x1, 0x5, 0x9, 0x7, 0x80}, @map_val={0x18, 0x3}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}, @generic={0x3, 0x8, 0x5, 0x9, 0x80}, @map_val={0x18, 0x9}, @func={0x85, 0x0, 0x1, 0x0, 0x4}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bind$can_j1939(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000001c0)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="240000001d00070f000200000000000007000000", @ANYRES32=r12, @ANYBLOB='\x00\x00g\x00\b\x00\b\x00', @ANYRESHEX], 0x24}}, 0x0) r13 = socket$netlink(0x10, 0x3, 0xb) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r13, 0x10e, 0x1, &(0x7f0000000080)=0x11000008, 0x4) 2.676984489s ago: executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000001e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x40b, 0x0, 0x0, {}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_HASH_SREG={0x8, 0x1, 0x1, 0x0, 0xb}, @NFTA_HASH_MODULUS={0x8}, @NFTA_HASH_LEN={0x8, 0x3, 0x1, 0x0, 0xf2}, @NFTA_HASH_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}}, 0x0) 2.616090943s ago: executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000001c0)='sched_process_wait\x00', r2}, 0x10) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8) close(r3) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) 2.514563995s ago: executing program 2: r0 = socket$inet(0x2, 0x3, 0x5) bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @multicast1}, 0x10) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x220, 0xf0, 0xffffffff, 0xffffffff, 0x188, 0xffffffff, 0x188, 0xffffffff, 0xffffffff, 0x188, 0xffffffff, 0x7fffffe, 0x0, {[{{@ip={@remote, @multicast1, 0x0, 0x0, 'macvlan0\x00', 'syzkaller0\x00'}, 0x6, 0xa8, 0xf0, 0x0, {}, [@common=@unspec=@time={{0x38}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}, {{@ip={@local, @dev, 0x0, 0x0, 'veth0_to_team\x00', 'veth1_virt_wifi\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE0={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) r1 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r1, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000140)=ANY=[@ANYBLOB="e0000001ac1414aa0000"], 0x1c) write$binfmt_elf64(r0, 0x0, 0x1c) 2.230610496s ago: executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ed8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000001, 0x12, r0, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0x9, &(0x7f0000000040), 0xc) 2.228291463s ago: executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) bind$unix(r0, &(0x7f0000000000)=@abs={0x1, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r0, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000140)=@abs={0x1, 0x0, 0x4e21}, 0x6e, 0x0}}], 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x7, 0xa, &(0x7f0000000680)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000002c000000000000001800000000000000030000000000000095000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r1, 0xe0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, &(0x7f0000001380)}}, 0x10) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000180)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x989, 0x0, 0x10}, 0x9c) 2.199225802s ago: executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000b74949e0d9261d0c0000000000000000000000800000000000020000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0xb8}}, 0x0) 2.050696838s ago: executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000900850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r4 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="340000001300290a000000000000000007000000", @ANYRES32=r3, @ANYBLOB="000000000000000014001a80100005800c000d"], 0x34}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01000000000000000000340004020e0001006e657464657673696d0000000f0002006e6574ef6c65767369000000"], 0x3c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x17}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x89}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xb, 0x8, 0x10001, 0x9, 0x1}, 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000040)='sys_exit\x00', r9}, 0x10) unshare(0x2000400) bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x0, 0x25, 0x0, 0x0}, 0x90) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x4, 0x3f, 0xc1, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280), &(0x7f0000001280), 0xb47, r10}, 0x38) bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000000100)={r10, &(0x7f00000000c0), 0x20000000}, 0x20) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, 0xffffffffffffffff, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) 2.020715511s ago: executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000001e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x40b, 0x0, 0x0, {}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_HASH_SREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_HASH_MODULUS={0x8}, @NFTA_HASH_LEN={0x8, 0x3, 0x1, 0x0, 0xf2}, @NFTA_HASH_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}}, 0x0) 1.988236532s ago: executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0xf0}, {&(0x7f00000007c0)=""/154, 0x7fffe393}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 1.908635262s ago: executing program 4: r0 = socket$kcm(0x11, 0x200000000000002, 0x300) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x90) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$inet(0x2, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="17090000000000000000870400fa000800090000000000"], 0x1c}, 0x1, 0x620b}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0xffffffffffffffdc) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, 0x0) r6 = socket(0x2, 0x80805, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000400000000000000000000851000000600000018000000", @ANYRES8=r6, @ANYRES8=r0], &(0x7f0000000000)='GPL\x00', 0xa, 0xe3, &(0x7f0000000500)=""/227, 0x0, 0x8}, 0x90) setsockopt$inet_sctp6_SCTP_RTOINFO(r6, 0x84, 0x0, &(0x7f0000000080)={r5, 0x0, 0x10000, 0x295}, 0x10) r7 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000200)={'vxcan1\x00'}) ioctl(r2, 0x4, &(0x7f00000001c0)="9d2ecd6736d321fec33ea562c0f6de441d1d4cc9ea3e3bc6b6411c88c46d77f5569aa0e146af73dc7f0d5416c4e484bd59b5d31660854522683feba69747d1b31ca5e37f40b63559789d0d33ce9317") syz_emit_ethernet(0x1d, &(0x7f0000000140)={@remote, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xf}, @val={@void, {0x8100, 0x6, 0x1, 0x4}}, {@llc_tr={0x11, {@llc={0x75, 0x7e, "98", "c11bbe5fefe92d77"}}}}}, &(0x7f0000000180)={0x1, 0x401, [0x54c, 0xf3e, 0x110, 0x5ee]}) sendmsg$IPSET_CMD_FLUSH(r1, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={0x0, 0x24}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$MAP_DELETE_ELEM(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{}, &(0x7f00000001c0), &(0x7f0000000240)}, 0x20) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000640)={{{@in6=@dev, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@private}, 0x0, @in6=@empty}}, &(0x7f0000000040)=0xe8) sendmsg$nl_xfrm(r6, &(0x7f00000003c0)={&(0x7f0000000340), 0xc, &(0x7f0000000380)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c0100001a0000000000000000000000fc010000000000000000000000000000ff020000000000000000000000000001000000004e2300010a00202000000000", @ANYRES32=0x0, @ANYRES32=r8, @ANYBLOB="ac14140b000000000000000000000000000004d600000000ff0100000000000000000000000000018f000000000000000000000000000000573700000000000004001b0000000000021000000000000000000080000000000500000000000000ff0300000000000001000000000000000100000000000000b00000000000000001800000000000008000000003000000ffffffff26bd7000ff3400000a00020001000000000000002c001700040000002bbd70002bbd70002dbd700000000000000000000000000020000000b689000004000000"], 0x11c}}, 0x20040004) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r9}, 0x10) socket$inet6(0xa, 0x0, 0x0) r10 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r10, &(0x7f0000000880)={0x1f, 0x0, @none}, 0xe) listen(r10, 0x0) accept4$bt_l2cap(r10, 0x0, 0x0, 0x0) 1.843799039s ago: executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000001e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_HASH_SREG={0x8, 0x1, 0x1, 0x0, 0xb}, @NFTA_HASH_MODULUS={0x8}, @NFTA_HASH_LEN={0x8, 0x3, 0x1, 0x0, 0xf2}, @NFTA_HASH_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x80}}, 0x0) 1.796248819s ago: executing program 1: pipe(&(0x7f00000001c0)) unshare(0x22020400) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000140)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sys_exit\x00', r0}, 0x10) sendmmsg$sock(0xffffffffffffffff, 0x0, 0x0, 0x0) 950.702385ms ago: executing program 2: r0 = socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000500)={'lo\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @loopback}, @IFA_FLAGS={0x8, 0x8, 0x6d8}]}, 0x34}}, 0x0) (async) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) (async) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x41, 0x1, 0x2}, 0x10) openat$cgroup_ro(r3, &(0x7f00000000c0)='cpu.stat\x00', 0x0, 0x0) 948.622955ms ago: executing program 1: socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @empty}, 0x1c) shutdown(r0, 0x1) 946.359503ms ago: executing program 3: r0 = socket$inet(0x2, 0x3, 0x5) bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @multicast1}, 0x10) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x220, 0xf0, 0xffffffff, 0xffffffff, 0x188, 0xffffffff, 0x188, 0xffffffff, 0xffffffff, 0x188, 0xffffffff, 0x7fffffe, 0x0, {[{{@ip={@remote, @multicast1, 0x0, 0x0, 'macvlan0\x00', 'syzkaller0\x00'}, 0x6, 0xa8, 0xf0, 0x0, {}, [@common=@unspec=@time={{0x38}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}, {{@ip={@local, @dev, 0x0, 0x0, 'veth0_to_team\x00', 'veth1_virt_wifi\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE0={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) r1 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r1, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000140)=ANY=[@ANYBLOB="e0000001ac1414aa0000"], 0x1c) write$binfmt_elf64(r0, 0x0, 0x1c) 915.814421ms ago: executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000b74949e0d9261d0c000000000000000000000080000000000002000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0xb8}}, 0x0) 831.641423ms ago: executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) bind$unix(r0, &(0x7f0000000000)=@abs={0x1, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r0, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000140)=@abs={0x1, 0x0, 0x4e21}, 0x6e, 0x0}}], 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x7, 0xa, &(0x7f0000000680)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000002c000000000000001800000000000000030000000000000095000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r1, 0xe0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, &(0x7f0000001380)}}, 0x10) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000180)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x989, 0x0, 0x10}, 0x9c) 825.19765ms ago: executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) socketpair(0x28, 0x4, 0x10001, &(0x7f00000000c0)={0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000100)=0x10) (async, rerun: 64) r2 = socket$inet_sctp(0x2, 0x1, 0x84) (rerun: 64) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x23, &(0x7f0000000080)={r3}, 0x8) 746.921613ms ago: executing program 4: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ed8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000001, 0x12, r0, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0x9, &(0x7f0000000040), 0xc) 657.087599ms ago: executing program 1: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000001300)=[{&(0x7f0000000500)=""/221, 0xdd}, {0x0}, {&(0x7f0000002140)=""/4058, 0xfda}, {&(0x7f0000001140)=""/231, 0xe7}, {&(0x7f00000007c0)=""/181, 0xb5}, {&(0x7f0000000b00)=""/192, 0xc0}, {&(0x7f0000000fc0)=""/264, 0x108}, {&(0x7f0000000940)=""/183, 0xb7}, {&(0x7f0000000880)=""/63, 0x3f}, {&(0x7f0000000240)=""/68, 0x44}, {&(0x7f0000000d00)=""/26, 0x1a}, {&(0x7f00000006c0)=""/151, 0x97}], 0xc}, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0) recvmsg$kcm(r0, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x0) recvmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) 610.483838ms ago: executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000b74949e0d9261d0c0000000000000000000000800000000000020000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0xb8}}, 0x0) 512.161676ms ago: executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = socket$qrtr(0x2a, 0x2, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000000c0)="e4e32dd2b696733552eca3e954943a18709f72fbd259a936c67ebe806ab21823f4a0c47bff45323c2b30982dfc67b46cc9a5a07c33fc", 0xff6d}, {&(0x7f0000000100)="3a10bd003aba0c7026336b", 0xb}], 0x2, &(0x7f0000000740)=ANY=[@ANYBLOB="300000000000000017e2ffff010000001800000045f43a7ce45002bdb85e47ab3e39597e422ffab456dd963a00000000180000000000000017010000040000000602000000400000180000000000000017010000030000000100000000000079240809000000ac87448793609bd8299d6dfc465829b711ce28eb8f568438917ebd0699be96bd1485f6aaa8486e00000000e301f2e09aebda6eeb1c61f96b6d3f91c0f8c1ffbb85cfdd5b8b437a3720ba4cdfb681516c3a240207b6bbdfb37747cc7411886fdba55bcbfa68226644556e8117f9f9fc5be3b7095b2ab7c19b0c6fada03a7f9b9172f0cc960ee263e82e3232edea82b9736d65309e0ad2922ecbb7cde9ce78555fabb941d114e83b37255d6b43b2927696e4f4cf3b23086021fe4e33d049de5318ef3803ceacddc02734c96a9765486a9bf8d65791b000000000000000000000000000000000000000009d97cea3f950d55b265e480ff02c27bda4848c64ca7dcbcd060b9c0dea483c6069d2cdc473cfacc9052cc2c9e3ee037042fd329173c5e7c9ef8800a51332df5a08602a72a553035711cb9159757303a5e7d389786df44441dc82a9d32c56db8a8b3578cd0faabfa23fb46e22b45a464e35315d8c2dd3fae8b530cf8eb0d8dcb682772bed766be5208e61eab965c6c9a217a4e13f0085626c0408f381205251c18a8f6a44"], 0x60}], 0x1, 0x8001) sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000980)={0x28, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_TID_CONFIG={0x8, 0x11d, 0x0, 0x1, [{0x4}]}]}, 0x28}}, 0x0) recvmmsg(r2, &(0x7f0000001440)=[{{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000001c0)=""/156, 0xff78}, {&(0x7f0000000300)=""/92, 0x33}], 0x2}}], 0x1, 0x0, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_GET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) r3 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x5, 0x6, 0x0, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x4}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7037d20807e0000b704000002000000850000008200000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r5}, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b7ba14d7971910b559623af8295", 0x13c}], 0x2}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8b18, &(0x7f0000000000)={'wlan1\x00'}) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000001900)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00'}, 0x90) connect$qrtr(r0, &(0x7f0000000000)={0x2a, 0xffffffff, 0xfffffffe}, 0xc) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r7, &(0x7f0000000140)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x3a0ffffffff) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x0, 0x13, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000e20000000000cc2020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f00000002c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='block_bio_remap\x00', r8}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) 0s ago: executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000001e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_HASH_SREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_HASH_MODULUS={0x8}, @NFTA_HASH_LEN={0x8, 0x3, 0x1, 0x0, 0xf2}, @NFTA_HASH_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x80}}, 0x0) kernel console output (not intermixed with test programs): v: It is strongly recommended to keep mac addresses unique to avoid problems! [ 281.556761][T12033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 281.575201][T12033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 281.594761][T12033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 281.605874][T12033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 281.616340][T12033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 281.626945][T12033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 281.650962][T12033] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 281.681361][T12033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 281.700172][T12033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 281.713626][T12033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 281.727088][T12033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 281.741217][T12033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 281.751852][T12033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 281.762352][T12033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 281.773450][T12033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 281.801637][T12033] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 281.812018][T12242] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 281.824401][T12242] netlink: 'syz-executor.3': attribute type 6 has an invalid length. [ 281.839831][T12242] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 281.849123][T12242] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 281.858103][T12242] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 281.866898][T12242] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 281.876034][T12242] vxlan0: entered promiscuous mode [ 281.894930][T12033] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.904104][T12033] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.914013][T12033] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.922921][T12033] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 282.106528][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 282.139653][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 282.173536][ T1035] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 282.187702][ T1035] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 282.428907][T12255] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 282.773304][T12279] x_tables: ip_tables: ah match: only valid for protocol 51 [ 283.149602][T12297] netlink: 'syz-executor.3': attribute type 6 has an invalid length. [ 283.781627][T12310] __nla_validate_parse: 5 callbacks suppressed [ 283.781649][T12310] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 284.026697][T12320] xt_TPROXY: Can be used only with -p tcp or -p udp [ 284.065308][T12320] xt_TPROXY: Can be used only with -p tcp or -p udp [ 284.089576][T12327] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 284.167541][T12330] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 284.197067][T12333] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 284.242485][T12333] netlink: 'syz-executor.1': attribute type 25 has an invalid length. [ 284.671462][T12360] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 284.736477][T12365] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 284.825578][ T1035] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.877564][T12367] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 285.395354][T12385] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 285.506236][ T5126] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 285.517156][ T5126] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 285.526684][ T5126] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 285.535170][ T5126] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 285.544745][ T5126] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 285.554671][ T5126] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 285.690634][T12396] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 285.870741][T12404] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 285.882694][T12404] netlink: 'syz-executor.4': attribute type 25 has an invalid length. [ 285.901011][T12404] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 285.909955][T12404] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 285.918863][T12404] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 285.927596][T12404] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 286.009585][T12409] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 286.072539][T12409] xt_TPROXY: Can be used only with -p tcp or -p udp [ 286.412918][T12390] chnl_net:caif_netlink_parms(): no params data found [ 286.514784][T12390] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.524527][T12390] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.532418][T12390] bridge_slave_0: entered allmulticast mode [ 286.554355][T12390] bridge_slave_0: entered promiscuous mode [ 286.571043][T12390] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.583186][T12390] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.592248][T12390] bridge_slave_1: entered allmulticast mode [ 286.619873][T12390] bridge_slave_1: entered promiscuous mode [ 286.682331][ T1035] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 286.779926][T12446] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 286.828047][ T1035] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 286.850150][T12390] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 286.870855][T12390] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 287.028192][ T1035] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.070240][T12390] team0: Port device team_slave_0 added [ 287.089377][T12390] team0: Port device team_slave_1 added [ 287.205342][T12390] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 287.216939][T12390] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 287.243952][T12390] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 287.362282][T12458] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 287.399962][T12390] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 287.406986][T12390] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 287.466527][T12390] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 287.635929][T12390] hsr_slave_0: entered promiscuous mode [ 287.642121][ T5126] Bluetooth: hci1: command tx timeout [ 287.673371][T12390] hsr_slave_1: entered promiscuous mode [ 287.704937][T12390] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 287.712927][T12390] Cannot create hsr debugfs directory [ 287.858737][ T1035] bridge_slave_1: left allmulticast mode [ 287.864490][ T1035] bridge_slave_1: left promiscuous mode [ 287.871489][ T1035] bridge0: port 2(bridge_slave_1) entered disabled state [ 287.881301][ T1035] bridge_slave_0: left allmulticast mode [ 287.887000][ T1035] bridge_slave_0: left promiscuous mode [ 287.893312][ T1035] bridge0: port 1(bridge_slave_0) entered disabled state [ 288.271615][T12495] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 288.564027][ T1035] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 288.598735][ T1035] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 288.623029][ T1035] bond0 (unregistering): Released all slaves [ 288.666441][T12483] netlink: 'syz-executor.1': attribute type 25 has an invalid length. [ 288.796672][T12495] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 288.908529][T12496] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 288.929649][T12497] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 289.260605][T12519] IPVS: dh: SCTP 172.20.20.170:0 - no destination available [ 289.488950][T12535] __nla_validate_parse: 2 callbacks suppressed [ 289.488974][T12535] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 289.580396][ T1035] hsr_slave_0: left promiscuous mode [ 289.593802][ T1035] hsr_slave_1: left promiscuous mode [ 289.602236][ T1035] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 289.621661][ T1035] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 289.641025][ T1035] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 289.665703][ T1035] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 289.728435][ T5126] Bluetooth: hci1: command tx timeout [ 289.728824][ T1035] veth1_macvtap: left promiscuous mode [ 289.759315][ T1035] veth0_macvtap: left promiscuous mode [ 289.776679][ T1035] veth1_vlan: left promiscuous mode [ 289.782808][ T1035] veth0_vlan: left promiscuous mode [ 290.222731][T12552] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 290.656923][ T1035] team0 (unregistering): Port device team_slave_1 removed [ 290.725154][ T1035] team0 (unregistering): Port device team_slave_0 removed [ 291.288228][T12545] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 291.307945][T12545] netlink: 'syz-executor.2': attribute type 25 has an invalid length. [ 291.350239][T12552] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 291.591864][T12578] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 291.797989][ T5126] Bluetooth: hci1: command tx timeout [ 292.049805][T12390] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 292.085259][T12599] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 292.105840][T12390] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 292.149302][T12599] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 292.162345][T12390] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 292.176335][T12390] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 292.197151][T12602] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 292.232484][T12599] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 292.510631][T12390] 8021q: adding VLAN 0 to HW filter on device bond0 [ 292.589880][T12390] 8021q: adding VLAN 0 to HW filter on device team0 [ 292.626431][ T785] bridge0: port 1(bridge_slave_0) entered blocking state [ 292.633762][ T785] bridge0: port 1(bridge_slave_0) entered forwarding state [ 292.654076][T12626] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 292.675455][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 292.682790][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 292.853001][T12390] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 293.042515][T12643] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 293.069098][T12643] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 293.106838][T12643] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 293.274364][T12656] IPVS: dh: SCTP 172.20.20.170:0 - no destination available [ 293.292022][T12390] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 293.424450][T12390] veth0_vlan: entered promiscuous mode [ 293.467730][T12661] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 293.472110][T12390] veth1_vlan: entered promiscuous mode [ 293.581615][T12390] veth0_macvtap: entered promiscuous mode [ 293.604693][T12668] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 293.762180][T12390] veth1_macvtap: entered promiscuous mode [ 293.826977][T12390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.844767][T12390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.855426][T12390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.871137][T12390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.881450][ T5126] Bluetooth: hci1: command tx timeout [ 293.887017][T12390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.898149][T12390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.911821][T12390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.922400][T12390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.934561][T12390] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 293.948416][T12680] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 294.023562][T12684] netlink: 224 bytes leftover after parsing attributes in process `syz-executor.4'. [ 294.061081][T12390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 294.072919][T12390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.085046][T12390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 294.101515][T12390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.111839][T12390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 294.122821][T12390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.136071][T12390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 294.146955][T12390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.162334][T12390] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 294.195333][T12390] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.220801][T12390] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.242165][T12390] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.260879][T12390] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.445958][T11646] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 294.462067][T11646] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 294.532111][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 294.532205][T12699] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 294.562089][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 294.648236][T12702] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 294.957105][T12722] dccp_invalid_packet: P.Data Offset(172) too large [ 295.081894][T12729] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. [ 295.093193][T12731] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. [ 295.138565][T12735] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 295.521484][T12754] validate_nla: 10 callbacks suppressed [ 295.521508][T12754] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 295.536642][T12754] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 295.546766][T12754] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 295.556757][T12754] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 295.574086][T12754] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 295.995291][T12776] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 296.035839][T12776] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 296.036711][T12781] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 296.046841][T12782] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 296.064288][T12776] nbd: must specify at least one socket [ 296.075332][T12782] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 296.098056][T12782] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 296.128815][T12782] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 296.164617][T12782] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 296.177433][T12786] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 296.208028][T12785] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 296.809403][ T29] audit: type=1804 audit(1718733643.125:10): pid=12823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir3404688164/syzkaller.r4o1zv/537/cgroup.controllers" dev="sda1" ino=1954 res=1 errno=0 [ 296.814852][T12823] netlink: 'syz-executor.1': attribute type 11 has an invalid length. [ 297.231212][T11635] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 298.176482][T11635] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 298.285167][ T53] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 298.304948][ T53] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 298.338337][ T53] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 298.353970][ T53] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 298.363353][ T53] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 298.376586][ T53] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 298.417332][T11635] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 298.650424][T11635] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 298.943048][T11635] bridge_slave_1: left allmulticast mode [ 298.967978][T11635] bridge_slave_1: left promiscuous mode [ 298.995318][T11635] bridge0: port 2(bridge_slave_1) entered disabled state [ 299.045794][T11635] bridge_slave_0: left allmulticast mode [ 299.058436][T11635] bridge_slave_0: left promiscuous mode [ 299.069999][T11635] bridge0: port 1(bridge_slave_0) entered disabled state [ 299.282947][T12923] rdma_rxe: rxe_newlink: failed to add bond0 [ 299.525859][T12941] rdma_rxe: rxe_newlink: failed to add bond0 [ 299.822960][T11635] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 299.837117][T11635] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 299.849954][T11635] bond0 (unregistering): Released all slaves [ 299.883161][T12935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 299.901893][T12935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.926257][T12935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 299.942052][T12935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.952285][T12935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 299.963365][T12935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.973554][T12935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 299.984301][T12935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.994221][T12935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 300.004846][T12935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.072452][T12950] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 300.186165][T12953] __nla_validate_parse: 7 callbacks suppressed [ 300.186183][T12953] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 300.356547][T12960] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 300.438954][ T5126] Bluetooth: hci1: command tx timeout [ 300.775102][T11635] hsr_slave_0: left promiscuous mode [ 300.801785][T11635] hsr_slave_1: left promiscuous mode [ 300.812039][T11635] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 300.821366][T11635] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 300.850263][T11635] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 300.868103][T11635] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 300.906505][T12989] validate_nla: 15 callbacks suppressed [ 300.906532][T12989] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 300.938206][T11635] veth1_macvtap: left promiscuous mode [ 300.943907][T11635] veth0_macvtap: left promiscuous mode [ 300.953542][T11635] veth1_vlan: left promiscuous mode [ 300.963383][T11635] veth0_vlan: left promiscuous mode [ 301.606394][T11635] team0 (unregistering): Port device team_slave_1 removed [ 301.668928][T11635] team0 (unregistering): Port device team_slave_0 removed [ 302.183218][T12980] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 302.214995][T12985] pim6reg: entered allmulticast mode [ 302.221339][T12985] pim6reg: left allmulticast mode [ 302.262814][T12989] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 302.279188][T12999] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 302.403649][T12887] chnl_net:caif_netlink_parms(): no params data found [ 302.518541][ T5126] Bluetooth: hci1: command tx timeout [ 302.549165][T13014] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 302.737387][T12887] bridge0: port 1(bridge_slave_0) entered blocking state [ 302.773522][T12887] bridge0: port 1(bridge_slave_0) entered disabled state [ 302.798171][T12887] bridge_slave_0: entered allmulticast mode [ 302.805648][T12887] bridge_slave_0: entered promiscuous mode [ 302.827763][T12887] bridge0: port 2(bridge_slave_1) entered blocking state [ 302.836533][T12887] bridge0: port 2(bridge_slave_1) entered disabled state [ 302.843958][T12887] bridge_slave_1: entered allmulticast mode [ 302.852219][T12887] bridge_slave_1: entered promiscuous mode [ 302.935649][T12887] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 302.980161][T12887] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 303.093942][T12887] team0: Port device team_slave_0 added [ 303.101726][T13032] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 303.121772][T12887] team0: Port device team_slave_1 added [ 303.161329][T13036] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 303.193397][T13036] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 303.224062][T12887] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 303.236787][T12887] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 303.274031][T12887] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 303.298504][T13036] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 303.306943][T13039] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 303.361876][T12887] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 303.378816][T12887] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 303.424075][T12887] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 303.436635][T13043] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 303.446068][T13036] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 303.600837][T13058] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 303.626074][T12887] hsr_slave_0: entered promiscuous mode [ 303.641170][T12887] hsr_slave_1: entered promiscuous mode [ 304.068121][T13077] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 304.286327][T13088] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 304.300407][T13088] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 304.348442][T13088] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 304.582346][T12887] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 304.589888][T13099] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 304.599927][ T5126] Bluetooth: hci1: command tx timeout [ 304.614764][T12887] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 304.630625][T12887] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 304.669288][T12887] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 304.906814][T13112] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 304.975075][ T5126] block nbd0: Receive control failed (result -107) [ 305.029466][T12887] 8021q: adding VLAN 0 to HW filter on device bond0 [ 305.125150][T12887] 8021q: adding VLAN 0 to HW filter on device team0 [ 305.209703][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 305.216981][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 305.281175][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 305.288446][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 305.585728][T13142] __nla_validate_parse: 2 callbacks suppressed [ 305.585752][T13142] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 306.004784][T13164] validate_nla: 7 callbacks suppressed [ 306.004808][T13164] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 306.053819][T13158] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 306.068660][T13164] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 306.089193][T13165] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 306.121493][T13164] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 306.148643][T13164] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 306.187008][T12887] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 306.303808][T13173] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.2'. [ 306.372809][T13177] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 306.381685][T12887] veth0_vlan: entered promiscuous mode [ 306.414633][T12887] veth1_vlan: entered promiscuous mode [ 306.531540][T12887] veth0_macvtap: entered promiscuous mode [ 306.567036][T12887] veth1_macvtap: entered promiscuous mode [ 306.634487][T12887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 306.666384][T12887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 306.678559][ T5126] Bluetooth: hci1: command tx timeout [ 306.695326][T12887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 306.706443][T13187] netlink: 108 bytes leftover after parsing attributes in process `syz-executor.1'. [ 306.710319][T12887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 306.731327][T12887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 306.742797][T12887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 306.756292][T12887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 306.773506][T12887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 306.791678][T12887] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 306.831966][T12887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 306.843336][T12887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 306.854171][T12887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 306.873839][T12887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 306.884020][T12887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 306.897346][T12887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 306.909114][T12887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 306.920357][T12887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 306.932990][T12887] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 306.961502][T13193] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.3'. [ 306.999083][T12887] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.019086][T12887] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.053528][T12887] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.061841][T13200] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 307.062706][T12887] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.117639][T13200] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 307.198958][T13205] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 307.243753][T13203] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 307.269050][T13200] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 307.307720][T13206] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 307.464332][T11635] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 307.477245][T11635] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 307.562716][T13219] netlink: 46 bytes leftover after parsing attributes in process `syz-executor.4'. [ 307.634384][ T1035] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 307.667924][ T1035] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 308.181587][T13253] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 308.812434][T13292] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 309.707520][T13355] syzkaller0: entered promiscuous mode [ 309.716973][T13355] syzkaller0: entered allmulticast mode [ 309.756081][T13360] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 0, id = 0 [ 309.931372][ T1035] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 310.765400][T13415] __nla_validate_parse: 3 callbacks suppressed [ 310.765426][T13415] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 310.817233][T13417] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 310.961085][ T53] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 310.972260][ T53] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 310.981671][ T53] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 311.005090][ T53] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 311.014497][ T53] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 311.016773][ T1035] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.037595][ T53] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 311.201165][ T1035] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.255961][T13433] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 311.379566][ T1035] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.404706][T13432] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 311.655081][T13456] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 311.655508][T13455] validate_nla: 46 callbacks suppressed [ 311.655527][T13455] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 311.690559][ T1035] bridge_slave_1: left allmulticast mode [ 311.696486][ T1035] bridge_slave_1: left promiscuous mode [ 311.709830][ T1035] bridge0: port 2(bridge_slave_1) entered disabled state [ 311.721542][ T1035] bridge_slave_0: left allmulticast mode [ 311.727276][ T1035] bridge_slave_0: left promiscuous mode [ 311.744662][ T1035] bridge0: port 1(bridge_slave_0) entered disabled state [ 312.228470][ T1035] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 312.241968][ T1035] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 312.253102][ T1035] bond0 (unregistering): Released all slaves [ 312.266013][T13455] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 312.330476][T13458] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 312.482875][T13461] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 313.044388][T13493] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 313.072358][T13504] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 313.078489][ T5126] Bluetooth: hci1: command tx timeout [ 313.151391][ T1035] hsr_slave_0: left promiscuous mode [ 313.170502][ T1035] hsr_slave_1: left promiscuous mode [ 313.180506][ T1035] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 313.188488][ T1035] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 313.196623][ T1035] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 313.205213][ T1035] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 313.231494][ T1035] veth1_macvtap: left promiscuous mode [ 313.237222][ T1035] veth0_macvtap: left promiscuous mode [ 313.246751][ T1035] veth1_vlan: left promiscuous mode [ 313.252426][ T1035] veth0_vlan: left promiscuous mode [ 313.268243][T13509] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 313.696834][T13516] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 313.793116][T13523] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 314.122205][ T1035] team0 (unregistering): Port device team_slave_1 removed [ 314.174659][ T1035] team0 (unregistering): Port device team_slave_0 removed [ 314.717955][T13523] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 314.750327][T13528] tipc: Enabling of bearer rejected, failed to enable media [ 314.842408][T13420] chnl_net:caif_netlink_parms(): no params data found [ 314.909320][T13537] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.1'. [ 315.115617][T13547] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 315.158494][ T5126] Bluetooth: hci1: command tx timeout [ 315.442847][T13420] bridge0: port 1(bridge_slave_0) entered blocking state [ 315.462829][T13420] bridge0: port 1(bridge_slave_0) entered disabled state [ 315.500084][T13420] bridge_slave_0: entered allmulticast mode [ 315.524843][T13420] bridge_slave_0: entered promiscuous mode [ 315.558797][T13420] bridge0: port 2(bridge_slave_1) entered blocking state [ 315.565981][T13420] bridge0: port 2(bridge_slave_1) entered disabled state [ 315.586346][T13420] bridge_slave_1: entered allmulticast mode [ 315.597314][T13420] bridge_slave_1: entered promiscuous mode [ 315.723596][T13420] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 315.775436][T13420] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 315.924348][T13420] team0: Port device team_slave_0 added [ 315.944519][T13420] team0: Port device team_slave_1 added [ 316.094306][T13420] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 316.116907][T13420] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 316.203463][T13420] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 316.234313][T13420] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 316.254594][T13420] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 316.316842][T13420] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 316.489520][T13420] hsr_slave_0: entered promiscuous mode [ 316.503612][T13420] hsr_slave_1: entered promiscuous mode [ 316.539533][T13601] netlink: 272 bytes leftover after parsing attributes in process `syz-executor.4'. [ 317.237976][ T5126] Bluetooth: hci1: command tx timeout [ 317.351778][T13631] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 317.371444][T13631] nbd: nbd0 already in use [ 317.592009][T13420] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 317.608883][T13420] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 317.621684][T13420] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 317.633548][T13420] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 317.676583][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies. [ 317.815967][T13420] 8021q: adding VLAN 0 to HW filter on device bond0 [ 317.860872][T13420] 8021q: adding VLAN 0 to HW filter on device team0 [ 317.881061][ T1166] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.888400][ T1166] bridge0: port 1(bridge_slave_0) entered forwarding state [ 317.935829][ T1166] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.943367][ T1166] bridge0: port 2(bridge_slave_1) entered forwarding state [ 318.335553][T13420] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 318.460201][T13420] veth0_vlan: entered promiscuous mode [ 318.513998][T13420] veth1_vlan: entered promiscuous mode [ 318.638937][T13420] veth0_macvtap: entered promiscuous mode [ 318.657680][T13420] veth1_macvtap: entered promiscuous mode [ 318.689859][T13420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 318.717041][T13420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.758704][T13420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 318.773911][T13420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.796085][T13420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 318.816731][T13420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.828978][T13420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 318.840490][T13420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.854666][T13420] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 318.881383][T13420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 318.893069][T13420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.904667][T13420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 318.916044][T13420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.927293][T13420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 318.937899][T13420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.947892][T13420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 318.959233][T13420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.971066][T13420] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 318.985524][T13420] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.996208][T13420] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.019677][T13420] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.032197][T13420] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.318176][ T5126] Bluetooth: hci1: command tx timeout [ 319.351181][T11623] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 319.359746][T11623] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 319.409571][T11630] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 319.426668][T11630] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 320.220084][T13736] geneve1: entered allmulticast mode [ 320.616834][T13756] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 320.691724][T13756] bridge3: port 1(gretap2) entered blocking state [ 320.699788][T13756] bridge3: port 1(gretap2) entered disabled state [ 320.714335][T13756] gretap2: entered allmulticast mode [ 320.722417][T13756] gretap2: entered promiscuous mode [ 321.033014][T13778] netlink: 'syz-executor.4': attribute type 10 has an invalid length. [ 321.103246][T13778] geneve0: entered promiscuous mode [ 321.140145][T13778] bond0: (slave geneve0): Enslaving as an active interface with an up link [ 321.595716][T13811] tipc: Failed to remove unknown binding: 66,1,1/0:1097516089/1097516091 [ 321.642768][T13811] tipc: Failed to remove unknown binding: 66,1,1/0:1097516089/1097516091 [ 321.656712][T13811] tipc: Failed to remove unknown binding: 66,1,1/0:1097516089/1097516091 [ 321.704835][T13819] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.1'. [ 322.697126][T11630] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.301419][T13879] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.4'. [ 323.316497][T13879] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 323.438686][T13884] batadv0: entered promiscuous mode [ 323.470989][T13884] team0: entered promiscuous mode [ 323.476200][T13884] team_slave_0: entered promiscuous mode [ 323.490471][T13884] team_slave_1: entered promiscuous mode [ 323.497684][T13884] team0: left promiscuous mode [ 323.513057][ T53] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 323.524457][T13884] team_slave_0: left promiscuous mode [ 323.528772][ T53] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 323.541110][ T53] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 323.542340][T13884] team_slave_1: left promiscuous mode [ 323.564653][ T53] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 323.572873][ T53] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 323.580721][ T53] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 323.581103][T13884] batadv0: left promiscuous mode [ 324.196335][T11630] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.245611][T13907] wg2: entered promiscuous mode [ 324.250771][T13907] wg2: entered allmulticast mode [ 324.371095][T11630] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.576508][T11630] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.764925][T13888] chnl_net:caif_netlink_parms(): no params data found [ 325.056631][T11630] bridge_slave_1: left allmulticast mode [ 325.063609][T11630] bridge_slave_1: left promiscuous mode [ 325.069646][T11630] bridge0: port 2(bridge_slave_1) entered disabled state [ 325.083619][T11630] bridge_slave_0: left allmulticast mode [ 325.092182][T11630] bridge_slave_0: left promiscuous mode [ 325.098371][T11630] bridge0: port 1(bridge_slave_0) entered disabled state [ 325.643397][ T5126] Bluetooth: hci1: command tx timeout [ 325.728501][T11630] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 325.751454][T11630] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 325.766347][T11630] bond0 (unregistering): Released all slaves [ 325.882709][T13888] bridge0: port 1(bridge_slave_0) entered blocking state [ 325.902675][T13888] bridge0: port 1(bridge_slave_0) entered disabled state [ 325.920245][T13888] bridge_slave_0: entered allmulticast mode [ 325.952800][T13888] bridge_slave_0: entered promiscuous mode [ 325.979736][T13888] bridge0: port 2(bridge_slave_1) entered blocking state [ 326.008158][T13888] bridge0: port 2(bridge_slave_1) entered disabled state [ 326.041969][T13888] bridge_slave_1: entered allmulticast mode [ 326.078396][T13888] bridge_slave_1: entered promiscuous mode [ 326.264537][T13888] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 326.405129][T13888] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 326.606055][ T5168] bridge0: port 2(bridge_slave_1) entered disabled state [ 326.660429][T13888] team0: Port device team_slave_0 added [ 326.702291][T13888] team0: Port device team_slave_1 added [ 326.958929][T13888] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 326.967496][T13888] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 327.007185][T13888] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 327.054474][T11630] hsr_slave_0: left promiscuous mode [ 327.088058][T11630] hsr_slave_1: left promiscuous mode [ 327.104917][T11630] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 327.124670][T11630] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 327.175530][T11630] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 327.203188][T11630] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 327.262567][T11630] veth1_macvtap: left promiscuous mode [ 327.268953][T11630] veth0_macvtap: left promiscuous mode [ 327.276948][T11630] veth1_vlan: left promiscuous mode [ 327.283114][T11630] veth0_vlan: left promiscuous mode [ 327.721100][ T5126] Bluetooth: hci1: command tx timeout [ 328.040136][T11630] team0 (unregistering): Port device team_slave_1 removed [ 328.120542][T11630] team0 (unregistering): Port device team_slave_0 removed [ 328.706332][T13888] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 328.713719][T13888] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 328.739828][T13888] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 328.756176][T14026] netlink: 'syz-executor.4': attribute type 10 has an invalid length. [ 328.814942][T14041] smc: net device syzkaller0 applied user defined pnetid SYZ0 [ 329.046424][T13888] hsr_slave_0: entered promiscuous mode [ 329.077156][T13888] hsr_slave_1: entered promiscuous mode [ 329.110760][T14053] tipc: Enabling of bearer rejected, failed to enable media [ 329.649226][T14074] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 329.663232][T14074] nbd: socks must be embedded in a SOCK_ITEM attr [ 329.694677][T14076] nbd: socks must be embedded in a SOCK_ITEM attr [ 329.801632][ T5126] Bluetooth: hci1: command tx timeout [ 329.958524][ T5126] Bluetooth: hci4: command 0x0406 tx timeout [ 330.123345][T13888] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 330.155328][T13888] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 330.179547][T13888] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 330.196741][T13888] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 330.453159][T13888] 8021q: adding VLAN 0 to HW filter on device bond0 [ 330.554773][T13888] 8021q: adding VLAN 0 to HW filter on device team0 [ 330.592125][ T5168] bridge0: port 1(bridge_slave_0) entered blocking state [ 330.599488][ T5168] bridge0: port 1(bridge_slave_0) entered forwarding state [ 330.656843][ T5168] bridge0: port 2(bridge_slave_1) entered blocking state [ 330.664202][ T5168] bridge0: port 2(bridge_slave_1) entered forwarding state [ 330.865655][T14122] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 331.126831][T14133] netlink: 'syz-executor.1': attribute type 8 has an invalid length. [ 331.301667][T14141] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.3'. [ 331.394732][T13888] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 331.546919][T13888] veth0_vlan: entered promiscuous mode [ 331.584672][T13888] veth1_vlan: entered promiscuous mode [ 331.685291][T13888] veth0_macvtap: entered promiscuous mode [ 331.733245][T13888] veth1_macvtap: entered promiscuous mode [ 331.762188][T14163] netlink: 68 bytes leftover after parsing attributes in process `syz-executor.1'. [ 331.784094][T13888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 331.817291][T13888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 331.837922][T13888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 331.858636][T13888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 331.869118][T13888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 331.880114][ T53] Bluetooth: hci1: command tx timeout [ 331.890240][T13888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 331.907991][T13888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 331.922004][T13888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 331.934302][T13888] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 331.956694][T13888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 331.977872][T13888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 331.998146][T13888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 332.011771][T13888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.022574][T13888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 332.057972][T13888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.077949][T13888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 332.099433][T13888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.112897][T13888] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 332.164575][T13888] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.186283][T13888] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.201763][T13888] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.230211][T13888] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.476044][T11630] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 332.494655][T11630] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 332.591001][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 332.638756][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 333.137678][T14196] team0: entered promiscuous mode [ 333.155385][T14196] team_slave_0: entered promiscuous mode [ 333.178122][T14196] team_slave_1: entered promiscuous mode [ 333.187419][T14195] team0: left promiscuous mode [ 333.200253][T14195] team_slave_0: left promiscuous mode [ 333.217284][T14195] team_slave_1: left promiscuous mode [ 333.930294][T14228] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.3'. [ 335.229172][T14298] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 335.232714][T11635] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.343846][T14302] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 335.424652][T14298] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 335.943517][ T5126] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 335.955449][ T5126] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 335.964848][ T5126] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 335.974295][ T5126] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 335.998553][ T5126] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 336.008519][ T5126] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 336.159269][T14320] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 336.552467][T11635] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.698634][T11635] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.876540][T11635] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.072389][T14358] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 337.106906][T14358] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 337.133472][T14315] chnl_net:caif_netlink_parms(): no params data found [ 337.159566][T14358] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 337.205012][T11635] bridge_slave_1: left allmulticast mode [ 337.249169][T11635] bridge_slave_1: left promiscuous mode [ 337.255040][T11635] bridge0: port 2(bridge_slave_1) entered disabled state [ 337.275729][T11635] bridge_slave_0: left allmulticast mode [ 337.285415][T11635] bridge_slave_0: left promiscuous mode [ 337.297372][T11635] bridge0: port 1(bridge_slave_0) entered disabled state [ 338.042231][ T53] Bluetooth: hci1: command tx timeout [ 338.369055][T11635] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 338.392783][T11635] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 338.424927][T11635] bond0 (unregistering): Released all slaves [ 338.701876][T14315] bridge0: port 1(bridge_slave_0) entered blocking state [ 338.709751][T14315] bridge0: port 1(bridge_slave_0) entered disabled state [ 338.720060][T14315] bridge_slave_0: entered allmulticast mode [ 338.727584][T14315] bridge_slave_0: entered promiscuous mode [ 338.738525][T14315] bridge0: port 2(bridge_slave_1) entered blocking state [ 338.758185][T14315] bridge0: port 2(bridge_slave_1) entered disabled state [ 338.768183][T14315] bridge_slave_1: entered allmulticast mode [ 338.775710][T14315] bridge_slave_1: entered promiscuous mode [ 338.976695][T14315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 339.000954][T14315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 339.136473][T14315] team0: Port device team_slave_0 added [ 339.192285][T14315] team0: Port device team_slave_1 added [ 339.417280][T14315] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 339.433973][T14315] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 339.510436][T14315] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 339.548843][T11635] hsr_slave_0: left promiscuous mode [ 339.573727][T11635] hsr_slave_1: left promiscuous mode [ 339.596276][T11635] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 339.606457][T11635] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 339.620944][T11635] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 339.635877][T11635] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 339.682758][T11635] veth1_macvtap: left promiscuous mode [ 339.695299][T11635] veth0_macvtap: left promiscuous mode [ 339.706937][T11635] veth1_vlan: left promiscuous mode [ 339.716274][T11635] veth0_vlan: left promiscuous mode [ 340.127981][ T53] Bluetooth: hci1: command tx timeout [ 340.547126][T11635] team0 (unregistering): Port device team_slave_1 removed [ 340.603284][T11635] team0 (unregistering): Port device team_slave_0 removed [ 340.651338][T14444] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 341.138596][T14315] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 341.145736][T14315] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 341.193872][T14315] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 341.234405][T14444] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 341.251848][T14445] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 341.276732][T14451] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 341.341156][T14446] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 341.370062][T14315] hsr_slave_0: entered promiscuous mode [ 341.408817][T14315] hsr_slave_1: entered promiscuous mode [ 341.453406][T14447] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 341.915875][T14477] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 342.008873][T14482] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 342.017726][T14482] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 342.031028][T14482] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 342.040489][T14482] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 342.050108][T14482] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 342.198142][ T53] Bluetooth: hci1: command tx timeout [ 342.456905][T14315] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 342.474153][T14315] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 342.501604][T14315] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 342.516176][T14315] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 342.558792][T14510] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 342.644070][T14512] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 342.795215][T14315] 8021q: adding VLAN 0 to HW filter on device bond0 [ 342.845729][T14315] 8021q: adding VLAN 0 to HW filter on device team0 [ 342.867223][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 342.874524][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 342.912746][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 342.920097][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 343.002629][T14315] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 343.403686][T14315] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 343.527399][T14556] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 343.528559][T14315] veth0_vlan: entered promiscuous mode [ 343.587214][T14315] veth1_vlan: entered promiscuous mode [ 343.675257][T14315] veth0_macvtap: entered promiscuous mode [ 343.693506][T14315] veth1_macvtap: entered promiscuous mode [ 343.721823][T14315] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 343.752098][T14315] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.771319][T14315] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 343.802836][T14315] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.816206][T14315] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 343.827343][T14315] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.856970][T14315] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 343.874212][T14315] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.889748][T14315] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 343.901676][T14315] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 343.915049][T14315] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.929036][T14315] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 343.968062][T14315] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.987998][T14315] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 344.007882][T14315] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.020476][T14315] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 344.035195][T14315] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.059839][T14315] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 344.096457][T14315] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.108304][T14315] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.117270][T14315] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.130109][T14315] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.281225][ T53] Bluetooth: hci1: command tx timeout [ 344.377048][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 344.380177][T14597] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 344.405212][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 344.504644][T11646] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 344.523345][T11646] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 345.962213][ T5126] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 345.972833][ T5126] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 345.982494][ T5126] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 345.994802][ T5126] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 346.002864][ T5126] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 346.015848][ T5126] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 346.551235][T14701] validate_nla: 29 callbacks suppressed [ 346.551257][T14701] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 346.574348][T14698] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 346.584062][T14701] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 346.608243][T14701] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 346.617397][T14701] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 346.632951][T14701] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 346.692184][T14673] chnl_net:caif_netlink_parms(): no params data found [ 346.963854][T11646] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 347.069058][T14673] bridge0: port 1(bridge_slave_0) entered blocking state [ 347.088670][T14673] bridge0: port 1(bridge_slave_0) entered disabled state [ 347.096025][T14673] bridge_slave_0: entered allmulticast mode [ 347.119705][T14673] bridge_slave_0: entered promiscuous mode [ 347.140655][T14673] bridge0: port 2(bridge_slave_1) entered blocking state [ 347.148226][T14673] bridge0: port 2(bridge_slave_1) entered disabled state [ 347.155525][T14673] bridge_slave_1: entered allmulticast mode [ 347.179637][T14673] bridge_slave_1: entered promiscuous mode [ 347.280492][T14673] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 347.295846][T14673] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 347.305620][T14731] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 347.430187][T14673] team0: Port device team_slave_0 added [ 347.455692][T14738] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 347.479755][T14673] team0: Port device team_slave_1 added [ 347.485755][T14738] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 347.576987][T14738] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 347.615361][T14673] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 347.624705][T14673] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 347.656296][T14673] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 347.696550][T14741] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 347.715343][T14673] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 347.728691][T14673] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 347.756214][T14673] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 347.824065][T14738] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 347.857993][ T53] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 347.881435][ T53] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 347.891491][ T53] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 347.915267][ T53] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 347.924936][ T53] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 347.932951][ T53] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 348.023055][T14673] hsr_slave_0: entered promiscuous mode [ 348.030703][T14673] hsr_slave_1: entered promiscuous mode [ 348.039157][ T5126] Bluetooth: hci1: command tx timeout [ 348.045715][T14673] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 348.053836][T14673] Cannot create hsr debugfs directory [ 348.342011][T14673] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 348.370286][T14673] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.428454][T14763] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 348.529677][T14673] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 348.550164][T14673] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.614261][T11646] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.733270][T14673] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 348.751660][T14673] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.814896][T11646] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.913748][T14673] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 348.925587][T14673] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.024150][T11646] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.084381][T14789] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 349.369604][T14673] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 349.387330][T14673] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 349.400871][T11646] bridge_slave_1: left allmulticast mode [ 349.406808][T11646] bridge_slave_1: left promiscuous mode [ 349.415223][T11646] bridge0: port 2(bridge_slave_1) entered disabled state [ 349.426730][T11646] bridge_slave_0: left allmulticast mode [ 349.445944][T11646] bridge_slave_0: left promiscuous mode [ 349.461737][T11646] bridge0: port 1(bridge_slave_0) entered disabled state [ 349.895913][T11646] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 349.907670][T11646] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 349.924526][T11646] bond0 (unregistering): Released all slaves [ 349.942890][T14673] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 349.964644][T14673] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 350.038003][ T5126] Bluetooth: hci3: command tx timeout [ 350.104277][T14747] chnl_net:caif_netlink_parms(): no params data found [ 350.118906][ T5126] Bluetooth: hci1: command tx timeout [ 350.306886][T14820] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 350.661189][T14747] bridge0: port 1(bridge_slave_0) entered blocking state [ 350.686773][T14747] bridge0: port 1(bridge_slave_0) entered disabled state [ 350.719130][T14747] bridge_slave_0: entered allmulticast mode [ 350.726793][T14747] bridge_slave_0: entered promiscuous mode [ 350.747616][T14747] bridge0: port 2(bridge_slave_1) entered blocking state [ 350.756232][T14747] bridge0: port 2(bridge_slave_1) entered disabled state [ 350.763794][T14747] bridge_slave_1: entered allmulticast mode [ 350.771997][T14747] bridge_slave_1: entered promiscuous mode [ 350.783686][T11646] hsr_slave_0: left promiscuous mode [ 350.790200][T11646] hsr_slave_1: left promiscuous mode [ 350.796724][T11646] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 350.805975][T11646] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 350.815515][T11646] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 350.823646][T11646] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 350.851007][T11646] veth1_macvtap: left promiscuous mode [ 350.856716][T11646] veth0_macvtap: left promiscuous mode [ 350.863432][T11646] veth1_vlan: left promiscuous mode [ 350.868867][T11646] veth0_vlan: left promiscuous mode [ 351.448397][T11646] team0 (unregistering): Port device team_slave_1 removed [ 351.502452][T11646] team0 (unregistering): Port device team_slave_0 removed [ 352.106874][T14837] validate_nla: 12 callbacks suppressed [ 352.106898][T14837] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 352.118133][ T5126] Bluetooth: hci3: command tx timeout [ 352.147084][T14747] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 352.162611][T14673] 8021q: adding VLAN 0 to HW filter on device bond0 [ 352.172540][T14747] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 352.198497][ T5126] Bluetooth: hci1: command tx timeout [ 352.344910][T14747] team0: Port device team_slave_0 added [ 352.358436][T14852] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 352.403935][T14673] 8021q: adding VLAN 0 to HW filter on device team0 [ 352.426544][T14747] team0: Port device team_slave_1 added [ 352.458858][ T5199] bridge0: port 1(bridge_slave_0) entered blocking state [ 352.466044][ T5199] bridge0: port 1(bridge_slave_0) entered forwarding state [ 352.552051][ T5199] bridge0: port 2(bridge_slave_1) entered blocking state [ 352.559375][ T5199] bridge0: port 2(bridge_slave_1) entered forwarding state [ 352.598985][T14747] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 352.605985][T14747] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 352.671008][T14747] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 352.719113][T14747] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 352.726118][T14747] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 352.753808][T14747] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 352.906017][T14747] hsr_slave_0: entered promiscuous mode [ 352.926906][T14747] hsr_slave_1: entered promiscuous mode [ 353.011479][T14873] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 353.026494][T14673] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 353.050144][T14875] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 353.060560][T14873] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 353.131755][T14876] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 353.145765][T14873] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 353.182945][T14873] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 353.398736][T14673] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 353.610161][T14673] veth0_vlan: entered promiscuous mode [ 353.638920][T14673] veth1_vlan: entered promiscuous mode [ 353.729713][T14673] veth0_macvtap: entered promiscuous mode [ 353.757621][T14673] veth1_macvtap: entered promiscuous mode [ 353.776971][T14901] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 353.852417][T14673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 353.866508][T14673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.878483][T14673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 353.896010][T14905] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 353.909026][T14673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.919666][T14673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 353.930598][T14673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.941136][T14673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 353.952308][T14673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.973053][T14673] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 353.986838][T14673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 353.997476][T14673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 354.019390][T14673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 354.041471][T14673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 354.054679][T14673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 354.065406][T14673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 354.075516][T14673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 354.087037][T14673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 354.109791][T14673] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 354.146520][T14905] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 354.176629][T14673] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.198590][ T5126] Bluetooth: hci3: command tx timeout [ 354.207468][T14673] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.219203][T14673] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.230882][T14673] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.256192][T14908] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 354.274626][T14747] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 354.282349][ T5126] Bluetooth: hci1: command tx timeout [ 354.295809][T14911] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 354.305491][T14747] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 354.317022][T14747] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 354.381156][T14747] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 354.530043][ T1035] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 354.552302][ T1035] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 354.656035][T11630] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 354.684290][T11630] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 354.780933][T14747] 8021q: adding VLAN 0 to HW filter on device bond0 [ 354.833242][T14933] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 354.866446][T14747] 8021q: adding VLAN 0 to HW filter on device team0 [ 354.901713][ T785] bridge0: port 1(bridge_slave_0) entered blocking state [ 354.909077][ T785] bridge0: port 1(bridge_slave_0) entered forwarding state [ 354.981688][ T785] bridge0: port 2(bridge_slave_1) entered blocking state [ 354.988937][ T785] bridge0: port 2(bridge_slave_1) entered forwarding state [ 355.294569][T14959] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 355.453816][T14747] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 355.498741][T14968] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 355.566429][T14747] veth0_vlan: entered promiscuous mode [ 355.614237][T14747] veth1_vlan: entered promiscuous mode [ 355.722029][T14747] veth0_macvtap: entered promiscuous mode [ 355.761037][T14747] veth1_macvtap: entered promiscuous mode [ 355.809654][T14747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 355.836738][T14747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.847615][T14747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 355.862765][T14747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.872771][T14747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 355.884333][T14747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.904329][T14747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 355.924649][T14747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.937474][T14747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 355.948946][T14747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.967046][T14747] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 356.019234][T14747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 356.045335][T14747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 356.065663][T14747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 356.076478][T14747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 356.090785][T14747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 356.115069][T14747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 356.126211][T14747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 356.139892][T14747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 356.150535][T14747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 356.161329][T14747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 356.174419][T14747] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 356.188328][T14994] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 356.209738][T14992] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 356.250985][T14747] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 356.266627][T14747] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 356.288575][ T5126] Bluetooth: hci3: command tx timeout [ 356.297936][T14747] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 356.314994][T14747] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 356.548305][T11646] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 356.556301][T11646] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 356.617576][T11646] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 356.634526][T11646] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 356.838611][T15021] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 356.883236][T15018] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 357.125759][T15037] validate_nla: 31 callbacks suppressed [ 357.125781][T15037] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 357.166100][T15037] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 357.184537][T15037] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 357.207044][T15037] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 357.218498][T15037] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 357.418196][T15051] __nla_validate_parse: 2 callbacks suppressed [ 357.418220][T15051] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 357.530326][T15058] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 357.683754][T15068] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 357.688173][T15069] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 357.706749][T15069] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 357.755079][T15069] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 357.779101][T15069] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 357.793890][T15069] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 357.835196][T15075] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 358.023884][T15084] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 358.076031][T15088] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 358.187070][T15093] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 358.330722][T15100] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 358.515164][T15111] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 358.640437][T15119] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 358.794210][T11635] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.034917][ T53] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 360.047122][ T53] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 360.067595][ T53] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 360.089887][ T53] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 360.098576][ T53] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 360.110452][ T5120] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 360.123591][ T5120] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 360.136950][ T5120] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 360.155380][ T5126] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 360.166491][ T5126] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 360.178744][ T5126] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 360.188403][ T5126] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 360.295535][T11635] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.469807][T11635] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.599018][T15210] Cannot find set identified by id 0 to match [ 360.627040][T11635] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.966440][T11635] bridge_slave_1: left allmulticast mode [ 360.979897][T11635] bridge_slave_1: left promiscuous mode [ 360.985766][T11635] bridge0: port 2(bridge_slave_1) entered disabled state [ 361.083010][T11635] bridge_slave_0: left allmulticast mode [ 361.110442][T11635] bridge_slave_0: left promiscuous mode [ 361.148953][T11635] bridge0: port 1(bridge_slave_0) entered disabled state [ 362.212362][ T5126] Bluetooth: hci3: command tx timeout [ 362.286003][ T5126] Bluetooth: hci5: command tx timeout [ 362.336129][T11635] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 362.349970][T11635] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 362.362948][T11635] bond0 (unregistering): Released all slaves [ 362.389090][T15246] validate_nla: 21 callbacks suppressed [ 362.389112][T15246] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 362.790003][T15293] __nla_validate_parse: 4 callbacks suppressed [ 362.790024][T15293] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 362.907570][T15303] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 362.985548][T15303] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 362.998779][T15305] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 363.095687][T15303] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 363.113124][T15305] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 363.142177][T15187] chnl_net:caif_netlink_parms(): no params data found [ 363.249907][T15312] netlink: 16178 bytes leftover after parsing attributes in process `syz-executor.1'. [ 363.435814][T15193] chnl_net:caif_netlink_parms(): no params data found [ 363.515630][T11635] hsr_slave_0: left promiscuous mode [ 363.525494][T11635] hsr_slave_1: left promiscuous mode [ 363.546643][T11635] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 363.563774][T11635] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 363.600163][T11635] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 363.623974][T11635] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 363.717030][T11635] veth1_macvtap: left promiscuous mode [ 363.749090][T11635] veth0_macvtap: left promiscuous mode [ 363.754945][T11635] veth1_vlan: left promiscuous mode [ 363.775118][T11635] veth0_vlan: left promiscuous mode [ 363.802561][T15343] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 363.847513][T15346] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 364.280539][ T5126] Bluetooth: hci3: command tx timeout [ 364.364576][ T5126] Bluetooth: hci5: command tx timeout [ 364.702359][T11635] team0 (unregistering): Port device team_slave_1 removed [ 364.774682][T11635] team0 (unregistering): Port device team_slave_0 removed [ 365.263109][T15378] netlink: 16178 bytes leftover after parsing attributes in process `syz-executor.2'. [ 365.461356][T15346] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 365.693325][T15187] bridge0: port 1(bridge_slave_0) entered blocking state [ 365.710469][T15187] bridge0: port 1(bridge_slave_0) entered disabled state [ 365.718677][T15187] bridge_slave_0: entered allmulticast mode [ 365.726900][T15187] bridge_slave_0: entered promiscuous mode [ 365.848574][T15187] bridge0: port 2(bridge_slave_1) entered blocking state [ 365.868374][T15187] bridge0: port 2(bridge_slave_1) entered disabled state [ 365.898357][T15187] bridge_slave_1: entered allmulticast mode [ 365.919565][T15187] bridge_slave_1: entered promiscuous mode [ 366.033416][T15193] bridge0: port 1(bridge_slave_0) entered blocking state [ 366.074106][T15193] bridge0: port 1(bridge_slave_0) entered disabled state [ 366.084439][T15193] bridge_slave_0: entered allmulticast mode [ 366.099845][T15193] bridge_slave_0: entered promiscuous mode [ 366.163793][T15193] bridge0: port 2(bridge_slave_1) entered blocking state [ 366.172525][T15193] bridge0: port 2(bridge_slave_1) entered disabled state [ 366.188357][T15193] bridge_slave_1: entered allmulticast mode [ 366.195867][T15193] bridge_slave_1: entered promiscuous mode [ 366.221243][T15414] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 366.292318][T15418] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 366.299823][T15187] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 366.334457][T15419] netlink: 16178 bytes leftover after parsing attributes in process `syz-executor.3'. [ 366.346086][T15187] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 366.363324][ T5126] Bluetooth: hci3: command tx timeout [ 366.395904][T15193] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 366.408433][T15418] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 366.438047][ T5126] Bluetooth: hci5: command tx timeout [ 366.492496][T15423] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 366.503271][T15187] team0: Port device team_slave_0 added [ 366.516256][T15193] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 366.563676][T15193] team0: Port device team_slave_0 added [ 366.601297][T15187] team0: Port device team_slave_1 added [ 366.707272][T15193] team0: Port device team_slave_1 added [ 366.853291][T15193] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 366.896345][T15193] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 366.947704][T15193] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 366.970678][T15187] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 366.979261][T15187] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 367.014304][T15187] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 367.028533][T15193] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 367.036170][T15193] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 367.063250][T15193] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 367.079293][T15187] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 367.087395][T15187] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 367.123976][T15187] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 367.172910][T15453] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 367.316225][T15187] hsr_slave_0: entered promiscuous mode [ 367.334697][T15187] hsr_slave_1: entered promiscuous mode [ 367.415276][T15193] hsr_slave_0: entered promiscuous mode [ 367.440966][T15193] hsr_slave_1: entered promiscuous mode [ 367.468837][T15193] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 367.476474][T15193] Cannot create hsr debugfs directory [ 367.995653][T15469] validate_nla: 3 callbacks suppressed [ 367.995677][T15469] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 368.062067][T15469] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 368.078425][T15470] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 368.203705][T15187] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 368.231831][T15187] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.259270][T15469] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 368.278917][T15470] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 368.438167][ T5126] Bluetooth: hci3: command tx timeout [ 368.439445][T15187] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 368.478002][T15187] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.518435][ T5126] Bluetooth: hci5: command tx timeout [ 368.568129][T15482] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 368.711710][T15187] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 368.724825][T15187] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.877129][T15187] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 368.888742][T15187] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 369.177448][T15511] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 369.196440][T15187] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 369.212245][T15511] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 369.221871][T15187] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 369.239187][T15187] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 369.262504][T15512] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 369.290597][T15187] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 369.313751][T15511] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 369.332765][T15512] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 369.457221][T15516] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 369.622157][T15187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 369.849608][T15187] 8021q: adding VLAN 0 to HW filter on device team0 [ 369.917473][ T5165] bridge0: port 1(bridge_slave_0) entered blocking state [ 369.924885][ T5165] bridge0: port 1(bridge_slave_0) entered forwarding state [ 369.964557][T15193] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 369.988979][T15193] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 370.055197][T15193] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 370.068463][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 370.075724][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 370.095432][T15193] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 370.234312][T15543] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 370.234931][T15187] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 370.386362][T15554] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 370.537689][T15193] 8021q: adding VLAN 0 to HW filter on device bond0 [ 370.620216][T15193] 8021q: adding VLAN 0 to HW filter on device team0 [ 370.647113][ T5167] bridge0: port 1(bridge_slave_0) entered blocking state [ 370.654428][ T5167] bridge0: port 1(bridge_slave_0) entered forwarding state [ 370.720148][ T5168] bridge0: port 2(bridge_slave_1) entered blocking state [ 370.727346][ T5168] bridge0: port 2(bridge_slave_1) entered forwarding state [ 370.808776][T15187] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 371.279778][T15193] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 371.427501][T15562] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 371.446089][T15187] veth0_vlan: entered promiscuous mode [ 371.517292][T15187] veth1_vlan: entered promiscuous mode [ 371.584147][T15193] veth0_vlan: entered promiscuous mode [ 371.616459][T15605] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 371.665681][T15193] veth1_vlan: entered promiscuous mode [ 371.755210][T15187] veth0_macvtap: entered promiscuous mode [ 371.782270][T15187] veth1_macvtap: entered promiscuous mode [ 371.867920][T15187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 371.890836][T15187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 371.903679][T15187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 371.915004][T15187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 371.926280][T15187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 371.937089][T15187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 371.947611][T15187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 371.959328][T15187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 371.970033][T15187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 371.981065][T15187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.005028][T15187] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 372.060807][T15187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 372.093091][T15187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.110904][T15187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 372.138934][T15187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.159456][T15187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 372.187972][T15187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.220305][T15187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 372.258000][T15187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.279333][T15187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 372.293971][T15187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.310704][T15187] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 372.332507][T15193] veth0_macvtap: entered promiscuous mode [ 372.363781][T15187] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 372.373373][T15187] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 372.383007][T15187] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 372.403552][T15187] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 372.435281][T15193] veth1_macvtap: entered promiscuous mode [ 372.547460][T15193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 372.576414][T15193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.596942][T15193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 372.619169][T15193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.639757][T15193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 372.665879][T15193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.686307][T15193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 372.710460][T15193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.723201][T15193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 372.735109][T15193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.745894][T15193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 372.757182][T15193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.774279][T15193] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 372.900335][T15193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 372.925755][T15193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.937558][T15193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 372.949293][T15193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.959694][T15193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 372.971281][T15193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.983398][T15193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 373.004514][T15193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 373.017488][T15193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 373.031587][T15193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 373.041774][T15193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 373.052423][T15193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 373.079703][T15193] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 373.120431][T15193] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 373.152755][T15193] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 373.181303][T15193] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 373.203049][T15193] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 373.233362][T15644] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 373.261571][T15647] netlink: 172 bytes leftover after parsing attributes in process `syz-executor.2'. [ 373.285029][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 373.317036][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 373.340101][T15647] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 373.367126][T15650] validate_nla: 15 callbacks suppressed [ 373.367148][T15650] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 373.421192][T15647] bridge_slave_1: left allmulticast mode [ 373.430818][T15647] bridge_slave_1: left promiscuous mode [ 373.445617][T15647] bridge0: port 2(bridge_slave_1) entered disabled state [ 373.465201][T15650] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 373.476141][T15653] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 373.508796][T11639] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 373.526538][T15650] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 373.538574][T11639] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 373.573724][T15653] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 373.619248][T11635] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 373.650897][T11635] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 373.826335][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 373.861024][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 374.235013][T15684] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 374.331480][T15692] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 374.342954][T15692] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 374.370803][T15692] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 374.394890][T15692] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 374.424384][T15692] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 374.565425][ T29] audit: type=1804 audit(1718733720.875:11): pid=15702 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir2061906427/syzkaller.LOfDfL/95/cgroup.controllers" dev="sda1" ino=1938 res=1 errno=0 [ 375.003582][T15724] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 375.593828][T15753] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 375.942771][T15778] netlink: 184 bytes leftover after parsing attributes in process `syz-executor.4'. [ 376.014553][ T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 376.049671][ T29] audit: type=1804 audit(1718733722.355:12): pid=15780 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2017736096/syzkaller.Elg5rb/744/cgroup.controllers" dev="sda1" ino=1959 res=1 errno=0 [ 376.448301][T15796] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 376.624408][ T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 376.813737][ T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 377.046897][ T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 377.180605][ T5129] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 377.195837][ T5129] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 377.204921][ T5129] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 377.213450][ T5129] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 377.222917][ T5129] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 377.230496][ T5129] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 377.479848][T15837] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 377.668375][ T35] bridge_slave_1: left allmulticast mode [ 377.674102][ T35] bridge_slave_1: left promiscuous mode [ 377.694058][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 377.708639][ T29] audit: type=1804 audit(1718733724.015:13): pid=15846 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2017736096/syzkaller.Elg5rb/748/cgroup.controllers" dev="sda1" ino=1958 res=1 errno=0 [ 377.779159][ T35] bridge_slave_0: left allmulticast mode [ 377.784905][ T35] bridge_slave_0: left promiscuous mode [ 377.791271][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 378.518787][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 378.533475][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 378.548597][ T35] bond0 (unregistering): Released all slaves [ 378.564371][T15845] validate_nla: 17 callbacks suppressed [ 378.564392][T15845] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 378.602452][T15859] bond0: (slave macvlan2): Error -98 calling set_mac_address [ 378.960719][T15881] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 379.201141][T15893] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 379.212020][T15892] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 379.224839][T15893] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 379.245374][T15894] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 379.318244][ T5126] Bluetooth: hci5: command tx timeout [ 379.335599][T15891] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 379.365870][T15894] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 379.435296][ T29] audit: type=1804 audit(1718733725.745:14): pid=15901 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2017736096/syzkaller.Elg5rb/752/cgroup.controllers" dev="sda1" ino=1962 res=1 errno=0 [ 379.503206][T15891] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 379.520608][T15902] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 379.529697][T15891] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 379.561333][ T35] hsr_slave_0: left promiscuous mode [ 379.579266][ T35] hsr_slave_1: left promiscuous mode [ 379.595651][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 379.604227][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 379.615367][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 379.626637][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 379.675317][ T35] veth1_macvtap: left promiscuous mode [ 379.692212][ T35] veth0_macvtap: left promiscuous mode [ 379.703295][ T35] veth1_vlan: left promiscuous mode [ 379.713025][ T35] veth0_vlan: left promiscuous mode [ 380.250549][T15916] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 380.261958][T15916] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 380.472098][ T35] team0 (unregistering): Port device team_slave_1 removed [ 380.560822][ T35] team0 (unregistering): Port device team_slave_0 removed [ 380.859388][T15933] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 381.223953][T15891] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 381.235628][T15904] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 381.262559][T15911] team0: Device macsec1 is already an upper device of the team interface [ 381.334446][T15891] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 381.350944][T15891] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 381.400318][ T5126] Bluetooth: hci5: command tx timeout [ 381.417880][T15891] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 381.539274][T15819] chnl_net:caif_netlink_parms(): no params data found [ 381.820650][T15819] bridge0: port 1(bridge_slave_0) entered blocking state [ 381.836699][T15819] bridge0: port 1(bridge_slave_0) entered disabled state [ 381.866824][T15819] bridge_slave_0: entered allmulticast mode [ 381.886623][T15819] bridge_slave_0: entered promiscuous mode [ 381.886827][T15965] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 381.909458][T15965] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 381.919832][T15819] bridge0: port 2(bridge_slave_1) entered blocking state [ 381.928424][T15819] bridge0: port 2(bridge_slave_1) entered disabled state [ 381.937540][T15819] bridge_slave_1: entered allmulticast mode [ 381.946573][T15819] bridge_slave_1: entered promiscuous mode [ 382.019753][T15965] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 382.037747][T15819] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 382.072143][T15819] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 382.114258][T15969] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 382.151532][T15970] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 382.181372][T15819] team0: Port device team_slave_0 added [ 382.203042][T15819] team0: Port device team_slave_1 added [ 382.316841][T15819] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 382.328164][T15819] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 382.362265][T15819] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 382.456328][T15819] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 382.476974][T15819] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 382.522398][T15819] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 382.699518][T15819] hsr_slave_0: entered promiscuous mode [ 382.714651][T15819] hsr_slave_1: entered promiscuous mode [ 382.722555][T15819] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 382.751497][T15819] Cannot create hsr debugfs directory [ 383.125651][T16013] sock: sock_timestamping_bind_phc: sock not bind to device [ 383.478032][ T5126] Bluetooth: hci5: command tx timeout [ 383.575064][T16035] validate_nla: 5 callbacks suppressed [ 383.575090][T16035] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 383.684799][T16035] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 383.731651][T16040] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 383.747929][T15819] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 383.803914][T15819] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 383.831704][T16035] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 383.859042][T16045] IPVS: dh: SCTP 172.20.20.170:0 - no destination available [ 383.867279][T16040] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 383.896334][T15819] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 383.925707][T15819] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 384.103163][T16058] sock: sock_timestamping_bind_phc: sock not bind to device [ 384.212384][T15819] 8021q: adding VLAN 0 to HW filter on device bond0 [ 384.295126][T15819] 8021q: adding VLAN 0 to HW filter on device team0 [ 384.333543][ T5196] bridge0: port 1(bridge_slave_0) entered blocking state [ 384.340840][ T5196] bridge0: port 1(bridge_slave_0) entered forwarding state [ 384.377074][ T5196] bridge0: port 2(bridge_slave_1) entered blocking state [ 384.384389][ T5196] bridge0: port 2(bridge_slave_1) entered forwarding state [ 384.704602][T16077] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 384.732884][T16077] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 384.742763][T16079] __nla_validate_parse: 15 callbacks suppressed [ 384.742784][T16079] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 384.798155][T16080] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 384.808761][T16077] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 384.860857][T16077] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 385.039699][T16093] sock: sock_timestamping_bind_phc: sock not bind to device [ 385.139428][T15819] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 385.304581][T15819] veth0_vlan: entered promiscuous mode [ 385.361333][T15819] veth1_vlan: entered promiscuous mode [ 385.405143][T16111] IPVS: dh: SCTP 172.20.20.170:0 - no destination available [ 385.492702][T15819] veth0_macvtap: entered promiscuous mode [ 385.527821][T15819] veth1_macvtap: entered promiscuous mode [ 385.568304][ T5126] Bluetooth: hci5: command tx timeout [ 385.616437][T15819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.657464][T15819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.678968][T15819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.696950][T15819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.713308][T15819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.725760][T15819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.744669][T15819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.756513][T15819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.773156][T15819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.784726][T15819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.795458][T15819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.806884][T15819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.828329][T15819] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 385.876423][T15819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 385.897923][T15819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.914577][T15819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 385.943327][T15819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.958076][T15819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 385.979392][T15819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.994247][T15819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 386.008063][T15819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.023613][T15819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 386.035362][T15819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.046876][T15819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 386.057814][T15819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.069607][T16133] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 386.090058][T15819] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 386.104366][T15819] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 386.115297][T15819] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 386.137181][T15819] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 386.146673][T15819] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 386.347660][T16140] sock: sock_timestamping_bind_phc: sock not bind to device [ 386.355373][T11639] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 386.404543][T11639] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 386.498213][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 386.524154][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 386.939711][T16168] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 387.240560][T16180] sock: sock_timestamping_bind_phc: sock not bind to device [ 387.627182][T16204] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 388.128676][T16231] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 388.474058][T16251] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 389.192033][ T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.362396][T16293] validate_nla: 20 callbacks suppressed [ 389.362420][T16293] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 389.391764][T16293] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 389.419349][T16293] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 389.458640][T16293] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 389.492629][T16293] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 389.576276][T16300] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 389.862152][ T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.093672][ T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.273297][ T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.397405][ T5129] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 390.410100][ T5129] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 390.434440][ T5129] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 390.444129][ T5129] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 390.455836][ T5129] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 390.464259][ T5129] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 390.528217][ T35] bridge_slave_1: left allmulticast mode [ 390.535526][ T35] bridge_slave_1: left promiscuous mode [ 390.558936][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 390.622463][ T35] bridge_slave_0: left allmulticast mode [ 390.645002][ T35] bridge_slave_0: left promiscuous mode [ 390.668331][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 390.929854][T16340] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 391.406895][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 391.426406][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 391.443002][ T35] bond0 (unregistering): Released all slaves [ 391.479179][T16340] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 391.497645][T16343] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 391.523668][T16345] ================================================================== [ 391.531802][T16345] BUG: KASAN: slab-out-of-bounds in cfg80211_wext_freq+0x1f9/0x240 [ 391.539765][T16345] Read of size 2 at addr ffff888025919d40 by task syz-executor.4/16345 [ 391.548040][T16345] [ 391.550397][T16345] CPU: 0 PID: 16345 Comm: syz-executor.4 Not tainted 6.10.0-rc2-syzkaller-00249-gbe27b8965297 #0 [ 391.560936][T16345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 391.571035][T16345] Call Trace: [ 391.574345][T16345] [ 391.577305][T16345] dump_stack_lvl+0x241/0x360 [ 391.582036][T16345] ? __pfx_dump_stack_lvl+0x10/0x10 [ 391.587291][T16345] ? __pfx__printk+0x10/0x10 [ 391.591933][T16345] ? _printk+0xd5/0x120 [ 391.596138][T16345] ? __virt_addr_valid+0x183/0x520 [ 391.601300][T16345] ? __virt_addr_valid+0x183/0x520 [ 391.606463][T16345] print_report+0x169/0x550 [ 391.611011][T16345] ? __virt_addr_valid+0x183/0x520 [ 391.616169][T16345] ? __virt_addr_valid+0x183/0x520 [ 391.621321][T16345] ? __virt_addr_valid+0x44e/0x520 [ 391.626477][T16345] ? __phys_addr+0xba/0x170 [ 391.631050][T16345] ? cfg80211_wext_freq+0x1f9/0x240 [ 391.636303][T16345] kasan_report+0x143/0x180 [ 391.640862][T16345] ? cfg80211_wext_freq+0x1f9/0x240 [ 391.646125][T16345] cfg80211_wext_freq+0x1f9/0x240 [ 391.651196][T16345] cfg80211_wext_siwscan+0x4fd/0x10d0 [ 391.656634][T16345] ioctl_standard_iw_point+0x788/0xcb0 [ 391.662150][T16345] ? do_raw_spin_unlock+0x13c/0x8b0 [ 391.667403][T16345] ? __pfx_cfg80211_wext_siwscan+0x10/0x10 [ 391.673270][T16345] ? __pfx_ioctl_standard_iw_point+0x10/0x10 [ 391.679292][T16345] ? __mutex_lock+0x527/0xd70 [ 391.684019][T16345] ? wext_ioctl_dispatch+0x106/0x640 [ 391.689347][T16345] ? __pfx___mutex_lock+0x10/0x10 [ 391.694402][T16345] ? full_name_hash+0x93/0xe0 [ 391.699114][T16345] ioctl_standard_call+0xc7/0x290 [ 391.704183][T16345] ? __pfx_cfg80211_wext_siwscan+0x10/0x10 [ 391.710015][T16345] ? __pfx_cfg80211_wext_siwscan+0x10/0x10 [ 391.715842][T16345] wext_ioctl_dispatch+0x58e/0x640 [ 391.720983][T16345] ? __pfx_ioctl_standard_call+0x10/0x10 [ 391.726675][T16345] ? __pfx_ioctl_private_call+0x10/0x10 [ 391.732241][T16345] ? __pfx_wext_ioctl_dispatch+0x10/0x10 [ 391.737908][T16345] ? __might_fault+0xc6/0x120 [ 391.742623][T16345] wext_handle_ioctl+0x15f/0x270 [ 391.747585][T16345] ? __pfx_wext_handle_ioctl+0x10/0x10 [ 391.753066][T16345] sock_ioctl+0x17f/0x8e0 [ 391.757402][T16345] ? __pfx_sock_ioctl+0x10/0x10 [ 391.762261][T16345] ? __fget_files+0x29/0x470 [ 391.766859][T16345] ? __fget_files+0x3f6/0x470 [ 391.771559][T16345] ? __fget_files+0x29/0x470 [ 391.776169][T16345] ? bpf_lsm_file_ioctl+0x9/0x10 [ 391.781113][T16345] ? security_file_ioctl+0x87/0xb0 [ 391.786234][T16345] ? __pfx_sock_ioctl+0x10/0x10 [ 391.791092][T16345] __se_sys_ioctl+0xfc/0x170 [ 391.795690][T16345] do_syscall_64+0xf3/0x230 [ 391.800199][T16345] ? clear_bhb_loop+0x35/0x90 [ 391.804882][T16345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 391.810808][T16345] RIP: 0033:0x7fb58e27cf29 [ 391.815232][T16345] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 391.834843][T16345] RSP: 002b:00007fb58f0170c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 391.843271][T16345] RAX: ffffffffffffffda RBX: 00007fb58e3b3f80 RCX: 00007fb58e27cf29 [ 391.851258][T16345] RDX: 0000000020000000 RSI: 0000000000008b18 RDI: 0000000000000007 [ 391.859229][T16345] RBP: 00007fb58e2ec074 R08: 0000000000000000 R09: 0000000000000000 [ 391.867203][T16345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 391.875199][T16345] R13: 000000000000000b R14: 00007fb58e3b3f80 R15: 00007fff52da92c8 [ 391.883188][T16345] [ 391.886207][T16345] [ 391.888531][T16345] Allocated by task 16345: [ 391.892938][T16345] kasan_save_track+0x3f/0x80 [ 391.897622][T16345] __kasan_kmalloc+0x98/0xb0 [ 391.902219][T16345] __kmalloc_noprof+0x1f9/0x400 [ 391.907076][T16345] ioctl_standard_iw_point+0x4ae/0xcb0 [ 391.912549][T16345] ioctl_standard_call+0xc7/0x290 [ 391.917584][T16345] wext_ioctl_dispatch+0x58e/0x640 [ 391.922704][T16345] wext_handle_ioctl+0x15f/0x270 [ 391.927644][T16345] sock_ioctl+0x17f/0x8e0 [ 391.931985][T16345] __se_sys_ioctl+0xfc/0x170 [ 391.936579][T16345] do_syscall_64+0xf3/0x230 [ 391.941083][T16345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 391.946976][T16345] [ 391.949296][T16345] The buggy address belongs to the object at ffff888025919c00 [ 391.949296][T16345] which belongs to the cache kmalloc-512 of size 512 [ 391.963350][T16345] The buggy address is located 4 bytes to the right of [ 391.963350][T16345] allocated 316-byte region [ffff888025919c00, ffff888025919d3c) [ 391.977854][T16345] [ 391.980200][T16345] The buggy address belongs to the physical page: [ 391.986622][T16345] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25918 [ 391.995384][T16345] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 392.003893][T16345] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 392.011467][T16345] page_type: 0xffffefff(slab) [ 392.016145][T16345] raw: 00fff00000000040 ffff888015041c80 dead000000000100 dead000000000122 [ 392.024748][T16345] raw: 0000000000000000 0000000080100010 00000001ffffefff 0000000000000000 [ 392.033363][T16345] head: 00fff00000000040 ffff888015041c80 dead000000000100 dead000000000122 [ 392.042039][T16345] head: 0000000000000000 0000000080100010 00000001ffffefff 0000000000000000 [ 392.050735][T16345] head: 00fff00000000002 ffffea0000964601 ffffffffffffffff 0000000000000000 [ 392.059414][T16345] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 392.068080][T16345] page dumped because: kasan: bad access detected [ 392.074502][T16345] page_owner tracks the page as allocated [ 392.080232][T16345] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4559, tgid 4559 (udevadm), ts 34536992052, free_ts 34535933921 [ 392.101185][T16345] post_alloc_hook+0x1f3/0x230 [ 392.105985][T16345] get_page_from_freelist+0x2e2d/0x2ee0 [ 392.111538][T16345] __alloc_pages_noprof+0x256/0x6c0 [ 392.116755][T16345] alloc_slab_page+0x5f/0x120 [ 392.121434][T16345] allocate_slab+0x5a/0x2e0 [ 392.125935][T16345] ___slab_alloc+0xcd1/0x14b0 [ 392.130610][T16345] __slab_alloc+0x58/0xa0 [ 392.134936][T16345] kmalloc_trace_noprof+0x1d5/0x2c0 [ 392.140131][T16345] kernfs_fop_open+0x3e0/0xd10 [ 392.144898][T16345] do_dentry_open+0x95a/0x1720 [ 392.149687][T16345] path_openat+0x289f/0x3280 [ 392.154298][T16345] do_filp_open+0x235/0x490 [ 392.158806][T16345] do_sys_openat2+0x13e/0x1d0 [ 392.163483][T16345] __x64_sys_openat+0x247/0x2a0 [ 392.168331][T16345] do_syscall_64+0xf3/0x230 [ 392.172844][T16345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.178840][T16345] page last free pid 4555 tgid 4555 stack trace: [ 392.185166][T16345] free_unref_page+0xd22/0xea0 [ 392.189947][T16345] __slab_free+0x31b/0x3d0 [ 392.194368][T16345] qlist_free_all+0x9e/0x140 [ 392.198964][T16345] kasan_quarantine_reduce+0x14f/0x170 [ 392.204428][T16345] __kasan_slab_alloc+0x23/0x80 [ 392.209296][T16345] kmem_cache_alloc_lru_noprof+0x139/0x2b0 [ 392.215113][T16345] shmem_alloc_inode+0x28/0x40 [ 392.219906][T16345] new_inode_pseudo+0x69/0x1e0 [ 392.224684][T16345] new_inode+0x22/0x1d0 [ 392.228852][T16345] shmem_get_inode+0x34a/0xd40 [ 392.233628][T16345] shmem_mknod+0x5f/0x1d0 [ 392.237967][T16345] path_openat+0x1425/0x3280 [ 392.242560][T16345] do_filp_open+0x235/0x490 [ 392.247059][T16345] do_sys_openat2+0x13e/0x1d0 [ 392.251738][T16345] __x64_sys_openat+0x247/0x2a0 [ 392.256585][T16345] do_syscall_64+0xf3/0x230 [ 392.261091][T16345] [ 392.263420][T16345] Memory state around the buggy address: [ 392.269044][T16345] ffff888025919c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 392.277169][T16345] ffff888025919c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 392.285258][T16345] >ffff888025919d00: 00 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc [ 392.293348][T16345] ^ [ 392.299504][T16345] ffff888025919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 392.307566][T16345] ffff888025919e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 392.315627][T16345] ================================================================== 2024/06/18 18:02:18 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 392.380412][T16345] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 392.387676][T16345] CPU: 1 PID: 16345 Comm: syz-executor.4 Not tainted 6.10.0-rc2-syzkaller-00249-gbe27b8965297 #0 [ 392.398218][T16345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 392.408328][T16345] Call Trace: [ 392.411656][T16345] [ 392.414615][T16345] dump_stack_lvl+0x241/0x360 [ 392.419330][T16345] ? __pfx_dump_stack_lvl+0x10/0x10 [ 392.424575][T16345] ? __pfx__printk+0x10/0x10 [ 392.429206][T16345] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 392.435241][T16345] ? vscnprintf+0x5d/0x90 [ 392.439627][T16345] panic+0x349/0x860 [ 392.443571][T16345] ? check_panic_on_warn+0x21/0xb0 [ 392.448781][T16345] ? __pfx_panic+0x10/0x10 [ 392.453240][T16345] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 392.459263][T16345] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 392.465646][T16345] check_panic_on_warn+0x86/0xb0 [ 392.470606][T16345] ? cfg80211_wext_freq+0x1f9/0x240 [ 392.475838][T16345] end_report+0x77/0x160 [ 392.480102][T16345] kasan_report+0x154/0x180 [ 392.484633][T16345] ? cfg80211_wext_freq+0x1f9/0x240 [ 392.489852][T16345] cfg80211_wext_freq+0x1f9/0x240 [ 392.494904][T16345] cfg80211_wext_siwscan+0x4fd/0x10d0 [ 392.500307][T16345] ioctl_standard_iw_point+0x788/0xcb0 [ 392.505782][T16345] ? do_raw_spin_unlock+0x13c/0x8b0 [ 392.511002][T16345] ? __pfx_cfg80211_wext_siwscan+0x10/0x10 [ 392.516824][T16345] ? __pfx_ioctl_standard_iw_point+0x10/0x10 [ 392.522824][T16345] ? __mutex_lock+0x527/0xd70 [ 392.527515][T16345] ? wext_ioctl_dispatch+0x106/0x640 [ 392.532823][T16345] ? __pfx___mutex_lock+0x10/0x10 [ 392.537859][T16345] ? full_name_hash+0x93/0xe0 [ 392.542543][T16345] ioctl_standard_call+0xc7/0x290 [ 392.547596][T16345] ? __pfx_cfg80211_wext_siwscan+0x10/0x10 [ 392.553417][T16345] ? __pfx_cfg80211_wext_siwscan+0x10/0x10 [ 392.559241][T16345] wext_ioctl_dispatch+0x58e/0x640 [ 392.564376][T16345] ? __pfx_ioctl_standard_call+0x10/0x10 [ 392.570019][T16345] ? __pfx_ioctl_private_call+0x10/0x10 [ 392.575566][T16345] ? __pfx_wext_ioctl_dispatch+0x10/0x10 [ 392.581217][T16345] ? __might_fault+0xc6/0x120 [ 392.586025][T16345] wext_handle_ioctl+0x15f/0x270 [ 392.590984][T16345] ? __pfx_wext_handle_ioctl+0x10/0x10 [ 392.596566][T16345] sock_ioctl+0x17f/0x8e0 [ 392.600915][T16345] ? __pfx_sock_ioctl+0x10/0x10 [ 392.605767][T16345] ? __fget_files+0x29/0x470 [ 392.610363][T16345] ? __fget_files+0x3f6/0x470 [ 392.615048][T16345] ? __fget_files+0x29/0x470 [ 392.619650][T16345] ? bpf_lsm_file_ioctl+0x9/0x10 [ 392.624599][T16345] ? security_file_ioctl+0x87/0xb0 [ 392.629712][T16345] ? __pfx_sock_ioctl+0x10/0x10 [ 392.634573][T16345] __se_sys_ioctl+0xfc/0x170 [ 392.639180][T16345] do_syscall_64+0xf3/0x230 [ 392.643694][T16345] ? clear_bhb_loop+0x35/0x90 [ 392.648382][T16345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.654295][T16345] RIP: 0033:0x7fb58e27cf29 [ 392.658710][T16345] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 392.678413][T16345] RSP: 002b:00007fb58f0170c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 392.686841][T16345] RAX: ffffffffffffffda RBX: 00007fb58e3b3f80 RCX: 00007fb58e27cf29 [ 392.694823][T16345] RDX: 0000000020000000 RSI: 0000000000008b18 RDI: 0000000000000007 [ 392.702801][T16345] RBP: 00007fb58e2ec074 R08: 0000000000000000 R09: 0000000000000000 [ 392.710774][T16345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 392.718846][T16345] R13: 000000000000000b R14: 00007fb58e3b3f80 R15: 00007fff52da92c8 [ 392.726852][T16345] [ 392.730168][T16345] Kernel Offset: disabled [ 392.734495][T16345] Rebooting in 86400 seconds..