last executing test programs:

2.889889887s ago: executing program 1 (id=1553):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x20000004)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2}})

2.889671241s ago: executing program 1 (id=1554):
unshare(0xa020480)
r0 = gettid()
r1 = syz_open_procfs$namespace(r0, &(0x7f0000000040)='ns/mnt\x00')
unshare(0x6020400)
close(r1)

2.807405255s ago: executing program 1 (id=1555):
syz_emit_ethernet(0x82, &(0x7f0000000a40)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd60ee527a004c3c0020010000000000000000000000000001ff0200000000000000000000000000017300000000001600"], 0x0)

2.80637185s ago: executing program 1 (id=1559):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x9, 0xffffffff, 0x4e, 0x567}, 0x13)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000003680)={0x24, 0x16, 0xa01, 0x0, 0x1, {0x2}, [@nested={0x10, 0x122, 0x0, 0x1, [@nested={0xc, 0x8, 0x0, 0x1, [@typed={0x8, 0xe3, 0x0, 0x0, @pid}]}]}]}, 0x24}}, 0x0)

2.728420276s ago: executing program 1 (id=1561):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000000000000000000000000000000000000ac1414aa00000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="02000000000000000c000000000000000000000000000000aacc0000000000000000000000000000ffffffffffffffff000000000000000000000000000000000000000000000000000a000000000000feffffffff7f40000200000000000008000006000000000001000000000000004400050000000000000000000000000000000000fffffffc3c00000002000000ac1414aa000000000000002d00000000060000000403"], 0xfc}}, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r2, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)

2.65798144s ago: executing program 1 (id=1564):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000380))
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x4008054)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000200000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01000000000000000000010000000900010073797a30000000000900030073797a310000000050000000060a010400000000000000000100000008000b4000000000280004802400319144530100636d700018000280040001400000000908000240000000050900010073797a3000000000140000001100010000000000000000000000000a"], 0xc4}, 0x1, 0x0, 0x0, 0x4}, 0x0)
write$nci(r0, &(0x7f0000000240)=ANY=[@ANYBLOB='p\x00\t'], 0xc)
write$nci(r0, &(0x7f0000000dc0)=ANY=[@ANYBLOB="4001090000000000f9b50004030004ab03"], 0x14)
socket$qrtr(0x2a, 0x2, 0x0)
r5 = socket(0xa, 0x4, 0x0)
write$nci(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="5001", @ANYRES8=r1], 0x14)
ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, 0x0)
read$nci(r0, &(0x7f00000003c0)=""/241, 0xf1)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x48044)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000000, 0x22051, 0xffffffffffffffff, 0x0)
socket$unix(0x1, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x1e, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000711819000000000095000000400000009937d4acfaa4c8b6a27989a562788ab150"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r6, &(0x7f0000000040)={0x28, 0x0, 0x2710, @my=0x0}, 0x10)
listen(r6, 0x0)
r7 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r7, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
r8 = accept(r6, 0x0, 0x0)
shutdown(r8, 0x1)
ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, &(0x7f0000000680)=0x8424000)
pselect6(0x40, &(0x7f00000002c0)={0x0, 0x0, 0x9, 0x0, 0x800, 0x5}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0x381, 0x0, 0x40000000000, 0x9e25, 0xfffffffffffffffd}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r5, 0x84, 0x7c, &(0x7f0000000000)={<r9=>0x0, 0x8}, &(0x7f0000000180)=0x8)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r5, 0x84, 0xf, &(0x7f0000000280)={r9, @in={{0x2, 0x4e24, @local}}, 0x33bc, 0x3, 0xb1, 0x6, 0xffffffff}, &(0x7f0000000340)=0x98)

318.27834ms ago: executing program 2 (id=1634):
r0 = socket$inet6(0xa, 0x3, 0x7)
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4014001}, 0x9590f6cc3ea35512)
setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000000)=0x2, 0x4)
sendmmsg$inet6(r0, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x002'], 0x28}}], 0x1, 0x0)
recvmmsg(r0, &(0x7f0000004900)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x0, 0x0)

317.990942ms ago: executing program 2 (id=1636):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000002a80)={0x114, 0x23, 0x1, 0x0, 0x25dfdbfc, "", [@nested={0x102, 0xf2, 0x0, 0x1, [@typed={0xf, 0x18, 0x0, 0x0, @str='}:.\x9c[\xc8\\#\'}\x00'}, @typed={0x14, 0x2, 0x0, 0x0, @ipv6=@private2}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817", @typed={0x4, 0xe9}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x48000}, 0x0)

260.104043ms ago: executing program 2 (id=1637):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001f80)=@newqdisc={0x58, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdf8, {0x0, 0x0, 0x0, r5, {0x10}, {}, {0xa, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x3f, 0x0, 0x0, 0x0, 0x97ab, 0x40}, {0x2, 0x0, 0x3, 0x57, 0x8, 0x3}, 0x1, 0x2, 0xa2d}}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x40098}, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r9, {0x0, 0xffe0}, {}, {0xffff}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x2}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x20000040)
r10 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r10, &(0x7f0000000200)="2478546ca4fa3b0bfe4ddf30cc5a", 0xe, 0x4000050, &(0x7f00000001c0)={0x11, 0xf7, r6, 0x1, 0xd8, 0x6, @multicast}, 0x14)

193.572373ms ago: executing program 2 (id=1642):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x7ffe}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x94, 0x2c, 0xd27, 0x170bd2b, 0x2, {0x0, 0x0, 0x0, r3, {0x0, 0x10}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1a29d}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x8, 0x0, 0x5, 0xb2, 0xa8}, 0x39}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0x884}, 0x2)
close(r1)
socket(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r4, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r4, &(0x7f0000000280)={&(0x7f0000000540)=@xdp={0x2c, 0x0, r3, 0x42}, 0x80, &(0x7f00000000c0)=[{&(0x7f00000002c0)="27030200dc0f14000e00203c002400004000ff8800000066c1532cc10200000003125ce882cbf490d90812533f00", 0x2e}], 0x1}, 0x4005)

120.100627ms ago: executing program 0 (id=1644):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0x3ffffffe}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @func={0x85, 0x0, 0x1, 0x0, 0x4}, @generic={0xc4, 0x8, 0x0, 0x0, 0x2000}, @initr0, @exit, @exit]}, &(0x7f00000001c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)

70.227446ms ago: executing program 0 (id=1645):
r0 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r1=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r1}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x2, 0x1000, 0xffffffffffffffff, 0x0, '\x00', r1}, 0x50)

69.974902ms ago: executing program 0 (id=1646):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$sock_SIOCETHTOOL(r0, 0x80811501, 0x0)

69.846678ms ago: executing program 0 (id=1647):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1e, 0x4, &(0x7f00000007c0)=ANY=[@ANYBLOB="18000000ffffff7f0000000000000000711805000000000095"], &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x24}, 0x94)

316.697µs ago: executing program 2 (id=1648):
unshare(0x8000400)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x18}}, 0x2, 0x1}}, 0x2e)
getsockopt(r2, 0x111, 0x6, 0x0, &(0x7f0000000080))

201.41µs ago: executing program 0 (id=1649):
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
writev(r1, &(0x7f0000002a80)=[{&(0x7f0000000a00)="1b", 0x1}], 0x1)
pipe(&(0x7f0000000300)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
splice(r2, 0x0, r0, 0x0, 0x2, 0x0)
splice(r0, 0x0, r3, 0x0, 0x80, 0x8)

90.846µs ago: executing program 2 (id=1650):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@newlink={0x58, 0x10, 0x401, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, 0x100, 0x66f31}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GENEVE_ID={0x8, 0x1, 0x1}, @IFLA_GENEVE_TTL_INHERIT={0x5, 0xc, 0x8}]}}}, @IFLA_IFNAME={0x14, 0x3, 'geneve1\x00'}]}, 0x58}}, 0x2000000)

0s ago: executing program 0 (id=1651):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a300000000068000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000212c0011800a0001006c696d69740000001c0002800c00024000000000000000030c00014000000000000001016c0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000400003803c000080080003400000000230000b802c0001800a0001006c696d69740000001c0002800c00024000000000000000000c00014000000000000000093801"], 0x4dc}, 0x1, 0x0, 0x0, 0x44000}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:15260' (ED25519) to the list of known hosts.
syzkaller login: [   56.349975][ T5790] cgroup: Unknown subsys name 'net'
[   56.451849][ T5790] cgroup: Unknown subsys name 'cpuset'
[   56.455493][ T5790] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   57.681714][ T5790] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   61.184575][   T56] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   61.188087][   T56] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   61.199296][   T56] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   61.203075][   T56] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   61.205584][   T56] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   61.267108][ T5197] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   61.278477][ T5197] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   61.281091][ T5812] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   61.284610][ T5812] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   61.288297][ T5812] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   61.292190][ T5812] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   61.295038][ T5812] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   61.298940][ T5819] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   61.306100][ T5197] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   61.317355][ T5819] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   61.447931][ T5809] chnl_net:caif_netlink_parms(): no params data found
[   61.580697][ T5809] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.583336][ T5809] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.585569][ T5809] bridge_slave_0: entered allmulticast mode
[   61.588417][ T5809] bridge_slave_0: entered promiscuous mode
[   61.600168][ T5809] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.602356][ T5809] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.604686][ T5809] bridge_slave_1: entered allmulticast mode
[   61.607234][ T5809] bridge_slave_1: entered promiscuous mode
[   61.615771][ T5813] chnl_net:caif_netlink_parms(): no params data found
[   61.642658][ T5809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   61.667736][ T5809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   61.714197][ T5809] team0: Port device team_slave_0 added
[   61.723511][ T5809] team0: Port device team_slave_1 added
[   61.753509][ T5816] chnl_net:caif_netlink_parms(): no params data found
[   61.758401][ T5813] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.762354][ T5813] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.765236][ T5813] bridge_slave_0: entered allmulticast mode
[   61.768851][ T5813] bridge_slave_0: entered promiscuous mode
[   61.786149][ T5813] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.788957][ T5813] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.792878][ T5813] bridge_slave_1: entered allmulticast mode
[   61.796520][ T5813] bridge_slave_1: entered promiscuous mode
[   61.800697][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_0
[   61.802817][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   61.810643][ T5809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   61.827882][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_1
[   61.830324][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   61.838489][ T5809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   61.875194][ T5813] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   61.893064][ T5813] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   61.900292][ T5809] hsr_slave_0: entered promiscuous mode
[   61.902749][ T5809] hsr_slave_1: entered promiscuous mode
[   61.952351][ T5816] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.954579][ T5816] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.956785][ T5816] bridge_slave_0: entered allmulticast mode
[   61.960120][ T5816] bridge_slave_0: entered promiscuous mode
[   61.965051][ T5816] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.967961][ T5816] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.971240][ T5816] bridge_slave_1: entered allmulticast mode
[   61.974913][ T5816] bridge_slave_1: entered promiscuous mode
[   61.978750][ T5813] team0: Port device team_slave_0 added
[   62.005549][ T5813] team0: Port device team_slave_1 added
[   62.022792][ T5816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   62.038935][ T5816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   62.049030][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_0
[   62.052023][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   62.060228][ T5813] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   62.075988][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_1
[   62.078147][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   62.086084][ T5813] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   62.126968][ T5816] team0: Port device team_slave_0 added
[   62.132273][ T5813] hsr_slave_0: entered promiscuous mode
[   62.135014][ T5813] hsr_slave_1: entered promiscuous mode
[   62.137460][ T5813] debugfs: 'hsr0' already exists in 'hsr'
[   62.139982][ T5813] Cannot create hsr debugfs directory
[   62.148990][ T5816] team0: Port device team_slave_1 added
[   62.199611][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_0
[   62.202301][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   62.212752][ T5816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   62.226863][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_1
[   62.230616][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   62.240759][ T5816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   62.313333][ T5816] hsr_slave_0: entered promiscuous mode
[   62.316108][ T5816] hsr_slave_1: entered promiscuous mode
[   62.318776][ T5816] debugfs: 'hsr0' already exists in 'hsr'
[   62.321411][ T5816] Cannot create hsr debugfs directory
[   62.396354][ T5809] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   62.405252][ T5809] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   62.421022][ T5809] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   62.427251][ T5809] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   62.490763][ T5813] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   62.495379][ T5813] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   62.509714][ T5813] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   62.515320][ T5813] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   62.591955][ T5816] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   62.603321][ T5816] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   62.613271][ T5816] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   62.618621][ T5816] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   62.636939][ T5809] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.673307][ T5809] 8021q: adding VLAN 0 to HW filter on device team0
[   62.689072][ T4195] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.691740][ T4195] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.705053][ T1180] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.707179][ T1180] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.728790][ T5813] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.751142][ T5813] 8021q: adding VLAN 0 to HW filter on device team0
[   62.754505][ T5816] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.763070][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.765303][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.780106][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.782214][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.795660][ T5816] 8021q: adding VLAN 0 to HW filter on device team0
[   62.817386][ T4195] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.820007][ T4195] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.834747][ T4195] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.836829][ T4195] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.927440][ T5809] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.967163][ T5809] veth0_vlan: entered promiscuous mode
[   62.973496][ T5809] veth1_vlan: entered promiscuous mode
[   62.988214][ T5809] veth0_macvtap: entered promiscuous mode
[   62.994286][ T5809] veth1_macvtap: entered promiscuous mode
[   63.005636][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.013704][ T5816] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.017445][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.027943][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.033373][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.040907][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.047735][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.067044][ T5813] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.114426][ T5816] veth0_vlan: entered promiscuous mode
[   63.127358][ T5816] veth1_vlan: entered promiscuous mode
[   63.138605][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.148859][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.172220][ T5813] veth0_vlan: entered promiscuous mode
[   63.182472][   T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.185918][   T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.186008][ T5816] veth0_macvtap: entered promiscuous mode
[   63.197002][ T5813] veth1_vlan: entered promiscuous mode
[   63.202937][ T5816] veth1_macvtap: entered promiscuous mode
[   63.219303][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.228818][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.239768][ T5819] Bluetooth: hci0: command tx timeout
[   63.246911][ T5809] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   63.255930][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.269072][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.273266][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.295158][ T5813] veth0_macvtap: entered promiscuous mode
[   63.298398][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.319876][ T5813] veth1_macvtap: entered promiscuous mode
[   63.365921][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.368856][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.369830][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.391915][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.400015][ T5819] Bluetooth: hci2: command tx timeout
[   63.401615][ T5817] Bluetooth: hci1: command tx timeout
[   63.420320][ T5655] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.431506][ T5655] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.434953][ T5655] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.439505][ T1180] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.443781][ T1180] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.446960][ T5655] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.546176][ T1180] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.549561][ T1180] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.581853][   T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.584321][   T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.194881][ T5928] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.27'.
[   64.614424][ T5945] Zero length message leads to an empty skb
[   65.046086][ T5970] netlink: 'syz.0.47': attribute type 13 has an invalid length.
[   65.052076][ T5970] netlink: 'syz.0.47': attribute type 17 has an invalid length.
[   65.105734][ T5970] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   65.200759][ T5972] netlink: 'syz.0.48': attribute type 1 has an invalid length.
[   65.212456][ T5972] vlan2: entered allmulticast mode
[   65.214715][ T5972] veth1_virt_wifi: entered allmulticast mode
[   65.285168][ T5976] syz_tun: entered allmulticast mode
[   65.288652][ T5975] syz_tun: left allmulticast mode
[   65.321293][ T5817] Bluetooth: hci0: command tx timeout
[   65.378810][ T5982] Bluetooth: MGMT ver 1.23
[   65.479627][ T5819] Bluetooth: hci1: command tx timeout
[   65.479635][ T5817] Bluetooth: hci2: command tx timeout
[   65.492812][ T5988] warning: `syz.0.56' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   65.550143][ T5992] netlink: 244 bytes leftover after parsing attributes in process `syz.2.57'.
[   65.843947][ T6023] syz.0.71 uses obsolete (PF_INET,SOCK_PACKET)
[   65.869731][ T6025] netlink: 11 bytes leftover after parsing attributes in process `syz.1.72'.
[   65.877168][ T6025] netlink: 28 bytes leftover after parsing attributes in process `syz.1.72'.
[   65.978229][ T6037] netlink: 24 bytes leftover after parsing attributes in process `syz.1.78'.
[   66.239772][ T6053] netlink: 11 bytes leftover after parsing attributes in process `syz.1.84'.
[   66.251287][ T6048] ip6erspan0: entered allmulticast mode
[   66.514157][ T6068] netlink: 'syz.0.90': attribute type 13 has an invalid length.
[   66.523893][ T6068] netlink: 'syz.0.90': attribute type 17 has an invalid length.
[   66.543707][ T6068] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   66.570204][ T6070] netlink: 12 bytes leftover after parsing attributes in process `syz.1.92'.
[   66.731478][ T6083] netlink: 'syz.0.98': attribute type 1 has an invalid length.
[   66.734527][ T6083] netlink: 224 bytes leftover after parsing attributes in process `syz.0.98'.
[   67.399316][ T5817] Bluetooth: hci0: command tx timeout
[   67.559335][ T5817] Bluetooth: hci1: command tx timeout
[   67.559558][ T5819] Bluetooth: hci2: command tx timeout
[   68.136452][ T6125] netlink: 'syz.2.116': attribute type 2 has an invalid length.
[   68.751859][ T6139] netlink: 12 bytes leftover after parsing attributes in process `syz.0.121'.
[   69.117943][ T6173] netlink: 'syz.1.134': attribute type 1 has an invalid length.
[   69.137902][ T6173] bond2: entered promiscuous mode
[   69.140750][ T6173] 8021q: adding VLAN 0 to HW filter on device bond2
[   69.212872][ T6173] 8021q: adding VLAN 0 to HW filter on device bond3
[   69.216000][ T6173] bond2: (slave bond3): making interface the new active one
[   69.223595][ T6173] bond3: entered promiscuous mode
[   69.232111][ T6173] bond2: (slave bond3): Enslaving as an active interface with an up link
[   69.479399][ T5819] Bluetooth: hci0: command tx timeout
[   69.567322][ T6210] netlink: 'syz.0.146': attribute type 3 has an invalid length.
[   69.644811][ T5819] Bluetooth: hci1: command tx timeout
[   69.652252][ T5819] Bluetooth: hci2: command tx timeout
[   70.011335][ T6239] syzkaller0: entered promiscuous mode
[   70.013737][ T6239] syzkaller0: entered allmulticast mode
[   70.042628][ T6241] Driver unsupported XDP return value 0 on prog  (id 26) dev N/A, expect packet loss!
[   70.088511][ T6243] netlink: 40 bytes leftover after parsing attributes in process `syz.1.161'.
[   70.147764][ T6247] netlink: 4 bytes leftover after parsing attributes in process `syz.0.163'.
[   70.255407][ T6253] sock: sock_set_timeout: `syz.1.166' (pid 6253) tries to set negative timeout
[   70.318157][ T6258] bond4: option miimon: invalid value (18446744073709551607)
[   70.322693][ T6258] bond4: option miimon: allowed values 0 - 2147483647
[   70.330000][ T6258] bond4 (unregistering): Released all slaves
[   70.400172][ T6265] syzkaller1: entered promiscuous mode
[   70.403107][ T6265] syzkaller1: entered allmulticast mode
[   70.410013][ T6265] netlink: 16 bytes leftover after parsing attributes in process `syz.0.171'.
[   70.992841][ T6305] netlink: 12 bytes leftover after parsing attributes in process `syz.0.189'.
[   71.254585][ T6332] tipc: Started in network mode
[   71.256212][ T6332] tipc: Node identity 062373ce57a4, cluster identity 4711
[   71.258725][ T6332] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   71.293914][ T6332] syzkaller0: entered promiscuous mode
[   71.295866][ T6332] syzkaller0: entered allmulticast mode
[   71.298766][ T6332] tipc: Resetting bearer <eth:syzkaller0>
[   71.310315][ T6331] tipc: Resetting bearer <eth:syzkaller0>
[   71.722189][ T5819] Bluetooth: hci2: command tx timeout
[   71.917070][ T6331] tipc: Disabling bearer <eth:syzkaller0>
[   72.331772][ T6370] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.216'.
[   72.484421][ T6379] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.220'.
[   72.608071][ T6387] netlink: 8 bytes leftover after parsing attributes in process `syz.2.225'.
[   72.612531][ T6387] netlink: 261 bytes leftover after parsing attributes in process `syz.2.225'.
[   72.862600][ T6407] netlink: 8 bytes leftover after parsing attributes in process `syz.0.232'.
[   73.004664][ T6420] netlink: 76 bytes leftover after parsing attributes in process `syz.0.238'.
[   73.008860][ T6420] syzkaller0: entered promiscuous mode
[   73.010813][ T6420] syzkaller0: entered allmulticast mode
[   73.014497][ T6420] tc action pedit 'at' offset 8666 out of bounds
[   73.016680][ T6420] tc action pedit 'at' offset 8666 out of bounds
[   73.018835][ T6420] tc action pedit 'at' offset 8666 out of bounds
[   73.020905][ T6420] tc action pedit 'at' offset 8666 out of bounds
[   73.022850][ T6420] tc action pedit 'at' offset 8666 out of bounds
[   73.024786][ T6420] tc action pedit 'at' offset 8666 out of bounds
[   73.026754][ T6420] tc action pedit 'at' offset 8666 out of bounds
[   73.028671][ T6420] tc action pedit 'at' offset 8666 out of bounds
[   73.030962][ T6420] tc action pedit 'at' offset 8666 out of bounds
[   73.032934][ T6420] tc action pedit 'at' offset 8666 out of bounds
[   73.034975][ T6420] TC_ACT_REPEAT abuse ?
[   75.671219][ T6395] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   75.674448][ T6460] netlink: 'syz.0.258': attribute type 1 has an invalid length.
[   75.961864][ T6477] syzkaller0: entered promiscuous mode
[   75.964127][ T6477] syzkaller0: entered allmulticast mode
[   75.969048][ T6476] syzkaller0: entered promiscuous mode
[   75.974645][ T6476] syzkaller0: entered allmulticast mode
[   77.003876][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   77.007047][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[   77.747381][ T6501] bond1: option lacp_rate: mode dependency failed, not supported in mode active-backup(1)
[   77.754446][ T6501] bond1 (unregistering): Released all slaves
[   77.800551][ T6507] __nla_validate_parse: 2 callbacks suppressed
[   77.800561][ T6507] netlink: 204 bytes leftover after parsing attributes in process `syz.1.277'.
[   77.903691][ T6515] netlink: 36 bytes leftover after parsing attributes in process `syz.1.281'.
[   77.945038][ T6516] syzkaller0: entered promiscuous mode
[   77.946826][ T6516] syzkaller0: entered allmulticast mode
[   77.952655][ T6518] IPVS: Error connecting to the multicast addr
[   78.147655][ T6538] netlink: 'syz.2.292': attribute type 1 has an invalid length.
[   78.173875][ T6538] 8021q: adding VLAN 0 to HW filter on device bond1
[   78.195706][ T6538] bond1: (slave gretap1): making interface the new active one
[   78.198936][ T6538] bond1: (slave gretap1): Enslaving as an active interface with an up link
[   78.215540][ T6538] netlink: 4 bytes leftover after parsing attributes in process `syz.2.292'.
[   78.242286][ T6538] bond1 (unregistering): (slave gretap1): Releasing active interface
[   78.249916][ T6538] bond1 (unregistering): Released all slaves
[   78.333350][ T6554] netlink: 'syz.0.299': attribute type 6 has an invalid length.
[   78.336534][ T6554] netlink: 14585 bytes leftover after parsing attributes in process `syz.0.299'.
[   78.417128][ T6562] netlink: 8 bytes leftover after parsing attributes in process `syz.0.303'.
[   78.452590][ T6566] syzkaller1: entered promiscuous mode
[   78.454745][ T6566] syzkaller1: entered allmulticast mode
[   78.487656][ T6570] netlink: 24 bytes leftover after parsing attributes in process `syz.1.307'.
[   78.989611][ T6616] netlink: 4 bytes leftover after parsing attributes in process `syz.0.329'.
[   78.992996][ T6616] netlink: 4 bytes leftover after parsing attributes in process `syz.0.329'.
[   78.996644][ T6616] netlink: 4 bytes leftover after parsing attributes in process `syz.0.329'.
[   79.001257][ T6616] netlink: 4 bytes leftover after parsing attributes in process `syz.0.329'.
[   79.398530][ T6658] netlink: 'syz.2.350': attribute type 7 has an invalid length.
[   79.474622][ T6662] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.539874][ T6662] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.595768][ T6662] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.645325][ T6662] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.702461][ T5840] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   79.715054][ T5840] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   79.727202][ T5840] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   79.748744][ T5840] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   79.865204][ T6681] syzkaller0: entered promiscuous mode
[   79.867458][ T6681] syzkaller0: entered allmulticast mode
[   80.140732][ T6701] syzkaller0: entered promiscuous mode
[   80.143271][ T6701] syzkaller0: entered allmulticast mode
[   80.330448][ T6707] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   80.340351][ T6707] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   80.364831][ T6707] bond0 (unregistering): Released all slaves
[   80.830947][ T6758] raw_sendmsg: syz.2.394 forgot to set AF_INET. Fix it!
[   81.071992][ T6782] netlink: 'syz.2.406': attribute type 12 has an invalid length.
[   81.376806][ T6814] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   81.482969][ T6825] No such timeout policy "syz1"
[   81.662818][ T6844] af_packet: tpacket_rcv: packet too big, clamped from 28 to 4294967272. macoff=96
[   82.214067][ T6905] xt_bpf: check failed: parse error
[   82.585757][ T6936] netlink: 'syz.1.479': attribute type 16 has an invalid length.
[   82.605663][ T6938] netlink: 'syz.0.480': attribute type 1 has an invalid length.
[   82.608585][ T6938] netlink: 'syz.0.480': attribute type 1 has an invalid length.
[   82.637987][ T6940] syzkaller1: tun_chr_ioctl cmd 1074025677
[   82.644327][ T6940] syzkaller1: linktype set to 769
[   83.062989][ T6959] bond1: entered promiscuous mode
[   83.065332][ T6959] 8021q: adding VLAN 0 to HW filter on device bond1
[   83.068386][ T6959] bridge0: port 3(bond1) entered blocking state
[   83.071093][ T6959] bridge0: port 3(bond1) entered disabled state
[   83.073720][ T6959] bond1: entered allmulticast mode
[   83.076990][ T6959] bridge0: port 3(bond1) entered blocking state
[   83.079813][ T6959] bridge0: port 3(bond1) entered forwarding state
[   83.559628][   T31] bridge0: port 3(bond1) entered disabled state
[   84.042083][ T6976] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   84.288702][ T7014] __nla_validate_parse: 24 callbacks suppressed
[   84.288716][ T7014] netlink: 4 bytes leftover after parsing attributes in process `syz.0.512'.
[   84.399385][ T7018] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate.
[   84.545611][ T7024] netlink: 296 bytes leftover after parsing attributes in process `syz.0.516'.
[   84.801067][ T7046] netlink: 12 bytes leftover after parsing attributes in process `syz.1.528'.
[   84.887710][ T7047] netlink: 8 bytes leftover after parsing attributes in process `syz.0.526'.
[   84.947893][ T7055] sctp: [Deprecated]: syz.2.532 (pid 7055) Use of struct sctp_assoc_value in delayed_ack socket option.
[   84.947893][ T7055] Use struct sctp_sack_info instead
[   84.954796][ T7055] sctp: [Deprecated]: syz.2.532 (pid 7055) Use of struct sctp_assoc_value in delayed_ack socket option.
[   84.954796][ T7055] Use struct sctp_sack_info instead
[   85.056373][  T784] IPVS: starting estimator thread 0...
[   85.149358][ T7066] IPVS: using max 50 ests per chain, 120000 per kthread
[   85.614860][ T7113] xt_time: invalid argument - start or stop time greater than 23:59:59
[   85.946535][ T7143] netlink: 'syz.2.572': attribute type 8 has an invalid length.
[   85.949360][ T7143] netlink: 4 bytes leftover after parsing attributes in process `syz.2.572'.
[   85.955670][ T7143] bond0: entered promiscuous mode
[   85.957750][ T7143] bond_slave_0: entered promiscuous mode
[   85.963759][ T7143] bond_slave_1: entered promiscuous mode
[   85.971135][ T7143] gretap0: entered promiscuous mode
[   85.977530][ T7143] team0: entered promiscuous mode
[   85.982402][ T7143] team_slave_0: entered promiscuous mode
[   85.995765][ T7143] team_slave_1: entered promiscuous mode
[   86.007054][ T7143] hsr1: entered promiscuous mode
[   86.513111][ T7179] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.516187][ T7179] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.616156][ T7179] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   86.624309][ T7179] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   86.709436][ T5840] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[   86.718227][ T5840] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[   86.724158][ T5840] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[   86.727388][ T5840] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[   86.989540][ T7205] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input4
[   87.129564][  T784] IPVS: starting estimator thread 0...
[   87.131610][ T7215] netlink: 'syz.1.605': attribute type 29 has an invalid length.
[   87.135099][ T7215] netlink: 8 bytes leftover after parsing attributes in process `syz.1.605'.
[   87.138429][ T7215] netlink: 'syz.1.605': attribute type 29 has an invalid length.
[   87.143887][ T7215] netlink: 8 bytes leftover after parsing attributes in process `syz.1.605'.
[   87.152932][ T7215] netlink: 'syz.1.605': attribute type 29 has an invalid length.
[   87.155848][ T7215] netlink: 8 bytes leftover after parsing attributes in process `syz.1.605'.
[   87.159981][ T7215] netlink: 'syz.1.605': attribute type 29 has an invalid length.
[   87.163083][ T7215] netlink: 8 bytes leftover after parsing attributes in process `syz.1.605'.
[   87.166626][ T7215] netlink: 'syz.1.605': attribute type 29 has an invalid length.
[   87.170581][ T7215] netlink: 8 bytes leftover after parsing attributes in process `syz.1.605'.
[   87.173454][ T7215] netlink: 'syz.1.605': attribute type 29 has an invalid length.
[   87.176048][ T7215] netlink: 'syz.1.605': attribute type 29 has an invalid length.
[   87.178706][ T7215] netlink: 'syz.1.605': attribute type 29 has an invalid length.
[   87.181786][ T7215] netlink: 'syz.1.605': attribute type 29 has an invalid length.
[   87.185088][ T7215] netlink: 'syz.1.605': attribute type 29 has an invalid length.
[   87.194594][ T7215] hsr0: entered promiscuous mode
[   87.220040][ T7216] IPVS: using max 47 ests per chain, 112800 per kthread
[   87.250257][   T24] cfg80211: failed to load regulatory.db
[   89.748745][ T7327] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input5
[   90.257011][ T7359] macvtap1: entered promiscuous mode
[   90.259486][ T7359] syz_tun: entered promiscuous mode
[   90.264343][ T7359] syz_tun: left promiscuous mode
[   90.699818][ T7372] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   90.839437][ T5817] Bluetooth: hci2: command 0x0405 tx timeout
[   90.991214][ T7407] A link change request failed with some changes committed already. Interface veth0 may have been left with an inconsistent configuration, please check.
[   91.235823][ T7435] sctp: [Deprecated]: syz.1.701 (pid 7435) Use of int in max_burst socket option.
[   91.235823][ T7435] Use struct sctp_assoc_value instead
[   91.300797][ T7444] __nla_validate_parse: 19 callbacks suppressed
[   91.300808][ T7444] netlink: 64 bytes leftover after parsing attributes in process `syz.1.705'.
[   91.833535][ T7492] dummy0: entered promiscuous mode
[   91.836144][ T7492] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   91.957455][ T7504] SET target dimension over the limit!
[   92.055058][ T7520] netlink: 8 bytes leftover after parsing attributes in process `syz.2.744'.
[   92.058122][ T7520] unsupported nla_type 216
[   92.065957][ T7520] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.744'.
[   92.076422][ T7520] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[   92.105844][  T784] IPVS: starting estimator thread 0...
[   92.203444][ T7524] IPVS: using max 84 ests per chain, 201600 per kthread
[   92.227041][ T7537] syzkaller0: entered promiscuous mode
[   92.239542][ T7537] syzkaller0: entered allmulticast mode
[   92.326558][ T7549] netlink: 12 bytes leftover after parsing attributes in process `syz.1.758'.
[   92.385070][ T7549] bond4: entered promiscuous mode
[   92.387148][ T7549] 8021q: adding VLAN 0 to HW filter on device bond4
[   92.398819][ T7553] bridge3: entered promiscuous mode
[   92.401681][ T7553] bond4: (slave bridge3): Enslaving as an active interface with an up link
[   92.418795][ T7549] netlink: 4 bytes leftover after parsing attributes in process `syz.1.758'.
[   92.453664][ T7549] bond4 (unregistering): (slave bridge3): Releasing backup interface
[   92.470720][ T7549] bridge3: left promiscuous mode
[   92.477509][ T7549] bond4 (unregistering): Released all slaves
[   92.852465][ T7600] xt_hashlimit: size too large, truncated to 1048576
[   92.904051][ T7606] xt_hashlimit: size too large, truncated to 1048576
[   92.927016][ T7606] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[   93.019406][ T7614] netlink: 8 bytes leftover after parsing attributes in process `syz.2.789'.
[   93.205029][ T7636] netlink: 8 bytes leftover after parsing attributes in process `syz.1.799'.
[   94.037117][ T7688] tipc: Started in network mode
[   94.040634][ T7688] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[   94.045014][ T7688] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[   94.076979][ T7688] tipc: Enabled bearer <udp:syz0>, priority 10
[   94.251595][ T7706] netlink: 8 bytes leftover after parsing attributes in process `syz.0.831'.
[   94.310317][ T7713] netlink: 12 bytes leftover after parsing attributes in process `syz.1.834'.
[   94.328987][ T7713] netlink: 36 bytes leftover after parsing attributes in process `syz.1.834'.
[   94.344944][ T7713] vlan2: entered promiscuous mode
[   94.347148][ T7713] gretap0: entered promiscuous mode
[   94.350048][ T7713] vlan2: entered allmulticast mode
[   94.357892][ T7713] gretap0: entered allmulticast mode
[   94.865070][ T7750] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check.
[   94.951188][ T7757] block nbd0: not configured, cannot reconfigure
[   95.190945][ T5274] tipc: Node number set to 1
[   95.436369][ T7790] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1500) !
[   95.450342][ T7790] syzkaller0: entered promiscuous mode
[   95.454279][ T7790] syzkaller0: entered allmulticast mode
[   95.890589][ T7823] syzkaller0: entered promiscuous mode
[   95.892567][ T7823] syzkaller0: entered allmulticast mode
[   95.896820][ T7823] sch_tbf: burst 185 is lower than device syzkaller0 mtu (1500) !
[   96.433091][ T5813] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[   96.450428][ T5813] CPU: 1 UID: 0 PID: 5813 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   96.450448][ T5813] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   96.450454][ T5813] Call Trace:
[   96.450459][ T5813]  <TASK>
[   96.450464][ T5813]  dump_stack_lvl+0xe8/0x150
[   96.450486][ T5813]  dump_header+0xd3/0x4c0
[   96.450502][ T5813]  oom_kill_process+0x3ab/0x970
[   96.450520][ T5813]  out_of_memory+0x106c/0x1410
[   96.450532][ T5813]  ? percpu_ref_put+0x19/0x180
[   96.450549][ T5813]  ? __pfx___mutex_lock+0x10/0x10
[   96.450571][ T5813]  ? __pfx_out_of_memory+0x10/0x10
[   96.450582][ T5813]  ? do_raw_spin_unlock+0x4d/0x210
[   96.450601][ T5813]  try_charge_memcg+0xc53/0x1560
[   96.450627][ T5813]  ? __pfx_try_charge_memcg+0x10/0x10
[   96.450649][ T5813]  ? mem_cgroup_swapin_charge_folio+0x36/0x4d0
[   96.450666][ T5813]  ? mem_cgroup_swapin_charge_folio+0x36/0x4d0
[   96.450683][ T5813]  mem_cgroup_swapin_charge_folio+0x2e3/0x4d0
[   96.450699][ T5813]  __swap_cache_prepare_and_add+0xe8/0x760
[   96.450721][ T5813]  ? page_rmappable_folio+0x9a/0x170
[   96.450742][ T5813]  swap_cache_alloc_folio+0xf1/0x240
[   96.450763][ T5813]  swap_cluster_readahead+0x369/0x690
[   96.450778][ T5813]  ? __pfx_swap_cluster_readahead+0x10/0x10
[   96.450798][ T5813]  ? get_vma_policy+0x27b/0x3c0
[   96.450815][ T5813]  swapin_readahead+0x196/0xc50
[   96.450826][ T5813]  ? filemap_map_pages+0x1e6/0x2130
[   96.450847][ T5813]  ? __pfx_swapin_readahead+0x10/0x10
[   96.450859][ T5813]  ? swap_table_get+0x1e/0x260
[   96.450875][ T5813]  ? swap_table_get+0x1e/0x260
[   96.450890][ T5813]  ? swap_table_get+0x1e/0x260
[   96.450907][ T5813]  ? swap_table_get+0x216/0x260
[   96.450925][ T5813]  ? swap_cache_get_folio+0x513/0x520
[   96.450946][ T5813]  do_swap_page+0x56f/0x5a20
[   96.450977][ T5813]  ? do_swap_page+0x127/0x5a20
[   96.450993][ T5813]  ? __pfx_do_swap_page+0x10/0x10
[   96.451008][ T5813]  ? __pte_offset_map+0x1ae/0x240
[   96.451022][ T5813]  ? pte_offset_map_rw_nolock+0xea/0x160
[   96.451035][ T5813]  handle_mm_fault+0x12d2/0x3310
[   96.451062][ T5813]  ? handle_mm_fault+0xee/0x3310
[   96.451085][ T5813]  ? __pfx_handle_mm_fault+0x10/0x10
[   96.451101][ T5813]  ? lock_vma_under_rcu+0x45a/0x500
[   96.451131][ T5813]  do_user_addr_fault+0xa73/0x1340
[   96.451162][ T5813]  ? rcu_is_watching+0x15/0xb0
[   96.451179][ T5813]  ? trace_page_fault_user+0x84/0x210
[   96.451196][ T5813]  exc_page_fault+0x6a/0xc0
[   96.451213][ T5813]  asm_exc_page_fault+0x26/0x30
[   96.451225][ T5813] RIP: 0033:0x7fe51266adf7
[   96.451267][ T5813] Code: 00 00 48 b8 db 34 b6 d7 82 de 1b 43 48 f7 a4 24 98 00 00 00 48 8b 05 c0 a9 ed 00 48 69 8c 24 90 00 00 00 e8 03 00 00 8b 78 08 <48> 8b 44 24 18 48 c1 ea 12 4c 8b 0d b9 a8 ed 00 48 01 d1 39 7c 24
[   96.451278][ T5813] RSP: 002b:00007fffce7353e0 EFLAGS: 00010206
[   96.451290][ T5813] RAX: 0000001b2fa24000 RBX: 000000000000028a RCX: 0000000000017700
[   96.451298][ T5813] RDX: 000000000345fa6a RSI: 00007fffce735470 RDI: 0000000000000007
[   96.451304][ T5813] RBP: 00007fffce73541c R08: 7fffffffffffffff R09: 3fffffffffffffff
[   96.451312][ T5813] R10: 4000000000000000 R11: 0000000000000246 R12: 0000000000001388
[   96.451319][ T5813] R13: 00000000000927c0 R14: 000000000001765e R15: 00007fffce735470
[   96.451339][ T5813]  </TASK>
[   96.451343][ T5813] memory: usage 305900kB, limit 307200kB, failcnt 2114
[   96.578098][ T5813] memory+swap: usage 286052kB, limit 9007199254740988kB, failcnt 0
[   96.623275][ T7853] pim6reg: entered allmulticast mode
[   96.624836][ T5813] kmem: usage 282872kB, limit 9007199254740988kB, failcnt 0
[   96.628286][ T5813] Memory cgroup stats for /syz0:
[   96.628432][ T5813] cache 4096
[   96.633321][ T5813] rss 24576
[   96.634434][ T5813] rss_huge 0
[   96.635467][ T5813] shmem 0
[   96.636400][ T5813] mapped_file 0
[   96.637723][ T5813] dirty 0
[   96.638687][ T5813] writeback 0
[   96.640339][ T5813] workingset_refault_anon 6
[   96.641737][ T5813] workingset_refault_file 110
[   96.643108][ T5813] swap 176128
[   96.644139][ T5813] swapcached 249856
[   96.645981][ T5813] pgpgin 28298
[   96.647078][ T5813] pgpgout 28288
[   96.648191][ T5813] pgfault 57890
[   96.649895][ T5813] pgmajfault 8
[   96.652210][ T7853] pim6reg: left allmulticast mode
[   96.654693][ T5813] inactive_anon 0
[   96.655912][ T5813] active_anon 36864
[   96.657107][ T5813] inactive_file 0
[   96.658223][ T5813] active_file 4096
[   96.659892][ T5813] unevictable 0
[   96.661232][ T5813] hierarchical_memory_limit 314572800
[   96.663194][ T5813] hierarchical_memsw_limit 9223372036854771712
[   96.665456][ T5813] total_cache 4096
[   96.666799][ T5813] total_rss 24576
[   96.668013][ T5813] total_rss_huge 0
[   96.669751][ T7852] syzkaller0: entered promiscuous mode
[   96.671565][ T7852] syzkaller0: entered allmulticast mode
[   96.677954][ T5813] total_shmem 0
[   96.679415][ T5813] total_mapped_file 0
[   96.680661][ T5813] total_dirty 0
[   96.681832][ T5813] total_writeback 0
[   96.683081][ T5813] total_workingset_refault_anon 6
[   96.684577][ T5813] total_workingset_refault_file 110
[   96.686639][ T5813] total_swap 176128
[   96.688050][ T5813] total_swapcached 249856
[   96.726088][ T5813] total_pgpgin 28298
[   96.729529][ T5813] total_pgpgout 28288
[   96.730806][ T5813] total_pgfault 57890
[   96.732221][ T5813] total_pgmajfault 8
[   96.733721][ T5813] total_inactive_anon 0
[   96.745689][ T5813] total_active_anon 36864
[   96.747013][ T5813] total_inactive_file 0
[   96.748257][ T5813] total_active_file 4096
[   96.759950][ T5813] total_unevictable 0
[   96.761282][ T5813] anon_cost 0
[   96.762336][ T5813] file_cost 0
[   96.763427][ T5813] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.883,pid=7818,uid=0
[   96.779985][ T5813] Memory cgroup out of memory: Killed process 7818 (syz.0.883) total-vm:104472kB, anon-rss:1264kB, file-rss:22812kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000
[   97.032983][ T7869] syzkaller0: entered promiscuous mode
[   97.034643][ T7869] syzkaller0: entered allmulticast mode
[   97.284395][ T7891] __nla_validate_parse: 3 callbacks suppressed
[   97.284405][ T7891] netlink: 12 bytes leftover after parsing attributes in process `syz.1.912'.
[   97.291846][   T34] audit: type=1800 audit(1778486664.580:2): pid=7885 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.909" name="memory.events" dev="tmpfs" ino=1377 res=0 errno=0
[   97.292396][ T7891] validate_nla: 14 callbacks suppressed
[   97.292403][ T7891] netlink: 'syz.1.912': attribute type 2 has an invalid length.
[   97.317570][ T7891] netlink: 16 bytes leftover after parsing attributes in process `syz.1.912'.
[   97.434555][ T7906] netlink: 560 bytes leftover after parsing attributes in process `syz.2.919'.
[   97.452895][ T7907] netlink: 20 bytes leftover after parsing attributes in process `syz.1.918'.
[   97.461135][ T7903] netlink: 'syz.0.917': attribute type 1 has an invalid length.
[   97.463617][ T7903] netlink: 'syz.0.917': attribute type 1 has an invalid length.
[   97.466060][ T7903] netlink: 84 bytes leftover after parsing attributes in process `syz.0.917'.
[   97.734582][ T7928] ipip0: entered promiscuous mode
[   98.301642][ T7978] batadv_slave_1: entered promiscuous mode
[   98.304349][ T7977] batadv_slave_1: left promiscuous mode
[   98.545911][ T7992] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   98.561769][ T7992] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   98.615102][ T8000] netlink: 12 bytes leftover after parsing attributes in process `syz.2.962'.
[   99.282788][ T8032] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[   99.286789][ T8032] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  100.038258][ T8078] netlink: 24 bytes leftover after parsing attributes in process `syz.0.995'.
[  100.066517][ T8078] netlink: 20 bytes leftover after parsing attributes in process `syz.0.995'.
[  100.137899][ T8084] IPv6: NLM_F_CREATE should be specified when creating new route
[  100.140778][ T8084] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  100.143348][ T8084] IPv6: NLM_F_CREATE should be set when creating new route
[  100.145625][ T8084] IPv6: NLM_F_CREATE should be set when creating new route
[  100.147859][ T8084] IPv6: NLM_F_CREATE should be set when creating new route
[  100.161235][ T8084] netlink: 'syz.0.1000': attribute type 10 has an invalid length.
[  100.182607][ T8084] team0: Port device dummy0 added
[  100.184830][ T8084] netlink: 'syz.0.1000': attribute type 10 has an invalid length.
[  100.200998][ T8084] team0: Port device dummy0 removed
[  100.838037][ T8131] openvswitch: netlink: Multiple metadata blocks provided
[  100.980699][ T8139] syzkaller0: entered promiscuous mode
[  100.982487][ T8139] syzkaller0: entered allmulticast mode
[  102.326341][ T8194] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1049'.
[  102.330072][ T8194] netlink: 'syz.2.1049': attribute type 22 has an invalid length.
[  102.332745][ T8194] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1049'.
[  102.873510][ T8227] netlink: 64106 bytes leftover after parsing attributes in process `syz.0.1065'.
[  103.103944][ T8246] Cannot find add_set index 1 as target
[  103.204248][ T8252] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode
[  103.207082][ T8252] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode
[  103.219660][ T8252] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  103.230761][ T8254] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  103.354079][ T8265] netlink: 'syz.1.1082': attribute type 4 has an invalid length.
[  103.364517][ T8265] netlink: 'syz.1.1082': attribute type 4 has an invalid length.
[  103.635633][ T8297] netlink: 'syz.0.1093': attribute type 62 has an invalid length.
[  103.658247][ T8291] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1091'.
[  103.693237][ T8303] syzkaller0: entered promiscuous mode
[  103.695055][ T8303] syzkaller0: entered allmulticast mode
[  103.703590][ T8303] tipc: Started in network mode
[  103.705396][ T8303] tipc: Node identity ca96fe4a5476, cluster identity 4711
[  103.708111][ T8303] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  103.715289][ T8303] tipc: Resetting bearer <eth:syzkaller0>
[  103.718453][ T8302] tipc: Resetting bearer <eth:syzkaller0>
[  103.726160][ T8302] tipc: Disabling bearer <eth:syzkaller0>
[  104.153973][ T8342] IPv6: sit1: Disabled Multicast RS
[  104.233166][ T8346] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1112'.
[  104.373355][ T8358] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  104.395773][ T8360] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1119'.
[  104.399552][ T8360] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1119'.
[  104.527233][ T8373] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  104.531890][ T8373] syzkaller0: entered promiscuous mode
[  104.540662][ T8373] syzkaller0: entered allmulticast mode
[  104.560735][ T8373] tipc: Resetting bearer <eth:syzkaller0>
[  104.564250][ T8371] tipc: Resetting bearer <eth:syzkaller0>
[  104.579620][ T8371] tipc: Disabling bearer <eth:syzkaller0>
[  104.854041][ T8404] netlink: 'syz.2.1140': attribute type 3 has an invalid length.
[  105.617731][ T8424] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1148'.
[  106.104423][ T8469] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1170'.
[  106.107964][ T8469] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1170'.
[  106.222753][ T8480] netlink: 'syz.0.1175': attribute type 1 has an invalid length.
[  106.226052][ T8480] netlink: 'syz.0.1175': attribute type 1 has an invalid length.
[  106.382774][ T8491] nft_compat: unsupported protocol 0
[  106.846933][ T8503] syzkaller0: entered promiscuous mode
[  106.848981][ T8503] syzkaller0: entered allmulticast mode
[  109.900360][ T8506] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  110.022844][ T8550] netlink: 292 bytes leftover after parsing attributes in process `syz.2.1202'.
[  110.196852][ T8568] syzkaller0: entered promiscuous mode
[  110.198692][ T8568] syzkaller0: entered allmulticast mode
[  110.204880][ T8568] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  110.208201][ T8567] tipc: Resetting bearer <eth:syzkaller0>
[  110.228803][ T8567] tipc: Disabling bearer <eth:syzkaller0>
[  110.239476][ T8572] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1213'.
[  110.250410][ T8572] syzkaller0: entered promiscuous mode
[  110.252671][ T8572] syzkaller0: entered allmulticast mode
[  110.288513][ T8572] tcf_pedit_act: 22 callbacks suppressed
[  110.288528][ T8572] tc action pedit 'at' offset -2147483647 out of bounds
[  110.292924][ T8572] tc action pedit 'at' offset -2147483647 out of bounds
[  110.295723][ T8572] tc action pedit 'at' offset -2147483647 out of bounds
[  110.298236][ T8572] tc action pedit 'at' offset -2147483647 out of bounds
[  110.300504][ T8572] tc action pedit 'at' offset -2147483647 out of bounds
[  110.303205][ T8572] tc action pedit 'at' offset -2147483647 out of bounds
[  110.305831][ T8572] tc action pedit 'at' offset -2147483647 out of bounds
[  110.308477][ T8572] tc action pedit 'at' offset -2147483647 out of bounds
[  110.311281][ T8572] tc action pedit 'at' offset -2147483647 out of bounds
[  110.313925][ T8572] tc action pedit 'at' offset -2147483647 out of bounds
[  110.316575][ T8572] 0: reclassify loop, rule prio 0, protocol 800
[  110.336422][   T13] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  110.340069][   T13] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  110.343433][   T13] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  110.346790][   T13] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  111.060723][ T8628] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1235'.
[  111.259110][ T8640] netlink: 'syz.1.1241': attribute type 2 has an invalid length.
[  111.362014][ T8646] syzkaller1: tun_chr_ioctl cmd 35108
[  111.598337][ T8658] syzkaller0: entered promiscuous mode
[  111.600641][ T8658] syzkaller0: entered allmulticast mode
[  111.779877][ T8663] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1250'.
[  112.560064][ T8669] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1253'.
[  112.730692][ T8683] syzkaller0: entered promiscuous mode
[  112.736357][ T8685] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1261'.
[  112.739662][ T8683] syzkaller0: entered allmulticast mode
[  112.873588][ T8699] netlink: 'syz.1.1268': attribute type 1 has an invalid length.
[  112.890714][ T8698] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1267'.
[  112.894687][ T8698] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1267'.
[  112.897987][ T8698] tipc: Invalid UDP bearer configuration
[  112.898030][ T8698] tipc: Enabling of bearer <udp:sy{> rejected, failed to enable media
[  112.991496][ T8709] netlink: 'syz.2.1273': attribute type 1 has an invalid length.
[  113.090234][ T8717] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1276'.
[  113.094000][ T8717] openvswitch: netlink: Unknown nsh attribute 0
[  113.417013][ T8750] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1284'.
[  113.992239][ T8777] can: request_module (can-proto-0) failed.
[  114.050368][ T8781] netlink: 'syz.2.1299': attribute type 1 has an invalid length.
[  114.052977][ T8781] netlink: 'syz.2.1299': attribute type 2 has an invalid length.
[  114.055498][ T8781] netlink: 'syz.2.1299': attribute type 2 has an invalid length.
[  114.057936][ T8781] netlink: 'syz.2.1299': attribute type 2 has an invalid length.
[  114.060570][ T8781] netlink: 'syz.2.1299': attribute type 1 has an invalid length.
[  114.069219][ T8781] netlink: 'syz.2.1299': attribute type 2 has an invalid length.
[  114.590590][ T8829] openvswitch: netlink: Key 6 has unexpected len 318 expected 2
[  114.865689][ T8861] netlink: 'syz.2.1336': attribute type 1 has an invalid length.
[  114.895886][ T8861] 8021q: adding VLAN 0 to HW filter on device bond3
[  114.924316][ T8858] bond3: (slave veth5): Enslaving as an active interface with an up link
[  114.957990][ T8858] 8021q: adding VLAN 0 to HW filter on device batadv1
[  114.961383][ T8858] bond3: (slave batadv1): Enslaving as an active interface with an up link
[  115.116148][ T8886] __nla_validate_parse: 4 callbacks suppressed
[  115.116157][ T8886] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1349'.
[  115.907344][ T8916] 8021q: adding VLAN 0 to HW filter on device team0
[  115.910743][ T8916] bond0: (slave team0): Enslaving as an active interface with an up link
[  115.981046][ T5819] Bluetooth: hci2: link tx timeout
[  115.983021][ T5819] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  115.986545][ T5819] Bluetooth: hci2: link tx timeout
[  115.988214][ T5819] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  116.037016][ T5819] Bluetooth: hci2: link tx timeout
[  116.038681][ T5819] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  116.071039][ T5819] Bluetooth: hci2: link tx timeout
[  116.072808][ T5819] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  116.208667][ T5819] Bluetooth: hci2: link tx timeout
[  116.210944][ T5819] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  116.334179][ T8958] 8021q: adding VLAN 0 to HW filter on device bond4
[  116.489791][ T5819] Bluetooth: hci2: link tx timeout
[  116.491945][ T5819] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  116.864542][ T9007] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1384'.
[  116.937902][ T9017] netlink: 312 bytes leftover after parsing attributes in process `syz.2.1388'.
[  117.257953][ T9050] bond4: option active_slave: mode dependency failed, not supported in mode balance-xor(2)
[  117.272121][ T9050] bond4 (unregistering): Released all slaves
[  117.561109][ T5819] Bluetooth: hci2: link tx timeout
[  117.562854][ T5819] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  117.565459][ T5819] Bluetooth: hci2: link tx timeout
[  117.567053][ T5819] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  117.573948][ T5819] Bluetooth: hci2: link tx timeout
[  117.576526][ T5819] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  117.756168][ T9108] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1413'.
[  118.040629][ T5819] Bluetooth: hci2: command 0x0405 tx timeout
[  118.279809][ T5819] Bluetooth: hci2: link tx timeout
[  118.842900][ T9135] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1425'.
[  118.847374][ T9135] batman_adv: batadv0: Removing interface: batadv_slave_1
[  118.982334][ T9142] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1428'.
[  119.235602][ T9155] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  119.742656][ T9186] x_tables: duplicate underflow at hook 2
[  119.833358][ T9192] validate_nla: 4 callbacks suppressed
[  119.833368][ T9192] netlink: 'syz.1.1451': attribute type 4 has an invalid length.
[  119.953503][ T9201] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1455'.
[  120.003453][ T9194] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.005912][ T9194] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.046010][ T9207] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1458'.
[  120.211758][ T9194] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  120.232037][ T9194] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  120.597728][ T5840] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  120.607859][ T5840] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  120.610866][ T5840] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  120.617237][ T5840] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  120.638228][ T5840] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  120.642146][ T5840] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  120.645284][ T5840] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  120.648127][ T5840] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  120.771316][ T9220] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1461'.
[  120.774935][ T9220] openvswitch: netlink: Geneve opt len 1 is not a multiple of 4.
[  120.963636][ T9238] syzkaller0: entered promiscuous mode
[  120.965933][ T9238] syzkaller0: entered allmulticast mode
[  120.972438][ T9238] 0: reclassify loop, rule prio 0, protocol 700
[  121.116846][ T9240] bridge0: port 2(bridge_slave_1) entered disabled state
[  121.120014][ T9240] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.150847][ T9240] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  121.155604][ T9240] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  121.165311][ T9240] hsr0: left promiscuous mode
[  121.226292][ T9242] netlink: 'syz.2.1471': attribute type 15 has an invalid length.
[  121.236397][ T5655] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  121.247361][ T5655] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  121.255148][ T5655] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  121.259901][ T5655] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  121.295732][ T9237] bridge_slave_0 (unregistering): left allmulticast mode
[  121.298600][ T9237] bridge_slave_0 (unregistering): left promiscuous mode
[  121.301738][ T9237] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.847904][ T9257] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1477'.
[  121.856936][ T9257] bond0: entered promiscuous mode
[  121.860350][ T9257] batadv_slave_0: entered promiscuous mode
[  121.862883][ T9257] batadv_slave_0: left promiscuous mode
[  121.865508][ T9257] bond0: left promiscuous mode
[  122.763738][ T9265] 8021q: adding VLAN 0 to HW filter on device bond0
[  122.766773][ T9265] 8021q: adding VLAN 0 to HW filter on device team0
[  122.774966][ T9265] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  122.836663][ T9267] macsec1: entered promiscuous mode
[  122.842545][ T9267] erspan0: entered promiscuous mode
[  122.847520][ T9267] erspan0: left promiscuous mode
[  123.028715][ T9276] ipt_ECN: cannot use operation on non-tcp rule
[  123.115392][ T9283] netlink: 'syz.2.1487': attribute type 1 has an invalid length.
[  123.117793][ T9283] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1487'.
[  123.747596][ T9302] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  123.751241][ T9302] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  123.779348][ T9305] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1495'.
[  124.341899][ T9322] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1500'.
[  124.869628][ T9341] netlink: 'syz.1.1508': attribute type 1 has an invalid length.
[  124.872290][ T9341] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1508'.
[  124.894658][ T9343] netlink: 6 bytes leftover after parsing attributes in process `syz.1.1509'.
[  124.924186][ T9345] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1510'.
[  125.241201][ T9379] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1527'.
[  125.348402][ T9391] ipvlan2: entered promiscuous mode
[  125.730283][ T9422] block nbd0: server does not support multiple connections per device.
[  125.736532][ T9422] block nbd0: shutting down sockets
[  126.654017][ T9444] netlink: 'syz.1.1559': attribute type 8 has an invalid length.
[  126.696953][ T9450] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1562'.
[  126.723070][ T9450] team1: entered promiscuous mode
[  126.724754][ T9450] team1: entered allmulticast mode
[  126.727010][ T9450] 8021q: adding VLAN 0 to HW filter on device team1
[  126.847357][ T9464] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1564'.
[  126.851459][ T9464] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1564'.
[  126.941741][ T9474] netlink: 'syz.2.1570': attribute type 49 has an invalid length.
[  127.236947][ T9510] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1588'.
[  127.241919][ T9510] netlink: 'syz.2.1588': attribute type 13 has an invalid length.
[  127.244470][ T9510] netlink: 'syz.2.1588': attribute type 17 has an invalid length.
[  127.258217][ T9510] gretap0: refused to change device tx_queue_len
[  127.260567][ T9510] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  127.933945][ T9559] sctp: [Deprecated]: syz.2.1608 (pid 9559) Use of struct sctp_assoc_value in delayed_ack socket option.
[  127.933945][ T9559] Use struct sctp_sack_info instead
[  128.047322][ T9571] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1611'.
[  128.116131][ T9573] bond5: option active_slave: mode dependency failed, not supported in mode balance-xor(2)
[  128.120230][ T9573] bond5 (unregistering): Released all slaves
[  128.762629][ T9598] xt_limit: Overflow, try lower: 268435456/134217728
[  129.118358][ T9628] netlink: 220 bytes leftover after parsing attributes in process `syz.2.1636'.
[  129.146575][ T9631] syzkaller0: entered promiscuous mode
[  129.148469][ T9631] syzkaller0: entered allmulticast mode
[  129.219870][ T9637] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1640'.
[  129.257520][ T9639] syzkaller0: entered promiscuous mode
[  129.259522][ T9639] syzkaller0: entered allmulticast mode
[  129.399570][ T5817] Bluetooth: hci0: command tx timeout
[  129.427916][ T9657] geneve1: entered promiscuous mode
[  129.476627][ T9661] ------------[ cut here ]------------
[  129.478557][ T9661] verifier bug: REG INVARIANTS VIOLATION (true_reg1): range bounds violation u64=[0xffffdfcd, 0xffffffffffffdfcc] s64=[0x80000000ffffdfcd, 0x7fffffffffffdfcc] u32=[0xffffdfcd, 0xffffdfcc] s32=[0xffffdfcd, 0xffffdfcc] var_off=(0xffffdfcc, 0xffffffff00000000)
[  129.481879][ T9663] tipc: New replicast peer: 255.255.255.255
[  129.486663][ T9661] WARNING: kernel/bpf/verifier.c:2830 at reg_bounds_sanity_check+0x201/0xc30, CPU#1: syz.2.1652/9661
[  129.490212][ T9663] tipc: Enabled bearer <udp:syz2>, priority 10
[  129.492864][ T9661] Modules linked in:
[  129.496068][ T9661] CPU: 1 UID: 0 PID: 9661 Comm: syz.2.1652 Not tainted syzkaller #0 PREEMPT(full) 
[  129.499016][ T9661] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  129.502602][ T9661] RIP: 0010:reg_bounds_sanity_check+0x3e6/0xc30
[  129.504833][ T9661] Code: 98 00 00 00 4c 8b 8c 24 88 00 00 00 41 ff 34 24 41 57 55 41 55 ff b4 24 f0 00 00 00 ff b4 24 a8 00 00 00 ff b4 24 c0 00 00 00 <67> 48 0f b9 3a 48 83 c4 38 49 bf 00 00 00 00 00 fc ff df 48 8b 84
[  129.512410][ T9661] RSP: 0018:ffffc900090d6eb0 EFLAGS: 00010246
[  129.514706][ T9661] RAX: dffffc0000000000 RBX: 1ffff1102dd1f04a RCX: 00000000ffffdfcd
[  129.517717][ T9661] RDX: ffffffff8bd474e0 RSI: ffffffff8bd4fe20 RDI: ffffffff9015e430
[  129.520954][ T9661] RBP: 00000000ffffdfcc R08: ffffffffffffdfcc R09: 80000000ffffdfcd
[  129.524042][ T9661] R10: ffff88816e8f8358 R11: 1ffff1102dd1f050 R12: ffff88816e8f8250
[  129.527010][ T9661] R13: 00000000ffffdfcd R14: 1ffff1102dd1f049 R15: 00000000ffffdfcc
[  129.529986][ T9661] FS:  00007f60c81ee6c0(0000) GS:ffff8882a9454000(0000) knlGS:0000000000000000
[  129.533480][ T9661] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  129.535944][ T9661] CR2: 00007fe512a17dac CR3: 000000017884c000 CR4: 00000000000006f0
[  129.538856][ T9661] Call Trace:
[  129.540131][ T9661]  <TASK>
[  129.541128][ T9661]  reg_set_min_max+0x264/0x340
[  129.542645][ T9661]  check_cond_jmp_op+0x1dbb/0x31a0
SYZFAIL: failed to recv rpc
[  129.544329][ T9661]  ? __pfx_check_cond_jmp_op+0x10/0x10
[  129.546610][ T9661]  ? kfree+0x1c1/0x630
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  129.548275][ T9661]  ? do_check+0x6326/0x10610
[  129.550307][ T9661]  ? bpf_reset_stack_write_marks+0x1eb/0x260
[  129.552682][ T9661]  do_check+0x7970/0x10610
[  129.554355][ T9661]  ? __pfx_do_check+0x10/0x10
[  129.556020][ T9661]  ? init_func_state+0x1ab2/0x28d0
[  129.557567][ T9661]  do_check_common+0x19c8/0x25b0
[  129.559098][ T9661]  bpf_check+0x5f3e/0x1ce00
[  129.560657][ T9661]  ? __lock_acquire+0x6b5/0x2cf0
[  129.562271][ T9661]  ? __lock_acquire+0x6b5/0x2cf0
[  129.563820][ T9661]  ? __mutex_trylock_common+0x158/0x260
[  129.565806][ T9661]  ? __pfx___mutex_trylock_common+0x10/0x10
[  129.568106][ T9661]  ? __lock_acquire+0x6b5/0x2cf0
[  129.570223][ T9661]  ? css_rstat_updated+0x23a/0x530
[  129.572247][ T9661]  ? __pfx_css_rstat_updated+0x10/0x10
[  129.574393][ T9661]  ? pcpu_alloc_noprof+0xe8f/0x19c0
[  129.576426][ T9661]  ? __lock_acquire+0x6b5/0x2cf0
[  129.578403][ T9661]  ? __pfx_bpf_check+0x10/0x10
[  129.580403][ T9661]  ? pcpu_memcg_post_alloc_hook+0x77/0x580
[  129.582442][ T9661]  ? pcpu_memcg_post_alloc_hook+0x44a/0x580
[  129.584477][ T9661]  ? ktime_get_with_offset+0x93/0x2a0
[  129.586372][ T9661]  ? ktime_get_with_offset+0x93/0x2a0
[  129.588108][ T9661]  ? __asan_memset+0x22/0x50
[  129.589712][ T9661]  ? bpf_lsm_bpf_prog_load+0x9/0x20
[  129.591336][ T9661]  ? security_bpf_prog_load+0x125/0x3c0
[  129.593089][ T9661]  bpf_prog_load+0x1484/0x1ae0
[  129.594557][ T9661]  ? __pfx_bpf_prog_load+0x10/0x10
[  129.596178][ T9661]  ? tomoyo_path_number_perm+0x219/0x630
[  129.598283][ T9661]  ? bpf_lsm_bpf+0x9/0x20
[  129.599923][ T9661]  ? security_bpf+0x7e/0x2d0
[  129.601713][ T9661]  __sys_bpf+0x618/0x950
[  129.602997][ T9661]  ? __pfx___sys_bpf+0x10/0x10
[  129.604657][ T9661]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  129.606533][ T9661]  ? __pfx_kcov_ioctl+0x10/0x10
[  129.608056][ T9661]  __x64_sys_bpf+0x7c/0x90
[  129.609536][ T9661]  do_syscall_64+0x14d/0xf80
[  129.611191][ T9661]  ? trace_irq_disable+0x3b/0x150
[  129.612894][ T9661]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.615059][ T9661]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.617082][ T9661] RIP: 0033:0x7f60c9f9cdd9
[  129.618385][ T9661] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  129.624564][ T9661] RSP: 002b:00007f60c81ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  129.627254][ T9661] RAX: ffffffffffffffda RBX: 00007f60ca215fa0 RCX: 00007f60c9f9cdd9
[  129.630323][ T9661] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005
[  129.633497][ T9661] RBP: 00007f60ca032d69 R08: 0000000000000000 R09: 0000000000000000
[  129.636188][ T9661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  129.638626][ T9661] R13: 00007f60ca216038 R14: 00007f60ca215fa0 R15: 00007fff189670f8
[  129.639246][ T9454] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  129.641379][ T9661]  </TASK>
[  129.645615][ T9661] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  129.647946][ T9661] CPU: 1 UID: 0 PID: 9661 Comm: syz.2.1652 Not tainted syzkaller #0 PREEMPT(full) 
[  129.650871][ T9661] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  129.654437][ T9661] Call Trace:
[  129.655766][ T9661]  <TASK>
[  129.656956][ T9661]  vpanic+0x56c/0xa60
[  129.658579][ T9661]  ? __pfx__printk+0x10/0x10
[  129.660167][ T9661]  ? __pfx_vpanic+0x10/0x10
[  129.661650][ T9661]  ? is_bpf_text_address+0x292/0x2b0
[  129.663425][ T9661]  ? is_bpf_text_address+0x26/0x2b0
[  129.665124][ T9661]  panic+0xc5/0xd0
[  129.666385][ T9661]  ? __pfx_panic+0x10/0x10
[  129.667832][ T9661]  __warn+0x315/0x4f0
[  129.669101][ T9661]  ? reg_bounds_sanity_check+0x201/0xc30
[  129.670899][ T9661]  ? reg_bounds_sanity_check+0x201/0xc30
[  129.672641][ T9661]  __report_bug+0x29a/0x540
[  129.674090][ T9661]  ? __pfx_stack_trace_save+0x10/0x10
[  129.675816][ T9661]  ? reg_bounds_sanity_check+0x201/0xc30
[  129.677497][ T9661]  ? __pfx___report_bug+0x10/0x10
[  129.679198][ T9661]  ? check_cond_jmp_op+0x1c5b/0x31a0
[  129.680941][ T9661]  ? do_check+0x7970/0x10610
[  129.682533][ T9661]  ? do_check_common+0x19c8/0x25b0
[  129.684395][ T9661]  ? bpf_check+0x5f3e/0x1ce00
[  129.685821][ T9661]  ? bpf_prog_load+0x1484/0x1ae0
[  129.687380][ T9661]  ? __sys_bpf+0x618/0x950
[  129.688698][ T9661]  ? __x64_sys_bpf+0x7c/0x90
[  129.690119][ T9661]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.691823][ T9661]  report_bug_entry+0x19a/0x290
[  129.693303][ T9661]  ? reg_bounds_sanity_check+0x3e6/0xc30
[  129.695169][ T9661]  ? reg_bounds_sanity_check+0x3eb/0xc30
[  129.697013][ T9661]  handle_bug+0xce/0x200
[  129.698360][ T9661]  exc_invalid_op+0x1a/0x50
[  129.699734][ T9661]  asm_exc_invalid_op+0x1a/0x20
[  129.701221][ T9661] RIP: 0010:reg_bounds_sanity_check+0x3e6/0xc30
[  129.703145][ T9661] Code: 98 00 00 00 4c 8b 8c 24 88 00 00 00 41 ff 34 24 41 57 55 41 55 ff b4 24 f0 00 00 00 ff b4 24 a8 00 00 00 ff b4 24 c0 00 00 00 <67> 48 0f b9 3a 48 83 c4 38 49 bf 00 00 00 00 00 fc ff df 48 8b 84
[  129.709498][ T9661] RSP: 0018:ffffc900090d6eb0 EFLAGS: 00010246
[  129.711476][ T9661] RAX: dffffc0000000000 RBX: 1ffff1102dd1f04a RCX: 00000000ffffdfcd
[  129.713902][ T9661] RDX: ffffffff8bd474e0 RSI: ffffffff8bd4fe20 RDI: ffffffff9015e430
[  129.716534][ T9661] RBP: 00000000ffffdfcc R08: ffffffffffffdfcc R09: 80000000ffffdfcd
[  129.719033][ T9661] R10: ffff88816e8f8358 R11: 1ffff1102dd1f050 R12: ffff88816e8f8250
[  129.721575][ T9661] R13: 00000000ffffdfcd R14: 1ffff1102dd1f049 R15: 00000000ffffdfcc
[  129.724161][ T9661]  reg_set_min_max+0x264/0x340
[  129.725714][ T9661]  check_cond_jmp_op+0x1dbb/0x31a0
[  129.727359][ T9661]  ? __pfx_check_cond_jmp_op+0x10/0x10
[  129.729169][ T9661]  ? kfree+0x1c1/0x630
[  129.730473][ T9661]  ? do_check+0x6326/0x10610
[  129.732075][ T9661]  ? bpf_reset_stack_write_marks+0x1eb/0x260
[  129.734463][ T9661]  do_check+0x7970/0x10610
[  129.736252][ T9661]  ? __pfx_do_check+0x10/0x10
[  129.738129][ T9661]  ? init_func_state+0x1ab2/0x28d0
[  129.740079][ T9661]  do_check_common+0x19c8/0x25b0
[  129.741994][ T9661]  bpf_check+0x5f3e/0x1ce00
[  129.743732][ T9661]  ? __lock_acquire+0x6b5/0x2cf0
[  129.745641][ T9661]  ? __lock_acquire+0x6b5/0x2cf0
[  129.747531][ T9661]  ? __mutex_trylock_common+0x158/0x260
[  129.749674][ T9661]  ? __pfx___mutex_trylock_common+0x10/0x10
[  129.751863][ T9661]  ? __lock_acquire+0x6b5/0x2cf0
[  129.753421][ T9661]  ? css_rstat_updated+0x23a/0x530
[  129.755125][ T9661]  ? __pfx_css_rstat_updated+0x10/0x10
[  129.756845][ T9661]  ? pcpu_alloc_noprof+0xe8f/0x19c0
[  129.758444][ T9661]  ? __lock_acquire+0x6b5/0x2cf0
[  129.759959][ T9661]  ? __pfx_bpf_check+0x10/0x10
[  129.761448][ T9661]  ? pcpu_memcg_post_alloc_hook+0x77/0x580
[  129.763449][ T9661]  ? pcpu_memcg_post_alloc_hook+0x44a/0x580
[  129.765737][ T9661]  ? ktime_get_with_offset+0x93/0x2a0
[  129.767648][ T9661]  ? ktime_get_with_offset+0x93/0x2a0
[  129.769363][ T9661]  ? __asan_memset+0x22/0x50
[  129.770798][ T9661]  ? bpf_lsm_bpf_prog_load+0x9/0x20
[  129.772416][ T9661]  ? security_bpf_prog_load+0x125/0x3c0
[  129.774364][ T9661]  bpf_prog_load+0x1484/0x1ae0
[  129.775932][ T9661]  ? __pfx_bpf_prog_load+0x10/0x10
[  129.777565][ T9661]  ? tomoyo_path_number_perm+0x219/0x630
[  129.779270][ T9661]  ? bpf_lsm_bpf+0x9/0x20
[  129.780587][ T9661]  ? security_bpf+0x7e/0x2d0
[  129.781985][ T9661]  __sys_bpf+0x618/0x950
[  129.783283][ T9661]  ? __pfx___sys_bpf+0x10/0x10
[  129.785134][ T9661]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  129.787444][ T9661]  ? __pfx_kcov_ioctl+0x10/0x10
[  129.789405][ T9661]  __x64_sys_bpf+0x7c/0x90
[  129.791156][ T9661]  do_syscall_64+0x14d/0xf80
[  129.792994][ T9661]  ? trace_irq_disable+0x3b/0x150
[  129.794935][ T9661]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.797333][ T9661]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.799716][ T9661] RIP: 0033:0x7f60c9f9cdd9
[  129.801438][ T9661] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  129.808357][ T9661] RSP: 002b:00007f60c81ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  129.811608][ T9661] RAX: ffffffffffffffda RBX: 00007f60ca215fa0 RCX: 00007f60c9f9cdd9
[  129.814814][ T9661] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005
[  129.817478][ T9661] RBP: 00007f60ca032d69 R08: 0000000000000000 R09: 0000000000000000
[  129.819916][ T9661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  129.823018][ T9661] R13: 00007f60ca216038 R14: 00007f60ca215fa0 R15: 00007fff189670f8
[  129.825827][ T9661]  </TASK>
[  129.827469][ T9661] Kernel Offset: disabled
[  129.828884][ T9661] Rebooting in 86400 seconds..
