last executing test programs: 9.907511339s ago: executing program 1 (id=3233): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000b40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_STATION(r1, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000001040)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010027bd7000fedbdf251200000008000300", @ANYRES32=r3, @ANYBLOB="0a000600080211000000000008001180040008"], 0x55}, 0x1, 0x0, 0x0, 0x81}, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'team0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=@newlink={0x40, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @vti={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VTI_REMOTE={0x8, 0x5, @multicast1}]}}}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000881}, 0x4004044) socket$nl_route(0x10, 0x3, 0x0) (async) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000b00), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000b40)={'wlan0\x00'}) (async) sendmsg$NL80211_CMD_SET_STATION(r1, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000001040)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010027bd7000fedbdf251200000008000300", @ANYRES32=r3, @ANYBLOB="0a000600080211000000000008001180040008"], 0x55}, 0x1, 0x0, 0x0, 0x81}, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'team0\x00'}) (async) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=@newlink={0x40, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @vti={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VTI_REMOTE={0x8, 0x5, @multicast1}]}}}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000881}, 0x4004044) (async) 9.38794637s ago: executing program 1 (id=3236): bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$ENABLE_STATS(0x20, 0x0, 0xffffffffffffffad) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000980)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYRES16], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='signal_generate\x00', r0}, 0x18) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x11, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000d0ff000000000000000000048510000006", @ANYRES32, @ANYBLOB="0000000000000004180000000000001000000000000200009500000000000000180100002020782500000000002020207b1af8ff00000000bfa10020"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000580)={'wg1\x00'}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000700), r2) sendmsg$L2TP_CMD_TUNNEL_DELETE(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000b40)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010029bd7000fbdbdf25020000000800090000000000c863be0c0700000000000067aa321efefb47fd569ba5498f870af3467c93df231a9edba45f2e1d7e78174857e71fe51d87809d477016ceed25a1dc183d39615a5c10b5935347a58cf66466fc7af54fc439e931b4863f901c54ebf47e1555a6ef43dac3b61c200d6c50b6663900383345ac00b944365dd34424e11506d90ce647f8beb140e2d5d5999a44526ccc66e77e3f092484722e77915f4db1fa01dbe7a0a6f7ca585cb8004cf0cf08ec70fd493bb7bc60d49ea5"], 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x44040) r4 = socket$alg(0x26, 0x5, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a54000000060a0804000000000000000002000000200b0480240001800b00010072656a65637400001400028005000200cf00000008000140000000020900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a"], 0x7c}}, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r6 = accept4(r4, 0x0, 0x0, 0x800) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_RENAME(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c00000004060104000000000000000000060000050001"], 0x1c}}, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r9, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f00000042c0)="86", 0xff0f}], 0x1}, 0x0) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_AUTHENTICATE(r10, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000a40)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="010002000020000000002500000008000300a5ecaed9a595097d0fd9573e6ed5b0a8875ee9639f2577b73fc25e4bc4f9eb8efe89fbd29bed6b150cc54c39ce5f6306f55e1d5bba49f54be5ad016aff282fce959d7c5e9959fd1ef5c5c28695b14010d314749e1dcad7250443641b9318d44f4bf779dc29e0d35ce50dfc2da1f2e2", @ANYRES32=r12, @ANYBLOB="080026006c0900000a000600080211000001000008003500070000000a003400010101010101000004005080"], 0x48}, 0x1, 0x0, 0x0, 0x4044804}, 0x40) close(r9) recvmsg(r8, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000c40)=""/203, 0xcb}], 0x1}, 0x0) sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000780)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb0958730486f7a154fb010d3ee8bddeae5faffe6da1c9972b35975ed10d68d2057b7be2e55d5357559e25f38f66f5628007c7bea392f6f86f72e7ab4a636b376ad31309cc2844a6234c9eb764bf4ef963879327fe01eb0f03cce375cef1c327140078b4369dc0ebb4563", 0xb2}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)}], 0x1, 0x40800) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 9.017271346s ago: executing program 1 (id=3240): r0 = socket$xdp(0x2c, 0x3, 0x0) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2, 0x11, r0, 0x5f2bc000) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="180000000c1400042cbd7000fddbdf250800030003000000ade3097c979beb72f1c5afdb5dbde87d060fa150248574202a08224abeb3c0fa0766ad8a8d5c830fd74207944e7f68a5d4a736a8bbd45969d49001b74ff4e8ed51aa6388c5dbd5db7bba3f13939b11c2160d2d04c487140a7e10b16d00044748794291ef686f22a31b49d82a944b6e5e87c715ea78877b16ce73b0e4fcd3774cb0"], 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x800) (async) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) (async) setsockopt$inet_group_source_req(r1, 0x0, 0x2f, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x108) (async) setsockopt$inet_group_source_req(r1, 0x0, 0x2b, &(0x7f0000000040)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @multicast2}}}, 0x108) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = socket$netlink(0x10, 0x3, 0xa) syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), r3) (async) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x56) connect$inet(r4, &(0x7f0000000380)={0x2, 0x4e25, @dev={0xac, 0x14, 0x14, 0x3e}}, 0x10) (async) sendmmsg(r4, &(0x7f0000006140)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000840)="65c6", 0x2}], 0x1}}], 0x1, 0x4000) (async) sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000001580)={0x0, 0x0, 0x0}, 0x0) (async) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) (async) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_subtree(r5, &(0x7f0000000200), 0x2, 0x0) write$cgroup_subtree(r6, 0x0, 0xfdef) (async, rerun: 32) r7 = socket(0x10, 0x803, 0x0) (async, rerun: 32) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r2) (async, rerun: 64) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000680)={'wlan0\x00', 0x0}) (rerun: 64) sendmsg$NL80211_CMD_SET_QOS_MAP(r3, &(0x7f0000000740)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000700)={&(0x7f0000000880)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="100029bd7000ffdbdf256800000008000300", @ANYRES32=r9, @ANYBLOB="0c00999af77a796098db3a33f3afd261220000005e000000f59bec8fe75b226e0d1385614f8892dd919cab263d64070bd192abbc61a3dad09589322f777c22189b7c329b8f788419dd318869558120e5c576757aa121241d991099ea3283f2afb976d744eb8bea47ea77ec4de7f9b5d5dd4b6208dbe4ee04d1d72df9bcc646a44799d6814eb50e4cf4773228757c81dd786bf8d4e3d32ab579b1349a07f64c9bffc9f73dcc44c91e86f8f2968bbef19af08930ebb22554d838c786325ce758abac8f2059b92c5d1f808aef2fb6709aa4f5431eb50624d5baf080d0c0944585cb75e6cb36d437deec999dbe5b470cfb9d85f8ce3039"], 0x34}, 0x1, 0x0, 0x0, 0x8044}, 0x20000000) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) (async, rerun: 32) sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}, 0x1, 0x0, 0x0, 0x4080}, 0x0) (rerun: 32) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r7, 0x89f7, &(0x7f0000000280)={'sit0\x00', &(0x7f0000000440)={@remote, 0x0, 0x0, 0x40, 0x0, [{@loopback}, {@broadcast}, {@broadcast}, {@remote}]}}) (async, rerun: 64) r10 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) sendmsg$TIPC_NL_LINK_SET(r10, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000001c0)={&(0x7f0000000340)={0x100, 0x0, 0x400, 0x70bd27, 0x25dfdbfd, {}, [@TIPC_NLA_NET={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xb2}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1}]}, @TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0xa}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfff}]}, @TIPC_NLA_BEARER={0x3c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @loopback}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x0, @dev={0xfe, 0x80, '\x00', 0x19}, 0x3}}}}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x46d}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2}, @TIPC_NLA_PUBL_TYPE={0x8}]}, @TIPC_NLA_MEDIA={0x40, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xba6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffff2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}]}]}, 0x100}, 0x1, 0x0, 0x0, 0xc0}, 0x10) 8.717590573s ago: executing program 1 (id=3241): r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791048000000000081001000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x9, '\x00', 0x0, @sk_msg, r0}, 0x94) 8.556342774s ago: executing program 1 (id=3244): r0 = socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$xdp(0x2c, 0x3, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f00000002c0)=0x100, 0x4) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', 0x0}) (async, rerun: 64) r4 = socket$xdp(0x2c, 0x3, 0x0) (rerun: 64) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r4, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r4, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) (async, rerun: 64) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', 0x0}) (rerun: 64) setsockopt$XDP_UMEM_FILL_RING(r4, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4) (async) socket$xdp(0x2c, 0x3, 0x0) (async, rerun: 32) bind$xdp(r4, &(0x7f0000000100)={0x2c, 0x0, r6, 0x1, r1}, 0x10) (async, rerun: 32) bind$xdp(r1, &(0x7f0000000240)={0x2c, 0x1, r3, 0x0, r4}, 0x60) (async) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xe}, {}, {0x7}}}, 0x24}}, 0x0) 8.05611531s ago: executing program 1 (id=3251): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xb, 0x3, &(0x7f0000000100)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x60}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc}, 0x90) socket(0x400000000010, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x4040080}, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="400000000000000029000000110000003fb80a45e68f5ca550e80e74d38da7b8d02822ea9b0c790d87300999c600fc81333fc8cc71c173a35811b0d6c4c5f100f0000000000000001701000001000000dd84b7d407a04165f74dd85f1dc3c013b80fefa5f35496fc416111e0e4eb5012ead6fd9efc50ea1c936552a217c8541f334077496de445bfa5664cd886d9e493d34020dcd074225ec6f8e5ae1e5e7597e86b8da95f0254da5fc07c231984d3dc20df193b7d13cfd663d28e1f7c5ec2751640df7e0eeab0c7c4fcd2dc23f83fc2740e5a7da572aac3f781744be156c45459b0443c05ecd665eb6f7a7148df0f1c21c09ce15c23871f734a567d9031195c543c4bb1042a1879f710fcf7a01be330d48e942b3228c7ddfa6261cf24442750ee133b47fe39a7109ff53cae88000000c8000000000000000e01000004000000d40ad3947f355ecbecce9ab4aa84de0f87330bc593162e7d62b0a0887a65cfa4db9b3a5f9db13fafa4f2a5209d887665a1f7285f8526dc36a21d9a04d5ba4fd6abf096ccd1fd763cd560dae0835bff025fd34950223e8f030ec7fc3a93dfa9b1"], 0x268}, 0x8000) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x5, 0x9fd, 0x84, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r1}, 0x38) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x4, 0x5, &(0x7f0000002500)=ANY=[@ANYBLOB="bf16000000000000b7020000000100004870000000ffffffdc0700001000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2681d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142fa9ea4318123f602000000000080de89e661168c1886d0d4d94f204e345c65c26e278ef5b915395b19284a1a4bc72fbc1626e3a2a2ad358061d0ae0209e6e83d15645aa818d92b21aa6459512f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa8666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340a1c8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e517232586872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d6acabd38a817bcd222614d1f62734d679039a97d2b74f9e8e997ccd314000f747f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798abe646f738bebd69413afc9d8a5edd7aaa000000000600001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736dd19363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480e5aee9c9e5f2e5a56a6d920335c8e8726fd8329d9a733d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c50008a2b50025419dfc75c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047050d7296cd3856476a0ea49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0491245c0000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2ddf267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed186a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d36df524b760ab92efcce7dd1574a0730a9e015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbe4fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a903375dfb663a8d8ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c63fb9450dd03985d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921bd4d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a980010000fdf278218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9d3696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee5237ada986b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8596970d5254727e804fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8fabea9930952f5da9b909c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3138e2361c51cd1eab8a26b232acf6bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d8549f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39389f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f21d9d5bc27d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c30600a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86da86b3cf79a3f7306436762dd1a08ce873e07cebc7892ec6f9f696da38feed3d70001500e34ad2e1b2e64af4e37211b524e20f4ae1ba89a32bad2af9030f8add5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac361f71ac279a688f10a12105edebc5e3bbc394c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e90eb1fffffffffffffcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c2615318bf813e788c84409dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f23d9eea2459f7844606e1202768d83c24cc791bde44a448022bbfa571fe029a7b2d5152639ee283894ab6168992ff0acc01b39a078f285ce615351f262019586eb9447bb3eaffd7b53d8f37ca6c5f1027dd5b7592996c8a7789ba108979cc9ad07ed86682843e2eaa855dd01443ee6ffde1811f10039d5d14458177096e15cc4d8f2582a1bea5cc98d992f3de7d1cdfb24384b9f11b615c87c441dc970ec896a5af6bf69b50a244bc138a1cae3d220bcff6bcb3058c6e0d1cc0da889710f33f5638f805ce602365492282863cc8092b16656dea03cd50182aabbac78a14506dcbf823bec4a5dad14c4d7353b6a55c28321647df3a85bf9fca4e18aeaf4867e6a3dbdd7a5dbe1a52bddae83fc368404a032b75649cf74d7af8e9e3e43fad643ad3e8575a2bb0507531eac5e10b631575f1360803c8f556e07f292ab66b9bcea0c2f09db289a5934a4f2f5fe5cfc52b270a4a5fa2a8de62dcaf7ef52f1fd84c55e6a0c5a365a3b4e73c4ac6fc26367f3f6c07b06a0874c039622ba2bd369b105f57099f742a000a36c2f044a5de24604f82a1f197d9a70b5a62f794f57ec02df70d459fedd6125ae41479a2661360a79e175f0add2820018d5985183ee80f681403a7d08e0e2b88d0750c90b7ed5fed6f81ce797f3b60445ce811d2b4e45005a5ea06c1fe927af06433cd3885dc954e698a7a73416c73bfab7773a6e5e14338797ce9148cda4c0bf05fb67915aeb3661e755e4e1a0ceedfe8e91ee5361ff4c7c07b422e1443a6616b6eb3c325d5687644a4c0a1d44d9dfd82896f56bdfa0790406984c123e1d37da4a9a9444485e9b1e3b6b548528989d2aecc1e7b6ee92ca19298801105ced8964e000000000000000000000000000000000000000000000000000000000003d1c031ee2fc25c7ad34283187545b1343f7ab862e66cf5bf4ba4dbf5fda31619c05ddb97199ad4d01471e9b3c7f485b1e74d0ed34201915e79d5ed229f0773ab6b38529c45b10d0796e005b6d663b942320339b9fe1d4e393b4bcb596898cde06955a345db3cb956b0e5da1c1dba7046f4d12fc65085302f333516804d9f"], &(0x7f0000000140)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89, 0x10, 0x0, 0xff0e}, 0x48) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x1f}, @NFTA_META_DREG={0x8}]}}}]}]}], {0x14}}, 0x7c}}, 0x0) 2.073427569s ago: executing program 2 (id=3302): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) socket$key(0xf, 0x3, 0x2) sendmsg$nl_xfrm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="80010000100001000000000000000000fe880000000000000000000000000001fe80000000000000000000000000000000000000000000000a0020005c000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000010000000033000000fc0200000000000000000000000000010000000000000000ffffffffffffffff0500000000000000000000000000000000000000000000000000000000000000000000190000000000000000000000000000000000000000fdffffffffffffff0000000000000019000000000000000000000000000000000000000000000000000000000a00048000000000000000008d001400736d33"], 0x180}, 0x1, 0x0, 0x0, 0x20004001}, 0x0) 1.899759356s ago: executing program 2 (id=3305): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x50, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x5}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x7fff}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x1}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x25}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x9}, @NFQA_CFG_MASK={0x8}, @NFQA_CFG_PARAMS={0x9, 0x2, {0xae, 0x2}}]}, 0x50}}, 0x0) sendmsg$NFQNL_MSG_VERDICT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000030303"], 0x20}}, 0x0) 1.77757156s ago: executing program 0 (id=3307): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x17, 0xf, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800aac3000000a14000"/22, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x58, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x8001}, 0x94) (async) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x17, 0xf, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800aac3000000a14000"/22, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x58, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x8001}, 0x94) setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000000)=r2, 0x4) socket$inet_sctp(0x2, 0x1, 0x84) (async) r3 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, 0x0, &(0x7f0000000140)) sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) (async) sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r4, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0) recvmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) 1.742210069s ago: executing program 2 (id=3308): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0) close(r0) ioctl$SIOCSIFHWADDR(r0, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x6}}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0800034000000007080100000c0a01020000000000000000010000000900020073797a3200000000dc000380d8000080040001800800034000000001c50006407c2432aaf2e15835aab6f584ce76eb9b9fdd3d4c4b9feafeb308d37bc55ab62bf6fcaff3160414d6f1e7583c04910038802faf6b9c16e453c50ec7cd9286a6c4c1b8a1ba3df077f507cfac147e25e3c38a10be0fe68848bfac13345eaf260064e28dcaa9f994c2d8953b27d25f5890fa18948ab505a92917be71c0e16eb99124f79f22e4c0cd7478c9b0c696ff3c379b491fea694bec8f78cef1c15b33b0f6ac6ddaa777c44269f246f74a63c4c2431bfc62db738998804e13471f087cfff2d0980000000900010073797a30"], 0x194}}, 0x0) sendmsg$NL80211_CMD_SET_REG(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000004001b0000000c00228059fe0080040000800600210030"], 0x28}}, 0x0) bind$rds(r0, &(0x7f0000000100)={0x2, 0x4e21, @loopback}, 0x10) r4 = socket$key(0xf, 0x3, 0x2) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'bond0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x1, {0x0, 0x0, 0x0, r7, {0x0, 0xa}, {0xffff, 0xffff}, {0x1}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_EVICT_TIMEOUT={0x8, 0x6, 0x1}]}}]}, 0x38}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000080)=@assoc_value={0x0}, &(0x7f00000000c0)=0x8) r10 = socket(0x2000000000000021, 0x2, 0x10000000000002) sendmmsg(r10, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001f80)=ANY=[], 0x18}}], 0x1, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f00000001c0)={r9, @in={{0x2, 0x4e23, @private=0xa010101}}, 0x2, 0x1, 0x9, 0xffffffed, 0x3}, &(0x7f0000000280)=0x98) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r10, 0x84, 0xf, &(0x7f0000000380)={r11, @in={{0x2, 0x4e22, @multicast1}}, 0x3d1, 0x7ff, 0x1, 0x3, 0x80000000}, &(0x7f00000002c0)=0x98) r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r13 = syz_genetlink_get_family_id$nfc(&(0x7f0000000540), r8) sendmsg$NFC_CMD_START_POLL(r12, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r13, @ANYBLOB="01002abd7000fbdbdf250600000008000100", @ANYRES32=0x0, @ANYBLOB='\b\x00\r\x00l'], 0x24}, 0x1, 0x0, 0x0, 0x20000004}, 0x4000804) socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) 1.66069467s ago: executing program 4 (id=3309): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb01001e000000000000000c0000000c"], 0x0, 0x2a}, 0x20) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$kcm(0x2d, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000040)={r4}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000a00)={r3}) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0b040000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}, 0x1, 0x0, 0x0, 0x2408c004}, 0x4808) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c0004802800018007000100637400001c0002800800014000000002080002400000000b05000300000000000900010073797a30000000000900020073797a320000000014000000110001"], 0x80}}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r6 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(0xffffffffffffffff, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x700, 0x0, 0x14}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x0, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0xfd6c) sendmsg$NFT_BATCH(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a38000000060a01040000000000002000020000000900020073797a32000000000900010073797a30000000000c0003400000000000000002140000001100010000000000000000000700000a"], 0x60}}, 0x4000000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0xa0, 0x30, 0x51b, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_skbmod={0x5c, 0x1, 0x0, 0x0, {{0xb}, {0x30, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x6}]}, {0x4, 0x14}, {0xc}, {0xc, 0x6}}}, @m_ct={0x2c, 0x2, 0x0, 0x0, {{0xffffff69}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0xa0}}, 0x0) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="180100002e00010000000000fcdbdf250801f2800c00180008ac0f0000000000140001"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0) 1.549483457s ago: executing program 0 (id=3310): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000500), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CHANNEL(r3, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f00000003c0)=ANY=[@ANYBLOB="2c4a018b281638011932000000", @ANYRES16=r4, @ANYBLOB="010028bd7000fbdbdf2509000000050008000a00000008000100000000000500070006000000"], 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x800) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000000c0)={'wpan3\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r2, &(0x7f0000000380)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f0000000240)={0x140, r4, 0x2, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_SEC_KEY={0xc, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x1}]}, @NL802154_ATTR_SEC_KEY={0xa4, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x60, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x38, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa1}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa3}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}]}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x4d2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x100}]}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x4}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "83b96c5ac21be0739a148120ea0f889e"}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "ebc20e21effcff446eec297ea8b5dc8abd5b4805ddd3c4b2b8607b4b806d4a63"}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_SEC_KEY={0x28, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "15924c7f2d43ec6b7a0825d4186f228a3ab99be6994f8b74dec4f8a73d35c271"}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_SEC_KEY={0x1c, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x18, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x9}]}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_KEY={0xc, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x4}]}]}, 0x140}, 0x1, 0x0, 0x0, 0x1}, 0x80) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="340000003e0007010300000000000000017c0000040042800c00018006000600843b0000100002800c0008"], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="34010000", @ANYRES16=r1, @ANYBLOB="01000000000000000000010000000400048008000200010000000800010000000000080108805400078008000500000000000800050000000000080005009d2c690d0800050000000000080005000000000008000500000000000800050000ebffff070005"], 0x134}, 0x1, 0x0, 0x0, 0x850}, 0x4048014) 1.188507841s ago: executing program 0 (id=3313): mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x6000002, 0x8032, 0xffffffffffffffff, 0x0) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c0000000200000000000400"/38], 0x0, 0x26}, 0x28) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0)={0x1}, 0x10}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000fcdbdf254f00000008000300", @ANYRES32=r3], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x40000) pipe(&(0x7f0000000000)) 1.113452565s ago: executing program 3 (id=3314): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) socket$key(0xf, 0x3, 0x2) sendmsg$nl_xfrm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="80010000100001000000000000000000fe880000000000000000000000000001fe80000000000000000000000000000000000000000000000a0020005c000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000010000000033000000fc0200000000000000000000000000010000000000000000ffffffffffffffff05000000000000000000000000000000000000000000000000000000000000000000001a0000000000000000000000000000000000000000fdffffffffffffff0000000000000019000000000000000000000000000000000000000000000000000000000a00048000000000000000008d001400736d33"], 0x180}, 0x1, 0x0, 0x0, 0x20004001}, 0x0) 1.077362374s ago: executing program 3 (id=3315): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000580)={@mcast1, @remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6, 0x3, 0xa, 0x500, 0x4f, 0x2, r1}) (async) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="5000000010000104000000000300000000000000", @ANYRES32=0x0, @ANYBLOB="2b030000212002001c00128009000100626f6e64000000000c000280080007000000040014004700626f6e643000"/56], 0x50}, 0x1, 0x0, 0x0, 0x24048800}, 0x0) 1.002934496s ago: executing program 4 (id=3316): r0 = socket$igmp(0x2, 0x3, 0x2) getsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000080), &(0x7f00000000c0)=0x1) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000d90000000000000000"], 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={r1, &(0x7f0000000080), 0x0}, 0x20) r2 = socket$nl_generic(0x10, 0x3, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000001840), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), r2) r6 = socket$can_j1939(0x1d, 0x2, 0x7) r7 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) bind$can_j1939(r7, &(0x7f0000000100)={0x1d, r8, 0x3}, 0x18) bind$can_j1939(r6, &(0x7f0000000080)={0x1d, r8, 0x4, {0x1, 0x0, 0x4}, 0xfe}, 0x18) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r4, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x3c, r3, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x10) r9 = socket$unix(0x1, 0x1, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {0x4, 0x4}, {0xffff, 0xffff}, {0x0, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000380)={'syztnl0\x00', &(0x7f0000000300)={'ip6tnl0\x00', 0x0, 0x4, 0x9, 0x8, 0x7, 0xd017f277195d977d, @loopback, @rand_addr=' \x01\x00', 0x8000, 0x8000, 0x6739d1ba, 0xe3b}}) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f00000003c0)={'team0\x00', 0x0}) sendmsg$ETHTOOL_MSG_WOL_GET(r4, &(0x7f0000000540)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000400)={0xfc, r5, 0x400, 0x70bd2d, 0x25dfdbff, {}, [@HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}]}, @HEADER={0x4}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4000000}, 0x10) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r2, &(0x7f00000019c0)={0x0, 0x0, &(0x7f0000001980)={&(0x7f0000000040)=ANY=[@ANYBLOB="8400075abe4c7649777ff17f55c1eee9ed68631400a563562742a8eb771d6f954ae6a76cfb4192c55e62ffbb389c04e018dfdb9fe40b2b41a912cd18d5c530842fbe8d2a2da6d5d6cb5bbd5a6fa89e86d6a26dbce9e9938eab5d240a8ad83f3b534981e91807f536cd714f1930327f9c745322af3efeffd86858fcc29a1013de896a54caafd9169eb5f9460122e7d8000000000000000000000000000000007f4e66b6d22dba30f804206940245afb92511edeb9e4435759437e2fae502d0ecea03032983e1cb713bc494c4e7440aca46ea97870e34da1cde522aa60c381b8972b06ea05d64177f3dbfaeb888fd58f8b2620815751a29cf639c90d08015b14cab7dade515a7f08afbcf219e7190302fbe3b9fb31c6ad66034361b43f867b06e83235d8460de419566ee6e3a1613f7440f7c98927954701fc75aa3dd7ac8f56c5c21dfc35eee990f24d5128efe9d79babd2787b959b80bb67ebdd009c0316d6db3da42aa55c905c87ced88202a27c75b65088b2c35bb1f2e0d823d2e5e0914a6a89282c4f9979476a9ad5f6e0a82cc83a", @ANYRES16=r3, @ANYBLOB="01000000000000000000420000000e008e006e657464657673696d0000000f0002006e657464657673696d3000000d0087006c325f64726f70730000000005008300000000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000d0087006c325f64726f7073000000000500830000000000"], 0x84}}, 0x0) 924.339228ms ago: executing program 0 (id=3317): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) (async) r1 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) (async, rerun: 64) getsockname$packet(r1, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) (rerun: 64) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) (async) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@bridge_delneigh={0x28, 0x1d, 0x1, 0x70bd2a, 0x25dfdbfb, {0xa, 0x0, 0x0, 0x0, 0x8, 0x8, 0x9}, [@NDA_DST_MAC={0xa, 0x1, @broadcast}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000045}, 0x0) (async) r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f00000000c0)=0x0) (async, rerun: 32) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32) r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6) sendmsg$NFC_CMD_DEV_UP(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r7, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}]}, 0x1c}}, 0x0) (async) write$nci(r4, &(0x7f0000000a40)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x1, 0x2, 0x4, 0x1, {0x1, 0xf, 0x7, 0x3}}, 0x7) r8 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r9 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async, rerun: 32) r10 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r9, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES16=r10, @ANYBLOB="ad"], 0x14}, 0x1, 0x0, 0x0, 0x20000054}, 0x0) (async, rerun: 32) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r8, &(0x7f0000000540)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000003c0)={&(0x7f00000004c0)={0x50, r10, 0x320, 0x70bd28, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0x7}, @ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0xc5}, @ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0x4d}, @ETHTOOL_A_LINKINFO_HEADER={0x4}, @ETHTOOL_A_LINKINFO_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x14}, 0x40000) (async, rerun: 32) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=@newtfilter={0x50, 0x2c, 0xd27, 0x2, 0x0, {0x0, 0x0, 0x0, r2, {0xb, 0x9}, {}, {0x1c, 0xfff1}}, [@filter_kind_options=@f_flower={{0xb}, {0x20, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x1c, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0xfffffff8}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x1}]}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}]}}]}, 0x50}}, 0x0) (async) r11 = socket$netlink(0x10, 0x3, 0xb) sendmmsg(r11, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000100)=[@in={0x2, 0x4e21, @remote}, @in={0x2, 0x4e21, @remote}], 0x20) 922.418154ms ago: executing program 2 (id=3318): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="ec00000010000100000000000000000000fc000a20000000"], 0xec}}, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 32) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (rerun: 32) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0xfffffffd, 0xc5, 0xe23, 0x1, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x80000, {0x0, 0x0, 0x0, r6, {0x0, 0x1}, {0xffe6, 0xb}, {0xffe0, 0x3}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x301, 0x70bd2a, 0x0, {}, [@FRA_GENERIC_POLICY=@FRA_FWMARK={0x8, 0xa, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0) (async) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r2, {0x2, 0x4e20, @rand_addr=0x64010102}, 0x1, 0x3, 0x3, 0x4}}, 0x2e) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r7, 0x84, 0x83, &(0x7f0000000500)={0x0, 0xa7a}, 0x8) 831.366329ms ago: executing program 3 (id=3319): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000080)={0x1b, 0x0, 0x0, 0x7f, 0x0, r0, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x5}, 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xe, 0x10, &(0x7f0000000740)=@framed={{}, [@snprintf={{0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x8, 0xfe00}, {0x7, 0x0, 0x8}, {}, {0x5}, {0x7, 0x0, 0x0, 0x0}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x1a}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 739.18233ms ago: executing program 3 (id=3320): r0 = socket(0x200000100000011, 0x803, 0x0) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000058000000030a0102000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c0800014000000002080001400000003008000240000000030800014000000012080003"], 0x122}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="54000000020601030000000000000000000000000900020073797a30000000000500010006000000050005800000000005000400000000000c00078008000600000000010d000300686173683a6d616300"], 0x54}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="2c000000130001c3000000000000000000000800", @ANYRES32=r4, @ANYBLOB="0000d400000000000a0001"], 0x2c}}, 0x0) sendmsg$nl_xfrm(r2, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000001880)={&(0x7f0000000580)=ANY=[@ANYBLOB="5c000000140001002bbd7000fddbdf2500000200000000000000000000000000fe800000000000000000000000000013132400024e2200000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000ff0000000a0010000000000000000000"], 0x5c}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r0, &(0x7f0000000280)={&(0x7f0000000080), 0xc, &(0x7f00000001c0)={0x0}}, 0x0) 665.996573ms ago: executing program 4 (id=3321): syz_extract_tcp_res(&(0x7f0000008380), 0x4, 0x9) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$kcm(0x2b, 0x5, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r1, 0x400448cb, &(0x7f00000012c0)) setsockopt$sock_attach_bpf(r0, 0x6, 0xd, &(0x7f0000000040), 0x3) sendmsg$inet(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x20000014) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x20004000) r2 = socket$unix(0x1, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r3, &(0x7f0000000200)={0xa, 0x20, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000140)=@gcm_256={{0x304}, "480ca6eda49ed6a6", "3a2cc8b276a753b0e23e2a8436b0e1d53d11b70c57abe2e932240e766d3aebfd", "a0eb068e", "e96e232f2004a832"}, 0x38) recvfrom$inet6(r3, &(0x7f0000000240)=""/169, 0xa9, 0x40010002, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r4, 0x0, r4, 0x0, 0x7ffd, 0x0) bind$unix(r2, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r2, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) connect$unix(r5, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000002640)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000340)="b2", 0x1}], 0x1, &(0x7f0000000180)=ANY=[@ANYBLOB="0400e1ff000600208339bddd056b796a000100000001000000a17c024db4ff37e1e51fe80395b8e888e49ef9657d2c8190820b2b6db269d6db3a5366ee78877e6522d25335e54310b30d3b7840066aecc3b530c79a8e69c515c6050770a1b6c6c75e6692d985e0dd35eedb0c54db083b49", @ANYRES8=r2], 0x18, 0x10}}], 0x1, 0x0) accept(r2, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f00000002c0)={0x0, 0x5}, &(0x7f0000004ac0)=0x8) r7 = socket(0x25, 0x1, 0x0) setsockopt$TIPC_IMPORTANCE(r7, 0x10f, 0x7f, 0x0, 0x0) ioctl$SIOCAX25DELFWD(r7, 0x89eb, &(0x7f00000083c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast}) setsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000006cc0)={r6, 0x400}, 0x8) socket$nl_rdma(0x10, 0x3, 0x14) sendmmsg$alg(r7, &(0x7f0000008300)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000380)="102dfb9a1c4105c3fd59aa1c39f6d903d112bb7b07f28e6fa9995238288a2cefd53608c653aad1921954716f0c6cad52fd45ac1037a3c198bb2ac966eed9706272f56ff5df8185a743df7fb3c5365ca6a3907c24682f53d2fa89039e17222375b7d3272e521d2885f557922f6299177ffd273b742e92748c36f2b93e2d3a63f30635b14d1b0908935fa2b9ae7ab123286c5c207625016dc06d8d9a883ea5bd4f2cceafba1793ba018b6798ce4f9a3115", 0xb0}], 0x1, &(0x7f0000008000)=ANY=[], 0x260, 0x24008000}, {0x0, 0x0, &(0x7f00000082c0)=[{&(0x7f0000008280)="078e0700000000000000fcd51dc6b7b5b0f1", 0x12}], 0x1, 0x0, 0x0, 0x4000}], 0x2, 0x4000) 521.601954ms ago: executing program 4 (id=3322): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x80, 0x0, 0x2, 0x401, 0x0, 0x0, {0x2}, [@CTA_EXPECT_TUPLE={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASK={0x24, 0x3, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASTER={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}]}, 0x80}}, 0x0) socket$l2tp(0x2, 0x2, 0x73) 476.310096ms ago: executing program 3 (id=3323): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x62, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0x28}}, &(0x7f0000000480)='GPL\x00'}, 0x90) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000e40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000380)={0x1c, r1, 0xf21, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x44000) readv(r0, &(0x7f0000000580)=[{&(0x7f0000000240)=""/73, 0x49}], 0x1) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4a, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='blkio.bfq.idle_time\x00', 0x0, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r6 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_int(r6, 0x0, 0x16, 0x0, 0x0) r7 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) writev(r5, &(0x7f0000000400)=[{&(0x7f00000002c0)="2e9b5b0007e03dd65193dfb6c575963f88a86067", 0x14}, {&(0x7f00000006c0)="cb4c", 0x2}], 0x2) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_MPATH(r4, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, r8, 0x10, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r9}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40811}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r3, 0x5, 0x12, 0x0, &(0x7f0000000000)="7d9a53f271a76d2615004c6588a80a38667d", 0x0, 0x7, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f903", 0x11}], 0x1}, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a6c52d922ba2a05dd4242"], 0xfdef) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x7, [@var={0xd, 0x0, 0x0, 0xe, 0x3, 0x2}, @union={0x10, 0x2, 0x0, 0x5, 0x1, 0x2, [{0xa, 0x4, 0x3}, {0x1, 0x2, 0x1}]}]}, {0x0, [0x0, 0x30, 0x30, 0x5f, 0x2e]}}, &(0x7f0000000100)=""/126, 0x53, 0x7e, 0x0, 0x3, 0x10000}, 0x28) r10 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r10, 0x5, 0x1, 0x0, &(0x7f0000000000)='%', 0x0, 0x9, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 377.566931ms ago: executing program 4 (id=3324): socket$nl_crypto(0x10, 0x3, 0x15) (async) r0 = socket$nl_crypto(0x10, 0x3, 0x15) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) writev(r3, &(0x7f0000000240)=[{&(0x7f00000000c0)="6dd3403ec9c826f56189fb0c6a1002117696cfd7084e1678380770558aba4b3f5b88118f709b50bfad31a66f0aff8883d12d40625164b7d326fcc6f193d128cd6c3ecc"}, {&(0x7f0000000140)="5a29ab02dc835f848614f44e33664ff94a326ed7ac6bd1ae2838ade4379fefd9aef255af0d0a504d1ac58232f6470aabfc71057ea359d3e1ea3ca2da4ada7d583087cf176ae639ed82863cd18d3963908660b131208a0f099e2154f7e0ec4ea06cacf6591008c3bf56a0b1d5dce69d822e4250260bd9d96232ba0b22073b7f178e29bea4f9dbee7feb36c1c746f336c4b76de70bea5963764a7cd10dec4823bd00d9602bcf822fa7fc56a9bfd22b9a44f79f15f1b0db5e593dae3a08b1de382346367109fe9a2a79885d5cf9319d7a736cc9a1c8c3182169"}], 0x127d) (async) writev(r3, &(0x7f0000000240)=[{&(0x7f00000000c0)="6dd3403ec9c826f56189fb0c6a1002117696cfd7084e1678380770558aba4b3f5b88118f709b50bfad31a66f0aff8883d12d40625164b7d326fcc6f193d128cd6c3ecc"}, {&(0x7f0000000140)="5a29ab02dc835f848614f44e33664ff94a326ed7ac6bd1ae2838ade4379fefd9aef255af0d0a504d1ac58232f6470aabfc71057ea359d3e1ea3ca2da4ada7d583087cf176ae639ed82863cd18d3963908660b131208a0f099e2154f7e0ec4ea06cacf6591008c3bf56a0b1d5dce69d822e4250260bd9d96232ba0b22073b7f178e29bea4f9dbee7feb36c1c746f336c4b76de70bea5963764a7cd10dec4823bd00d9602bcf822fa7fc56a9bfd22b9a44f79f15f1b0db5e593dae3a08b1de382346367109fe9a2a79885d5cf9319d7a736cc9a1c8c3182169"}], 0x127d) socket(0x1000000010, 0x80002, 0x0) (async) r4 = socket(0x1000000010, 0x80002, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) (async) r5 = socket$vsock_stream(0x28, 0x1, 0x0) getsockname(r5, &(0x7f00000014c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000001540)=0x80) sendmsg$nl_route_sched(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@deltfilter={0x34, 0x2d, 0x1, 0x800000, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xd}, {0x10}, {0x0, 0xffff}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000840}, 0x80) setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000040)={r6, 0x1, 0x6, @random="455dd276a65d"}, 0x10) write$cgroup_pid(r2, &(0x7f00000000c0)=0xffffffffffffffff, 0x12) sendmsg$netlink(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="e00000001000090500000000000000006f6d8864d22a3f2ffaa46c88bca90000002b0f13e735a3184f123d6da2f1acfac0ee2dd2b184b27db1f302de337c0004060000000000bf852c8986626691b01b2d44e4ce2871"], 0xe0}], 0x1}, 0x40040) 376.042026ms ago: executing program 0 (id=3325): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000100)="d8", 0x1, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0x101}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000180)=ANY=[], 0x9) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000300), 0x8) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x5, 0xb, 0x0, 0x0, @str='\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) 288.951314ms ago: executing program 2 (id=3326): r0 = socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) (async) setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14) (async, rerun: 32) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 32) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="48000000020603000000000000000000000000000500040000000000100003006269746d61703a706f7274000900020073797a310000000005000500009d1860a9f163d6b65ef9cb5b4a29470ab48d8e55d9c7dd0804de5a10ebc29957a5a614641ec9d46e3f91b86d23a76b8479649743c07cec2e7db52f972db9cc5bd5594492de11f3c21acf1fc9a8b71ec8"], 0x48}}, 0x80) (async) getsockopt$IP6T_SO_GET_REVISION_TARGET(r1, 0x29, 0x45, &(0x7f0000000180)={'ah\x00'}, &(0x7f00000001c0)=0x1e) (async) close(r0) (async) setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000280)={@remote}, 0x14) (async) r3 = socket(0x10, 0x803, 0x0) socket$alg(0x26, 0x5, 0x0) (async) close(0x3) (async) getsockname$packet(r3, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)=@newtaction={0x2cc, 0x30, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [{0x2b8, 0x1, [@m_skbmod={0x6c, 0x19, 0x0, 0x0, {{0xb}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa, 0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0xfffeffff, 0x2, 0x7, 0xffff, 0x2}, 0x5}}]}, {0xd, 0x6, "5801803ca08070641d"}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}, @m_nat={0x144, 0x5, 0x0, 0x0, {{0x8}, {0x54, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x7fffffff, 0xfffffffffffffffd, 0x8, 0x5}, @remote, @dev={0xac, 0x14, 0x14, 0xc}, 0xff, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x10, 0x204, 0x6, 0x7, 0x8}, @remote, @rand_addr=0x64010101, 0xff000000, 0x1}}]}, {0xc9, 0x6, "ceae096eca073c65fd4875c53c486f0d4306c03e313eba9135915c24bc82a1b19c2b2658261a1b2042a3d25456f64354f78589787e54a54e738ee768e80bb9abda6fc86822b027f00a7ecbd11b90e82811a91635dd16403a58f2d55591c6e9b745fac70caa48d2ad5e9c090b9d1c0680bcdc5971394b0480ea7de207a49ca689a7a9f573279a2f24ce123eb79624abb46f549006e6cdd2b6fe7e1377ac64abe2cbac6b7c77c717a64fee1c5476fc7dd56d567202c59fc94627bf3b841a39fc75a88b220aa4"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_vlan={0x78, 0x17, 0x0, 0x0, {{0x9}, {0xc, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x8100}]}, {0x42, 0x6, "5c43fd1b10b16a08f98ab94b13e9cd025c97cf9d1bd318e6c1d17189125aed57b6f1ebc2dca9142d1415011065e01f088e4d5334fc7a5e52fe972564ef58"}, {0xc}, {0xc, 0x8, {0x3, 0x1}}}}, @m_skbmod={0x8c, 0x1b, 0x0, 0x0, {{0xb}, {0x38, 0x2, 0x0, 0x1, [@TCA_SKBMOD_ETYPE={0x6, 0x5, 0x800}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x400}, @TCA_SKBMOD_SMAC={0xa, 0x4, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, @TCA_SKBMOD_SMAC={0xa, 0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x26}}, @TCA_SKBMOD_SMAC={0xa, 0x4, @random="031a773e151e"}]}, {0x2c, 0x6, "a6bb2f2333a34e00798116cfc05fa83f81aa4249b75ef5b95e1ddcf88474f11a8440bbb861567167"}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x2cc}, 0x1, 0x0, 0x0, 0x40881}, 0x20000000) (async) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000001540)=ANY=[@ANYBLOB="6400000010003904fcffd4b05e53acecc6dd0000", @ANYRES32=r4, @ANYBLOB="00000000422200001800128008000100677265000c000280080006007f00000108000d007f0000000800230002000000140014007665746830000000000000000000000008000400"], 0x64}, 0x1, 0x0, 0x0, 0x4000}, 0x844) 151.739282ms ago: executing program 0 (id=3327): r0 = socket$nl_route(0x10, 0x3, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00'}) r1 = accept(r0, 0x0, &(0x7f0000000000)) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan0\x00', 0x0}) sendmsg$can_j1939(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x1d, r2, 0x0, {0x2, 0xf, 0x4}, 0x2}, 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="dc28618cfb9800d5cc09f08396fe6d2ec25587b7a577e0646454f5c34bbfb52a137c503a8f646389453c1b1b45621fac895bc6962379ba754525f0cf4ff9f0a3e125f10e6a23148b74ae34d25eac66120ee82a550e8477b3b23654c0da7b9e7696ec6a4ae5bd22b60179b98271f26e21d99dcd811835308e7f4ad53d3c17b7701bbcc1d73c7b70f2318f", 0x8a}, 0x1, 0x0, 0x0, 0x4040000}, 0x20004010) ioctl(r0, 0x8b25, &(0x7f0000000040)) 13.438168ms ago: executing program 3 (id=3328): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0xb, 0x0, 0x0, {}, [{0x8, 0x1, 0x2}]}, 0x20}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x7, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000000000bc301000080000009500000000000000b679b6c43bf9b8c47d1a69a0cb274577fb60c91fb5a094574ebc272cfecc9144b60ced0ff3e085292e5a57729e02e5790771b3c950918155aaf5dc9214aa82ebbb0737f897f7e0234a4992b97da7eae521e9d88b9a293251b8a2507972f30f535ac1778f013f1c7e385eb01f2d39d8a76fcbc6fa93c55c246431e68e10bd9694abfd8693e35d4f1a91ac6668d6b2e9e2dda0f6def619c7dd7b4626dc929bc98a991b"], &(0x7f00000005c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) 12.568973ms ago: executing program 2 (id=3329): r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet6_udplite(0xa, 0x2, 0x88) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) (async) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@rose={'rose', 0x0}, 0x10) (async) ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000)) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000080)=@framed={{}, [@ldst={0x2, 0x2, 0x3, 0x1, 0x0, 0x9a}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) r3 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="f0000000120003"], 0xf0}, 0x1, 0x0, 0x0, 0x8000}, 0x44040) (async) sendmsg$nl_crypto(r3, &(0x7f0000000480)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)=@getstat={0xe0, 0x15, 0x200, 0x70bd28, 0x25dfdbfc, {{'xchacha20\x00'}, '\x00', '\x00', 0x2400, 0x2000}, ["", ""]}, 0xe0}, 0x1, 0x0, 0x0, 0x81}, 0x8001) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) (async) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r8) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f00000004c0)={'syzkaller0\x00', @link_local}) (async) write$tun(r7, &(0x7f0000000280)=ANY=[], 0xc2) write$cgroup_devices(r7, &(0x7f0000000280)=ANY=[], 0xffdd) sendmsg$TIPC_NL_NET_SET(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00ffff", @ANYRES16=r5, @ANYBLOB="010025bd7000fbdbdf250f000000180007800c00030003000200000000000800020048000000"], 0x2c}, 0x1, 0x0, 0x0, 0x2805}, 0x80) (async, rerun: 64) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f1, &(0x7f0000000000)={'sit0\x00', &(0x7f0000000100)={'syztnl1\x00', 0x0, 0x8, 0x0, 0x0, 0x100, {{0x5, 0x4, 0x0, 0x0, 0xfffffffffffffdc4, 0x0, 0x0, 0x8, 0x5e55b37311de6d89, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}) (rerun: 64) 0s ago: executing program 4 (id=3330): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) (async) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) (async) socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_buf(r0, 0x6, 0x2b, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xb, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x52}, [@func={0x85, 0x0, 0x1, 0x0, 0xffffffff}, @call, @exit={0x95, 0x0, 0x1008}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x6}, 0x94) ioctl$BTRFS_IOC_LOGICAL_INO_V2(r1, 0xc038943b, &(0x7f00000000c0)={0x6, 0x8, '\x00', 0x1, &(0x7f0000000040)=[0x0]}) kernel console output (not intermixed with test programs): v0: Interface deactivated: batadv_slave_1 [ 228.051149][T11022] batadv_slave_1: entered allmulticast mode [ 228.558508][T11049] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1688'. [ 228.760241][T11057] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1692'. [ 228.795588][T11058] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1691'. [ 229.053482][T11072] netlink: 'syz.2.1696': attribute type 11 has an invalid length. [ 229.097885][T11077] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1698'. [ 229.163616][T11077] 8021q: adding VLAN 0 to HW filter on device bond3 [ 229.185471][T11076] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1699'. [ 229.303357][T11076] netlink: 830 bytes leftover after parsing attributes in process `syz.0.1699'. [ 229.420741][T11084] IPVS: length: 49 != 8 [ 229.444856][T11087] netlink: 'syz.4.1701': attribute type 1 has an invalid length. [ 229.955926][ T5848] Bluetooth: hci4: command 0x0406 tx timeout [ 230.209685][T11085] syz.3.1700 (11085) used greatest stack depth: 19128 bytes left [ 233.514058][T11147] openvswitch: netlink: Geneve opt len 63 is not a multiple of 4. [ 233.665027][T11153] __nla_validate_parse: 2 callbacks suppressed [ 233.665048][T11153] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1719'. [ 234.013830][T11171] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.1723'. [ 234.541804][T11196] IPv6: Can't replace route, no match found [ 234.557547][T11192] syzkaller1: entered promiscuous mode [ 234.564618][T11194] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1734'. [ 234.586370][T11192] syzkaller1: entered allmulticast mode [ 235.194447][T11223] tipc: Enabled bearer , priority 0 [ 235.247646][T11231] syzkaller0: entered promiscuous mode [ 235.282810][T11231] syzkaller0: entered allmulticast mode [ 235.457659][T11223] tipc: Resetting bearer [ 235.499847][T11216] tipc: Resetting bearer [ 235.581293][T11216] tipc: Disabling bearer [ 235.901066][T11261] FAULT_INJECTION: forcing a failure. [ 235.901066][T11261] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 235.919357][T11261] CPU: 0 UID: 0 PID: 11261 Comm: syz.0.1756 Not tainted 6.16.0-syzkaller-06610-g4eabe4cc0958 #0 PREEMPT(full) [ 235.919406][T11261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 235.919420][T11261] Call Trace: [ 235.919429][T11261] [ 235.919437][T11261] dump_stack_lvl+0x189/0x250 [ 235.919467][T11261] ? __pfx____ratelimit+0x10/0x10 [ 235.919497][T11261] ? __pfx_dump_stack_lvl+0x10/0x10 [ 235.919520][T11261] ? __pfx__printk+0x10/0x10 [ 235.919561][T11261] should_fail_ex+0x414/0x560 [ 235.919601][T11261] _copy_to_user+0x31/0xb0 [ 235.919635][T11261] simple_read_from_buffer+0xe1/0x170 [ 235.919674][T11261] proc_fail_nth_read+0x1b3/0x220 [ 235.919704][T11261] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 235.919733][T11261] ? rw_verify_area+0x258/0x650 [ 235.919762][T11261] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 235.919790][T11261] vfs_read+0x1fd/0x980 [ 235.919820][T11261] ? fdget_pos+0x247/0x320 [ 235.919845][T11261] ? __pfx___mutex_lock+0x10/0x10 [ 235.919880][T11261] ? __pfx_vfs_read+0x10/0x10 [ 235.919913][T11261] ? __fget_files+0x2a/0x420 [ 235.919939][T11261] ? __fget_files+0x3a0/0x420 [ 235.919958][T11261] ? __fget_files+0x2a/0x420 [ 235.919990][T11261] ksys_read+0x145/0x250 [ 235.920091][T11261] ? __pfx_ksys_read+0x10/0x10 [ 235.920118][T11261] ? rcu_is_watching+0x15/0xb0 [ 235.920158][T11261] ? do_syscall_64+0xbe/0x3b0 [ 235.920193][T11261] do_syscall_64+0xfa/0x3b0 [ 235.920222][T11261] ? lockdep_hardirqs_on+0x9c/0x150 [ 235.920251][T11261] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.920272][T11261] ? clear_bhb_loop+0x60/0xb0 [ 235.920298][T11261] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.920318][T11261] RIP: 0033:0x7f3abe98d57c [ 235.920338][T11261] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 235.920356][T11261] RSP: 002b:00007f3abf831030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 235.920380][T11261] RAX: ffffffffffffffda RBX: 00007f3abebb5fa0 RCX: 00007f3abe98d57c [ 235.920396][T11261] RDX: 000000000000000f RSI: 00007f3abf8310a0 RDI: 0000000000000004 [ 235.920408][T11261] RBP: 00007f3abf831090 R08: 0000000000000000 R09: 0000000000000000 [ 235.920421][T11261] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000001 [ 235.920434][T11261] R13: 0000000000000000 R14: 00007f3abebb5fa0 R15: 00007fffaa1128b8 [ 235.920469][T11261] [ 236.406447][T11274] IPv6: sit3: Disabled Multicast RS [ 236.413102][T11274] sit3: entered allmulticast mode [ 236.442525][T11276] lo: entered promiscuous mode [ 236.473069][T11276] netlink: 'syz.3.1759': attribute type 2 has an invalid length. [ 236.482995][T11276] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 236.550412][T11281] tipc: Enabled bearer , priority 0 [ 236.644081][T11280] tipc: Disabling bearer [ 236.659889][T11292] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1766'. [ 236.800086][T11297] syzkaller1: entered promiscuous mode [ 236.806970][T11297] syzkaller1: entered allmulticast mode [ 236.924319][T11304] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1771'. [ 237.128791][T11312] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.1775'. [ 237.595487][T11333] netlink: 88 bytes leftover after parsing attributes in process `syz.1.1781'. [ 237.645367][T11334] openvswitch: netlink: Actions may not be safe on all matching packets [ 237.728247][T11342] netlink: zone id is out of range [ 237.735450][T11342] netlink: zone id is out of range [ 237.755877][T11342] netlink: zone id is out of range [ 237.771529][T11338] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1783'. [ 237.826835][T11342] netlink: zone id is out of range [ 237.832379][T11342] netlink: zone id is out of range [ 237.859231][T11338] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1783'. [ 237.905829][T11342] netlink: zone id is out of range [ 237.913900][T11350] netlink: 13 bytes leftover after parsing attributes in process `syz.0.1783'. [ 237.931528][T11342] netlink: zone id is out of range [ 238.235082][T11360] netlink: 'syz.2.1790': attribute type 32 has an invalid length. [ 238.275968][ T5848] Bluetooth: hci2: command 0x0406 tx timeout [ 238.744324][T11399] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 238.752431][T11399] IPv6: NLM_F_CREATE should be set when creating new route [ 238.759980][T11399] IPv6: NLM_F_CREATE should be set when creating new route [ 238.775136][T11399] net_ratelimit: 23 callbacks suppressed [ 238.775157][T11399] openvswitch: netlink: IP tunnel dst address not specified [ 238.780662][T11395] __nla_validate_parse: 1 callbacks suppressed [ 238.780688][T11395] netlink: 1688 bytes leftover after parsing attributes in process `syz.0.1802'. [ 238.820650][T11400] 8021q: adding VLAN 0 to HW filter on device bond4 [ 238.867634][T11402] bond_slave_0: entered promiscuous mode [ 238.873863][T11402] bond_slave_1: entered promiscuous mode [ 238.882907][T11402] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 238.898284][T11402] bond4: (slave macvlan2): Enslaving as a backup interface with an up link [ 239.411887][T11421] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1808'. [ 239.582014][T11432] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1813'. [ 239.616894][T11432] netlink: 'syz.4.1813': attribute type 10 has an invalid length. [ 239.665331][T11432] bridge0: port 3(team0) entered disabled state [ 239.699681][T11432] team0: left allmulticast mode [ 239.705069][T11432] team_slave_0: left allmulticast mode [ 239.711967][T11432] team_slave_1: left allmulticast mode [ 239.718826][T11432] team0: left promiscuous mode [ 239.724027][T11432] team_slave_0: left promiscuous mode [ 239.732116][T11432] team_slave_1: left promiscuous mode [ 239.740398][T11432] bridge0: port 3(team0) entered disabled state [ 239.751446][T11432] batman_adv: batadv0: Adding interface: team0 [ 239.759132][T11432] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 239.999463][T11454] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1816'. [ 240.099890][T11460] netlink: 'syz.3.1821': attribute type 12 has an invalid length. [ 240.146619][T11460] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1821'. [ 240.326172][T11471] netlink: 'syz.4.1823': attribute type 39 has an invalid length. [ 240.580880][T11484] bond0: entered allmulticast mode [ 240.586889][T11484] bond_slave_0: entered allmulticast mode [ 240.594208][T11484] bond_slave_1: entered allmulticast mode [ 240.709131][T11489] netlink: 232 bytes leftover after parsing attributes in process `syz.2.1825'. [ 240.743573][T11488] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1827'. [ 240.802252][T11490] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1827'. [ 240.825107][T11489] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 240.928538][T11488] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1827'. [ 241.086221][T11488] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1827'. [ 241.655463][T11531] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 242.688033][T11585] netlink: 'syz.1.1851': attribute type 62 has an invalid length. [ 242.870676][T11602] openvswitch: netlink: nsh attribute has 65532 unknown bytes. [ 242.881321][T11602] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 243.619697][T11628] netlink: 'syz.0.1862': attribute type 11 has an invalid length. [ 243.634551][T11628] netlink: 'syz.0.1862': attribute type 4 has an invalid length. [ 243.830446][T11636] __nla_validate_parse: 69 callbacks suppressed [ 243.830471][T11636] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1865'. [ 243.892587][T11643] tipc: Enabled bearer , priority 0 [ 244.194156][T11643] tipc: Disabling bearer [ 244.536369][T11666] netlink: 'syz.2.1868': attribute type 2 has an invalid length. [ 244.546407][T11666] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1868'. [ 244.879292][T11677] netlink: 'syz.1.1874': attribute type 16 has an invalid length. [ 244.908806][T11678] netlink: 'syz.1.1874': attribute type 16 has an invalid length. [ 244.979322][T11677] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1874'. [ 244.993242][T11678] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1874'. [ 245.035913][T11685] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1876'. [ 245.551532][T11697] netlink: 'syz.3.1878': attribute type 5 has an invalid length. [ 245.564416][T11697] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1878'. [ 245.605820][T11697] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1878'. [ 246.760003][T11725] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1887'. [ 247.801805][T11505] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 249.826906][T11633] Set syz1 is full, maxelem 65536 reached [ 249.989001][T11732] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1889'. [ 250.132746][T11717] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 250.182571][T11717] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 250.301592][T11736] netlink: 'syz.1.1892': attribute type 11 has an invalid length. [ 250.334250][T11736] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1892'. [ 250.349838][T11742] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1891'. [ 250.359846][T11743] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1893'. [ 250.379362][T11736] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.389151][T11736] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.399421][T11743] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1893'. [ 250.421125][T11742] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1891'. [ 250.440341][T11743] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1893'. [ 250.468509][T11743] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1893'. [ 250.668230][T11755] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1897'. [ 250.696708][T11755] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1897'. [ 250.760257][T11761] FAULT_INJECTION: forcing a failure. [ 250.760257][T11761] name failslab, interval 1, probability 0, space 0, times 0 [ 250.787215][T11761] CPU: 1 UID: 0 PID: 11761 Comm: syz.4.1899 Not tainted 6.16.0-syzkaller-06610-g4eabe4cc0958 #0 PREEMPT(full) [ 250.787249][T11761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 250.787292][T11761] Call Trace: [ 250.787302][T11761] [ 250.787311][T11761] dump_stack_lvl+0x189/0x250 [ 250.787355][T11761] ? __pfx____ratelimit+0x10/0x10 [ 250.787386][T11761] ? __pfx_dump_stack_lvl+0x10/0x10 [ 250.787409][T11761] ? __pfx__printk+0x10/0x10 [ 250.787448][T11761] ? __pfx___might_resched+0x10/0x10 [ 250.787485][T11761] should_fail_ex+0x414/0x560 [ 250.787525][T11761] should_failslab+0xa8/0x100 [ 250.787561][T11761] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 250.787593][T11761] ? __alloc_skb+0x112/0x2d0 [ 250.787631][T11761] __alloc_skb+0x112/0x2d0 [ 250.787674][T11761] netlink_sendmsg+0x5c6/0xb30 [ 250.787717][T11761] ? __pfx_netlink_sendmsg+0x10/0x10 [ 250.787761][T11761] ? aa_sock_msg_perm+0x94/0x160 [ 250.787790][T11761] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 250.787813][T11761] ? __pfx_netlink_sendmsg+0x10/0x10 [ 250.787845][T11761] __sock_sendmsg+0x21c/0x270 [ 250.787873][T11761] ____sys_sendmsg+0x505/0x830 [ 250.787901][T11761] ? __pfx_____sys_sendmsg+0x10/0x10 [ 250.787934][T11761] ? import_iovec+0x74/0xa0 [ 250.787966][T11761] ___sys_sendmsg+0x21f/0x2a0 [ 250.787990][T11761] ? __pfx____sys_sendmsg+0x10/0x10 [ 250.788050][T11761] ? __fget_files+0x2a/0x420 [ 250.788071][T11761] ? __fget_files+0x3a0/0x420 [ 250.788103][T11761] __x64_sys_sendmsg+0x19b/0x260 [ 250.788127][T11761] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 250.788160][T11761] ? __pfx_ksys_write+0x10/0x10 [ 250.788188][T11761] ? rcu_is_watching+0x15/0xb0 [ 250.788231][T11761] ? do_syscall_64+0xbe/0x3b0 [ 250.788267][T11761] do_syscall_64+0xfa/0x3b0 [ 250.788297][T11761] ? lockdep_hardirqs_on+0x9c/0x150 [ 250.788327][T11761] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.788348][T11761] ? clear_bhb_loop+0x60/0xb0 [ 250.788375][T11761] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.788395][T11761] RIP: 0033:0x7f888cb8eb69 [ 250.788416][T11761] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 250.788434][T11761] RSP: 002b:00007f888d9a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 250.788458][T11761] RAX: ffffffffffffffda RBX: 00007f888cdb6080 RCX: 00007f888cb8eb69 [ 250.788474][T11761] RDX: 0000000020004804 RSI: 00002000000001c0 RDI: 0000000000000003 [ 250.788489][T11761] RBP: 00007f888d9a1090 R08: 0000000000000000 R09: 0000000000000000 [ 250.788502][T11761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 250.788514][T11761] R13: 0000000000000000 R14: 00007f888cdb6080 R15: 00007ffc53097448 [ 250.788547][T11761] [ 251.193100][T11764] veth0: entered promiscuous mode [ 251.246222][T11763] veth0: left promiscuous mode [ 251.359322][T11780] netlink: 'syz.2.1907': attribute type 21 has an invalid length. [ 252.248344][T11814] openvswitch: netlink: IP tunnel dst address not specified [ 252.568669][T11824] syzkaller0: entered promiscuous mode [ 252.605885][T11824] syzkaller0: entered allmulticast mode [ 252.606714][T11836] netlink: 'syz.4.1924': attribute type 1 has an invalid length. [ 252.689148][T11839] FAULT_INJECTION: forcing a failure. [ 252.689148][T11839] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 252.724759][T11839] CPU: 0 UID: 0 PID: 11839 Comm: syz.0.1925 Not tainted 6.16.0-syzkaller-06610-g4eabe4cc0958 #0 PREEMPT(full) [ 252.724797][T11839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 252.724812][T11839] Call Trace: [ 252.724822][T11839] [ 252.724833][T11839] dump_stack_lvl+0x189/0x250 [ 252.724867][T11839] ? __pfx____ratelimit+0x10/0x10 [ 252.724904][T11839] ? __pfx_dump_stack_lvl+0x10/0x10 [ 252.724930][T11839] ? __pfx__printk+0x10/0x10 [ 252.724963][T11839] ? __might_fault+0xb0/0x130 [ 252.725015][T11839] should_fail_ex+0x414/0x560 [ 252.725076][T11839] _copy_from_iter+0x1db/0x16f0 [ 252.725114][T11839] ? rcu_is_watching+0x15/0xb0 [ 252.725155][T11839] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 252.725202][T11839] ? __pfx__copy_from_iter+0x10/0x10 [ 252.725235][T11839] ? __build_skb_around+0x257/0x3e0 [ 252.725280][T11839] ? netlink_sendmsg+0x642/0xb30 [ 252.725329][T11839] ? skb_put+0x11b/0x210 [ 252.725359][T11839] netlink_sendmsg+0x6b2/0xb30 [ 252.725410][T11839] ? __pfx_netlink_sendmsg+0x10/0x10 [ 252.725454][T11839] ? aa_sock_msg_perm+0x94/0x160 [ 252.725491][T11839] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 252.725519][T11839] ? __pfx_netlink_sendmsg+0x10/0x10 [ 252.725559][T11839] __sock_sendmsg+0x21c/0x270 [ 252.725597][T11839] ____sys_sendmsg+0x505/0x830 [ 252.725634][T11839] ? __pfx_____sys_sendmsg+0x10/0x10 [ 252.725671][T11839] ? import_iovec+0x74/0xa0 [ 252.725710][T11839] ___sys_sendmsg+0x21f/0x2a0 [ 252.725759][T11839] ? __pfx____sys_sendmsg+0x10/0x10 [ 252.725830][T11839] ? __fget_files+0x2a/0x420 [ 252.725851][T11839] ? __fget_files+0x3a0/0x420 [ 252.725888][T11839] __x64_sys_sendmsg+0x19b/0x260 [ 252.725917][T11839] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 252.725960][T11839] ? __pfx_ksys_write+0x10/0x10 [ 252.725991][T11839] ? rcu_is_watching+0x15/0xb0 [ 252.726034][T11839] ? do_syscall_64+0xbe/0x3b0 [ 252.726074][T11839] do_syscall_64+0xfa/0x3b0 [ 252.726105][T11839] ? lockdep_hardirqs_on+0x9c/0x150 [ 252.726137][T11839] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.726159][T11839] ? clear_bhb_loop+0x60/0xb0 [ 252.726186][T11839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.726208][T11839] RIP: 0033:0x7f3abe98eb69 [ 252.726229][T11839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 252.726248][T11839] RSP: 002b:00007f3abf810038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 252.726273][T11839] RAX: ffffffffffffffda RBX: 00007f3abebb6080 RCX: 00007f3abe98eb69 [ 252.726289][T11839] RDX: 0000000020004804 RSI: 00002000000001c0 RDI: 0000000000000003 [ 252.726314][T11839] RBP: 00007f3abf810090 R08: 0000000000000000 R09: 0000000000000000 [ 252.726326][T11839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 252.726337][T11839] R13: 0000000000000000 R14: 00007f3abebb6080 R15: 00007fffaa1128b8 [ 252.726367][T11839] [ 253.094349][T11845] netlink: 'syz.2.1926': attribute type 3 has an invalid length. [ 253.136283][T11845] netlink: 'syz.2.1926': attribute type 3 has an invalid length. [ 253.207188][T11845] netlink: 'syz.2.1926': attribute type 1 has an invalid length. [ 253.313021][T11855] netlink: 'syz.3.1930': attribute type 27 has an invalid length. [ 253.675236][T11878] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 254.812746][T11936] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 254.864453][T11922] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 254.884779][T11926] syzkaller0: entered promiscuous mode [ 254.910540][T11926] syzkaller0: entered allmulticast mode [ 255.398316][T11962] __nla_validate_parse: 8 callbacks suppressed [ 255.398336][T11962] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1954'. [ 255.440521][T11957] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1953'. [ 255.565921][T11962] openvswitch: netlink: nsh attr 8196 is out of range max 3 [ 255.638292][T11962] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 255.976871][T11966] nbd0: detected capacity change from 0 to 9007199254740992 [ 256.006457][ T5848] block nbd0: Receive control failed (result -104) [ 256.333236][T11993] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1964'. [ 256.357172][T11992] IPv6: sit3: Disabled Multicast RS [ 256.367308][T11993] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1964'. [ 256.380434][T11992] sit3: entered allmulticast mode [ 256.958550][T12021] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1975'. [ 256.991869][T12021] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1975'. [ 257.006007][T12030] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1975'. [ 257.242784][T12036] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1978'. [ 257.283563][T12036] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address. [ 257.316384][T12036] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (1) [ 257.909055][T12080] netlink: 'syz.2.1989': attribute type 39 has an invalid length. [ 257.926541][T12081] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1990'. [ 258.007431][T12081] FAULT_INJECTION: forcing a failure. [ 258.007431][T12081] name failslab, interval 1, probability 0, space 0, times 0 [ 258.035857][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 258.051153][T12081] CPU: 0 UID: 0 PID: 12081 Comm: syz.0.1990 Not tainted 6.16.0-syzkaller-06610-g4eabe4cc0958 #0 PREEMPT(full) [ 258.051187][T12081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 258.051201][T12081] Call Trace: [ 258.051211][T12081] [ 258.051221][T12081] dump_stack_lvl+0x189/0x250 [ 258.051250][T12081] ? __pfx____ratelimit+0x10/0x10 [ 258.051281][T12081] ? __pfx_dump_stack_lvl+0x10/0x10 [ 258.051304][T12081] ? __pfx__printk+0x10/0x10 [ 258.051337][T12081] ? __pfx___might_resched+0x10/0x10 [ 258.051370][T12081] ? fs_reclaim_acquire+0x7d/0x100 [ 258.051414][T12081] should_fail_ex+0x414/0x560 [ 258.051455][T12081] should_failslab+0xa8/0x100 [ 258.051478][T12081] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 258.051521][T12081] ? __alloc_skb+0x112/0x2d0 [ 258.051559][T12081] __alloc_skb+0x112/0x2d0 [ 258.051594][T12081] netlink_ack+0x146/0xa50 [ 258.051624][T12081] ? __pfx_genl_rcv_msg+0x10/0x10 [ 258.051647][T12081] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 258.051671][T12081] ? __pfx_nl80211_post_doit+0x10/0x10 [ 258.051697][T12081] ? __asan_memcpy+0x40/0x70 [ 258.051724][T12081] ? __pfx_ref_tracker_free+0x10/0x10 [ 258.051755][T12081] netlink_rcv_skb+0x28c/0x470 [ 258.051785][T12081] ? __lock_acquire+0xab9/0xd20 [ 258.051826][T12081] ? __pfx_genl_rcv_msg+0x10/0x10 [ 258.051852][T12081] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 258.051907][T12081] ? down_read+0x1ad/0x2e0 [ 258.051931][T12081] genl_rcv+0x28/0x40 [ 258.051953][T12081] netlink_unicast+0x82c/0x9e0 [ 258.051992][T12081] ? __pfx_netlink_unicast+0x10/0x10 [ 258.052023][T12081] ? netlink_sendmsg+0x642/0xb30 [ 258.052053][T12081] ? skb_put+0x11b/0x210 [ 258.052078][T12081] netlink_sendmsg+0x805/0xb30 [ 258.052123][T12081] ? __pfx_netlink_sendmsg+0x10/0x10 [ 258.052165][T12081] ? aa_sock_msg_perm+0x94/0x160 [ 258.052194][T12081] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 258.052219][T12081] ? __pfx_netlink_sendmsg+0x10/0x10 [ 258.052253][T12081] __sock_sendmsg+0x21c/0x270 [ 258.052286][T12081] ____sys_sendmsg+0x505/0x830 [ 258.052316][T12081] ? __pfx_____sys_sendmsg+0x10/0x10 [ 258.052350][T12081] ? import_iovec+0x74/0xa0 [ 258.052385][T12081] ___sys_sendmsg+0x21f/0x2a0 [ 258.052411][T12081] ? __pfx____sys_sendmsg+0x10/0x10 [ 258.052475][T12081] ? __fget_files+0x2a/0x420 [ 258.052497][T12081] ? __fget_files+0x3a0/0x420 [ 258.052530][T12081] __x64_sys_sendmsg+0x19b/0x260 [ 258.052556][T12081] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 258.052590][T12081] ? __pfx_ksys_write+0x10/0x10 [ 258.052618][T12081] ? rcu_is_watching+0x15/0xb0 [ 258.052656][T12081] ? do_syscall_64+0xbe/0x3b0 [ 258.052692][T12081] do_syscall_64+0xfa/0x3b0 [ 258.052720][T12081] ? lockdep_hardirqs_on+0x9c/0x150 [ 258.052749][T12081] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.052769][T12081] ? clear_bhb_loop+0x60/0xb0 [ 258.052794][T12081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.052836][T12081] RIP: 0033:0x7f3abe98eb69 [ 258.052855][T12081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 258.052873][T12081] RSP: 002b:00007f3abf831038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 258.052897][T12081] RAX: ffffffffffffffda RBX: 00007f3abebb5fa0 RCX: 00007f3abe98eb69 [ 258.052913][T12081] RDX: 0000000020004804 RSI: 00002000000001c0 RDI: 0000000000000003 [ 258.052927][T12081] RBP: 00007f3abf831090 R08: 0000000000000000 R09: 0000000000000000 [ 258.052940][T12081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 258.052952][T12081] R13: 0000000000000000 R14: 00007f3abebb5fa0 R15: 00007fffaa1128b8 [ 258.052991][T12081] [ 258.557849][T12092] netlink: 'syz.0.1995': attribute type 1 has an invalid length. [ 258.603499][T12092] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1995'. [ 258.800099][T12108] netlink: 'syz.3.2000': attribute type 2 has an invalid length. [ 259.418688][T12136] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 260.525364][T12193] netlink: 'syz.1.2026': attribute type 10 has an invalid length. [ 260.562478][T12193] bridge_slave_1: left allmulticast mode [ 260.595169][T12193] bridge_slave_1: left promiscuous mode [ 260.620563][T12193] bridge0: port 2(bridge_slave_1) entered disabled state [ 260.648890][T12205] __nla_validate_parse: 72 callbacks suppressed [ 260.648910][T12205] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2031'. [ 260.673047][T12193] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 260.791606][T12218] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2033'. [ 260.918715][T12220] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2034'. [ 260.944131][T12220] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2034'. [ 260.967070][T12226] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2037'. [ 260.983518][T12227] tipc: Enabled bearer , priority 10 [ 261.108674][T12232] netlink: 'syz.3.2038': attribute type 1 has an invalid length. [ 261.163438][T12234] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 261.243803][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.258704][T12235] bond5: (slave bridge5): making interface the new active one [ 261.277227][T12235] bond5: (slave bridge5): Enslaving as an active interface with an up link [ 261.290294][T12240] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2041'. [ 261.380641][T12241] geneve2: entered promiscuous mode [ 261.412093][T12241] geneve2: entered allmulticast mode [ 261.430605][T12240] FAULT_INJECTION: forcing a failure. [ 261.430605][T12240] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 261.444756][ T12] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 19999 - 0 [ 261.493229][ T12] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 19999 - 0 [ 261.497866][T12240] CPU: 0 UID: 0 PID: 12240 Comm: syz.2.2041 Not tainted 6.16.0-syzkaller-06610-g4eabe4cc0958 #0 PREEMPT(full) [ 261.497903][T12240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 261.497917][T12240] Call Trace: [ 261.497926][T12240] [ 261.497937][T12240] dump_stack_lvl+0x189/0x250 [ 261.497971][T12240] ? __pfx____ratelimit+0x10/0x10 [ 261.498007][T12240] ? __pfx_dump_stack_lvl+0x10/0x10 [ 261.498033][T12240] ? __pfx__printk+0x10/0x10 [ 261.498077][T12240] should_fail_ex+0x414/0x560 [ 261.498129][T12240] _copy_to_user+0x31/0xb0 [ 261.498166][T12240] simple_read_from_buffer+0xe1/0x170 [ 261.498213][T12240] proc_fail_nth_read+0x1b3/0x220 [ 261.498244][T12240] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 261.498276][T12240] ? rw_verify_area+0x258/0x650 [ 261.498311][T12240] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 261.498342][T12240] vfs_read+0x1fd/0x980 [ 261.498374][T12240] ? fdget_pos+0x247/0x320 [ 261.498403][T12240] ? __pfx___mutex_lock+0x10/0x10 [ 261.498441][T12240] ? __pfx_vfs_read+0x10/0x10 [ 261.498477][T12240] ? __fget_files+0x2a/0x420 [ 261.498506][T12240] ? __fget_files+0x3a0/0x420 [ 261.498527][T12240] ? __fget_files+0x2a/0x420 [ 261.498563][T12240] ksys_read+0x145/0x250 [ 261.498600][T12240] ? __pfx_ksys_read+0x10/0x10 [ 261.498630][T12240] ? rcu_is_watching+0x15/0xb0 [ 261.498676][T12240] ? do_syscall_64+0xbe/0x3b0 [ 261.498717][T12240] do_syscall_64+0xfa/0x3b0 [ 261.498751][T12240] ? lockdep_hardirqs_on+0x9c/0x150 [ 261.498794][T12240] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.498817][T12240] ? clear_bhb_loop+0x60/0xb0 [ 261.498849][T12240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.498872][T12240] RIP: 0033:0x7fa6e4b8d57c [ 261.498894][T12240] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 261.498915][T12240] RSP: 002b:00007fa6e59b4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 261.498947][T12240] RAX: ffffffffffffffda RBX: 00007fa6e4db5fa0 RCX: 00007fa6e4b8d57c [ 261.498965][T12240] RDX: 000000000000000f RSI: 00007fa6e59b40a0 RDI: 0000000000000005 [ 261.498979][T12240] RBP: 00007fa6e59b4090 R08: 0000000000000000 R09: 0000000000000000 [ 261.498994][T12240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 261.499007][T12240] R13: 0000000000000000 R14: 00007fa6e4db5fa0 R15: 00007ffede87b7e8 [ 261.499045][T12240] [ 261.652889][T12250] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2044'. [ 261.702560][ T12] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 19999 - 0 [ 261.853318][ T12] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 19999 - 0 [ 261.892313][T12257] netlink: 'syz.2.2048': attribute type 2 has an invalid length. [ 261.954706][T12261] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2049'. [ 262.069548][T12265] netlink: 'syz.3.2051': attribute type 44 has an invalid length. [ 262.191246][T12270] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode [ 262.249522][T12270] netlink: 'syz.0.2053': attribute type 1 has an invalid length. [ 262.427869][T12279] tipc: Enabling of bearer rejected, failed to enable media [ 262.481773][T12295] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2053'. [ 262.509705][T12279] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2055'. [ 262.781605][T12289] veth3: entered promiscuous mode [ 262.854134][T12269] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 263.240451][T12328] atomic_op ffff888077d40198 conn xmit_atomic 0000000000000000 [ 264.074599][T12384] bridge0: port 3(syz_tun) entered disabled state [ 264.082155][T12384] bridge0: port 1(bridge_slave_0) entered disabled state [ 264.439470][T12403] bridge_slave_0: default FDB implementation only supports local addresses [ 264.461586][T12403] bridge_slave_0: default FDB implementation only supports local addresses [ 264.587299][T12416] unsupported nlmsg_type 40 [ 264.636385][T12412] netlink: 'syz.1.2090': attribute type 13 has an invalid length. [ 265.050273][T12442] bridge5: the hash_elasticity option has been deprecated and is always 16 [ 265.384279][T12410] syz.4.2091 (12410) used greatest stack depth: 19096 bytes left [ 265.702781][T12478] syzkaller0: entered promiscuous mode [ 265.709503][T12478] syzkaller0: entered allmulticast mode [ 266.589045][T12494] __nla_validate_parse: 16 callbacks suppressed [ 266.589074][T12494] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2118'. [ 266.646405][T12494] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2118'. [ 268.971522][T12534] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2128'. [ 269.032483][T12537] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2128'. [ 269.072533][T12540] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2130'. [ 269.415483][T12567] netlink: 516 bytes leftover after parsing attributes in process `syz.4.2135'. [ 270.258606][T12607] netlink: 10 bytes leftover after parsing attributes in process `syz.2.2144'. [ 270.374108][T12610] netlink: 'syz.1.2146': attribute type 39 has an invalid length. [ 270.409949][T12616] openvswitch: netlink: IPv6 tunnel dst address is zero [ 270.434032][T12613] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2148'. [ 270.453512][ T9] IPVS: starting estimator thread 0... [ 270.547150][T12619] IPVS: using max 24 ests per chain, 57600 per kthread [ 270.712240][T12633] netlink: 172 bytes leftover after parsing attributes in process `syz.3.2153'. [ 270.726243][T12633] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2153'. [ 271.044693][T12653] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 271.189447][T12660] tipc: Enabled bearer , priority 0 [ 271.207231][T12660] syzkaller0: entered promiscuous mode [ 271.228100][T12660] syzkaller0: entered allmulticast mode [ 271.242150][ T12] syzkaller0: tun_net_xmit 70 [ 271.256179][T12660] tipc: Resetting bearer [ 271.265911][T12660] syzkaller0: tun_net_xmit 90 [ 271.288258][T12659] tipc: Resetting bearer [ 271.343993][T12659] tipc: Disabling bearer [ 271.574134][T12685] netlink: 'syz.0.2169': attribute type 1 has an invalid length. [ 271.600635][T12667] syzkaller0: entered promiscuous mode [ 271.608098][T12667] syzkaller0: entered allmulticast mode [ 271.649097][T12677] gre0: entered promiscuous mode [ 271.662195][T12682] lo: left promiscuous mode [ 271.707456][T12682] ip6tnl0: left promiscuous mode [ 271.731857][T12682] bridge0: port 1(bridge_slave_0) entered blocking state [ 271.740925][T12682] bridge0: port 1(bridge_slave_0) entered listening state [ 271.794281][T12682] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 271.851591][T12687] __nla_validate_parse: 4 callbacks suppressed [ 271.851613][T12687] netlink: 6 bytes leftover after parsing attributes in process `syz.1.2167'. [ 271.882281][T12687] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 271.905988][T12695] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2171'. [ 273.316077][T11508] wlan1: Trigger new scan to find an IBSS to join [ 273.709182][T12717] netlink: 'syz.3.2177': attribute type 1 has an invalid length. [ 273.769071][T12717] 8021q: adding VLAN 0 to HW filter on device bond7 [ 273.792861][T12725] vlan2: entered promiscuous mode [ 273.799941][T12725] bond7: entered promiscuous mode [ 273.805902][T12725] vlan2: entered allmulticast mode [ 273.811617][T12725] bond7: entered allmulticast mode [ 273.857431][T12729] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2181'. [ 274.065031][T12720] netlink: 'syz.0.2179': attribute type 1 has an invalid length. [ 274.105956][T12720] netlink: 536 bytes leftover after parsing attributes in process `syz.0.2179'. [ 274.260664][T12756] netlink: 576 bytes leftover after parsing attributes in process `syz.3.2186'. [ 274.319016][T12764] netlink: 576 bytes leftover after parsing attributes in process `syz.3.2186'. [ 274.413978][T12741] IPVS: starting estimator thread 0... [ 274.434817][T12768] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2190'. [ 274.454313][T12768] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2190'. [ 274.491856][T12768] gretap0: entered promiscuous mode [ 274.504511][T12768] gretap0: left promiscuous mode [ 274.535784][T12769] IPVS: using max 29 ests per chain, 69600 per kthread [ 274.561354][T12775] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 275.015980][T12804] netlink: 'syz.1.2204': attribute type 1 has an invalid length. [ 275.024056][T12804] netlink: 208 bytes leftover after parsing attributes in process `syz.1.2204'. [ 275.037454][T12804] netlink: 'syz.1.2204': attribute type 1 has an invalid length. [ 275.056076][T12804] netlink: 'syz.1.2204': attribute type 2 has an invalid length. [ 275.137758][T12808] netlink: 812 bytes leftover after parsing attributes in process `syz.0.2206'. [ 275.150288][T12809] lo: entered promiscuous mode [ 275.182630][T12809] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 275.271535][ T24] IPVS: starting estimator thread 0... [ 275.323806][T12811] syzkaller1: entered allmulticast mode [ 275.333126][T12811] syzkaller1: left allmulticast mode [ 275.376643][T12814] IPVS: using max 27 ests per chain, 64800 per kthread [ 275.498789][T12820] veth0: entered promiscuous mode [ 275.562369][T12823] IPVS: length: 8 != 1152 [ 275.643041][T12819] veth0: left promiscuous mode [ 276.165409][T12853] netlink: 'syz.2.2218': attribute type 29 has an invalid length. [ 276.218648][T12853] netlink: 'syz.2.2218': attribute type 29 has an invalid length. [ 276.233080][T12858] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 276.269952][T12858] lo: left promiscuous mode [ 276.280554][T11508] wlan1: Trigger new scan to find an IBSS to join [ 276.388065][T12865] bridge_slave_0: invalid flags given to default FDB implementation [ 276.729028][T12889] netlink: 'syz.4.2230': attribute type 10 has an invalid length. [ 276.801137][T12892] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 277.275957][T12906] __nla_validate_parse: 8 callbacks suppressed [ 277.275979][T12906] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2235'. [ 277.337926][T12906] nbd: nbd0 already in use [ 277.414022][T12918] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2238'. [ 277.777573][T12933] ieee802154 phy1 wpan1: encryption failed: -22 [ 277.787650][T12929] vlan2: entered allmulticast mode [ 277.794381][T12931] netlink: 'syz.4.2244': attribute type 1 has an invalid length. [ 277.890890][T12942] netlink: 'syz.0.2246': attribute type 10 has an invalid length. [ 277.897960][T12934] bond2 (unregistering): Released all slaves [ 277.989116][T12943] ip6tnl2: entered promiscuous mode [ 278.008824][T12943] ip6tnl2: entered allmulticast mode [ 278.026025][T12950] IPVS: set_ctl: invalid protocol: 115 224.0.0.1:20001 [ 278.058909][T12953] tun0: tun_chr_ioctl cmd 1074025675 [ 278.065443][T12953] tun0: persist disabled [ 278.360928][T12971] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2252'. [ 278.452330][T12971] tipc: Enabling of bearer rejected, failed to enable media [ 278.658943][T12984] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2256'. [ 278.702503][T12983] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2256'. [ 278.758358][T12989] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2258'. [ 278.920305][T12997] vlan1: entered allmulticast mode [ 278.935991][T12997] veth0_vlan: entered allmulticast mode [ 279.129643][T13003] sch_tbf: burst 4 is lower than device ip6tnl0 mtu (1452) ! [ 279.319713][T11505] wlan1: Trigger new scan to find an IBSS to join [ 280.167401][T13053] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2279'. [ 280.260520][T13060] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2281'. [ 280.280894][T13060] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2281'. [ 280.315777][T13060] netlink: 'syz.3.2281': attribute type 14 has an invalid length. [ 280.316092][T13063] netlink: 'syz.2.2282': attribute type 39 has an invalid length. [ 280.332892][T11508] wlan1: Creating new IBSS network, BSSID ee:fa:94:36:38:93 [ 280.338506][T13060] netlink: 'syz.3.2281': attribute type 13 has an invalid length. [ 280.631346][T13073] veth0: entered promiscuous mode [ 280.653171][T13075] veth0: left promiscuous mode [ 280.658627][T13073] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2287'. [ 280.698519][T13046] netlink: 'syz.0.2276': attribute type 1 has an invalid length. [ 280.730913][T13046] netlink: 'syz.0.2276': attribute type 1 has an invalid length. [ 281.125367][T13087] ieee802154 phy1 wpan1: encryption failed: -22 [ 281.206837][T13098] veth0: entered promiscuous mode [ 281.494461][T13107] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on [ 281.961883][T13126] IPVS: sync thread started: state = MASTER, mcast_ifn = bridge_slave_0, syncid = 0, id = 0 [ 282.006136][T13129] validate_nla: 2 callbacks suppressed [ 282.006158][T13129] netlink: 'syz.3.2306': attribute type 22 has an invalid length. [ 282.056048][T13129] netlink: 'syz.3.2306': attribute type 22 has an invalid length. [ 282.290432][T13148] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode [ 282.304125][T13148] __nla_validate_parse: 10 callbacks suppressed [ 282.304147][T13148] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2313'. [ 282.879082][T13186] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2323'. [ 282.924435][T13186] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode active-backup(1) [ 283.340548][T13201] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2329'. [ 283.354176][T13203] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2330'. [ 283.747187][T13222] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2335'. [ 283.867822][T13229] syzkaller0: entered promiscuous mode [ 283.884345][T13229] syzkaller0: entered allmulticast mode [ 284.007209][T13242] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2342'. [ 284.182967][T13253] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2346'. [ 284.199488][T13253] netlink: 124 bytes leftover after parsing attributes in process `syz.0.2346'. [ 284.315418][T13260] IPVS: set_ctl: invalid protocol: 136 127.0.0.1:20000 [ 284.479105][T13271] nbd: must specify a size in bytes for the device [ 284.945389][T13302] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6 [ 284.982208][T13306] netlink: 'syz.0.2362': attribute type 14 has an invalid length. [ 285.012821][T13306] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2362'. [ 285.100727][ T13] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 285.119142][T13306] netlink: 'syz.0.2362': attribute type 14 has an invalid length. [ 285.119148][ T13] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 285.119194][ T13] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 285.170084][ T13] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 285.178680][T13306] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2362'. [ 285.414460][T13326] netlink: 'syz.0.2367': attribute type 2 has an invalid length. [ 285.443828][T13330] netlink: 'syz.2.2368': attribute type 1 has an invalid length. [ 285.464213][T13330] netlink: 'syz.2.2368': attribute type 2 has an invalid length. [ 285.483381][T13330] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 285.869085][T13354] bridge_slave_1: left allmulticast mode [ 285.882101][T13354] bridge_slave_1: left promiscuous mode [ 285.916699][T13354] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.947025][T13354] bridge_slave_0: left allmulticast mode [ 285.958445][T13354] bridge_slave_0: left promiscuous mode [ 285.964592][T13354] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.360411][T13380] bridge_slave_0: left allmulticast mode [ 286.395878][T13380] bridge_slave_0: left promiscuous mode [ 286.402356][T13380] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.671303][T13384] netlink: 'syz.0.2387': attribute type 26 has an invalid length. [ 287.012584][T13405] vxcan1 speed is unknown, defaulting to 1000 [ 287.204274][T13418] tipc: Enabled bearer , priority 0 [ 287.230937][T13418] syzkaller0: entered promiscuous mode [ 287.265924][T13418] syzkaller0: entered allmulticast mode [ 287.305230][T13418] tipc: Resetting bearer [ 287.316739][T13425] __nla_validate_parse: 5 callbacks suppressed [ 287.316761][T13425] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2398'. [ 287.367833][T13429] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2398'. [ 287.374011][T13428] block nbd1: not configured, cannot reconfigure [ 287.406229][T13428] openvswitch: netlink: IPv4 tun info is not correct [ 287.415485][T13418] tipc: Disabling bearer [ 287.620489][T13442] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2400'. [ 288.437230][T13481] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2410'. [ 288.475316][T13475] tipc: Enabling of bearer rejected, failed to enable media [ 288.716165][T13488] pim6reg1: entered promiscuous mode [ 288.722075][T13488] pim6reg1: entered allmulticast mode [ 289.140299][T13506] netlink: 'syz.0.2417': attribute type 1 has an invalid length. [ 289.163609][T13506] netlink: 784 bytes leftover after parsing attributes in process `syz.0.2417'. [ 289.720065][T13518] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2421'. [ 289.834462][T13526] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2424'. [ 289.899756][T13526] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2424'. [ 290.580435][T13561] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2431'. [ 290.658738][T13558] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2429'. [ 290.788019][T13573] netlink: 'syz.0.2436': attribute type 21 has an invalid length. [ 291.100356][T13588] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 291.173987][T13591] netlink: 'syz.4.2441': attribute type 1 has an invalid length. [ 291.214164][T13591] nbd: couldn't find device at index 1048576 [ 291.513439][T13610] netlink: 'syz.1.2446': attribute type 4 has an invalid length. [ 291.546996][T13610] netlink: 'syz.1.2446': attribute type 3 has an invalid length. [ 291.699383][ T13] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 291.752878][ T13] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 291.791400][ T13] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 291.840607][ T13] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 292.154412][T13631] tipc: Enabled bearer , priority 0 [ 292.161096][T13634] FAULT_INJECTION: forcing a failure. [ 292.161096][T13634] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 292.188864][T13631] syzkaller0: entered promiscuous mode [ 292.209902][T13634] CPU: 0 UID: 0 PID: 13634 Comm: syz.4.2453 Not tainted 6.16.0-syzkaller-06610-g4eabe4cc0958 #0 PREEMPT(full) [ 292.209934][T13634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 292.209946][T13634] Call Trace: [ 292.209954][T13634] [ 292.209964][T13634] dump_stack_lvl+0x189/0x250 [ 292.209991][T13634] ? __pfx____ratelimit+0x10/0x10 [ 292.210023][T13634] ? __pfx_dump_stack_lvl+0x10/0x10 [ 292.210047][T13634] ? __pfx__printk+0x10/0x10 [ 292.210075][T13634] ? __might_fault+0xb0/0x130 [ 292.210121][T13634] should_fail_ex+0x414/0x560 [ 292.210164][T13634] _copy_from_iter+0x1db/0x16f0 [ 292.210203][T13634] ? policy_nodemask+0x27c/0x720 [ 292.210236][T13634] ? __pfx__copy_from_iter+0x10/0x10 [ 292.210271][T13634] ? set_page_refcounted+0xa0/0x1e0 [ 292.210306][T13634] ? page_copy_sane+0x4e/0x280 [ 292.210336][T13634] copy_page_from_iter+0xdd/0x170 [ 292.210369][T13634] tun_get_user+0x1d7b/0x3e20 [ 292.210404][T13634] ? tun_get_user+0x6f6/0x3e20 [ 292.210441][T13634] ? __pfx_tun_get_user+0x10/0x10 [ 292.210471][T13634] ? aa_file_perm+0x40c/0xe70 [ 292.210506][T13634] ? aa_file_perm+0x122/0xe70 [ 292.210547][T13634] ? ref_tracker_alloc+0x318/0x460 [ 292.210567][T13634] ? __lock_acquire+0xab9/0xd20 [ 292.210599][T13634] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 292.210626][T13634] ? tun_get+0x1c/0x2f0 [ 292.210665][T13634] ? tun_get+0x1c/0x2f0 [ 292.210686][T13634] ? tun_get+0x1c/0x2f0 [ 292.210715][T13634] tun_chr_write_iter+0x113/0x200 [ 292.210743][T13634] vfs_write+0x54b/0xa90 [ 292.210781][T13634] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 292.210806][T13634] ? __pfx_vfs_write+0x10/0x10 [ 292.210850][T13634] ? __fget_files+0x2a/0x420 [ 292.210884][T13634] ksys_write+0x145/0x250 [ 292.210926][T13634] ? __pfx_ksys_write+0x10/0x10 [ 292.210956][T13634] ? rcu_is_watching+0x15/0xb0 [ 292.210999][T13634] ? do_syscall_64+0xbe/0x3b0 [ 292.211036][T13634] do_syscall_64+0xfa/0x3b0 [ 292.211067][T13634] ? lockdep_hardirqs_on+0x9c/0x150 [ 292.211098][T13634] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.211121][T13634] ? clear_bhb_loop+0x60/0xb0 [ 292.211150][T13634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.211172][T13634] RIP: 0033:0x7f888cb8d61f [ 292.211194][T13634] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 292.211215][T13634] RSP: 002b:00007f888d9c2000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 292.211241][T13634] RAX: ffffffffffffffda RBX: 00007f888cdb5fa0 RCX: 00007f888cb8d61f [ 292.211258][T13634] RDX: 000000000000004e RSI: 0000200000000340 RDI: 00000000000000c8 [ 292.211272][T13634] RBP: 00007f888d9c2090 R08: 0000000000000000 R09: 0000000000000000 [ 292.211285][T13634] R10: 000000000000004e R11: 0000000000000293 R12: 0000000000000001 [ 292.211299][T13634] R13: 0000000000000000 R14: 00007f888cdb5fa0 R15: 00007ffc53097448 [ 292.211336][T13634] [ 292.226245][T13631] syzkaller0: entered allmulticast mode [ 293.004111][T13631] tipc: Resetting bearer [ 293.087342][T13660] __nla_validate_parse: 14 callbacks suppressed [ 293.087368][T13660] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2460'. [ 293.122060][T13631] tipc: Disabling bearer [ 293.134641][T13660] netlink: 'syz.0.2460': attribute type 10 has an invalid length. [ 293.152903][T13660] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2460'. [ 293.372837][T13660] team0: Port device geneve0 added [ 293.649818][T13678] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2465'. [ 293.727867][T13678] netlink: 'syz.3.2465': attribute type 1 has an invalid length. [ 293.773107][T13678] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2465'. [ 293.874035][T13691] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2469'. [ 293.876896][T13678] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2465'. [ 294.196012][T13707] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2475'. [ 294.213307][T13706] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2474'. [ 294.277928][T13706] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2474'. [ 294.368041][T13706] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2474'. [ 294.467083][T13706] netlink: 'syz.3.2474': attribute type 11 has an invalid length. [ 294.523089][T13720] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 295.324582][T13762] netlink: 'syz.2.2494': attribute type 16 has an invalid length. [ 295.353025][T13762] netlink: 'syz.2.2494': attribute type 3 has an invalid length. [ 295.499178][T13780] netlink: 'syz.2.2494': attribute type 11 has an invalid length. [ 295.514246][T13780] netlink: 'syz.2.2494': attribute type 11 has an invalid length. [ 296.182131][T13814] tipc: Enabled bearer , priority 0 [ 296.195474][T13814] syzkaller0: entered promiscuous mode [ 296.204980][T13814] syzkaller0: entered allmulticast mode [ 296.942238][T13811] tipc: Resetting bearer [ 297.019261][T13811] tipc: Disabling bearer [ 297.470144][T13871] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 297.506194][T13874] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 298.166153][T13899] netlink: 'syz.4.2527': attribute type 1 has an invalid length. [ 298.186327][T13899] netlink: 'syz.4.2527': attribute type 2 has an invalid length. [ 298.206307][T13899] __nla_validate_parse: 11 callbacks suppressed [ 298.206326][T13899] netlink: 1172 bytes leftover after parsing attributes in process `syz.4.2527'. [ 298.297469][T13896] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2525'. [ 298.615296][T13917] netlink: 'syz.3.2531': attribute type 11 has an invalid length. [ 298.640208][T13917] netlink: 'syz.3.2531': attribute type 11 has an invalid length. [ 298.669494][T13917] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2531'. [ 299.008809][T13928] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2534'. [ 299.453608][T13952] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2539'. [ 299.482939][T13957] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2539'. [ 299.703836][T13968] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2545'. [ 299.972797][T13979] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2549'. [ 300.073041][T13986] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2549'. [ 300.124504][T13988] netlink: 'syz.4.2551': attribute type 1 has an invalid length. [ 300.158161][T13988] netlink: 228 bytes leftover after parsing attributes in process `syz.4.2551'. [ 300.184446][T12741] vxcan1 speed is unknown, defaulting to 1000 [ 300.233650][T12741] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 300.576046][T12741] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 300.596105][T14018] netlink: 'syz.4.2555': attribute type 7 has an invalid length. [ 300.740557][T14018] åÿ: entered promiscuous mode [ 300.831420][T14030] netlink: 'syz.3.2559': attribute type 5 has an invalid length. [ 300.864594][T14024] netdevsim netdevsim0: Direct firmware load for /tun failed with error -2 [ 300.923797][T14024] netdevsim netdevsim0: Falling back to sysfs fallback for: /tun [ 301.751930][T14074] netlink: 'syz.1.2571': attribute type 12 has an invalid length. [ 301.892865][T14082] sctp: [Deprecated]: syz.0.2574 (pid 14082) Use of int in max_burst socket option. [ 301.892865][T14082] Use struct sctp_assoc_value instead [ 302.627713][T14116] ieee802154 phy1 wpan1: encryption failed: -22 [ 304.021686][T14165] __nla_validate_parse: 4 callbacks suppressed [ 304.021709][T14165] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2595'. [ 304.063912][T14163] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 304.107346][T14171] netlink: 452 bytes leftover after parsing attributes in process `syz.0.2594'. [ 304.121477][T14176] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2595'. [ 304.177602][T14174] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2592'. [ 305.076938][T14221] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2605'. [ 305.178321][T14219] team0: Port device geneve0 removed [ 305.292588][T14234] netlink: 'syz.2.2607': attribute type 4 has an invalid length. [ 305.308073][T14220] team0: Mode changed to "loadbalance" [ 305.376779][T14237] netlink: 'syz.2.2607': attribute type 4 has an invalid length. [ 305.450257][T14237] netlink: 'syz.2.2607': attribute type 4 has an invalid length. [ 305.474968][T14237] netlink: 'syz.2.2607': attribute type 4 has an invalid length. [ 305.501365][T14237] netlink: 'syz.2.2607': attribute type 4 has an invalid length. [ 305.510534][T14237] netlink: 'syz.2.2607': attribute type 4 has an invalid length. [ 305.525172][T14237] netlink: 'syz.2.2607': attribute type 4 has an invalid length. [ 305.533746][T14237] netlink: 'syz.2.2607': attribute type 4 has an invalid length. [ 305.544411][T14237] netlink: 'syz.2.2607': attribute type 4 has an invalid length. [ 305.556187][T14237] netlink: 'syz.2.2607': attribute type 4 has an invalid length. [ 305.930099][T14271] tc_dump_action: action bad kind [ 306.001224][T14276] netem: change failed [ 306.344922][T14292] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes. [ 306.400825][T14291] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2623'. [ 306.809265][T14307] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2627'. [ 307.057090][T14318] IPVS: set_ctl: invalid protocol: 43 127.0.0.1:20001 [ 307.183457][T14309] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2628'. [ 307.271718][T14325] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2628'. [ 308.321144][T14386] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2650'. [ 308.360117][T14386] erspan0: entered promiscuous mode [ 308.440693][T14386] batadv_slave_1: entered promiscuous mode [ 308.453066][T14386] erspan0: left promiscuous mode [ 308.474460][T14386] batadv_slave_1: left promiscuous mode [ 308.709798][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 308.749103][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 309.195033][T14433] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 309.218090][T14435] __nla_validate_parse: 3 callbacks suppressed [ 309.218114][T14435] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2665'. [ 309.591255][T14443] openvswitch: netlink: Key type 29 is not supported [ 309.654741][T14447] netlink: 191164 bytes leftover after parsing attributes in process `syz.0.2670'. [ 309.682716][T14445] bond3: entered promiscuous mode [ 309.688586][T14445] bond3: entered allmulticast mode [ 309.695077][T14445] 8021q: adding VLAN 0 to HW filter on device bond3 [ 309.705011][T14447] netlink: 180 bytes leftover after parsing attributes in process `syz.0.2670'. [ 309.867886][T14454] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2673'. [ 310.083366][T14456] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate. [ 310.303037][T14486] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2679'. [ 310.602554][T14492] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2682'. [ 310.627393][T14492] openvswitch: netlink: Actions may not be safe on all matching packets [ 310.688974][T14498] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2685'. [ 310.798499][T14498] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 310.803306][T14504] validate_nla: 31 callbacks suppressed [ 310.803333][T14504] netlink: 'syz.0.2686': attribute type 10 has an invalid length. [ 310.880500][T14504] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 310.915801][T14498] netlink: 'syz.4.2685': attribute type 4 has an invalid length. [ 311.021952][T14513] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2689'. [ 311.045095][T14515] netlink: 'syz.1.2690': attribute type 2 has an invalid length. [ 311.061005][T14515] netlink: 'syz.1.2690': attribute type 8 has an invalid length. [ 311.070500][T14515] netlink: 1148 bytes leftover after parsing attributes in process `syz.1.2690'. [ 311.087483][T14518] tipc: Enabling of bearer rejected, failed to enable media [ 311.105467][T14513] netlink: 88 bytes leftover after parsing attributes in process `syz.3.2689'. [ 312.047611][T14549] 8021q: adding VLAN 0 to HW filter on device bond4 [ 312.112073][T14555] vlan2: entered allmulticast mode [ 312.132811][T14555] bond4: entered allmulticast mode [ 312.182303][T14557] bond0: (slave bond_slave_1): Releasing backup interface [ 312.214248][T14557] bond_slave_1: left allmulticast mode [ 312.230417][T14554] syzkaller0: refused to change device tx_queue_len [ 312.446496][T11505] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 312.618400][T14589] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 312.626015][T14589] IPv6: NLM_F_CREATE should be set when creating new route [ 312.634581][T14589] IPv6: NLM_F_CREATE should be set when creating new route [ 312.743428][T14589] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 313.305201][T14629] IPv6: sit1: Disabled Multicast RS [ 313.482804][T14640] netlink: 'syz.0.2720': attribute type 30 has an invalid length. [ 314.136676][T14670] syzkaller1: entered promiscuous mode [ 314.142548][T14670] syzkaller1: entered allmulticast mode [ 314.150462][T14674] netlink: 'syz.2.2729': attribute type 1 has an invalid length. [ 314.173332][T14674] netlink: 'syz.2.2729': attribute type 4 has an invalid length. [ 314.572184][T14693] __nla_validate_parse: 9 callbacks suppressed [ 314.572207][T14693] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2734'. [ 314.629432][T14699] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2736'. [ 314.963670][T14710] netlink: 'syz.3.2741': attribute type 24 has an invalid length. [ 315.529830][T14737] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2748'. [ 315.687225][T14746] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2751'. [ 315.798664][T14746] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2751'. [ 315.889037][T14746] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2751'. [ 315.976799][T14756] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2754'. [ 316.090759][T14754] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2754'. [ 316.091276][T14764] netlink: 'syz.0.2756': attribute type 1 has an invalid length. [ 316.127758][T14764] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2756'. [ 316.780986][T14793] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2762'. [ 317.727429][ T5846] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 317.730248][T14830] IPVS: set_ctl: invalid protocol: 2 100.1.1.1:20004 [ 317.741420][ T5846] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 317.745385][T14820] bond2: entered allmulticast mode [ 317.751573][ T5846] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 317.768380][ T5846] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 317.780029][ T5846] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 317.787315][T14820] 8021q: adding VLAN 0 to HW filter on device bond2 [ 317.798662][T14820] bridge0: port 1(bond2) entered blocking state [ 317.813142][T14820] bridge0: port 1(bond2) entered disabled state [ 317.858980][T14820] bond2: entered promiscuous mode [ 317.881724][T14820] bridge0: port 1(bond2) entered blocking state [ 317.888473][T14820] bridge0: port 1(bond2) entered forwarding state [ 318.063089][T14828] vxcan1 speed is unknown, defaulting to 1000 [ 318.265098][T11515] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 318.278060][T11515] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.290195][T11515] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0 [ 318.320349][ T12] bridge0: port 1(bond2) entered disabled state [ 318.388989][T14852] gretap3: entered promiscuous mode [ 318.413806][T14858] tipc: Enabled bearer , priority 0 [ 318.471037][T11515] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 318.494812][T11515] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.511205][T11515] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0 [ 318.534818][T14846] syzkaller0: entered promiscuous mode [ 318.541227][T14846] syzkaller0: entered allmulticast mode [ 318.558267][T14855] tipc: Resetting bearer [ 318.599566][T14844] tipc: Resetting bearer [ 318.660318][T14844] tipc: Disabling bearer [ 318.779942][T11515] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 318.805497][T11515] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.853355][T11515] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0 [ 319.061640][T14881] sctp: [Deprecated]: syz.4.2790 (pid 14881) Use of int in maxseg socket option. [ 319.061640][T14881] Use struct sctp_assoc_value instead [ 319.105145][T11515] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 319.124584][T11515] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 319.144833][T11515] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0 [ 319.194076][T14874] vxcan1 speed is unknown, defaulting to 1000 [ 319.760753][T14907] __nla_validate_parse: 3 callbacks suppressed [ 319.760778][T14907] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2797'. [ 319.885555][ T5848] Bluetooth: hci0: command tx timeout [ 319.961586][T14916] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2799'. [ 319.991976][T14918] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2800'. [ 320.046060][T14920] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2800'. [ 320.319901][T14828] chnl_net:caif_netlink_parms(): no params data found [ 321.620678][T11515] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 321.635342][T11515] bond0 (unregistering): Released all slaves [ 321.747558][T11515] bond1 (unregistering): Released all slaves [ 321.765278][T11515] bond2 (unregistering): Released all slaves [ 321.782663][T11515] bond3 (unregistering): Released all slaves [ 321.904973][T11515] bond4 (unregistering): Released all slaves [ 321.956934][ T5848] Bluetooth: hci0: command tx timeout [ 321.991550][T14968] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2805'. [ 321.994320][T14954] tipc: Bearer : already 2 bearers with priority 10 [ 322.002730][T14968] netlink: 'syz.3.2805': attribute type 5 has an invalid length. [ 322.009570][T14954] tipc: Bearer : trying with adjusted priority [ 322.044331][T14954] tipc: New replicast peer: 0.0.0.0 [ 322.049968][T14968] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2805'. [ 322.077774][T14954] tipc: Enabled bearer , priority 9 [ 322.202723][T14968] geneve2: entered promiscuous mode [ 322.210766][T14968] geneve2: entered allmulticast mode [ 322.242976][T11515] tipc: Left network mode [ 322.249207][T14958] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00aa [ 322.344908][ T12] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 322.374218][ T12] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 322.453821][ T12] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 322.473128][ T12] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 322.819033][T11515] mac80211_hwsim hwsim4 wlan0 (unregistering): left promiscuous mode [ 322.961453][T14828] bridge0: port 1(bridge_slave_0) entered blocking state [ 322.987097][T14828] bridge0: port 1(bridge_slave_0) entered disabled state [ 323.007326][T14828] bridge_slave_0: entered allmulticast mode [ 323.020045][T14828] bridge_slave_0: entered promiscuous mode [ 323.087487][T14828] bridge0: port 2(bridge_slave_1) entered blocking state [ 323.094966][T14828] bridge0: port 2(bridge_slave_1) entered disabled state [ 323.147057][T14828] bridge_slave_1: entered allmulticast mode [ 323.172652][T14828] bridge_slave_1: entered promiscuous mode [ 323.493491][T14828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 323.623476][T15035] bond_slave_0: left promiscuous mode [ 323.675846][T15035] bond_slave_1: left promiscuous mode [ 323.743547][T15047] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2824'. [ 323.784511][T15047] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2824'. [ 323.911360][T15053] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2824'. [ 323.972516][T15035] bond4: (slave macvlan2): Removing an active aggregator [ 323.990270][T15035] bond4: (slave macvlan2): Releasing backup interface [ 324.038944][ T5848] Bluetooth: hci0: command tx timeout [ 324.047500][T15058] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.2826'. [ 324.067662][T15035] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 324.081438][T15035] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 324.093966][T15035] bond0 (unregistering): Released all slaves [ 324.162076][T14828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 324.225645][T11515] hsr_slave_0: left promiscuous mode [ 324.235218][T11515] hsr_slave_1: left promiscuous mode [ 324.261573][T11515] veth1_macvtap: left promiscuous mode [ 324.270847][T11515] veth0_macvtap: left promiscuous mode [ 324.289359][T11515] veth1_vlan: left promiscuous mode [ 324.301556][T11515] veth0_vlan: left promiscuous mode [ 325.170674][T15074] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2829'. [ 325.244994][T15053] (unnamed net_device) (uninitialized): option use_carrier: invalid value (4) [ 325.440045][T14828] team0: Port device team_slave_0 added [ 325.489603][T14828] team0: Port device team_slave_1 added [ 325.706321][T14828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 325.744496][T14828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 325.811208][T14828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 325.857844][T15090] syzkaller1: entered promiscuous mode [ 325.867497][T15090] syzkaller1: entered allmulticast mode [ 325.908829][T15102] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2835'. [ 325.927257][T14828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 325.934560][T14828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 325.953878][T15102] netlink: 176 bytes leftover after parsing attributes in process `syz.2.2835'. [ 325.983400][T14828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 325.984400][T15102] netlink: 'syz.2.2835': attribute type 5 has an invalid length. [ 326.125125][ T5848] Bluetooth: hci0: command tx timeout [ 326.260673][T15115] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2839'. [ 326.383317][T11515] IPVS: stop unused estimator thread 0... [ 326.440644][T14828] hsr_slave_0: entered promiscuous mode [ 326.475068][T14828] hsr_slave_1: entered promiscuous mode [ 326.496834][T14828] debugfs: 'hsr0' already exists in 'hsr' [ 326.502801][T14828] Cannot create hsr debugfs directory [ 326.860513][T15146] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2844'. [ 327.213854][T15161] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR [ 327.562922][T15178] netlink: 'syz.3.2849': attribute type 10 has an invalid length. [ 327.795796][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 328.204466][T15212] netlink: 'syz.3.2858': attribute type 4 has an invalid length. [ 328.478855][T15223] sock: sock_timestamping_bind_phc: sock not bind to device [ 328.531209][T14828] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 328.562887][T14828] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 328.604148][T14828] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 328.648375][T14828] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 328.868862][T15244] netlink: 'syz.4.2863': attribute type 33 has an invalid length. [ 328.904622][T15244] netlink: 'syz.4.2863': attribute type 33 has an invalid length. [ 329.037496][T14828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 329.138903][T14828] 8021q: adding VLAN 0 to HW filter on device team0 [ 329.188869][ T1165] bridge0: port 1(bridge_slave_0) entered blocking state [ 329.196489][ T1165] bridge0: port 1(bridge_slave_0) entered forwarding state [ 329.244959][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 329.252661][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 329.282666][T15260] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 329.453418][T14828] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 329.541507][T15268] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2870'. [ 329.578355][T15272] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2872'. [ 329.786244][T15281] sch_tbf: burst 4 is lower than device ip6tnl0 mtu (1452) ! [ 330.241738][T14828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 330.359556][T15307] af_packet: tpacket_rcv: packet too big, clamped from 112 to 4294967272. macoff=96 [ 330.467837][T15313] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2882'. [ 330.501930][T14828] veth0_vlan: entered promiscuous mode [ 330.587375][T14828] veth1_vlan: entered promiscuous mode [ 330.604439][T15315] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2883'. [ 330.686521][T15318] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 330.745894][T14828] veth0_macvtap: entered promiscuous mode [ 330.777646][T15325] smc: net device erspan0 applied user defined pnetid SYZ0 [ 330.792903][T14828] veth1_macvtap: entered promiscuous mode [ 330.840307][T15325] sch_tbf: burst 0 is lower than device ip6gretap0 mtu (1606) ! [ 330.901120][T14828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 330.944603][T14828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 331.025376][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.052428][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.074881][T15332] tun0: tun_chr_ioctl cmd 1074025675 [ 331.084569][T15332] tun0: persist disabled [ 331.106192][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.138718][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.415248][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 331.444036][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 331.537793][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 331.559159][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 331.747372][T15359] vxcan1: tx drop: invalid da for name 0x0000000000000014 [ 331.843181][T15365] netlink: 'syz.3.2896': attribute type 3 has an invalid length. [ 332.630908][ T5846] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 332.642383][ T5846] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 332.656061][ T5846] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 332.670004][ T5846] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 332.703431][ T5846] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 332.810328][T15387] vxcan1 speed is unknown, defaulting to 1000 [ 333.055657][ T5852] bridge0: port 4(syz_tun) entered disabled state [ 333.154837][ T5852] syz_tun (unregistering): left allmulticast mode [ 333.175062][ T5852] syz_tun (unregistering): left promiscuous mode [ 333.195646][ T5852] bridge0: port 4(syz_tun) entered disabled state [ 333.308249][T15396] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 333.621747][T15424] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2911'. [ 333.827303][T15426] netlink: 'syz.3.2912': attribute type 1 has an invalid length. [ 333.913194][T15387] chnl_net:caif_netlink_parms(): no params data found [ 334.194720][T15450] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.2918'. [ 334.304175][T15387] bridge0: port 1(bridge_slave_0) entered blocking state [ 334.307521][T15452] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2921'. [ 334.321094][T15387] bridge0: port 1(bridge_slave_0) entered disabled state [ 334.321335][T15387] bridge_slave_0: entered allmulticast mode [ 334.323459][T15387] bridge_slave_0: entered promiscuous mode [ 334.362973][T15387] bridge0: port 2(bridge_slave_1) entered blocking state [ 334.377912][T15387] bridge0: port 2(bridge_slave_1) entered disabled state [ 334.386366][T15387] bridge_slave_1: entered allmulticast mode [ 334.393953][T15387] bridge_slave_1: entered promiscuous mode [ 334.517931][T15387] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 334.549616][T15459] policy can only be matched on NF_INET_PRE_ROUTING [ 334.549641][T15459] unable to load match [ 334.582607][T15387] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 334.704418][T15470] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2926'. [ 334.721540][T15470] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2926'. [ 334.734656][T15387] team0: Port device team_slave_0 added [ 334.833253][T15387] team0: Port device team_slave_1 added [ 334.836615][ T5848] Bluetooth: hci5: command tx timeout [ 334.898264][T15387] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 334.906260][T15387] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 334.936145][T15387] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 334.951057][T15387] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 334.958663][T15387] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 334.987257][T15387] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 335.122308][T15387] hsr_slave_0: entered promiscuous mode [ 335.131740][T15387] hsr_slave_1: entered promiscuous mode [ 335.141402][T15387] debugfs: 'hsr0' already exists in 'hsr' [ 335.148853][T15387] Cannot create hsr debugfs directory [ 335.301119][T15485] netlink: 'syz.0.2931': attribute type 11 has an invalid length. [ 335.463489][T15491] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 335.652781][T15387] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.791149][T15387] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.824822][T15504] Bluetooth: MGMT ver 1.23 [ 335.911273][T15507] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2937'. [ 335.925304][T15387] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.953345][T15508] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2938'. [ 335.969935][T15510] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2937'. [ 335.995365][T15512] bond0: (slave ipvlan0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 336.008852][T15512] bond0: (slave ipvlan0): The slave device specified does not support setting the MAC address [ 336.020646][T15512] bond0: (slave ipvlan0): Error -95 calling set_mac_address [ 336.045027][T15511] bond0: (slave ipvlan0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 336.059358][T15511] bond0: (slave ipvlan0): The slave device specified does not support setting the MAC address [ 336.071922][T15511] bond0: (slave ipvlan0): Error -95 calling set_mac_address [ 336.315301][T15519] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 336.479082][T15526] netlink: 284 bytes leftover after parsing attributes in process `syz.3.2944'. [ 336.639504][T15387] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 336.709199][T15387] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 336.765080][T15387] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 336.831331][T15387] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 336.928220][ T5848] Bluetooth: hci5: command tx timeout [ 337.045247][T15554] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2948'. [ 337.188018][T15559] tipc: Started in network mode [ 337.193492][T15559] tipc: Node identity eec4e45acdc, cluster identity 4711 [ 337.269014][T15559] tipc: Enabled bearer , priority 0 [ 337.306760][T15544] vxcan1 speed is unknown, defaulting to 1000 [ 337.331933][T15566] syzkaller0: entered promiscuous mode [ 337.349763][T15566] syzkaller0: entered allmulticast mode [ 337.356120][T15568] netlink: 'syz.2.2953': attribute type 1 has an invalid length. [ 337.519594][T15387] 8021q: adding VLAN 0 to HW filter on device bond0 [ 337.593402][T15387] 8021q: adding VLAN 0 to HW filter on device team0 [ 337.640639][T15559] tipc: Resetting bearer [ 337.662187][T15568] veth0: entered allmulticast mode [ 337.687287][ T1165] bridge0: port 1(bridge_slave_0) entered blocking state [ 337.694767][ T1165] bridge0: port 1(bridge_slave_0) entered forwarding state [ 337.785092][ T1165] bridge0: port 2(bridge_slave_1) entered blocking state [ 337.793265][ T1165] bridge0: port 2(bridge_slave_1) entered forwarding state [ 337.962612][T15557] tipc: Resetting bearer [ 338.118126][T15557] tipc: Disabling bearer [ 338.508564][T15555] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2949'. [ 338.592850][T15555] nbd: must specify at least one socket [ 338.758290][T15566] vxcan1 speed is unknown, defaulting to 1000 [ 338.995948][ T5848] Bluetooth: hci5: command tx timeout [ 339.232504][T15621] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2963'. [ 339.323477][T15387] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 339.514229][T15628] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 340.490414][ T5210] udevd[5210]: worker [11744] /devices/virtual/block/nbd0 is taking a long time [ 340.589265][T15669] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 340.607173][T15671] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2972'. [ 340.818947][T15387] veth0_vlan: entered promiscuous mode [ 340.883554][T15678] netlink: 'syz.3.2975': attribute type 10 has an invalid length. [ 340.899869][T15387] veth1_vlan: entered promiscuous mode [ 341.083864][ T5848] Bluetooth: hci5: command tx timeout [ 341.354719][T15387] veth0_macvtap: entered promiscuous mode [ 341.406014][T15695] lo: entered promiscuous mode [ 341.454403][T15695] netlink: 'syz.0.2977': attribute type 2 has an invalid length. [ 341.479809][T15695] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 341.508526][T15387] veth1_macvtap: entered promiscuous mode [ 341.553295][T15701] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2980'. [ 341.650210][T15702] vxcan1 speed is unknown, defaulting to 1000 [ 341.669367][T15387] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 341.710100][T15387] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 341.816706][ T1165] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.903123][T11515] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.974349][T11515] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.037460][T11505] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.862630][T15724] batman_adv: batadv0: Interface deactivated: team0 [ 343.324269][T15724] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 343.520867][T15724] netdevsim netdevsim1 netdevsim0: left promiscuous mode [ 343.591839][T15724] gtp0: left promiscuous mode [ 343.620798][T15724] gretap1: left promiscuous mode [ 343.629494][T15724] gretap1: left allmulticast mode [ 343.651562][T15724] geneve2: left promiscuous mode [ 343.732656][T12744] vxcan1 speed is unknown, defaulting to 1000 [ 343.766405][T12744] syz2: Port: 1 Link DOWN [ 343.797150][ T13] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 343.870929][T15755] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2986'. [ 343.892258][ T12] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 343.923799][ T12] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.945973][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 343.964753][ T5927] vxcan1 speed is unknown, defaulting to 1000 [ 343.983243][ T12] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 344.005266][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 344.026430][ T12] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.051002][ T12] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 344.062836][ T12] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.128153][ T12] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 344.162517][ T12] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.333984][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 344.362731][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 344.447981][T15774] netlink: 16146 bytes leftover after parsing attributes in process `syz.3.2991'. [ 344.448016][T15759] vxcan1 speed is unknown, defaulting to 1000 [ 344.502764][T15773] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2992'. [ 344.765743][T15779] netlink: 'syz.1.2993': attribute type 30 has an invalid length. [ 344.796649][T15779] (unnamed net_device) (uninitialized): option arp_missed_max: invalid value (0) [ 344.825156][T15779] (unnamed net_device) (uninitialized): option arp_missed_max: allowed values 1 - 255 [ 344.858655][T15779] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2993'. [ 345.397336][T15791] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2998'. [ 345.606054][T15760] lo: left promiscuous mode [ 345.791964][T15760] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 346.018908][T15802] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3002'. [ 346.126573][ T5845] syz_tun (unregistering): left allmulticast mode [ 346.133359][ T5845] syz_tun (unregistering): left promiscuous mode [ 346.141179][ T5845] bridge0: port 3(syz_tun) entered disabled state [ 346.176791][T15806] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3003'. [ 346.241444][T15808] netlink: 'syz.1.3004': attribute type 32 has an invalid length. [ 346.257954][T15808] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3004'. [ 346.293384][ T5846] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 346.307239][ T5846] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 346.319473][ T5846] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 346.337979][ T5846] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 346.351198][ T5846] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 346.360265][T15808] (unnamed net_device) (uninitialized): option coupled_control: invalid value (52) [ 346.440420][T15804] netlink: 165 bytes leftover after parsing attributes in process `syz.4.3003'. [ 346.456085][T15810] vxcan1 speed is unknown, defaulting to 1000 [ 346.574680][T15821] __nla_validate_parse: 1 callbacks suppressed [ 346.574700][T15821] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3006'. [ 347.536755][T15837] bridge_slave_0: left allmulticast mode [ 347.542738][T15837] bridge_slave_0: left promiscuous mode [ 347.550623][T15837] bridge0: port 1(bridge_slave_0) entered disabled state [ 347.579453][T15840] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3013'. [ 347.599810][T15837] bridge_slave_1: left allmulticast mode [ 347.635499][T15837] bridge_slave_1: left promiscuous mode [ 347.656138][T15837] bridge0: port 2(bridge_slave_1) entered disabled state [ 347.680420][T15837] bond0: (slave bond_slave_0): Releasing backup interface [ 347.727545][T15837] bond0: (slave bond_slave_1): Releasing backup interface [ 347.782898][T15837] team0: Port device team_slave_0 removed [ 347.852438][T15837] team0: Port device team_slave_1 removed [ 347.898011][T15837] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 347.935876][T15837] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 347.971313][T15837] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 347.981221][T15837] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 348.012621][T15863] openvswitch: netlink: Actions may not be safe on all matching packets [ 348.228994][T15868] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3018'. [ 348.369653][T15810] chnl_net:caif_netlink_parms(): no params data found [ 348.437208][ T5848] Bluetooth: hci1: command tx timeout [ 348.657448][T15888] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.3023'. [ 348.843400][T15810] bridge0: port 1(bridge_slave_0) entered blocking state [ 348.861444][T15810] bridge0: port 1(bridge_slave_0) entered disabled state [ 348.883121][T15810] bridge_slave_0: entered allmulticast mode [ 348.894531][T15810] bridge_slave_0: entered promiscuous mode [ 348.987509][T15810] bridge0: port 2(bridge_slave_1) entered blocking state [ 349.010803][T15810] bridge0: port 2(bridge_slave_1) entered disabled state [ 349.020942][T15810] bridge_slave_1: entered allmulticast mode [ 349.036465][T15810] bridge_slave_1: entered promiscuous mode [ 349.067559][T15888] vxcan1 speed is unknown, defaulting to 1000 [ 349.083025][T15906] dvmrp0: entered allmulticast mode [ 349.229949][T15810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 349.266803][T15906] dvmrp0: left allmulticast mode [ 349.354158][T15810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 349.557374][T15810] team0: Port device team_slave_0 added [ 349.602010][T15810] team0: Port device team_slave_1 added [ 349.712422][T15932] netlink: 696 bytes leftover after parsing attributes in process `syz.4.3033'. [ 349.772953][T15810] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 349.781887][T15810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 349.811582][T15810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 349.869318][T15810] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 349.887578][T15810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 349.917402][T15810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 350.115890][T15810] hsr_slave_0: entered promiscuous mode [ 350.123198][T15810] hsr_slave_1: entered promiscuous mode [ 350.135102][T15810] debugfs: 'hsr0' already exists in 'hsr' [ 350.141730][T15810] Cannot create hsr debugfs directory [ 350.193713][T15945] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 350.201247][T15945] IPv6: NLM_F_CREATE should be set when creating new route [ 350.209401][T15945] IPv6: NLM_F_CREATE should be set when creating new route [ 350.217037][T15945] IPv6: NLM_F_CREATE should be set when creating new route [ 350.244322][T15946] pimreg: entered allmulticast mode [ 350.313365][T15943] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3036'. [ 350.515914][ T5848] Bluetooth: hci1: command tx timeout [ 351.022418][T15810] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 351.022992][T15969] netlink: 'syz.3.3046': attribute type 11 has an invalid length. [ 351.061482][T15969] netlink: 'syz.3.3046': attribute type 4 has an invalid length. [ 351.071672][T15969] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3046'. [ 351.121893][T15969] netlink: 232 bytes leftover after parsing attributes in process `syz.3.3046'. [ 351.272191][T15810] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 351.362894][T15986] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3048'. [ 351.383373][T15986] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3048'. [ 351.476772][T15810] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 351.525432][T15986] geneve3: entered promiscuous mode [ 351.533937][T15986] geneve3: entered allmulticast mode [ 351.563588][ T2962] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.604975][ T2962] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.626450][T15994] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma? [ 351.728643][T15810] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 351.835931][ T2962] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.867360][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 352.426798][T15810] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 352.460929][T16025] __nla_validate_parse: 1 callbacks suppressed [ 352.460952][T16025] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3057'. [ 352.504709][T15810] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 352.527084][T16032] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3059'. [ 352.543249][T15810] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 352.580573][T15810] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 352.595746][ T5848] Bluetooth: hci1: command tx timeout [ 352.721828][T16035] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 352.745451][T16040] netlink: 'syz.4.3060': attribute type 4 has an invalid length. [ 352.817396][T16045] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3060'. [ 352.897896][T16045] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3060'. [ 352.974152][T16045] geneve2: entered promiscuous mode [ 352.991500][T16045] geneve2: entered allmulticast mode [ 353.250587][T15810] 8021q: adding VLAN 0 to HW filter on device bond0 [ 353.357098][T16065] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3066'. [ 353.418525][T15810] 8021q: adding VLAN 0 to HW filter on device team0 [ 353.449107][T16075] netlink: 'syz.4.3068': attribute type 1 has an invalid length. [ 353.587675][ T2962] bridge0: port 1(bridge_slave_0) entered blocking state [ 353.595413][ T2962] bridge0: port 1(bridge_slave_0) entered forwarding state [ 353.656291][ T2962] bridge0: port 2(bridge_slave_1) entered blocking state [ 353.663757][ T2962] bridge0: port 2(bridge_slave_1) entered forwarding state [ 354.330253][T16109] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3078'. [ 354.354453][T16109] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3078'. [ 354.393713][T16110] C: renamed from team_slave_0 [ 354.403352][T16110] netlink: 'syz.3.3080': attribute type 1 has an invalid length. [ 354.421045][T16110] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 354.556963][T15810] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 354.677174][ T5848] Bluetooth: hci1: command tx timeout [ 354.753437][T15810] veth0_vlan: entered promiscuous mode [ 354.777566][T16129] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3084'. [ 354.839458][T15810] veth1_vlan: entered promiscuous mode [ 354.938185][T15810] veth0_macvtap: entered promiscuous mode [ 354.959530][T15810] veth1_macvtap: entered promiscuous mode [ 355.057024][T15810] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 355.108449][T15810] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 355.166784][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.187370][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.223554][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.272638][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.324682][T16153] netlink: 'syz.3.3093': attribute type 10 has an invalid length. [ 355.585696][ T2962] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 355.596500][T16160] (unnamed net_device) (uninitialized): option arp_validate: mode dependency failed, not supported in mode balance-alb(6) [ 355.607809][ T2962] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 355.735735][ T1213] hid-generic 0005:0458:0009.0001: item fetching failed at offset 0/1 [ 355.763299][ T1213] hid-generic 0005:0458:0009.0001: probe with driver hid-generic failed with error -22 [ 355.763589][T16167] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 355.857324][ T2962] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 355.887170][ T2962] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 356.059630][T16179] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3103'. [ 356.108043][T16184] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2997'. [ 356.289667][T16186] netlink: 'syz.1.3106': attribute type 2 has an invalid length. [ 356.306180][T16186] netlink: 'syz.1.3106': attribute type 1 has an invalid length. [ 356.982910][ T5846] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 356.997381][ T5846] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 357.007127][ T5846] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 357.015957][ T5846] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 357.027924][ T5846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 357.262601][T16207] vxcan1 speed is unknown, defaulting to 1000 [ 357.414138][T16218] netlink: 'syz.0.3115': attribute type 1 has an invalid length. [ 357.530439][ T1165] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 357.543751][ T1165] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.554826][ T1165] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 357.603500][T16217] dvmrp1: entered allmulticast mode [ 357.689046][T16218] 8021q: adding VLAN 0 to HW filter on device bond1 [ 357.710261][T16220] bond1: (slave gretap1): making interface the new active one [ 357.722475][T16220] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 357.870944][ T1165] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 357.888596][ T1165] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.900212][ T1165] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 357.916859][T16231] __nla_validate_parse: 1 callbacks suppressed [ 357.916879][T16231] netlink: 208 bytes leftover after parsing attributes in process `syz.0.3119'. [ 357.944852][T16225] mac80211_hwsim hwsim24 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 357.955037][T16229] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3119'. [ 358.123700][ T1165] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 358.147255][ T1165] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.159209][T16239] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3124'. [ 358.160576][T16241] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3125'. [ 358.180144][ T1165] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 358.346188][T16250] netlink: 'syz.4.3128': attribute type 1 has an invalid length. [ 358.375103][ T1165] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 358.399577][ T1165] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.413741][ T1165] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 358.469338][T16250] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 358.469875][T16249] veth0: entered promiscuous mode [ 358.551664][T16249] veth0: left promiscuous mode [ 359.077613][ T5848] Bluetooth: hci2: command tx timeout [ 359.301567][T16297] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3138'. [ 360.124431][ T1165] bond1 (unregistering): (slave gretap1): Releasing active interface [ 360.279677][T11515] wlan1: Trigger new scan to find an IBSS to join [ 360.540098][ T1165] bond5 (unregistering): (slave bridge5): Releasing active interface [ 360.712854][ T1165] bond1 (unregistering): Released all slaves [ 360.728756][ T1165] bond2 (unregistering): Released all slaves [ 360.860898][ T1165] bond3 (unregistering): Released all slaves [ 360.992397][ T1165] bond4 (unregistering): Released all slaves [ 361.010624][ T1165] bond5 (unregistering): Released all slaves [ 361.028519][ T1165] bond6 (unregistering): Released all slaves [ 361.158885][ T5848] Bluetooth: hci2: command tx timeout [ 361.181080][ T1165] bond7 (unregistering): Released all slaves [ 361.199497][ T1165] bond8 (unregistering): Released all slaves [ 361.223116][T16207] chnl_net:caif_netlink_parms(): no params data found [ 361.243034][T16288] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition [ 361.263426][T16288] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0) [ 361.418653][ T1165] tipc: Disabling bearer [ 361.455979][ T1165] tipc: Left network mode [ 361.584157][T16331] IPVS: Error connecting to the multicast addr [ 361.677642][T16331] (unnamed net_device) (uninitialized): option fail_over_mac: invalid value (3) [ 362.057308][T16207] bridge0: port 1(bridge_slave_0) entered blocking state [ 362.077131][T16207] bridge0: port 1(bridge_slave_0) entered disabled state [ 362.099110][T16207] bridge_slave_0: entered allmulticast mode [ 362.123236][T16207] bridge_slave_0: entered promiscuous mode [ 362.164078][T16360] netlink: 'syz.1.3150': attribute type 1 has an invalid length. [ 362.179415][T16207] bridge0: port 2(bridge_slave_1) entered blocking state [ 362.190591][T16360] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3150'. [ 362.212342][T16207] bridge0: port 2(bridge_slave_1) entered disabled state [ 362.214795][T16360] nbd: couldn't find device at index 1048576 [ 362.243591][T16207] bridge_slave_1: entered allmulticast mode [ 362.252560][T16207] bridge_slave_1: entered promiscuous mode [ 362.344834][T16363] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 362.416361][T16369] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_rx_wq": -EINTR [ 362.436931][T16373] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3152'. [ 362.596667][T16207] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 362.650065][T16207] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 362.718279][T16389] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3156'. [ 362.740954][T16392] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3156'. [ 362.819149][T16394] tipc: Started in network mode [ 362.827028][T16394] tipc: Node identity 6e9724f1cd74, cluster identity 4711 [ 362.834762][T16394] tipc: Enabled bearer , priority 0 [ 362.893146][ T1165] hsr_slave_0: left promiscuous mode [ 362.931132][ T1165] hsr_slave_1: left promiscuous mode [ 362.950133][ T1165] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 362.966210][ T1165] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 362.984409][ T1165] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 363.009501][ T1165] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 363.086308][T16411] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3157'. [ 363.107009][ T1165] veth0_macvtap: left promiscuous mode [ 363.114770][ T1165] veth1_vlan: left promiscuous mode [ 363.129629][ T1165] veth0_vlan: left promiscuous mode [ 363.237701][ T5848] Bluetooth: hci2: command tx timeout [ 363.320148][ T37] wlan1: Trigger new scan to find an IBSS to join [ 363.946935][T15752] tipc: Node number set to 2749572337 [ 364.291922][T16207] team0: Port device team_slave_0 added [ 364.304904][T16387] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 364.321410][T16407] tipc: Resetting bearer [ 364.384686][T16380] tipc: Disabling bearer [ 364.502348][T16207] team0: Port device team_slave_1 added [ 364.683696][T16430] veth0: entered promiscuous mode [ 364.832805][T16207] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 364.854858][T16207] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 364.941889][T16207] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 365.026724][T16207] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 365.077423][T16207] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 365.223946][T16207] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 365.316082][ T5848] Bluetooth: hci2: command tx timeout [ 365.586153][T16207] hsr_slave_0: entered promiscuous mode [ 365.627004][T16207] hsr_slave_1: entered promiscuous mode [ 365.633658][T16207] debugfs: 'hsr0' already exists in 'hsr' [ 365.660003][T16207] Cannot create hsr debugfs directory [ 365.689539][T16429] veth0: left promiscuous mode [ 366.001570][T16465] IPv6: sit1: Disabled Multicast RS [ 366.047883][T16465] sit1: entered allmulticast mode [ 366.103788][T16470] tipc: Enabling of bearer rejected, failed to enable media [ 366.121486][ T1165] IPVS: stop unused estimator thread 0... [ 366.222800][T16476] FAULT_INJECTION: forcing a failure. [ 366.222800][T16476] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 366.279767][ T2962] wlan1: Trigger new scan to find an IBSS to join [ 366.299947][T16476] CPU: 1 UID: 0 PID: 16476 Comm: syz.0.3171 Not tainted 6.16.0-syzkaller-06610-g4eabe4cc0958 #0 PREEMPT(full) [ 366.299982][T16476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 366.300001][T16476] Call Trace: [ 366.300010][T16476] [ 366.300023][T16476] dump_stack_lvl+0x189/0x250 [ 366.300052][T16476] ? __pfx____ratelimit+0x10/0x10 [ 366.300083][T16476] ? __pfx_dump_stack_lvl+0x10/0x10 [ 366.300106][T16476] ? __pfx__printk+0x10/0x10 [ 366.300133][T16476] ? __might_fault+0xb0/0x130 [ 366.300177][T16476] should_fail_ex+0x414/0x560 [ 366.300222][T16476] _copy_from_user+0x2d/0xb0 [ 366.300254][T16476] ___sys_sendmsg+0x158/0x2a0 [ 366.300282][T16476] ? __pfx____sys_sendmsg+0x10/0x10 [ 366.300346][T16476] ? __fget_files+0x2a/0x420 [ 366.300366][T16476] ? __fget_files+0x3a0/0x420 [ 366.300399][T16476] __x64_sys_sendmsg+0x19b/0x260 [ 366.300426][T16476] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 366.300461][T16476] ? __pfx_ksys_write+0x10/0x10 [ 366.300489][T16476] ? rcu_is_watching+0x15/0xb0 [ 366.300530][T16476] ? do_syscall_64+0xbe/0x3b0 [ 366.300566][T16476] do_syscall_64+0xfa/0x3b0 [ 366.300595][T16476] ? lockdep_hardirqs_on+0x9c/0x150 [ 366.300625][T16476] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.300646][T16476] ? clear_bhb_loop+0x60/0xb0 [ 366.300671][T16476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.300690][T16476] RIP: 0033:0x7fdec5d8eb69 [ 366.300709][T16476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 366.300729][T16476] RSP: 002b:00007fdec6bde038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 366.300753][T16476] RAX: ffffffffffffffda RBX: 00007fdec5fb5fa0 RCX: 00007fdec5d8eb69 [ 366.300769][T16476] RDX: 0000000000008000 RSI: 0000200000000c00 RDI: 0000000000000003 [ 366.300783][T16476] RBP: 00007fdec6bde090 R08: 0000000000000000 R09: 0000000000000000 [ 366.300796][T16476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 366.300808][T16476] R13: 0000000000000000 R14: 00007fdec5fb5fa0 R15: 00007ffe4c81ce08 [ 366.300850][T16476] [ 366.789742][T16490] IPv6: NLM_F_CREATE should be specified when creating new route [ 367.511006][T11503] wlan1: Creating new IBSS network, BSSID 5e:82:6b:40:a7:2f [ 367.606161][T16532] FAULT_INJECTION: forcing a failure. [ 367.606161][T16532] name failslab, interval 1, probability 0, space 0, times 0 [ 367.661997][T16532] CPU: 1 UID: 0 PID: 16532 Comm: syz.0.3182 Not tainted 6.16.0-syzkaller-06610-g4eabe4cc0958 #0 PREEMPT(full) [ 367.662033][T16532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 367.662048][T16532] Call Trace: [ 367.662057][T16532] [ 367.662068][T16532] dump_stack_lvl+0x189/0x250 [ 367.662098][T16532] ? __pfx____ratelimit+0x10/0x10 [ 367.662132][T16532] ? __pfx_dump_stack_lvl+0x10/0x10 [ 367.662156][T16532] ? __pfx__printk+0x10/0x10 [ 367.662191][T16532] ? __pfx___might_resched+0x10/0x10 [ 367.662232][T16532] should_fail_ex+0x414/0x560 [ 367.662276][T16532] should_failslab+0xa8/0x100 [ 367.662299][T16532] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 367.662334][T16532] ? __alloc_skb+0x112/0x2d0 [ 367.662376][T16532] __alloc_skb+0x112/0x2d0 [ 367.662416][T16532] netlink_sendmsg+0x5c6/0xb30 [ 367.662463][T16532] ? __pfx_netlink_sendmsg+0x10/0x10 [ 367.662502][T16532] ? aa_sock_msg_perm+0x94/0x160 [ 367.662535][T16532] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 367.662561][T16532] ? __pfx_netlink_sendmsg+0x10/0x10 [ 367.662597][T16532] __sock_sendmsg+0x21c/0x270 [ 367.662631][T16532] ____sys_sendmsg+0x505/0x830 [ 367.662662][T16532] ? __pfx_____sys_sendmsg+0x10/0x10 [ 367.662699][T16532] ? import_iovec+0x74/0xa0 [ 367.662738][T16532] ___sys_sendmsg+0x21f/0x2a0 [ 367.662765][T16532] ? __pfx____sys_sendmsg+0x10/0x10 [ 367.662835][T16532] ? __fget_files+0x2a/0x420 [ 367.662856][T16532] ? __fget_files+0x3a0/0x420 [ 367.662892][T16532] __x64_sys_sendmsg+0x19b/0x260 [ 367.662931][T16532] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 367.662967][T16532] ? __pfx_ksys_write+0x10/0x10 [ 367.662998][T16532] ? rcu_is_watching+0x15/0xb0 [ 367.663046][T16532] ? do_syscall_64+0xbe/0x3b0 [ 367.663085][T16532] do_syscall_64+0xfa/0x3b0 [ 367.663118][T16532] ? lockdep_hardirqs_on+0x9c/0x150 [ 367.663150][T16532] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.663173][T16532] ? clear_bhb_loop+0x60/0xb0 [ 367.663201][T16532] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.663223][T16532] RIP: 0033:0x7fdec5d8eb69 [ 367.663244][T16532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 367.663265][T16532] RSP: 002b:00007fdec6bde038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 367.663291][T16532] RAX: ffffffffffffffda RBX: 00007fdec5fb5fa0 RCX: 00007fdec5d8eb69 [ 367.663308][T16532] RDX: 0000000000008000 RSI: 0000200000000c00 RDI: 0000000000000003 [ 367.663322][T16532] RBP: 00007fdec6bde090 R08: 0000000000000000 R09: 0000000000000000 [ 367.663336][T16532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 367.663350][T16532] R13: 0000000000000000 R14: 00007fdec5fb5fa0 R15: 00007ffe4c81ce08 [ 367.663386][T16532] [ 368.378548][T16555] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 368.427456][T16557] tipc: Enabled bearer , priority 0 [ 368.560092][T16564] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3192'. [ 368.594748][T16569] Bluetooth: MGMT ver 1.23 [ 368.599001][T16546] syzkaller0: entered promiscuous mode [ 368.605280][T16546] syzkaller0: entered allmulticast mode [ 368.612642][T16546] tipc: Resetting bearer [ 368.657304][T16544] tipc: Resetting bearer [ 370.653993][T16544] tipc: Disabling bearer [ 370.698565][T16574] bond3: (slave vcan0): The slave device specified does not support setting the MAC address [ 370.711097][T16574] bond3: (slave vcan0): Error -95 calling set_mac_address [ 370.965935][T16207] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 371.021761][T16207] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 371.063598][T16595] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 371.083439][T16207] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 371.154113][T16207] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 371.212620][T16610] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3202'. [ 371.234714][T16614] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3204'. [ 371.255496][T16610] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3202'. [ 371.289815][T16610] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3202'. [ 371.590904][T16634] netlink: 'syz.4.3206': attribute type 11 has an invalid length. [ 371.613525][T16634] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3206'. [ 371.843228][T16207] 8021q: adding VLAN 0 to HW filter on device bond0 [ 371.870028][T16653] tipc: Enabled bearer , priority 24 [ 371.923046][T16207] 8021q: adding VLAN 0 to HW filter on device team0 [ 371.970788][T11515] bridge0: port 1(bridge_slave_0) entered blocking state [ 371.978819][T11515] bridge0: port 1(bridge_slave_0) entered forwarding state [ 372.089598][T11515] bridge0: port 2(bridge_slave_1) entered blocking state [ 372.096844][T11515] bridge0: port 2(bridge_slave_1) entered forwarding state [ 372.233730][T16668] team0: Device vti0 is of different type [ 372.373094][T16677] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3215'. [ 372.539392][T16683] netlink: 'syz.0.3218': attribute type 11 has an invalid length. [ 372.589524][T16683] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3218'. [ 372.893974][T16698] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 372.901382][T16696] netlink: 'syz.4.3221': attribute type 25 has an invalid length. [ 372.985794][ T5927] tipc: Node number set to 587523162 [ 373.268780][T16710] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3226'. [ 373.315966][T16710] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3226'. [ 373.319146][T16714] netlink: 'syz.2.3227': attribute type 1 has an invalid length. [ 373.362599][T16713] netlink: 'syz.2.3227': attribute type 1 has an invalid length. [ 373.377523][T16207] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 373.614577][T16207] veth0_vlan: entered promiscuous mode [ 373.657406][T16207] veth1_vlan: entered promiscuous mode [ 373.779615][T16207] veth0_macvtap: entered promiscuous mode [ 373.837178][T16739] team0: Device vti0 is of different type [ 373.909104][T16744] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3234'. [ 373.963939][T16744] (unnamed net_device) (uninitialized): up delay (4) is not a multiple of miimon (640), value rounded to 0 ms [ 374.060790][T16207] veth1_macvtap: entered promiscuous mode [ 374.225130][T16207] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 374.277917][T16207] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 374.320879][T16761] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3236'. [ 374.346270][T11505] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 374.354685][T16764] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3237'. [ 374.383645][T11505] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 374.483629][T11505] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 374.516395][T11505] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 374.601205][T16772] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3238'. [ 374.613533][T16767] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3238'. [ 374.704158][T16767] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3238'. [ 375.070881][T11515] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 375.110071][T11515] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 375.325269][ T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 375.357652][ T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 375.599358][T16820] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3250'. [ 375.634043][T16823] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3105'. [ 375.641327][T16820] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3250'. [ 375.707737][T16820] netlink: 'syz.4.3250': attribute type 3 has an invalid length. [ 375.806464][T11505] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 376.142992][T16840] netlink: 388 bytes leftover after parsing attributes in process `syz.3.3254'. [ 377.158032][T16876] mac80211_hwsim hwsim24 ÿ: renamed from wlan1 (while UP) [ 377.360260][ T5846] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 377.378480][ T5846] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 377.388559][ T5846] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 377.398576][ T5846] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 377.416233][ T5846] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 377.590306][T16881] vxcan1 speed is unknown, defaulting to 1000 [ 378.006835][T16916] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 378.337740][T16931] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate. [ 378.371204][T16933] netlink: 'syz.2.3273': attribute type 2 has an invalid length. [ 378.560235][T16940] netlink: 'syz.0.3275': attribute type 2 has an invalid length. [ 378.802293][T16881] chnl_net:caif_netlink_parms(): no params data found [ 379.198865][T16881] bridge0: port 1(bridge_slave_0) entered blocking state [ 379.223941][T16969] delete_channel: no stack [ 379.230601][T16881] bridge0: port 1(bridge_slave_0) entered disabled state [ 379.256465][T16881] bridge_slave_0: entered allmulticast mode [ 379.288065][T16881] bridge_slave_0: entered promiscuous mode [ 379.308356][T16881] bridge0: port 2(bridge_slave_1) entered blocking state [ 379.344049][T16881] bridge0: port 2(bridge_slave_1) entered disabled state [ 379.385873][T16881] bridge_slave_1: entered allmulticast mode [ 379.394173][T16881] bridge_slave_1: entered promiscuous mode [ 379.476682][ T5848] Bluetooth: hci3: command tx timeout [ 379.695067][T16881] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 379.742905][T16881] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 379.892650][T16978] syz.0.3282 (16978) used greatest stack depth: 17864 bytes left [ 380.139890][T16881] team0: Port device team_slave_0 added [ 380.152828][T17007] __nla_validate_parse: 8 callbacks suppressed [ 380.152860][T17007] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3287'. [ 380.234640][T17015] netlink: 212364 bytes leftover after parsing attributes in process `syz.2.3288'. [ 380.260303][T16881] team0: Port device team_slave_1 added [ 380.286169][T17015] openvswitch: netlink: Message has 5 unknown bytes. [ 380.412450][T17010] netlink: 'syz.2.3288': attribute type 21 has an invalid length. [ 380.442805][T17010] netlink: 128 bytes leftover after parsing attributes in process `syz.2.3288'. [ 380.472972][T17015] netlink: 'syz.2.3288': attribute type 2 has an invalid length. [ 380.518977][T16881] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 380.539145][T16881] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 380.601621][T16881] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 380.649612][T17010] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3288'. [ 380.705900][T17037] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3293'. [ 380.735961][T17037] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3293'. [ 380.769553][T17037] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3293'. [ 380.787888][T16881] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 380.805948][T16881] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 380.834436][T17037] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3293'. [ 380.876244][T17037] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3293'. [ 380.899384][T17037] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3293'. [ 380.917966][T16881] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 381.275474][T16881] hsr_slave_0: entered promiscuous mode [ 381.305305][T16881] hsr_slave_1: entered promiscuous mode [ 381.342108][T16881] debugfs: 'hsr0' already exists in 'hsr' [ 381.365872][T16881] Cannot create hsr debugfs directory [ 381.562204][ T5848] Bluetooth: hci3: command tx timeout [ 381.816937][T17079] netlink: 'syz.3.3306': attribute type 1 has an invalid length. [ 381.835475][T17079] netlink: 'syz.3.3306': attribute type 1 has an invalid length. [ 381.852741][T17079] netlink: 'syz.3.3306': attribute type 2 has an invalid length. [ 382.020721][T17089] netlink: 'syz.3.3311': attribute type 27 has an invalid length. [ 382.062846][T17094] netlink: 'syz.4.3309': attribute type 1 has an invalid length. [ 382.113208][T17096] netlink: 'syz.0.3310': attribute type 5 has an invalid length. [ 382.457778][T16881] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.596483][T17111] 8021q: adding VLAN 0 to HW filter on device bond1 [ 382.683890][T16881] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.849530][T16881] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 383.059655][T16881] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 383.554919][T17159] Oops: general protection fault, probably for non-canonical address 0xdffffc001fffe000: 0000 [#1] SMP KASAN PTI [ 383.567572][T17159] KASAN: probably user-memory-access in range [0x00000000ffff0000-0x00000000ffff0007] [ 383.577852][T17159] CPU: 1 UID: 0 PID: 17159 Comm: dhcpcd Not tainted 6.16.0-syzkaller-06610-g4eabe4cc0958 #0 PREEMPT(full) [ 383.589929][T17159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 383.600966][T17159] RIP: 0010:percpu_ref_get_many+0x8d/0x140 [ 383.607242][T17159] Code: 01 48 c7 c7 40 51 98 8b be 4b 03 00 00 48 c7 c2 80 51 98 8b e8 a4 24 72 ff 49 bc 00 00 00 00 00 fc ff df 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 04 5d f7 ff 49 8b 07 a8 03 75 62 [ 383.627998][T17159] RSP: 0018:ffffc9000b4876f8 EFLAGS: 00010206 [ 383.634267][T17159] RAX: 000000001fffe000 RBX: ffffffff822b7619 RCX: c85e0279c60d9200 [ 383.643160][T17159] RDX: 0000000000000000 RSI: ffffffff8be309e0 RDI: ffffffff8be309a0 [ 383.651229][T17159] RBP: 0000000000000078 R08: 0000000000000000 R09: ffffffff822b7619 [ 383.659311][T17159] R10: dffffc0000000000 R11: fffffbfff1f40f7f R12: dffffc0000000000 [ 383.667390][T17159] R13: ffff8880b873b500 R14: 0000000000000001 R15: 00000000ffff0000 [ 383.675907][T17159] FS: 0000000000000000(0000) GS:ffff888125d80000(0000) knlGS:0000000000000000 [ 383.684959][T17159] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 383.691645][T17159] CR2: 000055736295d660 CR3: 000000000df38000 CR4: 00000000003526f0 [ 383.700334][T17159] Call Trace: [ 383.703628][T17159] [ 383.706764][T17159] refill_obj_stock+0x254/0x850 [ 383.711654][T17159] ? refill_obj_stock+0x116/0x850 [ 383.716712][T17159] __memcg_slab_free_hook+0x127/0x3d0 [ 383.722131][T17159] ? unlink_anon_vmas+0x2cc/0x670 [ 383.727635][T17159] kmem_cache_free+0x223/0x400 [ 383.732727][T17159] unlink_anon_vmas+0x2cc/0x670 [ 383.737772][T17159] free_pgtables+0x7bf/0xaf0 [ 383.742592][T17159] ? __pfx_free_pgtables+0x10/0x10 [ 383.747894][T17159] ? __pfx_down_write+0x10/0x10 [ 383.753037][T17159] ? __mas_set_range+0x12f/0x3c0 [ 383.758078][T17159] exit_mmap+0x444/0xb50 [ 383.762351][T17159] ? uprobe_clear_state+0x20f/0x290 [ 383.767781][T17159] ? __pfx_exit_mmap+0x10/0x10 [ 383.772740][T17159] ? __mutex_unlock_slowpath+0x1a1/0x760 [ 383.778660][T17159] ? __pfx_exit_aio+0x10/0x10 [ 383.783493][T17159] ? uprobe_clear_state+0x274/0x290 [ 383.788718][T17159] __mmput+0x118/0x420 [ 383.792905][T17159] exit_mm+0x1da/0x2c0 [ 383.797169][T17159] ? __pfx_exit_mm+0x10/0x10 [ 383.801776][T17159] ? hrtimer_try_to_cancel+0x3d9/0x420 [ 383.807443][T17159] ? rcu_is_watching+0x15/0xb0 [ 383.812430][T17159] do_exit+0x648/0x22e0 [ 383.816800][T17159] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 383.822336][T17159] ? __pfx_do_exit+0x10/0x10 [ 383.827142][T17159] ? _raw_spin_unlock_irq+0x23/0x50 [ 383.832560][T17159] ? lockdep_hardirqs_on+0x9c/0x150 [ 383.837795][T17159] do_group_exit+0x21c/0x2d0 [ 383.842414][T17159] __x64_sys_exit_group+0x3f/0x40 [ 383.847731][T17159] x64_sys_call+0x21f7/0x2200 [ 383.852693][T17159] do_syscall_64+0xfa/0x3b0 [ 383.857482][T17159] ? lockdep_hardirqs_on+0x9c/0x150 [ 383.862712][T17159] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.869223][T17159] ? clear_bhb_loop+0x60/0xb0 [ 383.874219][T17159] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.880391][T17159] RIP: 0033:0x7f471d2146c5 [ 383.884823][T17159] Code: Unable to access opcode bytes at 0x7f471d21469b. [ 383.892029][T17159] RSP: 002b:00007ffdb1565378 EFLAGS: 00000206 ORIG_RAX: 00000000000000e7 [ 383.900633][T17159] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f471d2146c5 [ 383.908984][T17159] RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000001 [ 383.916985][T17159] RBP: 00007ffdb1565988 R08: 000055737eae72c0 R09: 0000000000000002 [ 383.925318][T17159] R10: 00000000000000e0 R11: 0000000000000206 R12: 00007ffdb15653c0 [ 383.933909][T17159] R13: 000055737eae8950 R14: 00007ffdb1565600 R15: 00007ffdb15653b0 [ 383.942025][T17159] [ 383.945074][T17159] Modules linked in: [ 383.951522][T17159] ---[ end trace 0000000000000000 ]--- [ 383.959672][T17159] RIP: 0010:percpu_ref_get_many+0x8d/0x140 [ 383.964983][T16881] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 383.966228][T17159] Code: 01 48 c7 c7 40 51 98 8b be 4b 03 00 00 48 c7 c2 80 51 98 8b e8 a4 24 72 ff 49 bc 00 00 00 00 00 fc ff df 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 04 5d f7 ff 49 8b 07 a8 03 75 62 [ 383.993103][T17159] RSP: 0018:ffffc9000b4876f8 EFLAGS: 00010206 [ 384.000451][T17159] RAX: 000000001fffe000 RBX: ffffffff822b7619 RCX: c85e0279c60d9200 [ 384.009121][T17159] RDX: 0000000000000000 RSI: ffffffff8be309e0 RDI: ffffffff8be309a0 [ 384.017364][T17159] RBP: 0000000000000078 R08: 0000000000000000 R09: ffffffff822b7619 [ 384.027767][T17159] R10: dffffc0000000000 R11: fffffbfff1f40f7f R12: dffffc0000000000 [ 384.036325][T17159] R13: ffff8880b873b500 R14: 0000000000000001 R15: 00000000ffff0000 [ 384.044521][T17159] FS: 0000000000000000(0000) GS:ffff888125d80000(0000) knlGS:0000000000000000 [ 384.053995][T17159] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 384.061113][T17159] CR2: 000055736295d660 CR3: 000000000df38000 CR4: 00000000003526f0 [ 384.069368][T17159] Kernel panic - not syncing: Fatal exception [ 384.076405][T17159] Kernel Offset: disabled [ 384.080779][T17159] Rebooting in 86400 seconds..