last executing test programs: 2.632055073s ago: executing program 0 (id=2624): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8943, &(0x7f0000000000)={'dummy0\x00', @random="e80300001000"}) (async) ioctl$SIOCSIFHWADDR(r0, 0x8943, &(0x7f0000000000)={'dummy0\x00', @random="e80300001000"}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_GET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c000b566bee4ad9d908528f0020196e48cb3fff61d5c34eba6dd140063d9a4cb0f59120b1d5a1026e682f57c26573c10f9c94ebc8bfcd88738fff19eb955e7d160f3fe9f73834c72fc3401303d9e6d8a5bc7b7be4f2728c03db2fa952d2af82cf936cb47ae0b0474d18aad9ea185bba1f806c387ad3dab287f34a34500c4337f1a1a6e5de69754227c8cc3e8eb9d9460849d2b7de6dfb38b21b5f0f1ce0f0d17240b39264ac237ed337b122ff4bc45bcf0a38891670d9dc", @ANYRES16=r2, @ANYBLOB="01000000000000000000350000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030020000000"], 0x3c}}, 0x0) 2.463646656s ago: executing program 4 (id=2629): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) writev(r1, &(0x7f0000000940)=[{&(0x7f0000000240)='g*', 0x2}], 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) shutdown(r2, 0x1) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, 0x0, 0x0) bind$inet6(r2, &(0x7f0000000a00)={0xa, 0x4e23, 0x6e, @empty, 0x5}, 0x1c) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0xfffffff1, @empty, 0x2}, 0x1c) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e20, 0x8, @empty, 0x9f}, 0x1c) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_TABLE(r4, 0x29, 0xc8, &(0x7f0000000080), 0x4) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r6 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r5, &(0x7f00000003c0)=ANY=[@ANYBLOB="120086dd0000120000000000000060ec97000f982c00fb8000000000000000000000000000aaff0200"], 0xfce) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000080), 0x4) sendmsg$NFT_BATCH(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a54000000060a0b0400008000000000000200000028000480240001800b000100657874686472000014000280050002000700000008000640000000030900010073797a30000000000900020073797a3200"], 0x7c}, 0x1, 0x0, 0x0, 0x20004044}, 0x0) setsockopt$RXRPC_SECURITY_KEYRING(r0, 0x110, 0x2, &(0x7f0000000100)='\x00', 0x1) writev(r0, &(0x7f0000000400)=[{&(0x7f00000002c0)="a609a8", 0x3}], 0x1) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0) r7 = socket$inet6_icmp(0xa, 0x2, 0x3a) bind$inet6(r7, &(0x7f0000000000)={0xa, 0x4e1f, 0xabd7, @empty, 0x2}, 0x1c) 2.1477221s ago: executing program 0 (id=2632): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x4e24, @remote}, 0x10) r1 = socket$kcm(0x10, 0x0, 0x0) (async) r2 = socket(0x22, 0x2, 0x3) ioctl$IMGETCOUNT(r2, 0x80044943, &(0x7f00000003c0)) (async) close(r1) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000011c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010028bd7000fcdbdf253000000008000300", @ANYRES32=r6], 0x3c}, 0x1, 0x0, 0x0, 0x4805}, 0x24040000) (async) syz_emit_ethernet(0x3e, &(0x7f00000006c0)=ANY=[@ANYBLOB="ffffffffffff0180c200000086dd6032100800083a00fe8000000000000000000000000000bbfe8000000000000000000000000000aa8000907810000000"], 0x0) 1.939749802s ago: executing program 4 (id=2635): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000004c0)=ANY=[@ANYRESDEC=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES64, @ANYBLOB="1000000000000000080000000000000000000000000000000000000062bf17c533326964a457042e3091076b41ca77d49b5cb0de6580"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x9, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @call={0x85, 0x0, 0x0, 0x8}]}, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x9, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @call={0x85, 0x0, 0x0, 0x8}]}, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$TOKEN_CREATE(0x24, &(0x7f0000000200)={0x0, r0}, 0x8) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='blkio.bfq.sectors\x00', 0x0, 0x0) getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f0000000100)=0x1, &(0x7f0000000300)=0x4) r2 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3000008, 0x8010, r2, 0x883a8000) (async) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3000008, 0x8010, r2, 0x883a8000) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x2, 0x5, &(0x7f0000002500)=ANY=[@ANYRESDEC=r0], &(0x7f0000000180)='GPL\x00', 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0x8}, 0x94) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x2, 0x5, &(0x7f0000002500)=ANY=[@ANYRESDEC=r0], &(0x7f0000000180)='GPL\x00', 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0x8}, 0x94) sendto$netrom(r1, &(0x7f00000003c0)="c39afb01353905b130276e7089a272d9b92f771fb990e39542786576722cc37e17d0c07d230dc9da2f43b3d365bbd4afc46d2d3a4bd7f25e0808bb47d398161b8890b08b46b9491feb01ed09ffe71569a6d8c03ba3621879c7bb4f12f334295e2e656da87c45cb5180137a", 0x6b, 0x90, &(0x7f0000000440)={{0x3, @default, 0x4}, [@null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48) 1.806674757s ago: executing program 4 (id=2637): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@newtaction={0x84, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x70, 0x1, [@m_tunnel_key={0x6c, 0x1, 0x0, 0x0, {{0xf}, {0x3c, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @local}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x84}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4050000000000007911c000000000008500000000f800000000000000000000c4eb536f264190899005c744468792588e8170205edeaf5207f53ea07a547115c7fa83e4533d15d714e8e470d1b2dd9da54f29590d4be684a0179f2ebd0525d8ecea7d3cc6c1499e43f1beaacaba46916d803cfbc90a71892c732609925456dcd1959b6cf839bbddc7bbeb63e4ef627ffbf599da03295e26089339e8796f23f8d0bda130fc72306eb155ddc8ea4eab07abf011b822757df147a0542c586db4ba70f6cdba7d2e67974a48d869fea4f3f0e949c308ffb4206c623672438e8439090928909c840631057c41dbfed385eccf7fed6cae39f013310f508d60760d2415cf8514b75539a428ca0848b4759c38044921a478aeb681c08cedf13eb74b89938fcbbc0936"], &(0x7f00000002c0)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) 1.723618426s ago: executing program 0 (id=2638): r0 = socket(0x11, 0x3, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) ioctl$sock_proto_private(r2, 0x8b15, &(0x7f0000000080)) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) r5 = socket$netlink(0x10, 0x3, 0x4) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r6) sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r5, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r7, 0x10, 0x70bd28, 0x25dfdbff, {{}, {}, {0x14, 0x19, {0xfff, 0x4, 0x7ff, 0x3373}}}, [""]}, 0x30}, 0x1, 0x0, 0x0, 0x44010}, 0x4c010) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x4, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, [@call={0x85, 0x0, 0x0, 0x3b}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x24, r8, 0x11, 0x70bd2d, 0x3, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4c081}, 0x0) write$cgroup_int(r1, &(0x7f0000000200), 0x12) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000800)={0x6, 0x4, 0x1a00}, 0x980) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000080)={'hsr0\x00', {0x2, 0x4e24, @empty}}) ioctl$SIOCGIFMTU(r0, 0x8921, &(0x7f0000000000)={'tunl0\x00'}) socket(0x11, 0x3, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async) socket$unix(0x1, 0x1, 0x0) (async) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) (async) ioctl$sock_proto_private(r2, 0x8b15, &(0x7f0000000080)) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000140)) (async) socket$netlink(0x10, 0x3, 0x4) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r6) (async) sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) (async) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r5, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r7, 0x10, 0x70bd28, 0x25dfdbff, {{}, {}, {0x14, 0x19, {0xfff, 0x4, 0x7ff, 0x3373}}}, [""]}, 0x30}, 0x1, 0x0, 0x0, 0x44010}, 0x4c010) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x4, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, [@call={0x85, 0x0, 0x0, 0x3b}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) (async) sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x24, r8, 0x11, 0x70bd2d, 0x3, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4c081}, 0x0) (async) write$cgroup_int(r1, &(0x7f0000000200), 0x12) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) (async) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000800)={0x6, 0x4, 0x1a00}, 0x980) (async) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000080)={'hsr0\x00', {0x2, 0x4e24, @empty}}) (async) ioctl$SIOCGIFMTU(r0, 0x8921, &(0x7f0000000000)={'tunl0\x00'}) (async) 1.64351003s ago: executing program 4 (id=2641): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) shutdown(r0, 0x0) recvmsg(r0, &(0x7f0000002a00)={0x0, 0x0, &(0x7f0000001980)=[{&(0x7f0000001580)=""/3, 0x3}], 0x1}, 0x10000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_VERDICT(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f0000000580)={0x20, 0x1, 0x3, 0x801, 0x0, 0x0, {0x2}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd}}]}, 0x20}}, 0x44) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000340)="d80000001c0081044e81f782db44b904021d0802010000000500f0a1180002000000000000000e1208000f0100810401a8001600200001400300000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c11503c6bbace8017cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x20004800) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCOUTQNSD(r3, 0x894b, &(0x7f0000000280)) syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r3) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f00000000c0)={r2}) r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25GFACILITIES(r5, 0x89e2, &(0x7f0000000000)) getsockopt$inet_IP_IPSEC_POLICY(r4, 0x0, 0x10, &(0x7f0000000100)={{{@in6=@empty, @in6=@mcast1}}, {{@in=@loopback}, 0x0, @in6=@private1}}, &(0x7f0000000200)=0xe8) socket$inet_mptcp(0x2, 0x1, 0x106) (async) shutdown(r0, 0x0) (async) recvmsg(r0, &(0x7f0000002a00)={0x0, 0x0, &(0x7f0000001980)=[{&(0x7f0000001580)=""/3, 0x3}], 0x1}, 0x10000) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) (async) sendmsg$NFQNL_MSG_VERDICT(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f0000000580)={0x20, 0x1, 0x3, 0x801, 0x0, 0x0, {0x2}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd}}]}, 0x20}}, 0x44) (async) socket$kcm(0x10, 0x2, 0x0) (async) sendmsg$kcm(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000340)="d80000001c0081044e81f782db44b904021d0802010000000500f0a1180002000000000000000e1208000f0100810401a8001600200001400300000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c11503c6bbace8017cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x20004800) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$sock_SIOCOUTQNSD(r3, 0x894b, &(0x7f0000000280)) (async) syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r3) (async) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f00000000c0)={r2}) (async) syz_init_net_socket$x25(0x9, 0x5, 0x0) (async) ioctl$SIOCX25GFACILITIES(r5, 0x89e2, &(0x7f0000000000)) (async) getsockopt$inet_IP_IPSEC_POLICY(r4, 0x0, 0x10, &(0x7f0000000100)={{{@in6=@empty, @in6=@mcast1}}, {{@in=@loopback}, 0x0, @in6=@private1}}, &(0x7f0000000200)=0xe8) (async) 1.558442297s ago: executing program 1 (id=2643): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000bc000000850000000800000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="8bdfd8ec37aa8d0a00c9c0e4185c", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x1, @ANYBLOB="008000000000000000000000dfffffff00000000ccb7a8f2ef7ed1b09d03edd387188614f6df6fe12b94e107bac325fff36e3c6d30a14256134305913fb2e6d62436fddf9fb71a589308576fff2e", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="04000000040000000100"/28], 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x100, 0x1, 0x28}, 0x50) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001480)=ANY=[@ANYBLOB="380000002e000100000000000000000008000000", @ANYRES32, @ANYBLOB="0b000080976b6408686030001400018099", @ANYBLOB="6401e8b279921be3c637378b8bb2d5"], 0x38}], 0x1}, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={r1, 0x58, &(0x7f0000000200)}, 0x10) 1.458629869s ago: executing program 1 (id=2644): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c0000004300090000000000000000000300000008000200", @ANYRES32=0x0, @ANYBLOB="82fd768464206f14a14d1dd6574d9768cb6121b2bb88504fc5d1f39f3513ed1b30c24081cc3cc7b51137e24482183ebb24fb19f28482b6e2cdc7f8d042670b670b8b4b6ca0e321f14cfa4003e898fba05f554a390e11d1fa2e3c0e281e590882013a08e138aaa49543417966abaa2955209e3840ecdaefc989dee8480428bc5be4563323e60142551319f12f65ee6e41200c3b5086e8fd2253553de176551bad0000000000000000000000000000000007d36567649b97835a1ed2913314dd603e512e538cc3be34a39b55e75f9c036eef066c0c123e5983effe32bcb3b80159d4ef10a71e08986461311893f9ae67ed8a5ad0feca82fb9e3d1439982b3acb9f29cca79470ffee2522715b94129828333e7fd833ff337d7943ba6a6388ff41536b4fc9f085c0c2df6af93af852331dd0635662dc0643ea9ea2d1483a6c1ee8b38b13f35f7a18b72c3a00da3ac526a611b176f654ded31217352df95c0e84104f1159f99fb8c5d102e688b1d37cc1ced10d6bc9b03897172817937ea5b8e1478169d62742e2"], 0x1c}}, 0x24000044) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000006c0)={'ip_vti0\x00', 0x0}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d00)=ANY=[@ANYBLOB="140000001000010000000000170000000000000a50060000060a090400000000000000000200000024000480200001800b0001006f626a7265660000100002800900020073797a30000000000900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a4ff77cf44e90cfd9332a8e587c216f31079a67b3d18e7695543d368287f41feee05cb07e12444b5f7d916b951978b95f73a2937df003076ec55fedc80ad0786d23d30d68c4b8ff737b00a457f188aa5cbb8d33ea0ff9aba24b49263976162486829f98"], 0x78}}, 0x0) setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000100)={r4, 0x2, 0x6, @local}, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) r7 = accept(0xffffffffffffffff, &(0x7f0000000640)=@tipc=@id, &(0x7f0000000840)=0x80) setsockopt$IP_VS_SO_SET_DELDEST(r7, 0x0, 0x488, &(0x7f00000008c0)={{0x16, @empty, 0x4e23, 0x0, 'wrr\x00', 0x1, 0x1, 0x7e}, {@empty, 0x4e24, 0x0, 0x5, 0xc3c, 0xfffffff9}}, 0x44) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000440), r1) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000500)={'ip6gre0\x00', &(0x7f0000000480)={'ip6_vti0\x00', r6, 0x4, 0x3, 0x8, 0x4, 0x18, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast1, 0x700, 0x20, 0xb4ef, 0x9}}) getsockname$packet(r3, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000600)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000005c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="14010000", @ANYRES16=r8, @ANYBLOB="10002dbd7000ffdbdf25010000001c00068008000700", @ANYRES32=r4, @ANYBLOB="0c00068008000300ac1414bb3c000180060005004e200000060001000a00000008000700", @ANYRES32=r4, @ANYBLOB="08000300ac1e010108000700", @ANYRES32=r9, @ANYBLOB="08000300e000000208000700", @ANYRES32=r6, @ANYBLOB="0800030006000000080003000300000048000680050002001000000014000400fc010000000000000000000000000001060005004e240000060001000a000000060001000a00000008000300ac1414aa08000700", @ANYRES32=r10, @ANYBLOB="0800030005000000080003000200000005000500010000002c0001800800060005000000060005004e23000005000200070000000500020007000000060001000a000000"], 0x114}, 0x1, 0x0, 0x0, 0x4000040}, 0x8804) socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000880)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @empty, @multicast1}}}], 0x20}}], 0x1, 0x4880) pselect6(0x40, &(0x7f00000000c0)={0x9, 0x8, 0x7, 0x3, 0x8, 0xa9f0, 0x4, 0x8}, &(0x7f0000000100)={0x4, 0xdf78, 0x6, 0x2, 0x64, 0x1, 0x5, 0x1}, &(0x7f0000000140)={0x81, 0x3f7, 0x3e3, 0x3, 0x10001, 0x0, 0x9, 0xbc3}, &(0x7f0000000180), &(0x7f0000000200)={&(0x7f00000009c0)={[0x5]}, 0x8}) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000980), r5) r12 = socket$nl_generic(0x10, 0x3, 0x10) r13 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r13, 0x8933, &(0x7f0000000640)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_OPER(r12, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000e00)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01082bbd7000fcdbdf25510000008d467b3077de798c4b08000300eec06f18eb2df644a3389f959bd4715993fc0bbd2dccd9aee0e8d19b88dc45d4433605d646f4e0292f2a522778f48c923218279dbcfac3a5e80c8dbeda5e3aac09d22a8ab332be84b3e07c72ea6af95338e92cc4589ed97a386eb7dcb2d329749a991b4b", @ANYRES32=r14, @ANYBLOB="05008a0004000000"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x24080000) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xc, &(0x7f0000000140)=@assoc_value={0x0}, &(0x7f0000000500)=0x8) socket(0x8, 0x1, 0x7) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000000)={r15, 0x9}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000b00)=ANY=[@ANYRES32=r15, @ANYBLOB="0200000000000000c8e8"], 0xc) sendmsg$NL80211_CMD_JOIN_IBSS(r7, &(0x7f0000000a80)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000a40)={&(0x7f0000000b40)={0x194, r11, 0x4, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r14}, @void}}, [@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_BSS_BASIC_RATES={0x17, 0x24, [{0x1d, 0x1}, {0x0, 0x1}, {0x1b, 0x1}, {0x6, 0x1}, {0x18, 0x1}, {0x1, 0x1}, {0x4}, {0x16, 0x1}, {0xc, 0x1}, {0x30, 0x1}, {0x6c, 0x1}, {0x48}, {0x60}, {0x1}, {0x1b}, {0x6}, {0x0, 0x1}, {0x60}, {0x5, 0x1}]}, @NL80211_ATTR_FREQ_FIXED={0x4}, @NL80211_ATTR_KEYS={0x158, 0x51, 0x0, 0x1, [{0x20, 0x0, 0x0, 0x1, [@NL80211_KEY_DEFAULT_MGMT={0x4}, @NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_SEQ={0x12, 0x4, "70f3fedd5f892d849fc9b697ba74"}]}, {0x5c, 0x0, 0x0, 0x1, [@NL80211_KEY_SEQ={0x6, 0x4, "c5b3"}, @NL80211_KEY_IDX={0x5, 0x2, 0x1}, @NL80211_KEY_SEQ={0x6, 0x4, "b6bd"}, @NL80211_KEY_IDX={0x5, 0x2, 0x2}, @NL80211_KEY_IDX={0x5, 0x2, 0x3}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}, @NL80211_KEY_DEFAULT_TYPES={0xc, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "ffe3683412e58ff20775eb09c9"}, @NL80211_KEY_DEFAULT_MGMT={0x4}, @NL80211_KEY_DEFAULT_MGMT={0x4}]}, {0x5c, 0x0, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x5}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}, @NL80211_KEY_TYPE={0x8}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}, @NL80211_KEY_TYPE={0x8, 0x7, 0x1}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "5eaff587c50178d86cdf490624"}, @NL80211_KEY_DEFAULT_TYPES={0x1c, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}]}, {0x5c, 0x0, 0x0, 0x1, [@NL80211_KEY_MODE={0x5, 0x9, 0x1}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "aa3b2af056812954d5d921746a"}, @NL80211_KEY_SEQ={0x9, 0x4, "dedce9679a"}, @NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_IDX={0x5, 0x2, 0x2}, @NL80211_KEY_DEFAULT_MGMT={0x4}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "94ab98d95014c4d7837edc0606"}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "ebe7ec2910"}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_KEY_TYPE={0x8, 0x7, 0x1}, @NL80211_KEY_DEFAULT_TYPES={0x8, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}]}, {0x4}]}]}, 0x194}, 0x1, 0x0, 0x0, 0x10000}, 0x850) 1.159579241s ago: executing program 0 (id=2645): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'essiv(cbc(aes),sha256)\x00'}, 0x58) (async) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) (async) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c00000044000701fcffffff00000000017c000038000480", @ANYRESOCT], 0x4c}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async, rerun: 64) r3 = socket(0x400000000010, 0x3, 0x0) (async, rerun: 64) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@newtclass={0x74, 0x28, 0x400, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0x0, 0x6}, {0xfff1, 0x4}, {0xa, 0xa}}, [@TCA_RATE={0x6, 0x5, {0x4, 0xf0}}, @tclass_kind_options=@c_mqprio={0xb}, @TCA_RATE={0x6, 0x5, {0x6, 0x4}}, @tclass_kind_options=@c_mq={0x7}, @tclass_kind_options=@c_taprio={0xb}, @TCA_RATE={0x6, 0x5, {0x4, 0x8}}, @tclass_kind_options=@c_fq_codel={0xd}, @tclass_kind_options=@c_tbf={0x8}]}, 0x74}}, 0x0) r6 = socket(0x10, 0x803, 0x0) (async, rerun: 32) r7 = socket$unix(0x1, 0x1, 0x0) (async, rerun: 32) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1000000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="000000000000008fc3c4bc0ae1018a9400000000000000028000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) (async) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000000)=@newtaction={0x6c, 0x30, 0x216822a75a8bdd29, 0x0, 0x0, {}, [{0x58, 0x1, [@m_simple={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0xb, 0x3, 'simple\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x0, 0x0, 0x20000000}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) (async) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r10, 0x5, 0xe, 0x0, &(0x7f0000000280)="432275e2065074ef2415f73227b2", 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) (async) ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r6, 0x8002f515, &(0x7f0000000140)) sendmsg$nl_route_sched(r6, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=@newtfilter={0x68, 0x2c, 0xd27, 0x70bd2a, 0x8000002, {0x0, 0x0, 0x0, r11, {0x0, 0x6}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_basic={{0xa}, {0x38, 0x2, [@TCA_BASIC_EMATCHES={0x34, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x28, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x10, 0x1, 0x0, 0x0, {{0xff, 0x1, 0x8001}, {0x8, 0x6a6, 0xffff, 0x5, 0x2, 0x2}}}, @TCF_EM_CONTAINER={0xc, 0x2, 0x0, 0x0, {{0xffff, 0x0, 0x7540}}}]}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x24008004}, 0x0) (async) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10) r12 = accept$alg(r0, 0x0, 0x0) r13 = socket$nl_route(0x10, 0x3, 0x0) r14 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r14, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r14, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x0, 0x0, @private0}], 0x2c) (async) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r14, 0x84, 0x1e, &(0x7f0000000140)=0x7fff, 0x4) (async, rerun: 32) sendmsg$nl_route(r13, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001840)=@newlink={0x74, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0xffff}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_XFRM_IF_ID={0x8, 0x2, 0xea}]}}}, @IFLA_IFNAME={0x14, 0x3, 'xfrm0\x00'}, @IFLA_MAP={0x24}]}, 0x74}}, 0x0) (async, rerun: 32) recvmsg(r12, &(0x7f0000007140)={0x0, 0x0, &(0x7f0000007100)=[{&(0x7f0000005600)=""/49, 0x31}], 0x39}, 0x40000102) 1.130675157s ago: executing program 4 (id=2647): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791090000000000007000000002000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x3f}, 0x48) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff) (async) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_TX_TS(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x40, r2, 0x800, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x5, 0x7a}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x80) (async, rerun: 64) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000007c0)={0x88, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PEERS={0x60, 0x8, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}]}, {0x30, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x7}]}, {0x1}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x88}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000) (rerun: 64) 1.03739295s ago: executing program 3 (id=2648): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000640), r2) (async) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000680)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEV(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000280)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010028bd7000fbdbdf251a00000004002e8008000300", @ANYRES32=r4, @ANYBLOB='4\x00.'], 0x6c}, 0x1, 0x0, 0x0, 0x20040040}, 0x20040) (async) r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff) (async) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000180)=0x0) (async) r7 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async, rerun: 64) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) r9 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r8) (async) ioctl$IOCTL_GET_NCIDEV_IDX(r7, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r10], 0x1c}}, 0x0) (async) r11 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r11, 0x0, &(0x7f00000000c0)=0x0) r13 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r14 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r15 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r14) sendmsg$NFC_CMD_DEV_UP(r13, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000c40)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r15, @ANYBLOB="010028bd7000fedbdf250200000008000100", @ANYRES32=r12], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004) (async) write$nci(r11, &(0x7f0000000040)=ANY=[@ANYBLOB="408001", @ANYRES64=r12], 0x4) (async, rerun: 32) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x34, r5, 0x200, 0x70bd2c, 0x25dfdbfb, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r6}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r10}, @NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r12}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x885) (async, rerun: 32) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) (async) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a7c000000060a0b0400000000000000000200aa90416c04804c0001800a000100696e6e65720000003c10028008000240000000470b71a1b8d366544cbd0135842840034000000047080004400000000f0800014000000000180006800e002000696d6d656469617465000000040002800900010073797a30000000000900020073797a32000000001400000011000100"], 0xa4}}, 0x0) 875.941944ms ago: executing program 2 (id=2649): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=@newlink={0x5c, 0x10, 0x503, 0x70bd26, 0x0, {}, [@IFLA_LINK={0x8, 0x5, r1}, @IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x8b4a, 0x10108}}}}}}, @IFLA_BROADCAST={0xa, 0x2, @local}]}, 0x5c}}, 0x0) 834.078334ms ago: executing program 0 (id=2650): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r0 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(0xffffffffffffffff, &(0x7f0000000280)={@val, @void, @eth={@multicast, @remote, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x1, 0x6, 0x14, 0x65, 0x0, 0x1, 0x32, 0x0, @dev={0xac, 0x14, 0x14, 0x2d}, @rand_addr=0x64010102}}}}}}, 0x26) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x0) r1 = socket$inet(0x2, 0x6000000000000001, 0x0) mmap(&(0x7f0000001000/0x200000)=nil, 0x200000, 0x2000001, 0x2011, r1, 0x0) 779.713223ms ago: executing program 1 (id=2651): r0 = socket$igmp(0x2, 0x3, 0x2) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='ip6erspan0\x00', 0x10) sendmsg$inet(r0, &(0x7f0000001ec0)={&(0x7f00000003c0)={0x2, 0x4e22, @multicast1}, 0x10, &(0x7f0000001d40)=[{&(0x7f0000000c40)="174f0309acc581c27c0835a541d5ace14751a6fb5991e1eabe613766930c5209d76188595688370a8db8878df98ad326d683f46b7b423a4583c043d396d52fafd67bbd19f7e86b03f0890da3e3e1ac30139e27351572c4c42e96f4dec4c0c9d710f16af63cc306aa379bad5c6e7ef0f71776f0abdddb9ba606e921bcb3ac6bbea2ab3a0823b23088bc5e39310f040dacfd595b4675421c0046d89f2840d233d1034173a0fe91900d926e8d3a481c32b4f6079741d13e2ebb782090c8f38a9daebb1dea84e78c216cd7f9f10bf4b35158e3b36df0c4e9e74b585fc66f7b1fe5305f073f6de409973543e731424ab0605f2f4dfd7efe495ea426a69b13b27b7497895984a1502bac0855ad2bb86e88efdd6c976bbd1cc04dc6b4e8d579f1aecdf38461db91d3661703dec17b9a22d66299cacd23fb463dbb3fd7d59674fa4c5ec8b36422965f55ae455ef5051d029fe657b3f6c79a2bbfe60b0d64870d4ca793ebf5054a40157f0c78c3337cb131700670bc7dfa1cfddb8eb2d85b97c56339f45c4ee490d259121cdccf7be5bbc0ab7a375d931c0365c9809756d4491c866161833663e49a310df546ed981572ca40e40faea56bb05216b3390d807f756db218749a1c9a1ee817b9e5e6a00ca98e185cd6f690cc9e9d1567788e572378f11f688d8133c58b727ae51f95787f7f9952b32ed1494ea7e55f21baea3c9edb8b4523bbef158c8c239d4a54faa5996eb1f3f1c06acf8cd273e298e44b5642b8a50369b152a67932f48bed55c1c01d9a0ad6b2a3540e753c16e3054d483baad028fe42b4e5ebe562b6350c3a093f7456dde046258b8bfe19494d19a66809b612ba8deefea6b7007460ad826313420ac8e3f889da3c9b01a3d1f76acbdafb990fbe8479ded245d750a534e61b6b5fe9914f3760cbe0434f0b1593579f9d124e7c90ef5a50b21aad14ecd0cd712164782cfd329175225d99f90df6d123dde263d9329317f501199ba87458c0ead4baddeef35da92fea8ac878fa84bebfce075cbf56fad7fe823198ef50ce9e24d6c888337cfecb65e6dc7a3bce8f7b2cf734a1bf52cc24b77045e94c39756cb4287777e6f7bdfa19c387565dcb5258c3758a6d8cf94fa2adde5454735f944f6fde3c61376bf65c4c65bf973e1bdcd646b5883098b9f00712ab947b5a45ae1949357a7ef580895e7201e36ae4ab14da32e0a55327d25278d07e102c4e45f6566f5394c2259baa6b5b9511751c35ad74364be8bcfb77b0eb0d3c182dd50ae9fa498d5595bce5201d43acf6411e8e6074bdf001d4e4ddae00133002d9af61c3d9b594a230511c77460e477ab5d9d3d2dbdad6a971c4d4911d877a6d9eae79196e95565994954a3904d473fb369983020b99466c804127e8baf8147b5d228a17608d3ab4c31c6ad03135929e35feb8d166f5f820e40f94dd8102c9ca76ac48c3d668b00ca76cff37dcd35ddbf63b62ecaf7934a8ede4980f3294365ea63f7584373f638134fba55526983dabf2f189c70ddec701b55256d383dd802b4b09b801fb6cbe3408c9eb6d1fd85bf93b60b966680485d4550a3aa3454d888d6f8e81f669d4d87914041ac313e39f0ae29f31dedba1c5964c6729045cbd010e4469a7220335f76983c7d22a53401cb25444b9103643843726bdbb28d4032f9258f8539b9a7dfd6558b2c524d38c9e2e1c23fd7a6a42bf4bb5ebdf0b75ecc547ef15865536ee1de07155bc5e6b5a227c1170a6e4e44991f0685219c417d7194a4cdbce6a1e76f830fdd07887b49a3b648772b6e1b6fda08931540cc521e44f3fb221ce86438759704ce2422653a35f62c483a21ae6b34b14e6d900172dddecf8846a9423d784341296e141423f1c1efed6a0c334430647c0408af67c54a8cad69a43bf28ebe4a650343151223969bafa661999342df2a160f45b950f258f1e444575d6251a917bfcbb4dc834bd08d4deeb3be0dabade5f46060e54bc71f137f47e4233804eb9de", 0x589}], 0x1, &(0x7f0000001dc0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xf}, @loopback}}}, @ip_retopts={{0x38, 0x0, 0x7, {[@noop, @generic={0x82, 0x12, "d0581ddc37253c05f7c0c7a54e649600"}, @timestamp_prespec={0x44, 0x14, 0x67, 0x3, 0x7, [{@dev={0xac, 0x14, 0x14, 0x30}, 0x10}, {@rand_addr=0x64010102, 0x5e}]}]}}}], 0x58}, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r5, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}, 0x1, 0x0, 0x0, 0x4040004}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0xffffffffffffff63, &(0x7f0000000400)={&(0x7f0000000180)=ANY=[@ANYBLOB="000000007200000326bd7000fcdbdf2507000000", @ANYRES32=r5, @ANYBLOB="0000010000000000000001000100000000000100010000000b00000000010001000000c6539f6f4e1b78f4e3a1484c2346969c0000b40000000000000001000100000000000100"/88], 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x0) 735.851967ms ago: executing program 3 (id=2652): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$NL80211_CMD_REQ_SET_REG(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002bbd700000dbdf250000000000"], 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x8840) 688.738564ms ago: executing program 4 (id=2653): r0 = socket$vsock_stream(0x28, 0x1, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_DYING(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, 0x6, 0x1, 0x101, 0x0, 0x0, {0x1, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x20040801}, 0x20008040) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000940)={0x4, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48) bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10) listen(r0, 0x0) r2 = accept(r0, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="120000000400000004000000a4"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, 0x0, &(0x7f00000002c0)=@tcp6=r2}, 0x20) 616.371505ms ago: executing program 3 (id=2654): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) getsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f00000000c0), 0x2) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x800, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x400}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000780)=@newtfilter={0x64, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xf}, {}, {0x7, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x34, 0x2, [@TCA_FLOW_EMATCHES={0x30, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x24, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x20, 0x1, 0x0, 0x0, {{0xfffa, 0x7, 0x8001}, {{0x2, 0x0, 0x1}, {0x3, 0x0, 0x1, 0x1}}}}, @TCF_EM_CONTAINER={0xc, 0x2, 0x0, 0x0, {{0x8, 0x0, 0xe}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}]}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x10}, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = socket$vsock_stream(0x28, 0x1, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=@gettclass={0x24, 0x2a, 0x0, 0x70bd2b, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0x10}, {0xc, 0x1}, {0xfff1, 0xb}}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x4010}, 0x4008800) connect$vsock_stream(r6, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast6)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r8 = accept4(r7, 0x0, 0x0, 0x0) sendmsg$alg(r8, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x800}, 0x4000010) recvfrom$inet(r8, &(0x7f0000000000)=""/8, 0xfffffffffffffd21, 0x100ca, 0x0, 0xfffffffffffffd25) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r6, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112) r9 = openat$cgroup_ro(r5, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) preadv(r9, &(0x7f0000000140)=[{&(0x7f0000000540)=""/72, 0x48}], 0x1, 0x9, 0x0) 555.713879ms ago: executing program 2 (id=2655): r0 = socket(0x1, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r0, 0x89fa, &(0x7f0000000100)={'sit0\x00', &(0x7f0000000040)={@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x16, 0x8}}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) pread64(r1, &(0x7f0000000b40)=""/4096, 0x1000, 0x3) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) setsockopt$MRT6_DEL_MIF(r1, 0x29, 0xcb, &(0x7f0000000080)={0x0, 0x0, 0x2f, r2, 0x5}, 0xc) 555.338949ms ago: executing program 1 (id=2656): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_queued_recursive\x00', 0x7a44, 0x1700) ioctl$FS_IOC_RESVSP(r0, 0x40305829, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x6}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r0, 0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)=r0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r1, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000240)=r0}, 0x20) ioctl$BTRFS_IOC_QGROUP_LIMIT(r2, 0x8030942b, &(0x7f00000002c0)={0x40, {0x4, 0x8, 0x9, 0x400000000000000, 0x4}}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x10, 0xc, &(0x7f00000001c0)=@raw=[@map_idx_val={0x18, 0x6, 0x6, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0x3}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @call={0x85, 0x0, 0x0, 0x8c}], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x233c802a0a740b9a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) 464.043107ms ago: executing program 1 (id=2657): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4e11}, [@IFLA_LINKINFO={0x10, 0x12, 0x0, 0x1, @vti={{0x8}, {0x4}}}]}, 0x30}, 0x1, 0x2000000000000000}, 0x0) ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, &(0x7f0000000000)={0x1, 'pim6reg\x00', {}, 0xe25}) 439.181887ms ago: executing program 2 (id=2658): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="300000002b000701feffffff00000000037c00000c0001800100000001000000100002800c0001"], 0x30}, 0x1, 0x0, 0x0, 0x4048011}, 0x8010) recvmmsg$unix(r0, 0x0, 0x0, 0x10000, 0x0) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB='(\x00\x00H', @ANYRES16=0x0, @ANYBLOB="000000000000000000000b00000008000300000000000c00018008000700", @ANYRES32=0x0, @ANYBLOB], 0x28}}, 0x0) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="140100001f000504000000000000000004"], 0x114}], 0x1}, 0x0) sendmsg$netlink(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)=ANY=[@ANYBLOB="1c0000002d002100000000000000000004000080080009002f"], 0x1c}], 0x1}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_GET(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x3c, r5, 0x1, 0x70bd27, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x5}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000001}, 0x4) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r0, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000100)={&(0x7f0000000400)={0x148, r5, 0x722, 0x70bd25, 0x25dfdbfb, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x2}, {0x6, 0x11, 0x3}, {0x8, 0x15, 0x5}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x593}, {0x6, 0x11, 0xd19c}, {0x8, 0x15, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x82}, {0x6}, {0x8, 0x15, 0x754}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x6}, {0x6, 0x11, 0x7}, {0x8, 0x15, 0x8}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x5}, {0x6, 0x11, 0xdbd5}, {0x8, 0x15, 0x5}}]}, 0x148}, 0x1, 0x0, 0x0, 0x40040}, 0x20000000) 395.645253ms ago: executing program 0 (id=2659): r0 = socket$netlink(0x10, 0x3, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r1, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) unshare(0x20060000) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000100)=@id={0x1e, 0x3, 0x2, {0x4e24, 0x1}}, 0xd) r3 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MIF(r3, 0x29, 0xca, &(0x7f0000000000)={0x2, 0x1, 0x0, 0x0, 0x200}, 0x3a) setsockopt$MRT6_FLUSH(r3, 0x29, 0xd4, &(0x7f0000000080)=0x9, 0x4) r4 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r4, &(0x7f0000000440)=[{{&(0x7f0000000280)={0x2, 0x4e22, @rand_addr=0x64010100}, 0x10, &(0x7f0000000980)}}, {{&(0x7f0000000080)={0x2, 0x4e22, @rand_addr=0x64010111}, 0x10, &(0x7f0000000200)=[{&(0x7f00000001c0)="99", 0x1}], 0x1}}], 0x2, 0x48000) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xc, &(0x7f00000002c0)=@assoc_value={0x0}, &(0x7f0000000040)=0x59) setsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000001080)=@assoc_value={r5, 0x5}, 0x8) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @mcast1, 0x1}, 0x1c) connect$inet6(r1, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @private1}, 0x1c) r6 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r6, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r6, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) connect$inet6(r6, &(0x7f0000000300)={0xa, 0x4e22, 0x2, @private1, 0x5}, 0x1c) r7 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r7, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r7, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x41}}}, 0x1c) connect$inet6(r7, &(0x7f0000000300)={0xa, 0x4e22, 0x2, @private1, 0x5}, 0x1c) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'veth0\x00'}) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r8 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_STATISTICS(r8, 0x11b, 0x7, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) 341.934589ms ago: executing program 1 (id=2660): recvmmsg(0xffffffffffffffff, &(0x7f00000015c0)=[{{0x0, 0x0, 0x0}, 0xff}], 0x1, 0x40010000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000580)={0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x12, 0x24, 0x4, 0x2}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000780)={{r1, 0xffffffffffffffff}, &(0x7f0000000700), &(0x7f0000000740)=r0}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r2, &(0x7f00000007c0), 0x0}, 0x20) r3 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r4 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r4, &(0x7f0000000100)={0x1d, r5, 0x0, {0x1, 0x0, 0x4}, 0x1}, 0x18) sendmsg$can_j1939(r4, &(0x7f0000001680)={&(0x7f0000000000)={0x1d, r5, 0x0, {0x1, 0x0, 0x3}}, 0x18, &(0x7f0000001880)={0x0}}, 0x15) r6 = socket$netlink(0x10, 0x3, 0x0) writev(r6, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) r7 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r7, 0x0, 0x23, &(0x7f0000000080)={@multicast2, @loopback}, 0xc) setsockopt$inet_mreqsrc(r3, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4000002, 0x3032, 0xffffffffffffffff, 0x2a1cf000) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000003, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c00000015000504e1ff4319918e00352d4e496b"], 0x2c}}, 0x60040050) 268.40884ms ago: executing program 3 (id=2661): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000027c0)=@base={0x4, 0x4, 0x4, 0x10005, 0x800}, 0x48) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000000)={r0, 0xa2, &(0x7f00000003c0)={0x0, 0x0}}, 0x10) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r2, 0x0, 0x33, &(0x7f0000000000)=0x80000000, 0x4) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) listen(r2, 0xe) setsockopt$inet_int(r3, 0x0, 0x33, &(0x7f0000000000)=0x80000000, 0x4) bind$l2tp(r3, &(0x7f0000000080)={0x2, 0x0, @broadcast, 0x2}, 0x10) r4 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000001040)={r1}, 0xc) close(r4) 147.904755ms ago: executing program 2 (id=2662): r0 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'veth1\x00', 0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', r1, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000}, 0xd1) 128.402958ms ago: executing program 2 (id=2663): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r0, 0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000005c0)}, 0xffffffffffffff9c) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0xd, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="760a0000182800000000000000000000000051bab3b4e17c19daa68401d0c7616838036ea51d1ed0fd7b255d27090e109bba09a54e9d13a751ff07ba274a69a0a48aff72ed975258ebdd79175060e88c38fdfc9d9b7b29b34f48180fd7d4f975835d39a7d9d75c142b44556c236d84ecfb19a39d4ad5e5a2113adc76a25eebfad71726f2cb0337c22f42961f004fe3309b60848c78b173a9ba44b926fd0d757237b0c285b1cc5062a18d2b93f5334d1046bdf8796c431d459d3cf02c894c953380b0d9ebf7bd1c81e672627f109abc21c8bf67a4b327579f961eb599c8de12bdc0b255b26b7c52f7e1a9cfacb029e96ac20fa19e9da34a01358f98548dd2b4a26cddd586db5c379619f5ddddccd9998ce2a7726cf7698e893ffd33bb4d11d3587542bad43384c5d043dcc2e4fd1b423dbf6fddcec04bc09d9c7dd7d8f4aef590f75503a0508390cfff5bcb923dda15878a593dd04016c513c3e470c60a77937548da9e8dbf369764bedfaf1770eb8f432f19d7cedd9addb607b7ddc0d4547da06d56a7", @ANYRES32=r1, @ANYBLOB="00000000010000009500000000000000"], &(0x7f0000000000)='GPL\x00'}, 0x94) r2 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$MRT6_DEL_MIF(r2, 0x29, 0xcb, &(0x7f0000000040)={0x1, 0x1, 0x6, 0x0, 0x269b02a0}, 0xc) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=@newtaction={0x64, 0x30, 0x9e54f29ff072a93b, 0x0, 0x25dfdbfc, {}, [{0x50, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x4}, 0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_DAEMON(r3, &(0x7f0000000500)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x74, r4, 0x100, 0x70bd2a, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DEST={0x54, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x169}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@local}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xe00}, @IPVS_DEST_ATTR_WEIGHT={0x8}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@loopback}]}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x4004080}, 0x1) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5}, 0x50) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r0}, &(0x7f0000000080), &(0x7f00000005c0)}, 0xffffffffffffff9c) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0xd, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="760a0000182800000000000000000000000051bab3b4e17c19daa68401d0c7616838036ea51d1ed0fd7b255d27090e109bba09a54e9d13a751ff07ba274a69a0a48aff72ed975258ebdd79175060e88c38fdfc9d9b7b29b34f48180fd7d4f975835d39a7d9d75c142b44556c236d84ecfb19a39d4ad5e5a2113adc76a25eebfad71726f2cb0337c22f42961f004fe3309b60848c78b173a9ba44b926fd0d757237b0c285b1cc5062a18d2b93f5334d1046bdf8796c431d459d3cf02c894c953380b0d9ebf7bd1c81e672627f109abc21c8bf67a4b327579f961eb599c8de12bdc0b255b26b7c52f7e1a9cfacb029e96ac20fa19e9da34a01358f98548dd2b4a26cddd586db5c379619f5ddddccd9998ce2a7726cf7698e893ffd33bb4d11d3587542bad43384c5d043dcc2e4fd1b423dbf6fddcec04bc09d9c7dd7d8f4aef590f75503a0508390cfff5bcb923dda15878a593dd04016c513c3e470c60a77937548da9e8dbf369764bedfaf1770eb8f432f19d7cedd9addb607b7ddc0d4547da06d56a7", @ANYRES32=r1, @ANYBLOB="00000000010000009500000000000000"], &(0x7f0000000000)='GPL\x00'}, 0x94) (async) socket$igmp6(0xa, 0x3, 0x2) (async) setsockopt$MRT6_DEL_MIF(r2, 0x29, 0xcb, &(0x7f0000000040)={0x1, 0x1, 0x6, 0x0, 0x269b02a0}, 0xc) (async) socket$netlink(0x10, 0x3, 0x0) (async) sendmsg$nl_route_sched(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=@newtaction={0x64, 0x30, 0x9e54f29ff072a93b, 0x0, 0x25dfdbfc, {}, [{0x50, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x4}, 0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0) (async) syz_genetlink_get_family_id$ipvs(&(0x7f0000000400), 0xffffffffffffffff) (async) sendmsg$IPVS_CMD_GET_DAEMON(r3, &(0x7f0000000500)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x74, r4, 0x100, 0x70bd2a, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DEST={0x54, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x169}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@local}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xe00}, @IPVS_DEST_ATTR_WEIGHT={0x8}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@loopback}]}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x4004080}, 0x1) (async) 121.281373ms ago: executing program 3 (id=2664): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b7000000000000006111900000000000c6000000ffff00009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x47}, 0x48) (async) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@getroute={0x14, 0x1a, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x6000000}, 0x4040000) 7.562616ms ago: executing program 2 (id=2665): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2c000000190001090000000000000000021800200000ff000000000008000100ac141400"], 0x2c}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in, @in6=@remote, 0x0, 0x0, 0x4e22, 0x0, 0x2, 0x0, 0x0, 0x11}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x200000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x2, 0x2b}, 0xa, @in=@local, 0x0, 0x1, 0x0, 0x0, 0x4}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x2c, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x100000c6}, 0x24000010) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000000)=0x12, 0x4) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r4, 0x10e, 0x2, &(0x7f00000000c0)=0x12, 0x4) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000200)={{{@in6=@remote, @in=@dev}}, {{@in=@multicast1}, 0x0, @in6=@private0}}, &(0x7f0000000080)=0xe8) getsockopt$inet_int(r3, 0x0, 0xe, 0x0, &(0x7f0000000040)) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r5, &(0x7f0000000100)={0x1f, 0x4, 0xb}, 0x4) write$bt_hci(r5, &(0x7f0000000080)=ANY=[@ANYBLOB="015cff"], 0x7) socket$netlink(0x10, 0x3, 0x4) 0s ago: executing program 3 (id=2666): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) (async) sendmmsg$nfc_llcp(0xffffffffffffffff, &(0x7f0000000c40)=[{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000400)="5afb194ddebc95dcd8839fc0a5ecb47d498a28c6f1629ecdec359aee4b872cc2753b44553912fd97ad3b86df16dd3ba0465a6a68cb4fec9712bb5fe10da4f0e483728ae89dcf7127be9d57662b0c5c94756ee06aa974e31712ef08efca6679a7b4415d06f00ec4d9b6b01ad324764bd4fb736c3d60bc4e528111746972772f", 0x7f}], 0x1, 0x0, 0x0, 0xc000}], 0x1, 0x41) (async) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) (async) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r3, 0x0, 0x2c, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @empty}}}, 0x108) (async) write$tun(r1, &(0x7f0000000440)={@val={0x70}, @void, @eth={@broadcast, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x452c, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x6558, 0x18, 0x0, @wg=@data={0x4, 0x0, 0xffffdd86}}}}}}}, 0xfdef) (async) r4 = accept4(r0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xc, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x73}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) (async) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x84, &(0x7f0000000000)={0x0, @in={{0x2, 0x4e20, @empty}}, 0xfffd}, 0x90) kernel console output (not intermixed with test programs): tlink: 'syz.3.709': attribute type 2 has an invalid length. [ 146.537159][ T8440] netlink: 'syz.3.709': attribute type 8 has an invalid length. [ 146.867682][ T8472] vlan2: entered allmulticast mode [ 147.196947][ T8495] __nla_validate_parse: 6 callbacks suppressed [ 147.196967][ T8495] netlink: 8 bytes leftover after parsing attributes in process `syz.0.724'. [ 147.212757][ T8495] netlink: 24 bytes leftover after parsing attributes in process `syz.0.724'. [ 147.369984][ T8503] dvmrp0: entered allmulticast mode [ 147.394999][ T8503] dvmrp0: left allmulticast mode [ 147.517373][ T8503] netlink: 8 bytes leftover after parsing attributes in process `syz.3.726'. [ 147.712270][ T8518] netlink: 'syz.0.730': attribute type 2 has an invalid length. [ 147.940630][ T8522] netlink: 8 bytes leftover after parsing attributes in process `syz.2.732'. [ 148.132951][ T8536] ieee802154 phy0 wpan0: encryption failed: -90 [ 148.184347][ T8536] wlan0 speed is unknown, defaulting to 1000 [ 148.335436][ T8549] netlink: 32 bytes leftover after parsing attributes in process `syz.0.740'. [ 148.361910][ T8543] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.369721][ T8543] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.955339][ T8569] netlink: 16 bytes leftover after parsing attributes in process `syz.0.742'. [ 150.374209][ T8577] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 150.381925][ T8577] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 150.390885][ T8577] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 150.403209][ T8577] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 150.517552][ T8580] netlink: 'syz.2.746': attribute type 10 has an invalid length. [ 150.526138][ T8583] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 26:8c:b8:9e:14:f0 [ 150.561488][ T8583] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 26:8c:b8:9e:14:f0 [ 150.576297][ T8583] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 26:8c:b8:9e:14:f0 [ 150.594484][ T8583] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 26:8c:b8:9e:14:f0 [ 150.625373][ T8583] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 26:8c:b8:9e:14:f0 [ 150.643580][ T8583] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 26:8c:b8:9e:14:f0 [ 150.664186][ T8583] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 26:8c:b8:9e:14:f0 [ 151.033524][ T8596] tipc: Enabled bearer , priority 0 [ 151.194505][ T8596] tipc: Disabling bearer [ 151.203511][ T8614] netlink: 16 bytes leftover after parsing attributes in process `syz.0.756'. [ 151.358689][ T8622] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 151.391011][ T8624] netlink: 92 bytes leftover after parsing attributes in process `syz.0.760'. [ 151.413356][ T8624] netlink: 4 bytes leftover after parsing attributes in process `syz.0.760'. [ 151.486710][ T8627] wlan0 speed is unknown, defaulting to 1000 [ 151.566068][ T8628] IPVS: set_ctl: invalid protocol: 43 172.30.0.4:20000 [ 151.589143][ T8628] netlink: 24 bytes leftover after parsing attributes in process `syz.3.761'. [ 151.600495][ T8628] ifb0: entered promiscuous mode [ 151.605508][ T8628] ifb0: entered allmulticast mode [ 151.790781][ T8635] netlink: 'syz.0.764': attribute type 1 has an invalid length. [ 151.816791][ T8635] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 151.930789][ T8630] wlan0 speed is unknown, defaulting to 1000 [ 151.960902][ T8636] IPVS: set_ctl: invalid protocol: 50 10.1.1.2:20000 [ 151.992010][ T8636] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 152.447203][ T8646] netlink: 80 bytes leftover after parsing attributes in process `syz.4.765'. [ 153.001161][ T8667] syzkaller0: entered promiscuous mode [ 153.006976][ T8667] syzkaller0: entered allmulticast mode [ 153.022354][ T8666] tipc: Enabled bearer , priority 0 [ 153.039891][ T8667] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 153.100777][ T8666] tipc: Resetting bearer [ 153.136090][ T8664] tipc: Resetting bearer [ 153.190178][ T8664] tipc: Disabling bearer [ 153.488391][ T8689] netlink: 16 bytes leftover after parsing attributes in process `syz.3.778'. [ 153.613926][ T8698] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 153.642734][ T8698] netlink: 8 bytes leftover after parsing attributes in process `syz.2.781'. [ 153.656398][ T8698] netlink: 4 bytes leftover after parsing attributes in process `syz.2.781'. [ 153.673187][ T8698] netlink: 'syz.2.781': attribute type 15 has an invalid length. [ 153.885825][ T8710] netlink: 8 bytes leftover after parsing attributes in process `syz.3.785'. [ 153.935884][ T8712] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 153.948258][ T8712] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.962110][ T8715] netlink: 4 bytes leftover after parsing attributes in process `syz.4.787'. [ 154.013144][ T8715] netlink: 4 bytes leftover after parsing attributes in process `syz.4.787'. [ 154.084185][ T8712] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 154.095112][ T8712] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.178747][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 154.225933][ T8712] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 154.250298][ T8712] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.344035][ T8712] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 154.357382][ T8712] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.507337][ T78] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 154.523148][ T78] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.544641][ T78] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 154.554230][ T78] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.590240][ T78] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 154.601180][ T78] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.675946][ T78] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 154.703307][ T78] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.791122][ T8746] wlan0 speed is unknown, defaulting to 1000 [ 154.821887][ T8748] netlink: 16 bytes leftover after parsing attributes in process `syz.2.796'. [ 154.933324][ T8752] netlink: 100 bytes leftover after parsing attributes in process `syz.2.798'. [ 154.989936][ T8752] netlink: 'syz.2.798': attribute type 1 has an invalid length. [ 155.000534][ T8752] nbd: error processing sock list [ 155.005964][ T8752] block nbd0: shutting down sockets [ 155.168602][ T8755] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 155.176169][ T8755] IPv6: NLM_F_CREATE should be set when creating new route [ 155.183546][ T8755] IPv6: NLM_F_CREATE should be set when creating new route [ 155.190916][ T8755] IPv6: NLM_F_CREATE should be set when creating new route [ 155.219685][ T8755] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 155.575252][ T8773] pimreg: entered allmulticast mode [ 155.958198][ T8793] netlink: 56 bytes leftover after parsing attributes in process `syz.2.813'. [ 155.978649][ T8793] lo speed is unknown, defaulting to 1000 [ 155.984503][ T8793] lo speed is unknown, defaulting to 1000 [ 156.025145][ T8793] lo speed is unknown, defaulting to 1000 [ 156.073209][ T8798] netlink: 'syz.0.814': attribute type 11 has an invalid length. [ 156.087466][ T8793] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 156.138000][ T8793] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 156.190532][ T8800] netlink: 'syz.4.815': attribute type 14 has an invalid length. [ 156.232837][ T8800] netlink: 'syz.4.815': attribute type 13 has an invalid length. [ 156.253814][ T8793] lo speed is unknown, defaulting to 1000 [ 156.314381][ T8793] lo speed is unknown, defaulting to 1000 [ 156.396164][ T8793] lo speed is unknown, defaulting to 1000 [ 156.409372][ T8809] Illegal XDP return value 16128 on prog (id 125) dev syz_tun, expect packet loss! [ 156.414301][ T8793] lo speed is unknown, defaulting to 1000 [ 156.464444][ T8793] lo speed is unknown, defaulting to 1000 [ 156.836834][ T8831] netlink: 'syz.3.827': attribute type 1 has an invalid length. [ 156.925529][ T8831] bond2: (slave ipvlan0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 156.938757][ T8831] bond2: (slave ipvlan0): The slave device specified does not support setting the MAC address [ 156.949373][ T8831] bond2: (slave ipvlan0): Setting fail_over_mac to active for active-backup mode [ 157.016630][ T8836] bond2: (slave ipvlan0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 157.033266][ T8836] bond2: (slave ipvlan0): The slave device specified does not support setting the MAC address [ 157.403906][ T8863] netlink: 'syz.0.836': attribute type 6 has an invalid length. [ 157.568723][ T8874] __nla_validate_parse: 5 callbacks suppressed [ 157.568743][ T8874] netlink: 284 bytes leftover after parsing attributes in process `syz.3.841'. [ 157.631463][ T8875] netlink: 36 bytes leftover after parsing attributes in process `syz.0.840'. [ 157.651764][ T8877] netlink: 24 bytes leftover after parsing attributes in process `syz.2.842'. [ 157.755660][ T8882] tipc: Enabled bearer , priority 0 [ 157.766929][ T8882] syzkaller0: entered promiscuous mode [ 157.772661][ T8882] syzkaller0: entered allmulticast mode [ 157.782641][ T8883] netlink: 'syz.3.844': attribute type 10 has an invalid length. [ 157.850205][ T8883] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 157.875434][ T8882] tipc: Resetting bearer [ 157.888461][ T8878] tipc: Resetting bearer [ 157.923594][ T8878] tipc: Disabling bearer [ 158.101118][ T8850] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 158.126942][ T8901] netlink: 20 bytes leftover after parsing attributes in process `syz.4.849'. [ 158.148177][ T8850] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 158.262771][ T8850] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 158.280081][ T8850] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 158.335859][ T8850] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 158.357888][ T8850] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 158.394659][ T8850] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 158.403537][ T8850] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 158.442860][ T8850] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 158.449208][ T8850] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 158.652802][ T8926] netlink: 24 bytes leftover after parsing attributes in process `syz.3.852'. [ 158.705232][ T8927] netlink: 24 bytes leftover after parsing attributes in process `syz.3.852'. [ 159.685875][ T8943] netlink: 12 bytes leftover after parsing attributes in process `syz.3.860'. [ 159.875792][ T8962] netlink: 'syz.3.865': attribute type 1 has an invalid length. [ 160.910555][ T8993] netlink: 'syz.2.871': attribute type 3 has an invalid length. [ 160.923185][ T8995] (unnamed net_device) (uninitialized): option all_slaves_active: invalid value (222) [ 161.064058][ T9006] netlink: 4 bytes leftover after parsing attributes in process `syz.4.875'. [ 161.406045][ T9031] netlink: 9 bytes leftover after parsing attributes in process `syz.0.882'. [ 161.417086][ T9031] gretap0: entered promiscuous mode [ 161.453384][ T9031] netlink: 5 bytes leftover after parsing attributes in process `syz.0.882'. [ 161.481415][ T9031] 0ªî{X¹¦: renamed from gretap0 [ 161.493058][ T9031] 0ªî{X¹¦: left promiscuous mode [ 161.499040][ T9031] 0ªî{X¹¦: entered allmulticast mode [ 161.507064][ T9031] net_ratelimit: 1 callbacks suppressed [ 161.507082][ T9031] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 162.247839][ T9064] wlan0 speed is unknown, defaulting to 1000 [ 162.256047][ T9069] sctp: [Deprecated]: syz.1.893 (pid 9069) Use of int in max_burst socket option. [ 162.256047][ T9069] Use struct sctp_assoc_value instead [ 162.471295][ T9084] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 162.519527][ T9084] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 162.528657][ T9086] netlink: 'syz.1.898': attribute type 32 has an invalid length. [ 162.593245][ T9091] __nla_validate_parse: 4 callbacks suppressed [ 162.593264][ T9091] netlink: 8 bytes leftover after parsing attributes in process `syz.3.899'. [ 162.595404][ T9064] lo speed is unknown, defaulting to 1000 [ 162.602550][ T9091] netlink: 8 bytes leftover after parsing attributes in process `syz.3.899'. [ 162.666916][ T9091] netlink: 8 bytes leftover after parsing attributes in process `syz.3.899'. [ 162.890194][ T9106] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 163.116355][ T9118] netlink: 24 bytes leftover after parsing attributes in process `syz.1.904'. [ 163.128832][ T9109] team0: Device gtp0 is of different type [ 163.270228][ T9128] bridge0: port 4(veth0_to_bridge) entered blocking state [ 163.290059][ T9127] netlink: 'syz.4.908': attribute type 33 has an invalid length. [ 163.299562][ T9127] netlink: 152 bytes leftover after parsing attributes in process `syz.4.908'. [ 163.306291][ T9128] bridge0: port 4(veth0_to_bridge) entered disabled state [ 163.316803][ T9128] veth0_to_bridge: entered allmulticast mode [ 163.325374][ T9128] veth0_to_bridge: entered promiscuous mode [ 163.343157][ T9129] netlink: 4 bytes leftover after parsing attributes in process `syz.4.908'. [ 163.353000][ T9123] netlink: 8 bytes leftover after parsing attributes in process `syz.1.904'. [ 163.715611][ T9140] netlink: 12 bytes leftover after parsing attributes in process `syz.4.910'. [ 164.022519][ T9162] netlink: 56 bytes leftover after parsing attributes in process `syz.3.916'. [ 164.149002][ T9165] netlink: 16 bytes leftover after parsing attributes in process `syz.0.915'. [ 164.276980][ T9173] netlink: 'syz.4.919': attribute type 1 has an invalid length. [ 164.739352][ T9213] netlink: 'syz.0.928': attribute type 29 has an invalid length. [ 164.908934][ T9221] netlink: 'syz.1.929': attribute type 1 has an invalid length. [ 165.028712][ T9222] bond3 (unregistering): Released all slaves [ 165.469386][ T9242] netlink: 'syz.2.937': attribute type 2 has an invalid length. [ 165.481541][ T9242] netlink: 'syz.2.937': attribute type 2 has an invalid length. [ 165.535321][ T9245] netlink: 'syz.0.938': attribute type 10 has an invalid length. [ 165.575473][ T9245] batman_adv: batadv0: Interface deactivated: dummy0 [ 165.607011][ T9245] batman_adv: batadv0: Removing interface: dummy0 [ 165.715548][ T9245] team0: Port device dummy0 added [ 165.742533][ T9255] netlink: 'syz.4.940': attribute type 12 has an invalid length. [ 165.761942][ T9255] netlink: 'syz.4.940': attribute type 29 has an invalid length. [ 166.062272][ T9273] IPVS: set_ctl: invalid protocol: 44 224.0.0.1:20001 [ 166.153543][ T9283] bond3 (unregistering): Released all slaves [ 166.445921][ T9294] wlan0 speed is unknown, defaulting to 1000 [ 166.450382][ T9300] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 166.512172][ T9304] tipc: Enabled bearer , priority 0 [ 166.548700][ T9304] syzkaller0: entered promiscuous mode [ 166.568681][ T9304] syzkaller0: entered allmulticast mode [ 166.613352][ T9300] tipc: Resetting bearer [ 166.637634][ T9298] tipc: Resetting bearer [ 166.713924][ T9298] tipc: Disabling bearer [ 167.085231][ T9294] lo speed is unknown, defaulting to 1000 [ 167.101351][ T30] audit: type=1800 audit(1756765870.266:4): pid=9306 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.953" name="memory.events" dev="tmpfs" ino=1083 res=0 errno=0 [ 167.492765][ T9343] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 167.695176][ T9355] validate_nla: 1 callbacks suppressed [ 167.695197][ T9355] netlink: 'syz.1.966': attribute type 4 has an invalid length. [ 168.585782][ T9397] __nla_validate_parse: 6 callbacks suppressed [ 168.585802][ T9397] netlink: 4 bytes leftover after parsing attributes in process `syz.1.976'. [ 168.604823][ T9397] openvswitch: netlink: Flow key attr not present in new flow. [ 168.732336][ T9414] netlink: 8 bytes leftover after parsing attributes in process `syz.4.980'. [ 168.776757][ T9416] bridge3: the hash_elasticity option has been deprecated and is always 16 [ 168.787200][ T9421] netlink: 1196 bytes leftover after parsing attributes in process `syz.2.984'. [ 168.854113][ T9426] netlink: 'syz.0.985': attribute type 2 has an invalid length. [ 168.878026][ T9426] netlink: 'syz.0.985': attribute type 8 has an invalid length. [ 168.898486][ T9426] netlink: 132 bytes leftover after parsing attributes in process `syz.0.985'. [ 169.002968][ T9434] netlink: 40 bytes leftover after parsing attributes in process `syz.3.987'. [ 169.217703][ T9440] netlink: 8 bytes leftover after parsing attributes in process `syz.3.988'. [ 169.480641][ T9453] tipc: Enabled bearer , priority 0 [ 169.599721][ T9465] netlink: 112 bytes leftover after parsing attributes in process `syz.4.997'. [ 169.609099][ T9465] nbd: must specify at least one socket [ 169.675501][ T9468] netlink: 104 bytes leftover after parsing attributes in process `syz.4.997'. [ 169.694178][ T9464] netlink: 'syz.0.995': attribute type 1 has an invalid length. [ 171.037542][ T9454] tipc: Disabling bearer [ 171.289172][ T9494] netlink: 'syz.1.1005': attribute type 10 has an invalid length. [ 171.923918][ T9534] netlink: 1196 bytes leftover after parsing attributes in process `syz.0.1016'. [ 171.948013][ T9534] netlink: 13188 bytes leftover after parsing attributes in process `syz.0.1016'. [ 172.321904][ T9556] netlink: 'syz.2.1022': attribute type 1 has an invalid length. [ 172.445896][ T9566] netlink: 'syz.2.1024': attribute type 1 has an invalid length. [ 172.489528][ T9566] 8021q: adding VLAN 0 to HW filter on device bond3 [ 172.535132][ T9565] bond3: (slave veth7): Enslaving as an active interface with a down link [ 172.956425][ T9597] netlink: 'syz.3.1032': attribute type 10 has an invalid length. [ 173.552888][ T9636] nbd: must specify a size in bytes for the device [ 173.594151][ T9636] __nla_validate_parse: 12 callbacks suppressed [ 173.594169][ T9636] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1040'. [ 173.847065][ T9652] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1048'. [ 173.856935][ T9652] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1048'. [ 174.309561][ T9682] tipc: Enabled bearer , priority 0 [ 174.325479][ T9682] syzkaller0: entered promiscuous mode [ 174.337230][ T9682] syzkaller0: entered allmulticast mode [ 174.358158][ T9678] tipc: Resetting bearer [ 174.440402][ T9697] netlink: 'syz.1.1060': attribute type 4 has an invalid length. [ 174.448599][ T9697] netlink: 17 bytes leftover after parsing attributes in process `syz.1.1060'. [ 174.461796][ T9678] tipc: Disabling bearer [ 174.617195][ T9712] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1065'. [ 174.642284][ T9706] tipc: Enabled bearer , priority 0 [ 174.651178][ T9714] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1065'. [ 174.758999][ T9720] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1067'. [ 174.759496][ T9721] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1068'. [ 174.792021][ T9706] syzkaller0: entered promiscuous mode [ 174.797551][ T9706] syzkaller0: entered allmulticast mode [ 175.007973][ T9732] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1071'. [ 175.030019][ T9705] tipc: Resetting bearer [ 176.709565][ T9705] tipc: Disabling bearer [ 176.762852][ T9738] wlan0 speed is unknown, defaulting to 1000 [ 176.952754][ T9758] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1077'. [ 177.053048][ T9760] tipc: Enabled bearer , priority 0 [ 177.066305][ T9760] syzkaller0: entered promiscuous mode [ 177.086494][ T9760] syzkaller0: entered allmulticast mode [ 177.101356][ T9760] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 177.154883][ T9768] netlink: 'syz.1.1079': attribute type 2 has an invalid length. [ 177.332830][ T9770] tipc: Resetting bearer [ 177.339290][ T9738] lo speed is unknown, defaulting to 1000 [ 177.353039][ T9759] tipc: Resetting bearer [ 177.372694][ T9759] tipc: Disabling bearer [ 177.392299][ T9764] hsr0 speed is unknown, defaulting to 1000 [ 177.405602][ T9764] hsr0 speed is unknown, defaulting to 1000 [ 177.426046][ T9764] hsr0 speed is unknown, defaulting to 1000 [ 177.476089][ T9764] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 177.554823][ T9764] hsr0 speed is unknown, defaulting to 1000 [ 177.567050][ T9764] hsr0 speed is unknown, defaulting to 1000 [ 177.582803][ T9764] hsr0 speed is unknown, defaulting to 1000 [ 177.592883][ T9764] hsr0 speed is unknown, defaulting to 1000 [ 177.609916][ T9764] hsr0 speed is unknown, defaulting to 1000 [ 177.623136][ T9764] hsr0 speed is unknown, defaulting to 1000 [ 178.058954][ T9790] bond3: entered promiscuous mode [ 178.070335][ T9790] bond3: entered allmulticast mode [ 178.085127][ T9790] 8021q: adding VLAN 0 to HW filter on device bond3 [ 178.168178][ T9797] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 178.244619][ T9804] netlink: 'syz.2.1091': attribute type 9 has an invalid length. [ 178.255567][ T9797] tipc: Enabled bearer , priority 0 [ 178.278198][ T9797] syzkaller0: entered promiscuous mode [ 178.283722][ T9797] syzkaller0: entered allmulticast mode [ 178.324907][ T9797] tipc: Resetting bearer [ 178.348303][ T9795] tipc: Resetting bearer [ 178.454325][ T9795] tipc: Disabling bearer [ 178.609578][ T9822] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 178.655162][ T9826] __nla_validate_parse: 3 callbacks suppressed [ 178.655183][ T9826] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1099'. [ 178.942353][ T9837] af_packet: tpacket_rcv: packet too big, clamped from 3698 to 4294967272. macoff=96 [ 178.997345][ T9851] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1107'. [ 179.195499][ T9866] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1112'. [ 179.242621][ T9866] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1112'. [ 179.483384][ T9888] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1120'. [ 179.532027][ T9888] gtp0: entered promiscuous mode [ 179.537046][ T9888] gtp0: entered allmulticast mode [ 179.572043][ T9888] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1120'. [ 179.584508][ T9890] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1121'. [ 180.088192][ T9929] netlink: 'syz.2.1135': attribute type 1 has an invalid length. [ 180.102735][ T9929] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1135'. [ 180.314503][ T9948] netlink: 'syz.1.1140': attribute type 75 has an invalid length. [ 180.360718][ T9951] delete_channel: no stack [ 180.413259][ T9950] geneve3: entered promiscuous mode [ 180.430417][ T9950] geneve3: entered allmulticast mode [ 180.456338][ T37] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 19999 - 0 [ 180.493757][ T37] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 19999 - 0 [ 180.547551][ T37] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 19999 - 0 [ 180.591390][ T2964] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 19999 - 0 [ 180.672841][ T9963] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1144'. [ 180.785141][ T9973] IPVS: set_ctl: invalid protocol: 44 224.0.0.1:20000 [ 180.834583][ T9973] netlink: 'syz.0.1146': attribute type 11 has an invalid length. [ 180.969258][ T9980] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1149'. [ 181.167338][ T9995] netlink: 'syz.2.1154': attribute type 29 has an invalid length. [ 181.175582][ T9998] netlink: 'syz.2.1154': attribute type 29 has an invalid length. [ 181.588665][T10029] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 181.697635][T10036] mac80211_hwsim hwsim4 wlan1: entered allmulticast mode [ 182.005805][T10029] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 182.027327][T10029] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 182.168421][T10061] netlink: 'syz.1.1170': attribute type 9 has an invalid length. [ 182.177671][T10062] netlink: 'syz.1.1170': attribute type 9 has an invalid length. [ 182.220926][ T1338] netdevsim netdevsim2 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 182.269661][ T1338] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.296317][ T1338] netdevsim netdevsim2 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 182.317108][ T1338] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.513557][ T1338] netdevsim netdevsim2 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 182.527969][ T1338] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.559071][ T1338] netdevsim netdevsim2 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 182.569148][ T1338] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.650240][T10082] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 182.771020][T10084] tipc: Invalid UDP bearer configuration [ 182.771114][T10084] tipc: Enabling of bearer rejected, failed to enable media [ 182.787441][T10082] syzkaller0: entered promiscuous mode [ 182.793037][T10082] syzkaller0: entered allmulticast mode [ 182.802602][T10082] netlink: 'syz.0.1176': attribute type 4 has an invalid length. [ 182.821625][T10088] C: renamed from team_slave_0 [ 182.848852][T10088] netlink: 'syz.3.1177': attribute type 1 has an invalid length. [ 182.864327][T10088] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 183.097544][T10107] Unsupported xt match [ 183.097565][T10107] unable to load match [ 183.465194][T10131] syzkaller0: entered promiscuous mode [ 183.474329][T10131] syzkaller0: entered allmulticast mode [ 183.502508][T10131] tipc: Enabled bearer , priority 0 [ 183.532522][T10131] tipc: Resetting bearer [ 183.542030][T10130] tipc: Resetting bearer [ 183.602990][T10141] IPVS: set_ctl: invalid protocol: 255 172.20.20.30:20002 [ 183.615025][T10130] tipc: Disabling bearer [ 183.700113][T10147] netdevsim netdevsim0: Direct firmware load for failed with error -2 [ 183.702391][T10150] __nla_validate_parse: 13 callbacks suppressed [ 183.702411][T10150] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1199'. [ 183.727889][T10147] netdevsim netdevsim0: Falling back to sysfs fallback for: [ 183.802191][T10150] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1199'. [ 184.025846][T10171] netlink: 184 bytes leftover after parsing attributes in process `syz.3.1203'. [ 184.045527][T10171] xt_socket: unknown flags 0xd0 [ 184.065416][T10169] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 184.620952][T10205] nbd: must specify at least one socket [ 184.630311][T10205] netlink: 'syz.0.1212': attribute type 3 has an invalid length. [ 184.638401][T10205] netlink: 248 bytes leftover after parsing attributes in process `syz.0.1212'. [ 184.955260][T10221] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0 [ 185.030675][T10221] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0 [ 185.094868][T10221] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0 [ 185.313272][T10221] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0 [ 185.323787][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805a26c400: rx timeout, send abort [ 185.392267][T10235] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1221'. [ 185.412656][T10235] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1221'. [ 185.471095][T10238] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1222'. [ 185.521749][ T36] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 19999 - 0 [ 185.566017][ T2964] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 19999 - 0 [ 185.626810][ T8402] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 19999 - 0 [ 185.647416][ T8402] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 19999 - 0 [ 185.730461][T10246] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.1225'. [ 185.785930][T10253] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1223'. [ 185.816086][T10253] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1223'. [ 185.824728][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805a26c400: abort rx timeout. Force session deactivation [ 186.284622][T10283] netlink: 'syz.3.1237': attribute type 2 has an invalid length. [ 186.297302][T10283] netlink: 'syz.3.1237': attribute type 2 has an invalid length. [ 186.328869][T10284] ip6gre1: entered allmulticast mode [ 186.747537][T10302] nftables ruleset with unbound set [ 186.793101][T10307] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 187.283691][T10331] siw: device registration error -23 [ 187.346554][T10335] tipc: Enabled bearer , priority 0 [ 187.362127][T10335] syzkaller0: entered promiscuous mode [ 187.368231][T10335] syzkaller0: entered allmulticast mode [ 187.420036][T10335] tipc: Resetting bearer [ 187.617852][T10334] tipc: Resetting bearer [ 187.675641][T10334] tipc: Disabling bearer [ 187.711496][T10355] openvswitch: netlink: Key 9 has unexpected len 2 expected 4 [ 187.725866][T10359] openvswitch: netlink: Key 9 has unexpected len 2 expected 4 [ 188.438764][T10405] netlink: 'syz.1.1277': attribute type 1 has an invalid length. [ 188.874734][T10431] nbd: must specify at least one socket [ 189.022438][T10436] __nla_validate_parse: 20 callbacks suppressed [ 189.022458][T10436] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1287'. [ 189.347302][T10456] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1294'. [ 189.505227][T10451] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1294'. [ 189.906074][T10496] netlink: 808 bytes leftover after parsing attributes in process `syz.0.1306'. [ 190.001430][T10500] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 190.115213][T10502] netlink: 'syz.2.1307': attribute type 5 has an invalid length. [ 190.134408][T10503] netlink: 'syz.2.1307': attribute type 5 has an invalid length. [ 190.262223][T10509] x_tables: ip_tables: udp match: only valid for protocol 17 [ 190.413138][T10518] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1313'. [ 190.615604][T10525] tipc: Enabled bearer , priority 0 [ 190.627956][T10525] syzkaller0: entered promiscuous mode [ 190.633608][T10525] syzkaller0: entered allmulticast mode [ 190.679617][T10525] tipc: Resetting bearer [ 190.692954][T10525] netlink: 'syz.2.1316': attribute type 10 has an invalid length. [ 190.729839][T10525] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1316'. [ 190.764230][T10524] tipc: Resetting bearer [ 190.811978][T10524] tipc: Disabling bearer [ 191.053492][T10549] tipc: Enabling of bearer rejected, media not registered [ 191.075041][T10549] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1322'. [ 191.111527][T10549] tipc: Enabling of bearer rejected, failed to enable media [ 191.410523][T10567] openvswitch: netlink: Message has -1 unknown bytes. [ 191.617679][T10583] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1333'. [ 191.854620][T10598] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1339'. [ 191.875074][T10598] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1339'. [ 192.005818][T10608] openvswitch: netlink: Message has -1 unknown bytes. [ 192.222857][T10623] xfrm1: entered promiscuous mode [ 192.247088][T10623] xfrm1: entered allmulticast mode [ 192.545783][T10648] netlink: 'syz.4.1353': attribute type 16 has an invalid length. [ 192.565835][T10641] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.576154][T10641] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.608311][T10648] netlink: 'syz.4.1353': attribute type 17 has an invalid length. [ 192.656468][T10656] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 192.724423][T10648] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 192.824723][ T1218] hsr0 speed is unknown, defaulting to 1000 [ 192.841587][ T1218] syz1: Port: 1 Link DOWN [ 193.061968][T10676] netlink: 'syz.1.1363': attribute type 50 has an invalid length. [ 193.628760][T10714] netlink: 'syz.3.1376': attribute type 1 has an invalid length. [ 193.665022][T10714] netlink: 'syz.3.1376': attribute type 1 has an invalid length. [ 193.874586][T10733] netlink: 'syz.4.1380': attribute type 30 has an invalid length. [ 193.961081][T10731] tipc: Enabling of bearer rejected, failed to enable media [ 194.376410][T10768] __nla_validate_parse: 11 callbacks suppressed [ 194.376430][T10768] netlink: 14544 bytes leftover after parsing attributes in process `syz.0.1389'. [ 194.422773][T10775] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.1392'. [ 194.639980][T10786] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1396'. [ 194.678552][T10789] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1396'. [ 194.702655][T10791] netlink: 'syz.4.1397': attribute type 8 has an invalid length. [ 194.741155][T10791] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1397'. [ 195.121077][T10821] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1405'. [ 195.176055][T10825] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1408'. [ 195.183085][T10827] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1407'. [ 195.189503][T10825] validate_nla: 1 callbacks suppressed [ 195.189527][T10825] netlink: 'syz.2.1408': attribute type 1 has an invalid length. [ 195.196830][T10827] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1407'. [ 195.200071][T10825] netlink: 244 bytes leftover after parsing attributes in process `syz.2.1408'. [ 195.232810][T10825] netlink: 'syz.2.1408': attribute type 10 has an invalid length. [ 195.253662][T10825] veth1_macvtap: left promiscuous mode [ 195.284391][T10825] team0: Device veth1_macvtap failed to register rx_handler [ 197.160612][T10927] netlink: 'syz.4.1441': attribute type 7 has an invalid length. [ 197.202636][T10927] : entered promiscuous mode [ 197.251300][T10926] openvswitch: netlink: Missing key (keys=40, expected=80) [ 197.743897][T10970] veth0: entered promiscuous mode [ 197.879532][T10972] veth1 (unregistering): left promiscuous mode [ 198.391616][T11013] bridge5: entered promiscuous mode [ 198.396902][T11013] bridge5: entered allmulticast mode [ 198.510039][T11022] erspan0: left promiscuous mode [ 199.624897][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.395326][T11048] team0: Device ip6gre1 is of different type [ 200.538130][T11067] __nla_validate_parse: 14 callbacks suppressed [ 200.538151][T11067] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1486'. [ 200.553847][T11066] sctp: [Deprecated]: syz.3.1485 (pid 11066) Use of struct sctp_assoc_value in delayed_ack socket option. [ 200.553847][T11066] Use struct sctp_sack_info instead [ 200.580764][T11069] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1487'. [ 200.700589][T11073] netlink: 'syz.2.1488': attribute type 33 has an invalid length. [ 200.730337][T11073] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1488'. [ 200.760577][T11073] pim6reg1: entered promiscuous mode [ 200.765985][T11073] pim6reg1: entered allmulticast mode [ 200.851414][T11085] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1487'. [ 201.061986][T11095] tipc: Enabling of bearer rejected, failed to enable media [ 201.202377][T11104] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1494'. [ 201.385877][T11106] bond0: (slave team0): Releasing backup interface [ 201.440228][T11106] team0 (unregistering): Port device team_slave_0 removed [ 201.526791][T11106] team0 (unregistering): Port device team_slave_1 removed [ 201.598724][T11106] team0 (unregistering): Port device dummy0 removed [ 201.640260][T11125] batman_adv: batadv0: Interface deactivated: dummy0 [ 201.647076][T11125] batman_adv: batadv0: Removing interface: dummy0 [ 201.657639][T11125] bridge_slave_0: left allmulticast mode [ 201.663686][T11125] bridge_slave_0: left promiscuous mode [ 201.671796][T11125] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.672899][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 201.695185][T11132] netlink: 'syz.4.1502': attribute type 1 has an invalid length. [ 201.703209][T11132] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1502'. [ 201.716163][T11125] bridge_slave_1: left allmulticast mode [ 201.722169][T11125] bridge_slave_1: left promiscuous mode [ 201.728257][T11125] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.742767][T11125] bond0: (slave bond_slave_0): Releasing backup interface [ 201.754129][T11125] bond_slave_0: left promiscuous mode [ 201.760964][T11125] bond_slave_0: left allmulticast mode [ 201.780632][T11125] bond0: (slave bond_slave_1): Releasing backup interface [ 201.790134][T11125] bond_slave_1: left promiscuous mode [ 201.795924][T11125] bond_slave_1: left allmulticast mode [ 201.825611][T11125] team0: Port device team_slave_0 removed [ 201.853396][T11125] team0: Port device team_slave_1 removed [ 201.861846][T11125] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 201.871137][T11125] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 201.878928][T11125] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 201.899128][T11125] bond1: (slave bridge1): Releasing active interface [ 202.129034][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 202.142910][T11150] netlink: 1 bytes leftover after parsing attributes in process `syz.3.1507'. [ 202.210421][T11157] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1507'. [ 202.298627][T11162] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1510'. [ 202.529926][T11169] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1512'. [ 202.642568][T11182] openvswitch: netlink: Tunnel attr 1 has unexpected len 16 expected 4 [ 203.037010][T11208] Bluetooth: MGMT ver 1.23 [ 203.284943][T11222] netlink: 'syz.1.1531': attribute type 10 has an invalid length. [ 203.428159][T11221] netlink: 'syz.3.1529': attribute type 7 has an invalid length. [ 203.774483][T11221] : entered promiscuous mode [ 203.831794][T11233] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 203.854624][T11231] wlan0 speed is unknown, defaulting to 1000 [ 204.030064][T11250] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 204.142218][T11253] openvswitch: netlink: Flow key attr not present in new flow. [ 204.146755][T11231] lo speed is unknown, defaulting to 1000 [ 204.157525][T11231] hsr0 speed is unknown, defaulting to 1000 [ 204.914328][T11288] netlink: 'syz.0.1552': attribute type 18 has an invalid length. [ 204.934410][T11289] ieee802154 phy1 wpan1: encryption failed: -22 [ 204.939773][ T5962] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 204.952674][ T5962] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 204.962423][ T5962] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 204.975666][ T5962] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 205.022802][T11294] netlink: 'syz.0.1553': attribute type 15 has an invalid length. [ 205.181491][T11303] netlink: 'syz.0.1556': attribute type 7 has an invalid length. [ 205.380747][T11306] tipc: Enabled bearer , priority 0 [ 205.403568][T11306] syzkaller0: entered promiscuous mode [ 205.443290][T11306] syzkaller0: entered allmulticast mode [ 205.484509][T11306] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 205.783772][T11328] __nla_validate_parse: 11 callbacks suppressed [ 205.783793][T11328] netlink: 165 bytes leftover after parsing attributes in process `syz.3.1563'. [ 205.810111][T11329] netlink: 165 bytes leftover after parsing attributes in process `syz.3.1563'. [ 205.830201][T11328] netlink: 'syz.3.1563': attribute type 1 has an invalid length. [ 206.068901][T11343] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1566'. [ 206.148164][T11306] tipc: Resetting bearer [ 206.173328][T11352] IPVS: sync thread started: state = BACKUP, mcast_ifn = bridge_slave_1, syncid = 0, id = 0 [ 206.291467][T11305] tipc: Resetting bearer [ 206.322180][T11305] tipc: Disabling bearer [ 206.453491][T11364] bond4 (unregistering): Released all slaves [ 206.655345][T11374] syzkaller1: entered promiscuous mode [ 206.672277][T11376] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1575'. [ 206.689590][T11374] syzkaller1: entered allmulticast mode [ 206.700419][T11375] PF_CAN: dropped non conform CAN skbuff: dev type 280, len 324 [ 206.704038][T11376] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1575'. [ 206.771973][T11383] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1577'. [ 206.875999][T11390] !: renamed from dummy0 [ 206.982300][T11399] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 207.113670][T11407] wlan0 speed is unknown, defaulting to 1000 [ 207.433153][T11426] netlink: 'syz.2.1591': attribute type 33 has an invalid length. [ 207.451143][T11426] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1591'. [ 207.492094][T11426] netlink: 'syz.2.1591': attribute type 33 has an invalid length. [ 207.507903][T11426] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1591'. [ 207.742609][T11446] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1598'. [ 207.935936][T11451] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 207.951261][T11451] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 208.028781][T11407] lo speed is unknown, defaulting to 1000 [ 208.045509][T11456] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1599'. [ 208.053445][T11407] hsr0 speed is unknown, defaulting to 1000 [ 208.066922][T11456] openvswitch: netlink: Flow key attr not present in new flow. [ 208.182830][T11411] netlink: 'syz.1.1584': attribute type 13 has an invalid length. [ 208.212762][T11411] netlink: 'syz.1.1584': attribute type 17 has an invalid length. [ 208.453962][T11411] 0ªî{X¹¦: left allmulticast mode [ 208.488668][ T7031] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 208.489399][T11411] bond0: left allmulticast mode [ 208.507411][T11411] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 208.530630][T11481] tipc: Cannot configure node identity twice [ 208.597946][ T7032] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 209.051139][T11504] IPv4: Oversized IP packet from 172.20.20.10 [ 209.060375][ C1] IPv4: Oversized IP packet from 172.20.20.10 [ 209.067292][ C1] IPv4: Oversized IP packet from 172.20.20.10 [ 210.038305][T11555] openvswitch: netlink: Actions may not be safe on all matching packets [ 210.064624][ T78] netdevsim netdevsim3 eth0: set [1, 1] type 2 family 0 port 20002 - 0 [ 210.089750][ T78] netdevsim netdevsim3 eth1: set [1, 1] type 2 family 0 port 20002 - 0 [ 210.118913][T11555] tipc: Enabling of bearer rejected, failed to enable media [ 210.147433][ T78] netdevsim netdevsim3 eth2: set [1, 1] type 2 family 0 port 20002 - 0 [ 210.166562][ T78] netdevsim netdevsim3 eth3: set [1, 1] type 2 family 0 port 20002 - 0 [ 210.833204][T11599] __nla_validate_parse: 4 callbacks suppressed [ 210.833223][T11599] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1646'. [ 210.968952][T11601] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1646'. [ 211.064488][T11614] IPv6: sit1: Disabled Multicast RS [ 211.085920][T11614] sit1: entered allmulticast mode [ 211.187510][T11624] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1651'. [ 211.350607][T11632] netlink: 'syz.2.1654': attribute type 1 has an invalid length. [ 211.532866][T11642] tipc: Enabled bearer , priority 0 [ 211.542017][T11642] syzkaller0: entered promiscuous mode [ 211.548455][T11642] syzkaller0: entered allmulticast mode [ 211.576892][T11642] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 211.635939][T11647] wlan0 speed is unknown, defaulting to 1000 [ 211.754761][T11655] netlink: 'syz.0.1660': attribute type 1 has an invalid length. [ 211.792926][T11655] netlink: 'syz.0.1660': attribute type 3 has an invalid length. [ 211.801174][T11657] ieee802154 phy1 wpan1: encryption failed: -22 [ 211.840665][T11655] netlink: 'syz.0.1660': attribute type 235 has an invalid length. [ 212.173306][T11666] tipc: Resetting bearer [ 212.290193][T11672] netlink: 'syz.0.1668': attribute type 12 has an invalid length. [ 212.359077][T11674] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1669'. [ 212.398369][T11641] tipc: Resetting bearer [ 212.494223][T11641] tipc: Disabling bearer [ 212.660750][T11652] netlink: 'syz.1.1658': attribute type 13 has an invalid length. [ 212.685150][T11652] netlink: 'syz.1.1658': attribute type 17 has an invalid length. [ 212.728007][ T1218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 212.755290][T11652] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 212.797589][T11647] lo speed is unknown, defaulting to 1000 [ 212.805683][T11647] hsr0 speed is unknown, defaulting to 1000 [ 212.951823][ T36] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 213.031479][ T36] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 213.035639][T11708] netlink: 128 bytes leftover after parsing attributes in process `syz.4.1679'. [ 213.057502][ T13] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 213.095061][ T13] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 213.321040][T11727] net_ratelimit: 1 callbacks suppressed [ 213.321060][T11727] openvswitch: netlink: Actions may not be safe on all matching packets [ 213.333478][T11728] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1682'. [ 213.844390][T11751] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1688'. [ 213.882534][T11749] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1687'. [ 213.901927][T11749] netlink: 'syz.0.1687': attribute type 16 has an invalid length. [ 213.918162][T11749] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1687'. [ 213.987433][T11754] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1689'. [ 214.044534][T11758] netlink: 'syz.3.1691': attribute type 1 has an invalid length. [ 214.244671][T11771] netlink: 'syz.2.1694': attribute type 6 has an invalid length. [ 214.719022][T11794] syzkaller0: entered promiscuous mode [ 214.736110][T11794] syzkaller0: entered allmulticast mode [ 217.268702][T11874] __nla_validate_parse: 7 callbacks suppressed [ 217.268722][T11874] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1713'. [ 217.424243][T11859] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1713'. [ 217.796227][T11906] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.1721'. [ 217.879137][T11909] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 218.011468][T11914] tipc: Enabled bearer , priority 0 [ 218.026091][T11914] syzkaller0: entered promiscuous mode [ 218.035402][T11914] syzkaller0: entered allmulticast mode [ 218.049654][T11914] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 218.518943][T11936] validate_nla: 1 callbacks suppressed [ 218.518964][T11936] netlink: 'syz.1.1733': attribute type 1 has an invalid length. [ 218.665138][T11951] tipc: Resetting bearer [ 218.862915][T11913] tipc: Resetting bearer [ 218.943642][T11913] tipc: Disabling bearer [ 219.105870][T11969] gretap0: entered promiscuous mode [ 219.117530][T11969] vlan1: entered promiscuous mode [ 219.207159][T11974] xt_time: unknown flags 0xf4 [ 219.235555][T11974] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1742'. [ 219.264403][T11974] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1742'. [ 219.372838][T11980] only policy match revision 0 supported [ 219.372861][T11980] unable to load match [ 219.848806][T12006] tipc: Enabled bearer , priority 0 [ 219.859502][T12006] syzkaller0: entered promiscuous mode [ 219.865028][T12006] syzkaller0: entered allmulticast mode [ 219.889572][T12006] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 220.055511][T12009] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1754'. [ 220.072249][T12017] netlink: 'syz.0.1756': attribute type 1 has an invalid length. [ 220.096735][T12017] netlink: 232 bytes leftover after parsing attributes in process `syz.0.1756'. [ 220.109279][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 220.501131][T12006] tipc: Resetting bearer [ 220.621437][T12039] netlink: 220 bytes leftover after parsing attributes in process `syz.1.1764'. [ 220.690682][T12039] netlink: 220 bytes leftover after parsing attributes in process `syz.1.1764'. [ 220.742236][T12005] tipc: Resetting bearer [ 220.799352][T12005] tipc: Disabling bearer [ 220.874562][T12044] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 220.903758][T12046] wlan0 speed is unknown, defaulting to 1000 [ 221.293090][T12046] lo speed is unknown, defaulting to 1000 [ 221.306091][T12046] hsr0 speed is unknown, defaulting to 1000 [ 221.398543][ T7032] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 221.488682][T12075] A link change request failed with some changes committed already. Interface bond1 may have been left with an inconsistent configuration, please check. [ 221.507474][T12081] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.1779'. [ 222.098407][ T7032] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 222.195149][T12115] IPVS: set_ctl: invalid protocol: 29 224.0.0.1:20000 [ 222.488411][T12131] __nla_validate_parse: 3 callbacks suppressed [ 222.488431][T12131] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1795'. [ 222.922108][T12152] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1803'. [ 222.978968][T12152] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1803'. [ 223.016467][T12154] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1804'. [ 223.418914][T12186] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1812'. [ 223.432526][T12186] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.1812'. [ 223.470061][T12187] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1811'. [ 223.490055][T12187] netlink: 'syz.2.1811': attribute type 32 has an invalid length. [ 223.498219][T12187] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1811'. [ 223.515788][T12187] (unnamed net_device) (uninitialized): option coupled_control: invalid value (12) [ 223.596654][T12189] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1814'. [ 223.624468][T12191] sctp: [Deprecated]: syz.2.1815 (pid 12191) Use of int in max_burst socket option. [ 223.624468][T12191] Use struct sctp_assoc_value instead [ 223.655743][T12192] bridge15: the hash_elasticity option has been deprecated and is always 16 [ 223.760306][T12198] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1817'. [ 223.773400][T12198] netlink: 'syz.2.1817': attribute type 22 has an invalid length. [ 223.803049][T12198] netlink: 'syz.2.1817': attribute type 22 has an invalid length. [ 224.128841][T12213] wlan0 speed is unknown, defaulting to 1000 [ 224.382612][T12226] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 224.523838][T12228] tipc: Enabled bearer , priority 0 [ 224.549259][T12228] syzkaller0: entered promiscuous mode [ 224.555610][T12228] syzkaller0: entered allmulticast mode [ 224.596157][T12228] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 224.707382][T12239] openvswitch: netlink: Message has 5 unknown bytes. [ 224.960945][T12248] IPVS: Unknown mcast interface: dvmrp0 [ 225.001308][T12213] lo speed is unknown, defaulting to 1000 [ 225.015260][T12213] hsr0 speed is unknown, defaulting to 1000 [ 225.256942][T12253] wlan0 speed is unknown, defaulting to 1000 [ 225.266886][T12237] tipc: Resetting bearer [ 225.377656][T12227] tipc: Resetting bearer [ 225.438506][T12227] tipc: Disabling bearer [ 225.766406][T12253] lo speed is unknown, defaulting to 1000 [ 225.785127][T12253] hsr0 speed is unknown, defaulting to 1000 [ 225.964268][T12263] netlink: 'syz.1.1836': attribute type 4 has an invalid length. [ 226.947001][T12302] dummy0: entered allmulticast mode [ 227.158520][T12305] netlink: 'syz.2.1847': attribute type 1 has an invalid length. [ 227.497408][T12335] tipc: Enabling of bearer rejected, failed to enable media [ 227.627482][T12340] bond5: entered promiscuous mode [ 227.636770][T12340] bond5: entered allmulticast mode [ 227.642659][T12340] 8021q: adding VLAN 0 to HW filter on device bond5 [ 227.679423][T12343] tipc: Enabled bearer , priority 0 [ 227.687125][T12343] syzkaller0: entered promiscuous mode [ 227.693114][T12343] syzkaller0: entered allmulticast mode [ 227.704334][T12343] sch_tbf: peakrate 9 is lower than or equals to rate 2709150049826772132 ! [ 227.738389][T12343] tipc: Resetting bearer [ 227.761762][T12342] tipc: Resetting bearer [ 227.778387][T12342] tipc: Disabling bearer [ 227.976721][T12364] __nla_validate_parse: 11 callbacks suppressed [ 227.976741][T12364] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1864'. [ 228.002764][T12364] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1864'. [ 228.042391][T12364] netlink: 'syz.1.1864': attribute type 3 has an invalid length. [ 228.083434][T12375] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1866'. [ 228.203380][T12379] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1868'. [ 228.220818][T12379] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1868'. [ 228.451793][T12396] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1872'. [ 228.525113][T12386] syzkaller0: entered allmulticast mode [ 228.681665][T12407] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1877'. [ 228.713691][T12407] netlink: 'syz.4.1877': attribute type 1 has an invalid length. [ 229.267189][T12429] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1881'. [ 229.279368][T12429] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1881'. [ 230.301499][T12402] team0: Device ip6gre1 is up. Set it down before adding it as a team port [ 230.493051][T12436] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1882'. [ 230.495774][T12435] tipc: Enabled bearer , priority 0 [ 230.520577][T12435] syzkaller0: entered promiscuous mode [ 230.526157][T12435] syzkaller0: entered allmulticast mode [ 230.648211][T12435] tipc: Resetting bearer [ 230.697168][T12435] netlink: 'syz.3.1883': attribute type 3 has an invalid length. [ 230.737208][T12434] tipc: Resetting bearer [ 230.801085][T12434] tipc: Disabling bearer [ 231.346828][T12483] geneve2: entered promiscuous mode [ 231.355315][T12482] netlink: 'syz.4.1896': attribute type 4 has an invalid length. [ 231.373055][T12483] geneve2: entered allmulticast mode [ 232.771793][T12571] netlink: 'syz.1.1923': attribute type 1 has an invalid length. [ 233.088104][T12589] __nla_validate_parse: 15 callbacks suppressed [ 233.088125][T12589] netlink: 192 bytes leftover after parsing attributes in process `syz.3.1929'. [ 233.109215][T12589] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1929'. [ 233.418719][T12612] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1936'. [ 233.457213][T12612] bond0: entered promiscuous mode [ 233.466539][T12612] bond_slave_0: entered promiscuous mode [ 233.485458][T12612] bond_slave_1: entered promiscuous mode [ 233.502843][T12612] bond0: left promiscuous mode [ 233.514373][T12612] bond_slave_0: left promiscuous mode [ 233.522452][T12612] bond_slave_1: left promiscuous mode [ 233.670412][T12626] bridge_slave_0: invalid flags given to default FDB implementation [ 233.684190][T12624] lo: entered promiscuous mode [ 233.702249][T12624] netlink: 'syz.1.1938': attribute type 2 has an invalid length. [ 233.723299][T12624] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 234.392749][T12668] unknown channel width for channel at 909000KHz? [ 234.400566][T12668] unknown channel width for channel at 909000KHz? [ 234.407351][T12668] unknown channel width for channel at 909000KHz? [ 234.467909][T12671] unknown channel width for channel at 909000KHz? [ 234.474448][T12671] unknown channel width for channel at 909000KHz? [ 234.491015][T12671] unknown channel width for channel at 909000KHz? [ 234.514621][T12675] openvswitch: netlink: Unknown key attributes 2 [ 234.790917][T12695] syzkaller1: entered promiscuous mode [ 234.796765][T12695] syzkaller1: entered allmulticast mode [ 234.966561][T12704] sctp: [Deprecated]: syz.2.1958 (pid 12704) Use of struct sctp_assoc_value in delayed_ack socket option. [ 234.966561][T12704] Use struct sctp_sack_info instead [ 234.988746][T12704] netlink: 'syz.2.1958': attribute type 1 has an invalid length. [ 234.996747][T12704] netlink: 136 bytes leftover after parsing attributes in process `syz.2.1958'. [ 235.010236][T12704] netlink: 'syz.2.1958': attribute type 2 has an invalid length. [ 235.020335][T12707] IPVS: set_ctl: invalid protocol: 92 127.0.0.1:20001 [ 235.032397][T12704] netlink: 'syz.2.1958': attribute type 1 has an invalid length. [ 235.247600][T12722] netlink: 146780 bytes leftover after parsing attributes in process `syz.0.1964'. [ 235.352916][T12728] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1966'. [ 235.612380][T12741] syzkaller0: entered promiscuous mode [ 235.622446][T12741] syzkaller0: entered allmulticast mode [ 235.870746][T12759] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1973'. [ 237.485357][T12761] wlan0 speed is unknown, defaulting to 1000 [ 237.628016][T12785] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1979'. [ 237.641358][T12786] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1979'. [ 237.968652][T12803] netlink: 600 bytes leftover after parsing attributes in process `syz.3.1982'. [ 238.126323][T12761] lo speed is unknown, defaulting to 1000 [ 238.137657][T12761] hsr0 speed is unknown, defaulting to 1000 [ 238.212896][T12812] tipc: Enabled bearer , priority 0 [ 238.241537][T12811] syzkaller0: entered promiscuous mode [ 238.259536][T12811] syzkaller0: entered allmulticast mode [ 238.363920][T12812] tipc: Resetting bearer [ 238.454140][T12812] tipc: Disabling bearer [ 238.714284][T12832] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 238.760286][T12831] wlan0 speed is unknown, defaulting to 1000 [ 238.999445][T12842] netlink: 'syz.0.1993': attribute type 1 has an invalid length. [ 239.017505][T12842] __nla_validate_parse: 1 callbacks suppressed [ 239.017526][T12842] netlink: 232 bytes leftover after parsing attributes in process `syz.0.1993'. [ 239.047965][T12842] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1993'. [ 239.297547][T12831] lo speed is unknown, defaulting to 1000 [ 239.306069][T12831] hsr0 speed is unknown, defaulting to 1000 [ 239.929310][T12887] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2008'. [ 239.947109][T12884] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2006'. [ 239.963847][T12887] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2008'. [ 240.206679][T12900] netlink: 'syz.1.2010': attribute type 1 has an invalid length. [ 240.232503][T12900] netlink: 'syz.1.2010': attribute type 2 has an invalid length. [ 240.237277][T12902] netlink: 'syz.4.2012': attribute type 4 has an invalid length. [ 240.443150][T12902] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2012'. [ 240.463379][T12914] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2012'. [ 240.493270][T12918] sctp: [Deprecated]: syz.3.2014 (pid 12918) Use of int in max_burst socket option. [ 240.493270][T12918] Use struct sctp_assoc_value instead [ 240.566518][T12915] team0: No ports can be present during mode change [ 240.656193][T12921] netlink: 'syz.0.2017': attribute type 1 has an invalid length. [ 240.667647][T12921] netlink: 'syz.0.2017': attribute type 2 has an invalid length. [ 240.676433][T12921] netlink: 'syz.0.2017': attribute type 1 has an invalid length. [ 240.689688][T12921] netlink: 1156 bytes leftover after parsing attributes in process `syz.0.2017'. [ 240.856840][T12931] tipc: Enabling of bearer rejected, failed to enable media [ 240.866429][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 240.903511][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 240.918012][T12939] netlink: 'syz.0.2021': attribute type 2 has an invalid length. [ 240.946578][T12939] netlink: 244 bytes leftover after parsing attributes in process `syz.0.2021'. [ 241.004575][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.035112][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.081055][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.114624][T12948] tipc: Enabled bearer , priority 0 [ 241.136212][T12948] syzkaller0: entered promiscuous mode [ 241.145183][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.146876][T12950] rdma_rxe: rxe_newlink: failed to add hsr0 [ 241.155523][T12948] syzkaller0: entered allmulticast mode [ 241.169532][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.186300][T12952] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check. [ 241.211489][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.237605][T12948] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 241.250060][T12955] netlink: 'syz.3.2027': attribute type 1 has an invalid length. [ 241.259108][T12955] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2027'. [ 241.273737][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.304927][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.320960][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.342010][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.356737][T12948] tipc: Resetting bearer [ 241.371033][T12947] tipc: Resetting bearer [ 241.405218][T12947] tipc: Disabling bearer [ 241.405895][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.423141][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.437978][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.509788][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.569342][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.624031][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.648078][T12973] syzkaller0: entered promiscuous mode [ 241.653795][T12973] syzkaller0: entered allmulticast mode [ 241.674748][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.702623][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.734412][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.772761][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.792613][T12980] netlink: 'syz.2.2034': attribute type 4 has an invalid length. [ 241.817087][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.832197][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.879471][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.914455][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.945783][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.978433][T12923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 242.256588][T13000] wlan0 speed is unknown, defaulting to 1000 [ 243.039481][T13000] lo speed is unknown, defaulting to 1000 [ 243.063398][T13036] bond5: (slave bridge7): making interface the new active one [ 243.073365][T13036] bond5: (slave bridge7): Enslaving as an active interface with an up link [ 243.089841][T13038] unknown channel width for channel at 909000KHz? [ 243.089882][T13002] lo: left promiscuous mode [ 243.116519][T13000] hsr0 speed is unknown, defaulting to 1000 [ 243.702775][T13002] batadv_slave_0: left promiscuous mode [ 243.970111][T13002] netdevsim netdevsim1 netdevsim0: left promiscuous mode [ 244.020477][T13002] mac80211_hwsim hwsim4 wlan1: left allmulticast mode [ 244.040795][T13002] hsr1: left promiscuous mode [ 244.056683][T13002] geneve2: left promiscuous mode [ 244.064029][T13002] geneve2: left allmulticast mode [ 244.167901][ T1136] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 244.176845][ T1136] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.238590][ T5962] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 244.266173][ T5962] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.343177][ T5962] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 244.371467][ T5962] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.425194][ T5962] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 244.437456][ T5962] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.505186][T13097] __nla_validate_parse: 5 callbacks suppressed [ 244.505211][T13097] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2063'. [ 244.618419][T13097] validate_nla: 5 callbacks suppressed [ 244.618439][T13097] netlink: 'syz.0.2063': attribute type 39 has an invalid length. [ 244.703222][T13103] netlink: 'syz.0.2063': attribute type 11 has an invalid length. [ 244.749460][T13097] bond0: (slave syz_tun): Releasing backup interface [ 245.107213][T13128] netlink: 'syz.4.2075': attribute type 1 has an invalid length. [ 245.115440][T13128] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2075'. [ 245.130269][T13128] netlink: 11 bytes leftover after parsing attributes in process `syz.4.2075'. [ 245.150349][T13128] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2075'. [ 245.372801][T13136] !: renamed from dummy0 [ 245.393014][T13136] netlink: 'syz.0.2079': attribute type 1 has an invalid length. [ 245.427146][T13137] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 245.522999][T13145] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2082'. [ 245.581795][T13147] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2083'. [ 245.597849][T13148] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2083'. [ 245.637911][T13148] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2083'. [ 245.660265][T13152] netlink: 'syz.1.2084': attribute type 11 has an invalid length. [ 245.672069][T13147] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2083'. [ 245.694994][T13152] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2084'. [ 245.722667][T13148] netlink: 'syz.0.2083': attribute type 7 has an invalid length. [ 245.737330][T13156] netlink: 'syz.2.2086': attribute type 21 has an invalid length. [ 245.745798][T13156] netlink: 'syz.2.2086': attribute type 4 has an invalid length. [ 245.755715][T13147] netlink: 'syz.0.2083': attribute type 7 has an invalid length. [ 245.765171][T13156] netlink: 'syz.2.2086': attribute type 5 has an invalid length. [ 245.784101][T13156] netlink: 'syz.2.2086': attribute type 21 has an invalid length. [ 245.795326][T13156] netlink: 'syz.2.2086': attribute type 4 has an invalid length. [ 245.836472][T13156] veth0_to_bridge: left allmulticast mode [ 245.842587][T13156] veth0_to_bridge: left promiscuous mode [ 245.849400][T13156] bridge0: port 4(veth0_to_bridge) entered disabled state [ 245.869014][T13156] bond0: left promiscuous mode [ 245.874143][T13156] bridge0: port 3(bond0) entered disabled state [ 245.885335][T13156] bridge_slave_1: left allmulticast mode [ 245.892650][T13156] bridge_slave_1: left promiscuous mode [ 245.898925][T13156] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.908363][T13156] bridge_slave_0: left allmulticast mode [ 245.914127][T13156] bridge_slave_0: left promiscuous mode [ 245.925497][T13156] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.105288][T13154] netlink: 'syz.1.2084': attribute type 11 has an invalid length. [ 246.855000][T13211] netlink: 'syz.3.2101': attribute type 11 has an invalid length. [ 247.390806][T13238] tipc: Enabled bearer , priority 0 [ 247.402253][T13238] syzkaller0: entered promiscuous mode [ 247.422003][T13238] syzkaller0: entered allmulticast mode [ 247.449754][T13238] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 247.482237][T13245] syzkaller1: entered promiscuous mode [ 247.491854][T13245] syzkaller1: entered allmulticast mode [ 247.632166][T13238] tipc: Resetting bearer [ 247.654747][T13236] tipc: Resetting bearer [ 247.738385][T13236] tipc: Disabling bearer [ 247.854954][T13263] IPVS: set_ctl: invalid protocol: 255 100.1.1.0:20002 [ 247.879109][T13263] IPVS: set_ctl: invalid protocol: 255 100.1.1.0:20002 [ 248.380717][T13292] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 248.555726][T13298] 8021q: adding VLAN 0 to HW filter on device bond6 [ 248.608876][T13298] bond6: (slave geneve2): making interface the new active one [ 248.632530][T13298] bond6: (slave geneve2): Enslaving as an active interface with an up link [ 248.860060][T13318] tipc: Enabled bearer , priority 0 [ 248.872150][T13318] syzkaller0: entered promiscuous mode [ 248.917581][T13318] syzkaller0: entered allmulticast mode [ 249.006930][T13318] tipc: Resetting bearer [ 249.020888][T13317] tipc: Resetting bearer [ 249.102278][T13317] tipc: Disabling bearer [ 249.846055][T13366] __nla_validate_parse: 22 callbacks suppressed [ 249.846077][T13366] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2151'. [ 249.918640][T13371] netlink: 11 bytes leftover after parsing attributes in process `syz.2.2151'. [ 250.455676][T13403] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2161'. [ 250.632184][T13409] wlan0 speed is unknown, defaulting to 1000 [ 250.685528][T13415] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2164'. [ 250.937253][T13409] lo speed is unknown, defaulting to 1000 [ 250.949026][T13409] hsr0 speed is unknown, defaulting to 1000 [ 251.094154][T13429] sctp: [Deprecated]: syz.3.2169 (pid 13429) Use of int in maxseg socket option. [ 251.094154][T13429] Use struct sctp_assoc_value instead [ 251.267323][T13431] validate_nla: 6 callbacks suppressed [ 251.267345][T13431] netlink: 'syz.3.2170': attribute type 1 has an invalid length. [ 251.357129][T13431] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2170'. [ 251.368080][T13431] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2170'. [ 251.380861][T13431] 8021q: adding VLAN 0 to HW filter on device bond6 [ 251.646511][T13453] sctp: [Deprecated]: syz.2.2177 (pid 13453) Use of int in maxseg socket option. [ 251.646511][T13453] Use struct sctp_assoc_value instead [ 251.971914][T13472] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.2180'. [ 252.316007][T13495] netlink: 'syz.1.2187': attribute type 1 has an invalid length. [ 252.345495][T13499] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2186'. [ 252.409303][T13496] bond4: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 252.421953][T13496] bond4: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 252.432504][T13496] bond4: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode [ 252.504568][T13497] bond4: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 252.526748][T13497] bond4: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 252.557486][T13508] netlink: 'syz.0.2191': attribute type 12 has an invalid length. [ 252.569755][T13508] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2191'. [ 252.586259][T13511] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2191'. [ 252.661245][T13511] 8021q: adding VLAN 0 to HW filter on device bond3 [ 252.896937][T13525] netlink: 'syz.0.2196': attribute type 21 has an invalid length. [ 253.169294][T13542] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16) [ 253.192570][T13542] netlink: 'syz.2.2202': attribute type 1 has an invalid length. [ 253.369865][T13558] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 254.046882][T13595] netlink: 'syz.1.2221': attribute type 1 has an invalid length. [ 254.743471][T13639] netlink: 'syz.4.2236': attribute type 4 has an invalid length. [ 254.896207][T13648] netlink: 'syz.4.2239': attribute type 32 has an invalid length. [ 254.916907][T13648] __nla_validate_parse: 9 callbacks suppressed [ 254.916940][T13648] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2239'. [ 254.951303][T13648] (unnamed net_device) (uninitialized): option coupled_control: invalid value (27) [ 255.165046][T13678] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2244'. [ 255.248493][T13678] FAULT_INJECTION: forcing a failure. [ 255.248493][T13678] name failslab, interval 1, probability 0, space 0, times 0 [ 255.271932][T13678] CPU: 0 UID: 0 PID: 13678 Comm: syz.4.2244 Not tainted syzkaller #0 PREEMPT(full) [ 255.271963][T13678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 255.271987][T13678] Call Trace: [ 255.271995][T13678] [ 255.272005][T13678] dump_stack_lvl+0x189/0x250 [ 255.272034][T13678] ? __pfx____ratelimit+0x10/0x10 [ 255.272064][T13678] ? __pfx_dump_stack_lvl+0x10/0x10 [ 255.272090][T13678] ? __pfx__printk+0x10/0x10 [ 255.272125][T13678] ? __pfx___might_resched+0x10/0x10 [ 255.272144][T13678] ? fs_reclaim_acquire+0x7d/0x100 [ 255.272189][T13678] should_fail_ex+0x414/0x560 [ 255.272223][T13678] should_failslab+0xa8/0x100 [ 255.272255][T13678] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 255.272283][T13678] ? __alloc_skb+0x112/0x2d0 [ 255.272308][T13678] __alloc_skb+0x112/0x2d0 [ 255.272332][T13678] netlink_ack+0x146/0xa50 [ 255.272364][T13678] ? rcu_is_watching+0x15/0xb0 [ 255.272386][T13678] ? trace_contention_end+0x39/0x120 [ 255.272421][T13678] netlink_rcv_skb+0x28c/0x470 [ 255.272452][T13678] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 255.272481][T13678] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 255.272529][T13678] ? netlink_deliver_tap+0x2e/0x1b0 [ 255.272559][T13678] ? netlink_deliver_tap+0x2e/0x1b0 [ 255.272593][T13678] xfrm_netlink_rcv+0x79/0x90 [ 255.272618][T13678] netlink_unicast+0x82c/0x9e0 [ 255.272657][T13678] ? __pfx_netlink_unicast+0x10/0x10 [ 255.272687][T13678] ? netlink_sendmsg+0x642/0xb30 [ 255.272702][T13678] ? skb_put+0x11b/0x210 [ 255.272726][T13678] netlink_sendmsg+0x805/0xb30 [ 255.272756][T13678] ? __pfx_netlink_sendmsg+0x10/0x10 [ 255.272780][T13678] ? aa_sock_msg_perm+0xf1/0x1d0 [ 255.272803][T13678] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 255.272824][T13678] ? __pfx_netlink_sendmsg+0x10/0x10 [ 255.272845][T13678] __sock_sendmsg+0x21c/0x270 [ 255.272877][T13678] ____sys_sendmsg+0x505/0x830 [ 255.272906][T13678] ? __pfx_____sys_sendmsg+0x10/0x10 [ 255.272939][T13678] ? import_iovec+0x74/0xa0 [ 255.272968][T13678] ___sys_sendmsg+0x21f/0x2a0 [ 255.272994][T13678] ? __pfx____sys_sendmsg+0x10/0x10 [ 255.273058][T13678] ? __fget_files+0x2a/0x420 [ 255.273088][T13678] ? __fget_files+0x3a0/0x420 [ 255.273130][T13678] __x64_sys_sendmsg+0x19b/0x260 [ 255.273157][T13678] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 255.273198][T13678] ? __pfx_ksys_write+0x10/0x10 [ 255.273222][T13678] ? rcu_is_watching+0x15/0xb0 [ 255.273249][T13678] ? do_syscall_64+0xbe/0x3b0 [ 255.273273][T13678] do_syscall_64+0xfa/0x3b0 [ 255.273289][T13678] ? lockdep_hardirqs_on+0x9c/0x150 [ 255.273318][T13678] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.273338][T13678] ? clear_bhb_loop+0x60/0xb0 [ 255.273363][T13678] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.273383][T13678] RIP: 0033:0x7f4c9d18ebe9 [ 255.273402][T13678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 255.273420][T13678] RSP: 002b:00007f4c9b3f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 255.273443][T13678] RAX: ffffffffffffffda RBX: 00007f4c9d3c5fa0 RCX: 00007f4c9d18ebe9 [ 255.273458][T13678] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003 [ 255.273471][T13678] RBP: 00007f4c9b3f6090 R08: 0000000000000000 R09: 0000000000000000 [ 255.273483][T13678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 255.273495][T13678] R13: 00007f4c9d3c6038 R14: 00007f4c9d3c5fa0 R15: 00007ffffbe399e8 [ 255.273529][T13678] [ 255.300180][T13685] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2247'. [ 255.459941][T13689] netlink: 212296 bytes leftover after parsing attributes in process `syz.1.2250'. [ 255.691435][T13693] batadv1: entered allmulticast mode [ 255.735984][T13663] smc: removing ib device syz2 [ 255.861854][T13702] pimreg: left allmulticast mode [ 255.938558][ T7030] wlan0 speed is unknown, defaulting to 1000 [ 256.023471][T13714] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2255'. [ 256.095794][T13714] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2255'. [ 256.124736][T13716] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 256.157277][T13719] netlink: 'syz.2.2257': attribute type 10 has an invalid length. [ 256.226647][T13724] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2259'. [ 256.251400][T13725] netlink: 'syz.2.2257': attribute type 10 has an invalid length. [ 256.447380][T13729] netlink: 'syz.2.2257': attribute type 11 has an invalid length. [ 256.494926][T13719] 8021q: adding VLAN 0 to HW filter on device bond7 [ 256.618329][T13738] FAULT_INJECTION: forcing a failure. [ 256.618329][T13738] name failslab, interval 1, probability 0, space 0, times 0 [ 256.631963][T13725] 8021q: adding VLAN 0 to HW filter on device macvlan0 [ 256.650909][T13725] bond7: (slave macvlan0): Enslaving as a backup interface with a down link [ 256.665431][T13738] CPU: 0 UID: 0 PID: 13738 Comm: syz.3.2262 Not tainted syzkaller #0 PREEMPT(full) [ 256.665463][T13738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 256.665477][T13738] Call Trace: [ 256.665485][T13738] [ 256.665495][T13738] dump_stack_lvl+0x189/0x250 [ 256.665524][T13738] ? __pfx____ratelimit+0x10/0x10 [ 256.665556][T13738] ? __pfx_dump_stack_lvl+0x10/0x10 [ 256.665582][T13738] ? __pfx__printk+0x10/0x10 [ 256.665614][T13738] ? __pfx___might_resched+0x10/0x10 [ 256.665635][T13738] ? fs_reclaim_acquire+0x7d/0x100 [ 256.665692][T13738] should_fail_ex+0x414/0x560 [ 256.665725][T13738] should_failslab+0xa8/0x100 [ 256.665758][T13738] kmem_cache_alloc_noprof+0x73/0x3c0 [ 256.665786][T13738] ? security_file_alloc+0x34/0x330 [ 256.665818][T13738] security_file_alloc+0x34/0x330 [ 256.665847][T13738] init_file+0x93/0x2f0 [ 256.665873][T13738] alloc_empty_file+0x6e/0x1d0 [ 256.665896][T13738] alloc_file_pseudo+0x13d/0x210 [ 256.665923][T13738] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 256.665942][T13738] ? evm_inode_alloc_security+0x40/0xb0 [ 256.665968][T13738] ? security_inode_alloc+0xd5/0x330 [ 256.666002][T13738] sock_alloc_file+0xb8/0x2e0 [ 256.666034][T13738] do_accept+0x34b/0x680 [ 256.666072][T13738] ? __pfx_do_accept+0x10/0x10 [ 256.666137][T13738] __sys_accept4+0x11c/0x1c0 [ 256.666172][T13738] ? __pfx___sys_accept4+0x10/0x10 [ 256.666203][T13738] ? __pfx_ksys_write+0x10/0x10 [ 256.666228][T13738] ? rcu_is_watching+0x15/0xb0 [ 256.666258][T13738] __x64_sys_accept+0x7d/0x90 [ 256.666292][T13738] do_syscall_64+0xfa/0x3b0 [ 256.666310][T13738] ? lockdep_hardirqs_on+0x9c/0x150 [ 256.666350][T13738] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.666370][T13738] ? clear_bhb_loop+0x60/0xb0 [ 256.666395][T13738] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.666414][T13738] RIP: 0033:0x7f2c9738ebe9 [ 256.666436][T13738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 256.666454][T13738] RSP: 002b:00007f2c955f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 256.666475][T13738] RAX: ffffffffffffffda RBX: 00007f2c975c5fa0 RCX: 00007f2c9738ebe9 [ 256.666489][T13738] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 256.666501][T13738] RBP: 00007f2c955f6090 R08: 0000000000000000 R09: 0000000000000000 [ 256.666513][T13738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 256.666525][T13738] R13: 00007f2c975c6038 R14: 00007f2c975c5fa0 R15: 00007ffde8bdf7f8 [ 256.666558][T13738] [ 257.133568][T13747] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2264'. [ 257.409549][T13757] tipc: Enabled bearer , priority 0 [ 257.474345][T13754] syzkaller0: entered promiscuous mode [ 257.483231][T13759] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2268'. [ 257.493018][T13754] syzkaller0: entered allmulticast mode [ 257.529302][T13754] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 257.651985][T13754] tipc: Resetting bearer [ 257.689660][T13753] tipc: Resetting bearer [ 257.767127][T13753] tipc: Disabling bearer [ 258.092814][T13781] syzkaller1: entered promiscuous mode [ 258.122194][T13781] syzkaller1: entered allmulticast mode [ 258.294525][T13793] netlink: zone id is out of range [ 258.318646][T13793] netlink: del zone limit has 4 unknown bytes [ 258.606302][T13809] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2283'. [ 258.626495][T13809] IPv6: NLM_F_CREATE should be specified when creating new route [ 258.729717][T13817] veth0_to_bridge: entered promiscuous mode [ 258.762521][T13815] veth0_to_bridge: left promiscuous mode [ 258.896442][T13823] netlink: 'syz.3.2289': attribute type 9 has an invalid length. [ 258.915765][T13826] sctp: [Deprecated]: syz.2.2288 (pid 13826) Use of int in maxseg socket option. [ 258.915765][T13826] Use struct sctp_assoc_value instead [ 259.118960][T13836] netlink: 'syz.0.2292': attribute type 11 has an invalid length. [ 259.227336][T13846] syzkaller0: entered promiscuous mode [ 259.233569][T13846] syzkaller0: entered allmulticast mode [ 259.964151][T13893] __nla_validate_parse: 5 callbacks suppressed [ 259.964171][T13893] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2306'. [ 260.302390][T13911] netlink: 'syz.4.2312': attribute type 23 has an invalid length. [ 260.515130][T13919] netlink: 'syz.3.2315': attribute type 7 has an invalid length. [ 261.174335][T13954] openvswitch: netlink: IP tunnel TTL not specified. [ 261.193101][T13957] bridge0: port 3(batadv1) entered blocking state [ 261.218071][T13957] bridge0: port 3(batadv1) entered disabled state [ 261.230827][T13957] batadv1: entered allmulticast mode [ 261.244301][T13957] batadv1: entered promiscuous mode [ 261.590989][T13985] (unnamed net_device) (uninitialized): ARP target 1.0.0.0 is already present [ 261.624106][T13985] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (1) [ 261.702211][T13655] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 261.703917][T13991] netlink: 'syz.3.2337': attribute type 1 has an invalid length. [ 261.712020][T13655] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 261.813834][T13997] bond7: (slave vxcan3): The slave device specified does not support setting the MAC address [ 261.832374][T13997] bond7: (slave vxcan3): Error -95 calling set_mac_address [ 261.915077][T13991] gretap0: entered promiscuous mode [ 261.944952][T13991] bond7: (slave gretap0): making interface the new active one [ 261.956970][T13991] bond7: (slave gretap0): Enslaving as an active interface with an up link [ 261.987176][T14003] macvlan2: entered promiscuous mode [ 261.993215][T14003] macvlan2: entered allmulticast mode [ 262.104037][T14012] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2341'. [ 262.132092][T14012] netlink: 348 bytes leftover after parsing attributes in process `syz.3.2341'. [ 262.265017][T14017] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2342'. [ 262.708134][T14044] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2348'. [ 262.736923][T14044] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2348'. [ 262.794429][T14046] netlink: 'syz.0.2349': attribute type 10 has an invalid length. [ 262.801781][T14049] netlink: 'syz.4.2350': attribute type 24 has an invalid length. [ 262.837879][T14046] veth0_vlan: entered allmulticast mode [ 263.125132][T14066] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2355'. [ 263.137370][T14065] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2356'. [ 263.187204][T14072] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2355'. [ 263.530234][T14090] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2362'. [ 263.552906][T14090] openvswitch: netlink: nsh attr 8196 is out of range max 3 [ 263.572458][T14090] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 263.955476][T14107] tipc: Enabled bearer , priority 0 [ 263.979723][T14107] syzkaller0: entered promiscuous mode [ 263.985371][T14107] syzkaller0: entered allmulticast mode [ 264.005046][T14107] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 264.062353][T14107] tipc: Resetting bearer [ 264.090141][T14106] tipc: Resetting bearer [ 264.162864][T14106] tipc: Disabling bearer [ 264.216120][T14120] tipc: Enabled bearer , priority 10 [ 264.764352][T14155] netlink: 'syz.0.2381': attribute type 1 has an invalid length. [ 264.930426][T14160] lo speed is unknown, defaulting to 1000 [ 264.951619][T14160] hsr0 speed is unknown, defaulting to 1000 [ 265.065929][T14172] tipc: Enabled bearer , priority 0 [ 265.081331][T14172] syzkaller0: entered promiscuous mode [ 265.097128][T14172] syzkaller0: entered allmulticast mode [ 265.122913][T14172] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 265.196254][T14172] FAULT_INJECTION: forcing a failure. [ 265.196254][T14172] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 265.233323][T14172] CPU: 1 UID: 0 PID: 14172 Comm: syz.1.2386 Not tainted syzkaller #0 PREEMPT(full) [ 265.233353][T14172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 265.233366][T14172] Call Trace: [ 265.233375][T14172] [ 265.233384][T14172] dump_stack_lvl+0x189/0x250 [ 265.233414][T14172] ? __pfx____ratelimit+0x10/0x10 [ 265.233445][T14172] ? __pfx_dump_stack_lvl+0x10/0x10 [ 265.233468][T14172] ? __pfx__printk+0x10/0x10 [ 265.233497][T14172] ? __might_fault+0xb0/0x130 [ 265.233544][T14172] should_fail_ex+0x414/0x560 [ 265.233576][T14172] _copy_from_user+0x2d/0xb0 [ 265.233603][T14172] sock_do_ioctl+0x182/0x300 [ 265.233633][T14172] ? __pfx_sock_do_ioctl+0x10/0x10 [ 265.233657][T14172] ? __lock_acquire+0xab9/0xd20 [ 265.233704][T14172] sock_ioctl+0x576/0x790 [ 265.233733][T14172] ? __pfx_sock_ioctl+0x10/0x10 [ 265.233760][T14172] ? __fget_files+0x2a/0x420 [ 265.233790][T14172] ? __fget_files+0x3a0/0x420 [ 265.233818][T14172] ? __fget_files+0x2a/0x420 [ 265.233852][T14172] ? bpf_lsm_file_ioctl+0x9/0x20 [ 265.233878][T14172] ? __pfx_sock_ioctl+0x10/0x10 [ 265.233904][T14172] __se_sys_ioctl+0xf9/0x170 [ 265.233930][T14172] do_syscall_64+0xfa/0x3b0 [ 265.233947][T14172] ? lockdep_hardirqs_on+0x9c/0x150 [ 265.233976][T14172] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.233997][T14172] ? clear_bhb_loop+0x60/0xb0 [ 265.234021][T14172] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.234041][T14172] RIP: 0033:0x7f6802f8ebe9 [ 265.234060][T14172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.234078][T14172] RSP: 002b:00007f6803e06038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 265.234100][T14172] RAX: ffffffffffffffda RBX: 00007f68031c5fa0 RCX: 00007f6802f8ebe9 [ 265.234115][T14172] RDX: 0000200000002280 RSI: 0000000000008922 RDI: 0000000000000005 [ 265.234128][T14172] RBP: 00007f6803e06090 R08: 0000000000000000 R09: 0000000000000000 [ 265.234141][T14172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 265.234152][T14172] R13: 00007f68031c6038 R14: 00007f68031c5fa0 R15: 00007ffc905ce898 [ 265.234183][T14172] [ 265.468565][T14170] tipc: Resetting bearer [ 265.474836][ T7040] tipc: Node number set to 421802978 [ 265.579338][T14170] tipc: Disabling bearer [ 265.633234][T14185] tipc: Enabled bearer , priority 0 [ 265.676075][T14185] syzkaller0: entered promiscuous mode [ 265.701571][T14185] syzkaller0: entered allmulticast mode [ 265.720881][T14185] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 265.782354][T14184] tipc: Resetting bearer [ 265.799095][T14160] netlink: 'syz.4.2382': attribute type 13 has an invalid length. [ 265.806971][T14160] netlink: 'syz.4.2382': attribute type 17 has an invalid length. [ 265.916459][T14184] tipc: Disabling bearer [ 265.947224][T14160] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 266.001278][T14202] __nla_validate_parse: 1 callbacks suppressed [ 266.001297][T14202] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2398'. [ 266.104975][T14202] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2398'. [ 266.283940][T14215] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2399'. [ 266.364461][T14221] tipc: Enabled bearer , priority 0 [ 266.388735][T14221] syzkaller0: entered promiscuous mode [ 266.394268][T14221] syzkaller0: entered allmulticast mode [ 266.437307][T14221] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 266.473889][T14221] FAULT_INJECTION: forcing a failure. [ 266.473889][T14221] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 266.504239][T14221] CPU: 0 UID: 0 PID: 14221 Comm: syz.3.2403 Not tainted syzkaller #0 PREEMPT(full) [ 266.504278][T14221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 266.504291][T14221] Call Trace: [ 266.504300][T14221] [ 266.504309][T14221] dump_stack_lvl+0x189/0x250 [ 266.504339][T14221] ? __pfx____ratelimit+0x10/0x10 [ 266.504369][T14221] ? __pfx_dump_stack_lvl+0x10/0x10 [ 266.504394][T14221] ? __pfx__printk+0x10/0x10 [ 266.504423][T14221] ? __might_fault+0xb0/0x130 [ 266.504464][T14221] should_fail_ex+0x414/0x560 [ 266.504497][T14221] _copy_from_user+0x2d/0xb0 [ 266.504521][T14221] sock_do_ioctl+0x182/0x300 [ 266.504551][T14221] ? __pfx_sock_do_ioctl+0x10/0x10 [ 266.504575][T14221] ? __lock_acquire+0xab9/0xd20 [ 266.504623][T14221] sock_ioctl+0x576/0x790 [ 266.504652][T14221] ? __pfx_sock_ioctl+0x10/0x10 [ 266.504679][T14221] ? __fget_files+0x2a/0x420 [ 266.504708][T14221] ? __fget_files+0x3a0/0x420 [ 266.504737][T14221] ? __fget_files+0x2a/0x420 [ 266.504771][T14221] ? bpf_lsm_file_ioctl+0x9/0x20 [ 266.504797][T14221] ? __pfx_sock_ioctl+0x10/0x10 [ 266.504822][T14221] __se_sys_ioctl+0xf9/0x170 [ 266.504850][T14221] do_syscall_64+0xfa/0x3b0 [ 266.504868][T14221] ? lockdep_hardirqs_on+0x9c/0x150 [ 266.504896][T14221] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.504916][T14221] ? clear_bhb_loop+0x60/0xb0 [ 266.504941][T14221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.504961][T14221] RIP: 0033:0x7f2c9738ebe9 [ 266.504980][T14221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 266.504998][T14221] RSP: 002b:00007f2c955f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 266.505020][T14221] RAX: ffffffffffffffda RBX: 00007f2c975c5fa0 RCX: 00007f2c9738ebe9 [ 266.505035][T14221] RDX: 0000200000002280 RSI: 0000000000008922 RDI: 0000000000000005 [ 266.505048][T14221] RBP: 00007f2c955f6090 R08: 0000000000000000 R09: 0000000000000000 [ 266.505060][T14221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 266.505072][T14221] R13: 00007f2c975c6038 R14: 00007f2c975c5fa0 R15: 00007ffde8bdf7f8 [ 266.505105][T14221] [ 266.850266][T14220] tipc: Resetting bearer [ 266.910242][T14220] tipc: Disabling bearer [ 267.030712][T14231] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2406'. [ 267.352575][T14244] bond0: (slave syz_tun): Releasing backup interface [ 267.375459][T14248] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate. [ 267.706994][T14263] tipc: Enabled bearer , priority 0 [ 267.723156][T14263] syzkaller0: entered promiscuous mode [ 267.730566][T14263] syzkaller0: entered allmulticast mode [ 267.773249][T14263] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 267.828362][T14263] tipc: Resetting bearer [ 267.884519][T14262] tipc: Resetting bearer [ 267.886010][T14274] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2423'. [ 267.900500][T14272] netlink: 144 bytes leftover after parsing attributes in process `syz.4.2422'. [ 267.937312][T14262] tipc: Disabling bearer [ 268.167096][T14288] netlink: 11 bytes leftover after parsing attributes in process `syz.0.2428'. [ 268.186505][T14288] netlink: 11 bytes leftover after parsing attributes in process `syz.0.2428'. [ 268.291819][T14299] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2430'. [ 268.354419][T14300] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2430'. [ 268.657507][T14314] sch_tbf: peakrate 7 is lower than or equals to rate 2147483647 ! [ 268.689038][T14313] netlink: 'syz.3.2436': attribute type 13 has an invalid length. [ 268.790910][T14325] tipc: Enabled bearer , priority 0 [ 268.816151][T14320] syzkaller0: entered promiscuous mode [ 268.823679][T14320] syzkaller0: entered allmulticast mode [ 268.848152][T14320] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 268.917503][T14320] tipc: Resetting bearer [ 268.946695][T14319] tipc: Resetting bearer [ 268.997080][T14319] tipc: Disabling bearer [ 269.346029][T14353] bond8 (unregistering): Released all slaves [ 269.495433][T14356] ip6tnl5: entered promiscuous mode [ 269.502244][T14356] ip6tnl5: entered allmulticast mode [ 269.564442][T14362] netlink: 'syz.4.2448': attribute type 29 has an invalid length. [ 269.586190][T14365] netlink: 'syz.4.2448': attribute type 29 has an invalid length. [ 269.654375][T14370] tipc: Enabled bearer , priority 0 [ 269.743676][T14373] tipc: Disabling bearer [ 269.879529][T14384] tipc: Enabled bearer , priority 0 [ 269.888932][T14384] syzkaller0: entered promiscuous mode [ 269.894739][T14384] syzkaller0: entered allmulticast mode [ 269.905098][T14384] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 269.937495][T14384] FAULT_INJECTION: forcing a failure. [ 269.937495][T14384] name failslab, interval 1, probability 0, space 0, times 0 [ 269.950464][T14384] CPU: 1 UID: 0 PID: 14384 Comm: syz.0.2453 Not tainted syzkaller #0 PREEMPT(full) [ 269.950493][T14384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 269.950505][T14384] Call Trace: [ 269.950514][T14384] [ 269.950523][T14384] dump_stack_lvl+0x189/0x250 [ 269.950553][T14384] ? __pfx____ratelimit+0x10/0x10 [ 269.950584][T14384] ? __pfx_dump_stack_lvl+0x10/0x10 [ 269.950609][T14384] ? __pfx__printk+0x10/0x10 [ 269.950655][T14384] should_fail_ex+0x414/0x560 [ 269.950688][T14384] should_failslab+0xa8/0x100 [ 269.950720][T14384] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 269.950748][T14384] ? __alloc_skb+0x112/0x2d0 [ 269.950773][T14384] __alloc_skb+0x112/0x2d0 [ 269.950796][T14384] ? inet6_rt_notify+0xaf/0x470 [ 269.950823][T14384] inet6_rt_notify+0x170/0x470 [ 269.950862][T14384] fib6_del+0x1094/0x1550 [ 269.950908][T14384] ? __pfx_fib6_del+0x10/0x10 [ 269.950929][T14384] ? is_bpf_text_address+0x26/0x2b0 [ 269.950957][T14384] ? kernel_text_address+0xa5/0xe0 [ 269.950992][T14384] fib6_clean_node+0x29f/0x590 [ 269.951017][T14384] ? __pfx_fib6_clean_node+0x10/0x10 [ 269.951036][T14384] ? __lock_acquire+0xab9/0xd20 [ 269.951067][T14384] ? __local_bh_enable_ip+0x12d/0x1c0 [ 269.951088][T14384] fib6_walk_continue+0x67b/0x910 [ 269.951122][T14384] fib6_walk+0x149/0x290 [ 269.951146][T14384] __fib6_clean_all+0x234/0x380 [ 269.951166][T14384] ? __fib6_clean_all+0x9b/0x380 [ 269.951187][T14384] ? __pfx_fib6_ifdown+0x10/0x10 [ 269.951209][T14384] ? __pfx___fib6_clean_all+0x10/0x10 [ 269.951242][T14384] ? __pfx_fib6_clean_node+0x10/0x10 [ 269.951263][T14384] ? __pfx_fib6_ifdown+0x10/0x10 [ 269.951292][T14384] ? __mutex_trylock_common+0x153/0x260 [ 269.951314][T14384] rt6_disable_ip+0x120/0x720 [ 269.951340][T14384] ? rcu_is_watching+0x15/0xb0 [ 269.951356][T14384] ? trace_contention_end+0x39/0x120 [ 269.951374][T14384] ? __pfx_rt6_disable_ip+0x10/0x10 [ 269.951406][T14384] addrconf_ifdown+0x15d/0x1880 [ 269.951426][T14384] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 269.951458][T14384] ? tls_dev_event+0x717/0xec0 [ 269.951474][T14384] ? __pfx_addrconf_ifdown+0x10/0x10 [ 269.951506][T14384] addrconf_notify+0x1bc/0x1010 [ 269.951533][T14384] notifier_call_chain+0x1b6/0x3e0 [ 269.951565][T14384] netif_set_mtu_ext+0x594/0x7d0 [ 269.951590][T14384] ? __pfx_netif_set_mtu_ext+0x10/0x10 [ 269.951605][T14384] ? __mutex_trylock_common+0x153/0x260 [ 269.951625][T14384] ? __pfx___mutex_trylock_common+0x10/0x10 [ 269.951647][T14384] ? rcu_is_watching+0x15/0xb0 [ 269.951664][T14384] ? trace_contention_end+0x39/0x120 [ 269.951688][T14384] netif_set_mtu+0xa4/0x150 [ 269.951704][T14384] ? __pfx_netif_set_mtu+0x10/0x10 [ 269.951719][T14384] ? __lock_acquire+0xab9/0xd20 [ 269.951754][T14384] ? netdev_name_node_lookup+0xdf/0x120 [ 269.951783][T14384] dev_set_mtu+0x126/0x260 [ 269.951803][T14384] dev_ioctl+0x7b4/0x1150 [ 269.951831][T14384] sock_do_ioctl+0x22c/0x300 [ 269.951856][T14384] ? __pfx_sock_do_ioctl+0x10/0x10 [ 269.951875][T14384] ? __lock_acquire+0xab9/0xd20 [ 269.951913][T14384] sock_ioctl+0x576/0x790 [ 269.951936][T14384] ? __pfx_sock_ioctl+0x10/0x10 [ 269.951957][T14384] ? __fget_files+0x2a/0x420 [ 269.951983][T14384] ? __fget_files+0x3a0/0x420 [ 269.952006][T14384] ? __fget_files+0x2a/0x420 [ 269.952034][T14384] ? bpf_lsm_file_ioctl+0x9/0x20 [ 269.952055][T14384] ? __pfx_sock_ioctl+0x10/0x10 [ 269.952075][T14384] __se_sys_ioctl+0xf9/0x170 [ 269.952098][T14384] do_syscall_64+0xfa/0x3b0 [ 269.952112][T14384] ? lockdep_hardirqs_on+0x9c/0x150 [ 269.952135][T14384] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.952152][T14384] ? clear_bhb_loop+0x60/0xb0 [ 269.952172][T14384] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.952188][T14384] RIP: 0033:0x7fe84058ebe9 [ 269.952204][T14384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 269.952224][T14384] RSP: 002b:00007fe8413a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 269.952241][T14384] RAX: ffffffffffffffda RBX: 00007fe8407c5fa0 RCX: 00007fe84058ebe9 [ 269.952254][T14384] RDX: 0000200000002280 RSI: 0000000000008922 RDI: 0000000000000005 [ 269.952264][T14384] RBP: 00007fe8413a7090 R08: 0000000000000000 R09: 0000000000000000 [ 269.952274][T14384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 269.952284][T14384] R13: 00007fe8407c6038 R14: 00007fe8407c5fa0 R15: 00007ffebbf24408 [ 269.952312][T14384] [ 269.970708][T14384] tipc: Resetting bearer [ 270.058715][T14385] nbd0: detected capacity change from 0 to 127 [ 270.416847][T14382] tipc: Resetting bearer [ 270.473320][T14382] tipc: Disabling bearer [ 270.515017][ T5876] block nbd0: Receive control failed (result -32) [ 270.782051][T14421] netlink: 'syz.0.2462': attribute type 1 has an invalid length. [ 270.857423][T14421] 8021q: adding VLAN 0 to HW filter on device bond4 [ 270.892501][T14430] syzkaller1: left promiscuous mode [ 271.040690][T14439] netlink: 'syz.1.2468': attribute type 5 has an invalid length. [ 271.119161][T14444] nbd: must specify an index to disconnect [ 271.168729][T14447] __nla_validate_parse: 7 callbacks suppressed [ 271.168749][T14447] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2471'. [ 271.211199][T14447] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2471'. [ 271.418134][T14455] policy can only be matched on NF_INET_PRE_ROUTING [ 271.418156][T14455] unable to load match [ 271.458514][T14457] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2474'. [ 272.351236][T14521] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2493'. [ 272.469592][T14527] netlink: 232 bytes leftover after parsing attributes in process `syz.2.2493'. [ 272.580473][T14531] tipc: Enabled bearer , priority 0 [ 272.602912][T14531] syzkaller0: entered promiscuous mode [ 272.642937][T14531] syzkaller0: entered allmulticast mode [ 272.670939][T14531] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 272.683974][T14538] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 272.720284][T14531] FAULT_INJECTION: forcing a failure. [ 272.720284][T14531] name failslab, interval 1, probability 0, space 0, times 0 [ 272.733054][T14531] CPU: 1 UID: 0 PID: 14531 Comm: syz.1.2495 Not tainted syzkaller #0 PREEMPT(full) [ 272.733082][T14531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 272.733096][T14531] Call Trace: [ 272.733105][T14531] [ 272.733114][T14531] dump_stack_lvl+0x189/0x250 [ 272.733144][T14531] ? __pfx____ratelimit+0x10/0x10 [ 272.733176][T14531] ? __pfx_dump_stack_lvl+0x10/0x10 [ 272.733200][T14531] ? __pfx__printk+0x10/0x10 [ 272.733246][T14531] should_fail_ex+0x414/0x560 [ 272.733280][T14531] should_failslab+0xa8/0x100 [ 272.733313][T14531] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 272.733343][T14531] ? __alloc_skb+0x112/0x2d0 [ 272.733367][T14531] __alloc_skb+0x112/0x2d0 [ 272.733391][T14531] ? inet6_rt_notify+0xaf/0x470 [ 272.733416][T14531] inet6_rt_notify+0x170/0x470 [ 272.733446][T14531] ? atomic_notifier_call_chain+0x16e/0x180 [ 272.733475][T14531] fib6_del+0x1094/0x1550 [ 272.733503][T14531] ? fib6_del+0x671/0x1550 [ 272.733548][T14531] ? __pfx_fib6_del+0x10/0x10 [ 272.733573][T14531] ? is_bpf_text_address+0x26/0x2b0 [ 272.733624][T14531] fib6_clean_node+0x29f/0x590 [ 272.733656][T14531] ? __pfx_fib6_clean_node+0x10/0x10 [ 272.733679][T14531] ? __lock_acquire+0xab9/0xd20 [ 272.733718][T14531] ? __local_bh_enable_ip+0x12d/0x1c0 [ 272.733746][T14531] fib6_walk_continue+0x67b/0x910 [ 272.733789][T14531] fib6_walk+0x149/0x290 [ 272.733818][T14531] __fib6_clean_all+0x234/0x380 [ 272.733843][T14531] ? __fib6_clean_all+0x9b/0x380 [ 272.733870][T14531] ? __pfx_fib6_ifdown+0x10/0x10 [ 272.733898][T14531] ? __pfx___fib6_clean_all+0x10/0x10 [ 272.733939][T14531] ? __pfx_fib6_clean_node+0x10/0x10 [ 272.733965][T14531] ? __pfx_fib6_ifdown+0x10/0x10 [ 272.734002][T14531] ? __mutex_trylock_common+0x153/0x260 [ 272.734030][T14531] rt6_disable_ip+0x120/0x720 [ 272.734062][T14531] ? rcu_is_watching+0x15/0xb0 [ 272.734083][T14531] ? trace_contention_end+0x39/0x120 [ 272.734105][T14531] ? __pfx_rt6_disable_ip+0x10/0x10 [ 272.734147][T14531] addrconf_ifdown+0x15d/0x1880 [ 272.734172][T14531] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 272.734214][T14531] ? tls_dev_event+0x717/0xec0 [ 272.734234][T14531] ? __pfx_addrconf_ifdown+0x10/0x10 [ 272.734275][T14531] addrconf_notify+0x1bc/0x1010 [ 272.734310][T14531] notifier_call_chain+0x1b6/0x3e0 [ 272.734341][T14531] netif_set_mtu_ext+0x594/0x7d0 [ 272.734371][T14531] ? __pfx_netif_set_mtu_ext+0x10/0x10 [ 272.734389][T14531] ? __mutex_trylock_common+0x153/0x260 [ 272.734415][T14531] ? __pfx___mutex_trylock_common+0x10/0x10 [ 272.734443][T14531] ? rcu_is_watching+0x15/0xb0 [ 272.734463][T14531] ? trace_contention_end+0x39/0x120 [ 272.734493][T14531] netif_set_mtu+0xa4/0x150 [ 272.734513][T14531] ? __pfx_netif_set_mtu+0x10/0x10 [ 272.734532][T14531] ? __lock_acquire+0xab9/0xd20 [ 272.734576][T14531] ? netdev_name_node_lookup+0xdf/0x120 [ 272.734611][T14531] dev_set_mtu+0x126/0x260 [ 272.734637][T14531] dev_ioctl+0x7b4/0x1150 [ 272.734673][T14531] sock_do_ioctl+0x22c/0x300 [ 272.734704][T14531] ? __pfx_sock_do_ioctl+0x10/0x10 [ 272.734729][T14531] ? __lock_acquire+0xab9/0xd20 [ 272.734778][T14531] sock_ioctl+0x576/0x790 [ 272.734807][T14531] ? __pfx_sock_ioctl+0x10/0x10 [ 272.734833][T14531] ? __fget_files+0x2a/0x420 [ 272.734863][T14531] ? __fget_files+0x3a0/0x420 [ 272.734893][T14531] ? __fget_files+0x2a/0x420 [ 272.734934][T14531] ? bpf_lsm_file_ioctl+0x9/0x20 [ 272.734961][T14531] ? __pfx_sock_ioctl+0x10/0x10 [ 272.734986][T14531] __se_sys_ioctl+0xf9/0x170 [ 272.735015][T14531] do_syscall_64+0xfa/0x3b0 [ 272.735032][T14531] ? lockdep_hardirqs_on+0x9c/0x150 [ 272.735062][T14531] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.735083][T14531] ? clear_bhb_loop+0x60/0xb0 [ 272.735108][T14531] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.735128][T14531] RIP: 0033:0x7f6802f8ebe9 [ 272.735147][T14531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 272.735165][T14531] RSP: 002b:00007f6803e06038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 272.735186][T14531] RAX: ffffffffffffffda RBX: 00007f68031c5fa0 RCX: 00007f6802f8ebe9 [ 272.735201][T14531] RDX: 0000200000002280 RSI: 0000000000008922 RDI: 0000000000000005 [ 272.735214][T14531] RBP: 00007f6803e06090 R08: 0000000000000000 R09: 0000000000000000 [ 272.735226][T14531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 272.735238][T14531] R13: 00007f68031c6038 R14: 00007f68031c5fa0 R15: 00007ffc905ce898 [ 272.735273][T14531] [ 272.740535][T14531] tipc: Resetting bearer [ 273.199552][T14530] tipc: Resetting bearer [ 273.251391][T14530] tipc: Disabling bearer [ 273.293114][T14551] tipc: Enabled bearer , priority 0 [ 273.303634][T14551] syzkaller0: entered promiscuous mode [ 273.313976][T14551] syzkaller0: entered allmulticast mode [ 273.333672][T14551] tipc: Resetting bearer [ 273.388176][T14550] tipc: Resetting bearer [ 273.428551][T14550] tipc: Disabling bearer [ 273.464459][T14569] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2505'. [ 273.481781][T14568] netlink: 'syz.4.2505': attribute type 1 has an invalid length. [ 273.596293][T14576] syzkaller1: left allmulticast mode [ 273.621273][T14576] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2508'. [ 273.631256][T14574] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.2507'. [ 273.664514][T14576] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2508'. [ 273.849379][T14593] netlink: 256 bytes leftover after parsing attributes in process `syz.3.2513'. [ 273.958294][T14597] tipc: Enabled bearer , priority 0 [ 273.979663][T14597] syzkaller0: entered promiscuous mode [ 274.018270][T14597] syzkaller0: entered allmulticast mode [ 274.069735][T14597] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 274.167123][T14597] FAULT_INJECTION: forcing a failure. [ 274.167123][T14597] name failslab, interval 1, probability 0, space 0, times 0 [ 274.179849][T14597] CPU: 0 UID: 0 PID: 14597 Comm: syz.1.2514 Not tainted syzkaller #0 PREEMPT(full) [ 274.179877][T14597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 274.179891][T14597] Call Trace: [ 274.179899][T14597] [ 274.179907][T14597] dump_stack_lvl+0x189/0x250 [ 274.179939][T14597] ? __pfx____ratelimit+0x10/0x10 [ 274.179976][T14597] ? __pfx_dump_stack_lvl+0x10/0x10 [ 274.180002][T14597] ? __pfx__printk+0x10/0x10 [ 274.180047][T14597] should_fail_ex+0x414/0x560 [ 274.180080][T14597] should_failslab+0xa8/0x100 [ 274.180111][T14597] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 274.180141][T14597] ? __alloc_skb+0x112/0x2d0 [ 274.180165][T14597] __alloc_skb+0x112/0x2d0 [ 274.180189][T14597] ? inet6_rt_notify+0xaf/0x470 [ 274.180215][T14597] inet6_rt_notify+0x170/0x470 [ 274.180245][T14597] ? atomic_notifier_call_chain+0x16e/0x180 [ 274.180275][T14597] fib6_del+0x1094/0x1550 [ 274.180303][T14597] ? fib6_del+0x671/0x1550 [ 274.180348][T14597] ? __pfx_fib6_del+0x10/0x10 [ 274.180373][T14597] ? is_bpf_text_address+0x26/0x2b0 [ 274.180424][T14597] fib6_clean_node+0x29f/0x590 [ 274.180455][T14597] ? __pfx_fib6_clean_node+0x10/0x10 [ 274.180479][T14597] ? __lock_acquire+0xab9/0xd20 [ 274.180517][T14597] ? __local_bh_enable_ip+0x12d/0x1c0 [ 274.180543][T14597] fib6_walk_continue+0x67b/0x910 [ 274.180585][T14597] fib6_walk+0x149/0x290 [ 274.180615][T14597] __fib6_clean_all+0x234/0x380 [ 274.180640][T14597] ? __fib6_clean_all+0x9b/0x380 [ 274.180667][T14597] ? __pfx_fib6_ifdown+0x10/0x10 [ 274.180693][T14597] ? __pfx___fib6_clean_all+0x10/0x10 [ 274.180724][T14597] ? __pfx_fib6_clean_node+0x10/0x10 [ 274.180751][T14597] ? __pfx_fib6_ifdown+0x10/0x10 [ 274.180788][T14597] ? __mutex_trylock_common+0x153/0x260 [ 274.180815][T14597] rt6_disable_ip+0x120/0x720 [ 274.180848][T14597] ? rcu_is_watching+0x15/0xb0 [ 274.180870][T14597] ? trace_contention_end+0x39/0x120 [ 274.180892][T14597] ? __pfx_rt6_disable_ip+0x10/0x10 [ 274.180932][T14597] addrconf_ifdown+0x15d/0x1880 [ 274.180957][T14597] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 274.181004][T14597] ? tls_dev_event+0x717/0xec0 [ 274.181024][T14597] ? __pfx_addrconf_ifdown+0x10/0x10 [ 274.181066][T14597] addrconf_notify+0x1bc/0x1010 [ 274.181100][T14597] notifier_call_chain+0x1b6/0x3e0 [ 274.181132][T14597] netif_set_mtu_ext+0x594/0x7d0 [ 274.181162][T14597] ? __pfx_netif_set_mtu_ext+0x10/0x10 [ 274.181181][T14597] ? __mutex_trylock_common+0x153/0x260 [ 274.181207][T14597] ? __pfx___mutex_trylock_common+0x10/0x10 [ 274.181235][T14597] ? rcu_is_watching+0x15/0xb0 [ 274.181255][T14597] ? trace_contention_end+0x39/0x120 [ 274.181285][T14597] netif_set_mtu+0xa4/0x150 [ 274.181306][T14597] ? __pfx_netif_set_mtu+0x10/0x10 [ 274.181324][T14597] ? __lock_acquire+0xab9/0xd20 [ 274.181369][T14597] ? netdev_name_node_lookup+0xdf/0x120 [ 274.181405][T14597] dev_set_mtu+0x126/0x260 [ 274.181431][T14597] dev_ioctl+0x7b4/0x1150 [ 274.181467][T14597] sock_do_ioctl+0x22c/0x300 [ 274.181498][T14597] ? __pfx_sock_do_ioctl+0x10/0x10 [ 274.181521][T14597] ? __lock_acquire+0xab9/0xd20 [ 274.181570][T14597] sock_ioctl+0x576/0x790 [ 274.181598][T14597] ? __pfx_sock_ioctl+0x10/0x10 [ 274.181624][T14597] ? __fget_files+0x2a/0x420 [ 274.181654][T14597] ? __fget_files+0x3a0/0x420 [ 274.181683][T14597] ? __fget_files+0x2a/0x420 [ 274.181716][T14597] ? bpf_lsm_file_ioctl+0x9/0x20 [ 274.181742][T14597] ? __pfx_sock_ioctl+0x10/0x10 [ 274.181767][T14597] __se_sys_ioctl+0xf9/0x170 [ 274.181795][T14597] do_syscall_64+0xfa/0x3b0 [ 274.181812][T14597] ? lockdep_hardirqs_on+0x9c/0x150 [ 274.181840][T14597] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.181861][T14597] ? clear_bhb_loop+0x60/0xb0 [ 274.181886][T14597] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.181906][T14597] RIP: 0033:0x7f6802f8ebe9 [ 274.181925][T14597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 274.181943][T14597] RSP: 002b:00007f6803e06038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 274.181975][T14597] RAX: ffffffffffffffda RBX: 00007f68031c5fa0 RCX: 00007f6802f8ebe9 [ 274.181990][T14597] RDX: 0000200000002280 RSI: 0000000000008922 RDI: 0000000000000005 [ 274.182003][T14597] RBP: 00007f6803e06090 R08: 0000000000000000 R09: 0000000000000000 [ 274.182015][T14597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 274.182027][T14597] R13: 00007f68031c6038 R14: 00007f68031c5fa0 R15: 00007ffc905ce898 [ 274.182063][T14597] [ 274.624681][T14597] tipc: Resetting bearer [ 274.655249][T14609] tipc: Enabled bearer , priority 0 [ 274.677160][T14614] syzkaller0: entered promiscuous mode [ 274.686717][T14614] syzkaller0: entered allmulticast mode [ 274.697191][T14596] tipc: Resetting bearer [ 274.725629][T14596] tipc: Disabling bearer [ 274.801701][T14609] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 274.831815][T14616] syzkaller0: mtu greater than device maximum [ 274.933794][T14608] tipc: Resetting bearer [ 275.002317][T14608] tipc: Disabling bearer [ 275.384623][T14653] netlink: 'syz.4.2528': attribute type 1 has an invalid length. [ 275.522338][T14661] netlink: 'syz.2.2531': attribute type 10 has an invalid length. [ 275.558195][T14661] team0: Device 0! failed to register rx_handler [ 275.596839][T14666] netlink: 'syz.2.2531': attribute type 1 has an invalid length. [ 275.632665][T14666] netlink: 'syz.2.2531': attribute type 4 has an invalid length. [ 275.695157][T14673] tipc: Enabled bearer , priority 0 [ 275.721829][T14673] syzkaller0: entered promiscuous mode [ 275.737915][T14673] syzkaller0: entered allmulticast mode [ 275.755515][T14673] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 275.809722][T14673] syzkaller0: mtu greater than device maximum [ 275.838633][T14671] tipc: Resetting bearer [ 276.044244][T14671] tipc: Disabling bearer [ 276.074836][T14688] netlink: 'syz.2.2540': attribute type 1 has an invalid length. [ 276.310455][T14701] __nla_validate_parse: 9 callbacks suppressed [ 276.310477][T14701] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2545'. [ 276.514951][T14714] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2547'. [ 276.524588][T14714] netlink: 'syz.4.2547': attribute type 7 has an invalid length. [ 276.536882][T14714] netlink: 'syz.4.2547': attribute type 8 has an invalid length. [ 276.562679][T14714] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2547'. [ 276.665434][T14719] netlink: 'syz.0.2553': attribute type 10 has an invalid length. [ 276.674184][T14719] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 276.697442][T14722] netlink: 'syz.4.2552': attribute type 11 has an invalid length. [ 276.827321][T14725] tipc: Enabled bearer , priority 0 [ 276.837376][T14725] syzkaller0: entered promiscuous mode [ 276.843394][T14725] syzkaller0: entered allmulticast mode [ 276.864473][T14725] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 276.883544][T14727] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2554'. [ 276.893507][T14727] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2554'. [ 276.903119][T14725] syzkaller0: mtu greater than device maximum [ 276.919360][T14724] tipc: Resetting bearer [ 276.963662][T14724] tipc: Disabling bearer [ 277.226875][T14743] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2560'. [ 277.236648][T14745] syzkaller0: entered promiscuous mode [ 277.247218][T14745] syzkaller0: entered allmulticast mode [ 277.537208][T14756] IPVS: set_ctl: invalid protocol: 59 172.20.20.40:20000 [ 277.741928][T14766] tipc: Enabled bearer , priority 0 [ 277.749006][T14765] netlink: 'syz.4.2568': attribute type 2 has an invalid length. [ 277.756762][T14765] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2568'. [ 277.768558][T14766] syzkaller0: entered promiscuous mode [ 277.774073][T14766] syzkaller0: entered allmulticast mode [ 277.788420][T14765] nbd: must specify at least one socket [ 277.811588][T14766] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 277.824342][T14773] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2571'. [ 277.838065][T14773] netlink: 'syz.0.2571': attribute type 7 has an invalid length. [ 277.849787][T14773] netlink: 'syz.0.2571': attribute type 8 has an invalid length. [ 277.869906][T14773] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2571'. [ 277.899343][T14773] 0ªî{X¹¦: entered promiscuous mode [ 277.907541][T14773] batadv_slave_1: entered promiscuous mode [ 277.929158][T14773] 0ªî{X¹¦: left promiscuous mode [ 277.935229][T14773] batadv_slave_1: left promiscuous mode [ 277.969338][T14766] syzkaller0: mtu less than device minimum [ 277.978556][T14782] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2572'. [ 277.997373][T14762] tipc: Resetting bearer [ 278.064962][T14762] tipc: Disabling bearer [ 278.147313][T14786] tipc: Enabled bearer , priority 0 [ 278.210602][T14792] syzkaller0: entered promiscuous mode [ 278.216132][T14792] syzkaller0: entered allmulticast mode [ 278.244439][T14796] netlink: 'syz.1.2577': attribute type 21 has an invalid length. [ 278.262248][T14786] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 278.300766][T14796] netlink: 'syz.1.2577': attribute type 1 has an invalid length. [ 278.454476][T14786] tipc: Resetting bearer [ 278.474496][T14785] tipc: Resetting bearer [ 278.562739][T14785] tipc: Disabling bearer [ 278.631529][T14823] bridge0: port 4(veth0_to_bridge) entered blocking state [ 278.656825][T14823] bridge0: port 4(veth0_to_bridge) entered disabled state [ 278.666339][T14823] veth0_to_bridge: entered allmulticast mode [ 278.674707][T14823] veth0_to_bridge: entered promiscuous mode [ 279.022416][T14849] IPv6: sit1: Disabled Multicast RS [ 279.360124][T14858] IPVS: Scheduler module ip_vs_sip not found [ 279.384059][T14862] 8021q: adding VLAN 0 to HW filter on device bond10 [ 279.425854][T14876] bond10: (slave geneve4): making interface the new active one [ 279.436184][T14876] bond10: (slave geneve4): Enslaving as an active interface with an up link [ 279.468378][ T2964] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 279.496226][ T2964] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 279.530265][ T2964] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 279.541044][ T2964] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 279.950540][T14903] lo speed is unknown, defaulting to 1000 [ 279.988766][T14903] hsr0 speed is unknown, defaulting to 1000 [ 280.206488][T14924] tipc: Enabled bearer , priority 0 [ 280.400030][T14929] syzkaller0: entered promiscuous mode [ 280.405893][T14929] syzkaller0: entered allmulticast mode [ 280.553933][T14924] tipc: Resetting bearer [ 280.639311][T14924] tipc: Disabling bearer [ 281.437607][T15003] __nla_validate_parse: 9 callbacks suppressed [ 281.437631][T15003] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2626'. [ 281.537403][T15003] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2626'. [ 281.768349][T15011] nbd1: detected capacity change from 0 to 127 [ 281.787490][T15018] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2631'. [ 281.793011][T15017] sit0: entered promiscuous mode [ 281.801677][T15017] sit0: entered allmulticast mode [ 281.859957][T15019] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2632'. [ 281.981710][ T5876] block nbd1: Receive control failed (result -32) [ 282.260340][T15046] tipc: Enabling of bearer rejected, failed to enable media [ 282.584097][T15047] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2641'. [ 282.845171][T15088] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2647'. [ 282.886055][T15088] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2647'. [ 282.932317][T15088] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2647'. [ 282.950354][T15088] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2647'. [ 282.991714][T15090] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2648'. [ 283.090274][T15097] veth16: entered promiscuous mode [ 283.466434][T15119] pim6reg: entered allmulticast mode [ 283.476380][T15119] pim6reg: left allmulticast mode [ 283.485303][T15121] validate_nla: 6 callbacks suppressed [ 283.485322][T15121] netlink: 'syz.2.2658': attribute type 1 has an invalid length. [ 283.550635][T15125] netlink: 'syz.2.2658': attribute type 1 has an invalid length. [ 283.552125][T15123] netlink: 'syz.1.2660': attribute type 4 has an invalid length. [ 283.855843][T15140] ================================================================== [ 283.863979][T15140] BUG: KASAN: slab-use-after-free in xfrm_state_find+0x2cf2/0x5400 [ 283.871913][T15140] Read of size 1 at addr ffff88805a206530 by task syz.2.2665/15140 [ 283.879845][T15140] [ 283.882204][T15140] CPU: 1 UID: 0 PID: 15140 Comm: syz.2.2665 Not tainted syzkaller #0 PREEMPT(full) [ 283.882240][T15140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 283.882254][T15140] Call Trace: [ 283.882264][T15140] [ 283.882272][T15140] dump_stack_lvl+0x189/0x250 [ 283.882301][T15140] ? __kasan_check_byte+0x12/0x40 [ 283.882332][T15140] ? __pfx_dump_stack_lvl+0x10/0x10 [ 283.882356][T15140] ? lock_release+0x4b/0x3e0 [ 283.882390][T15140] ? __virt_addr_valid+0x4a5/0x5c0 [ 283.882418][T15140] print_report+0xca/0x240 [ 283.882437][T15140] ? xfrm_state_find+0x2cf2/0x5400 [ 283.882457][T15140] kasan_report+0x118/0x150 [ 283.882487][T15140] ? xfrm_state_find+0x2cf2/0x5400 [ 283.882512][T15140] xfrm_state_find+0x2cf2/0x5400 [ 283.882531][T15140] ? check_noncircular+0xe0/0x160 [ 283.882558][T15140] ? validate_chain+0x897/0x2140 [ 283.882584][T15140] ? xfrm_state_find+0x1da/0x5400 [ 283.882607][T15140] ? __pfx_xfrm_state_find+0x10/0x10 [ 283.882637][T15140] xfrm_resolve_and_create_bundle+0x768/0x2f80 [ 283.882677][T15140] ? xfrm_policy_lookup_bytype+0x2a7/0x1250 [ 283.882707][T15140] ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10 [ 283.882735][T15140] ? xfrm_policy_lookup_bytype+0x123/0x1250 [ 283.882765][T15140] ? xfrm_policy_lookup_bytype+0x11ef/0x1250 [ 283.882811][T15140] ? xfrm_expand_policies+0x41f/0x6a0 [ 283.882840][T15140] xfrm_lookup_with_ifid+0x58a/0x1a70 [ 283.882870][T15140] ? __pfx_xfrm_lookup_with_ifid+0x10/0x10 [ 283.882899][T15140] ? __lock_acquire+0xab9/0xd20 [ 283.882931][T15140] xfrm_lookup_route+0x3c/0x1c0 [ 283.882958][T15140] __ip4_datagram_connect+0x9a5/0x1270 [ 283.882993][T15140] udp_connect+0x33/0x1f0 [ 283.883013][T15140] __sys_connect+0x316/0x440 [ 283.883045][T15140] ? __pfx___sys_connect+0x10/0x10 [ 283.883083][T15140] ? rcu_is_watching+0x15/0xb0 [ 283.883108][T15140] __x64_sys_connect+0x7a/0x90 [ 283.883139][T15140] do_syscall_64+0xfa/0x3b0 [ 283.883157][T15140] ? lockdep_hardirqs_on+0x9c/0x150 [ 283.883187][T15140] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.883208][T15140] ? clear_bhb_loop+0x60/0xb0 [ 283.883241][T15140] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.883262][T15140] RIP: 0033:0x7fcf9938ebe9 [ 283.883280][T15140] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 283.883298][T15140] RSP: 002b:00007fcf975ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 283.883322][T15140] RAX: ffffffffffffffda RBX: 00007fcf995c5fa0 RCX: 00007fcf9938ebe9 [ 283.883338][T15140] RDX: 0000000000000010 RSI: 0000200000000480 RDI: 0000000000000006 [ 283.883352][T15140] RBP: 00007fcf99411e19 R08: 0000000000000000 R09: 0000000000000000 [ 283.883366][T15140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 283.883379][T15140] R13: 00007fcf995c6038 R14: 00007fcf995c5fa0 R15: 00007ffcdc31be78 [ 283.883404][T15140] [ 283.883411][T15140] [ 284.168305][T15140] Allocated by task 12587: [ 284.172735][T15140] kasan_save_track+0x3e/0x80 [ 284.177458][T15140] __kasan_slab_alloc+0x6c/0x80 [ 284.189642][T15140] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 284.195130][T15140] xfrm_state_alloc+0x24/0x2f0 [ 284.199918][T15140] __find_acq_core+0x8a7/0x1c00 [ 284.204797][T15140] xfrm_find_acq+0x78/0xa0 [ 284.209237][T15140] xfrm_alloc_userspi+0x6b3/0xc90 [ 284.214319][T15140] xfrm_user_rcv_msg+0x7a0/0xab0 [ 284.219360][T15140] netlink_rcv_skb+0x205/0x470 [ 284.224182][T15140] xfrm_netlink_rcv+0x79/0x90 [ 284.228869][T15140] netlink_unicast+0x82c/0x9e0 [ 284.233659][T15140] netlink_sendmsg+0x805/0xb30 [ 284.238465][T15140] __sock_sendmsg+0x21c/0x270 [ 284.243169][T15140] ____sys_sendmsg+0x505/0x830 [ 284.247943][T15140] ___sys_sendmsg+0x21f/0x2a0 [ 284.252979][T15140] __x64_sys_sendmsg+0x19b/0x260 [ 284.257925][T15140] do_syscall_64+0xfa/0x3b0 [ 284.262431][T15140] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.268331][T15140] [ 284.270664][T15140] Freed by task 44: [ 284.274466][T15140] kasan_save_track+0x3e/0x80 [ 284.279157][T15140] kasan_save_free_info+0x46/0x50 [ 284.284190][T15140] __kasan_slab_free+0x5b/0x80 [ 284.288988][T15140] kmem_cache_free+0x18f/0x400 [ 284.293765][T15140] xfrm_state_gc_task+0x52d/0x6b0 [ 284.298822][T15140] process_scheduled_works+0xae1/0x17b0 [ 284.304377][T15140] worker_thread+0x8a0/0xda0 [ 284.308975][T15140] kthread+0x70e/0x8a0 [ 284.313055][T15140] ret_from_fork+0x3f9/0x770 [ 284.317649][T15140] ret_from_fork_asm+0x1a/0x30 [ 284.322432][T15140] [ 284.324759][T15140] The buggy address belongs to the object at ffff88805a206200 [ 284.324759][T15140] which belongs to the cache xfrm_state of size 928 [ 284.338754][T15140] The buggy address is located 816 bytes inside of [ 284.338754][T15140] freed 928-byte region [ffff88805a206200, ffff88805a2065a0) [ 284.352560][T15140] [ 284.354890][T15140] The buggy address belongs to the physical page: [ 284.361316][T15140] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805a205100 pfn:0x5a204 [ 284.371400][T15140] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 284.379905][T15140] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 284.387467][T15140] page_type: f5(slab) [ 284.391458][T15140] raw: 00fff00000000040 ffff88801b735280 ffffea0001a8cd00 0000000000000004 [ 284.400048][T15140] raw: ffff88805a205100 00000000000f0002 00000000f5000000 0000000000000000 [ 284.408644][T15140] head: 00fff00000000040 ffff88801b735280 ffffea0001a8cd00 0000000000000004 [ 284.417345][T15140] head: ffff88805a205100 00000000000f0002 00000000f5000000 0000000000000000 [ 284.426022][T15140] head: 00fff00000000002 ffffea0001688101 00000000ffffffff 00000000ffffffff [ 284.434724][T15140] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 284.443480][T15140] page dumped because: kasan: bad access detected [ 284.449948][T15140] page_owner tracks the page as allocated [ 284.455683][T15140] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 7836, tgid 7835 (syz.0.517), ts 133853542641, free_ts 133831615309 [ 284.474880][T15140] post_alloc_hook+0x240/0x2a0 [ 284.479681][T15140] get_page_from_freelist+0x21e4/0x22c0 [ 284.485245][T15140] __alloc_frozen_pages_noprof+0x181/0x370 [ 284.491053][T15140] alloc_pages_mpol+0x232/0x4a0 [ 284.495920][T15140] allocate_slab+0x8a/0x370 [ 284.500441][T15140] ___slab_alloc+0xbeb/0x1410 [ 284.505135][T15140] kmem_cache_alloc_noprof+0x283/0x3c0 [ 284.510605][T15140] xfrm_state_alloc+0x24/0x2f0 [ 284.515391][T15140] xfrm_state_find+0x37d4/0x5400 [ 284.520336][T15140] xfrm_resolve_and_create_bundle+0x768/0x2f80 [ 284.526514][T15140] xfrm_lookup_with_ifid+0x2a7/0x1a70 [ 284.531955][T15140] xfrm_lookup_route+0x3c/0x1c0 [ 284.536849][T15140] rawv6_sendmsg+0xdab/0x1820 [ 284.541552][T15140] __sock_sendmsg+0x19c/0x270 [ 284.546244][T15140] ____sys_sendmsg+0x52d/0x830 [ 284.551028][T15140] ___sys_sendmsg+0x21f/0x2a0 [ 284.555717][T15140] page last free pid 7836 tgid 7835 stack trace: [ 284.562048][T15140] __free_frozen_pages+0xbc4/0xd30 [ 284.567181][T15140] __put_partials+0x156/0x1a0 [ 284.571870][T15140] put_cpu_partial+0x17c/0x250 [ 284.576638][T15140] __slab_free+0x2d5/0x3c0 [ 284.581057][T15140] qlist_free_all+0x97/0x140 [ 284.585680][T15140] kasan_quarantine_reduce+0x148/0x160 [ 284.591154][T15140] __kasan_slab_alloc+0x22/0x80 [ 284.596011][T15140] kmem_cache_alloc_node_noprof+0x1bb/0x3c0 [ 284.601918][T15140] __alloc_skb+0x112/0x2d0 [ 284.606356][T15140] __ip6_append_data+0x2c16/0x3f30 [ 284.611509][T15140] ip6_append_data+0x1c4/0x380 [ 284.616299][T15140] rawv6_sendmsg+0x127a/0x1820 [ 284.621084][T15140] __sock_sendmsg+0x19c/0x270 [ 284.625775][T15140] ____sys_sendmsg+0x52d/0x830 [ 284.630636][T15140] ___sys_sendmsg+0x21f/0x2a0 [ 284.635332][T15140] __sys_sendmmsg+0x227/0x430 [ 284.640032][T15140] [ 284.642373][T15140] Memory state around the buggy address: [ 284.648006][T15140] ffff88805a206400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 284.656076][T15140] ffff88805a206480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 284.664149][T15140] >ffff88805a206500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 284.672213][T15140] ^ [ 284.677848][T15140] ffff88805a206580: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 284.685943][T15140] ffff88805a206600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 284.694005][T15140] ================================================================== [ 284.717510][T15140] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 284.724766][T15140] CPU: 1 UID: 0 PID: 15140 Comm: syz.2.2665 Not tainted syzkaller #0 PREEMPT(full) [ 284.734151][T15140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 284.744220][T15140] Call Trace: [ 284.747511][T15140] [ 284.750457][T15140] dump_stack_lvl+0x99/0x250 [ 284.755083][T15140] ? __asan_memcpy+0x40/0x70 [ 284.759685][T15140] ? __pfx_dump_stack_lvl+0x10/0x10 [ 284.764923][T15140] ? __pfx__printk+0x10/0x10 [ 284.769535][T15140] vpanic+0x281/0x750 [ 284.773530][T15140] ? preempt_schedule+0xae/0xc0 [ 284.778396][T15140] ? __pfx_vpanic+0x10/0x10 [ 284.782905][T15140] ? preempt_schedule_common+0x83/0xd0 [ 284.788374][T15140] ? preempt_schedule+0xae/0xc0 [ 284.793235][T15140] ? __pfx_preempt_schedule+0x10/0x10 [ 284.798642][T15140] panic+0xb9/0xc0 [ 284.802378][T15140] ? __pfx_panic+0x10/0x10 [ 284.806805][T15140] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 284.812715][T15140] ? xfrm_state_find+0x2cf2/0x5400 [ 284.817838][T15140] check_panic_on_warn+0x89/0xb0 [ 284.822804][T15140] ? xfrm_state_find+0x2cf2/0x5400 [ 284.828012][T15140] end_report+0x78/0x160 [ 284.832268][T15140] kasan_report+0x129/0x150 [ 284.836790][T15140] ? xfrm_state_find+0x2cf2/0x5400 [ 284.841915][T15140] xfrm_state_find+0x2cf2/0x5400 [ 284.846857][T15140] ? check_noncircular+0xe0/0x160 [ 284.851897][T15140] ? validate_chain+0x897/0x2140 [ 284.856850][T15140] ? xfrm_state_find+0x1da/0x5400 [ 284.861894][T15140] ? __pfx_xfrm_state_find+0x10/0x10 [ 284.867212][T15140] xfrm_resolve_and_create_bundle+0x768/0x2f80 [ 284.873419][T15140] ? xfrm_policy_lookup_bytype+0x2a7/0x1250 [ 284.879331][T15140] ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10 [ 284.886023][T15140] ? xfrm_policy_lookup_bytype+0x123/0x1250 [ 284.891940][T15140] ? xfrm_policy_lookup_bytype+0x11ef/0x1250 [ 284.897949][T15140] ? xfrm_expand_policies+0x41f/0x6a0 [ 284.903426][T15140] xfrm_lookup_with_ifid+0x58a/0x1a70 [ 284.908815][T15140] ? __pfx_xfrm_lookup_with_ifid+0x10/0x10 [ 284.914634][T15140] ? __lock_acquire+0xab9/0xd20 [ 284.919501][T15140] xfrm_lookup_route+0x3c/0x1c0 [ 284.924367][T15140] __ip4_datagram_connect+0x9a5/0x1270 [ 284.929852][T15140] udp_connect+0x33/0x1f0 [ 284.934209][T15140] __sys_connect+0x316/0x440 [ 284.938825][T15140] ? __pfx___sys_connect+0x10/0x10 [ 284.943960][T15140] ? rcu_is_watching+0x15/0xb0 [ 284.948761][T15140] __x64_sys_connect+0x7a/0x90 [ 284.953639][T15140] do_syscall_64+0xfa/0x3b0 [ 284.958167][T15140] ? lockdep_hardirqs_on+0x9c/0x150 [ 284.963418][T15140] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.969511][T15140] ? clear_bhb_loop+0x60/0xb0 [ 284.974210][T15140] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.980117][T15140] RIP: 0033:0x7fcf9938ebe9 [ 284.984551][T15140] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 285.004171][T15140] RSP: 002b:00007fcf975ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 285.012622][T15140] RAX: ffffffffffffffda RBX: 00007fcf995c5fa0 RCX: 00007fcf9938ebe9 [ 285.020695][T15140] RDX: 0000000000000010 RSI: 0000200000000480 RDI: 0000000000000006 [ 285.028685][T15140] RBP: 00007fcf99411e19 R08: 0000000000000000 R09: 0000000000000000 [ 285.036668][T15140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 285.044649][T15140] R13: 00007fcf995c6038 R14: 00007fcf995c5fa0 R15: 00007ffcdc31be78 [ 285.052642][T15140] [ 285.055956][T15140] Kernel Offset: disabled [ 285.060282][T15140] Rebooting in 86400 seconds..