last executing test programs: 2.429491955s ago: executing program 1 (id=8214): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x10, 0x803, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) listen(r2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x2}, 0x62) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000010000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_OSF_TTL={0x5, 0x2, 0x1f}, @NFTA_OSF_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'ip6tnl0\x00', 0x0}) sendto$packet(r6, &(0x7f00000002c0)="05031600d3fc140000004788031c09103c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r7, 0x1, 0x0, 0x6, @multicast}, 0x14) ioctl$SIOCX25GCAUSEDIAG(r5, 0x89e6, &(0x7f0000000080)) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x64, 0x2c, 0xd27, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0xc, 0xa}, {0x0, 0x9}, {0xffff, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x34, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_MPLS_OPTS={0x4, 0x63, 0x0, 0x1, @TCA_FLOWER_KEY_MPLS_OPTS_LSE={0x24, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_MPLS_OPT_LSE_BOS={0x5, 0x3, 0x40}, @TCA_FLOWER_KEY_MPLS_OPT_LSE_LABEL={0x8, 0x5, {0x6}}, @TCA_FLOWER_KEY_MPLS_OPT_LSE_TTL={0x5, 0x2, 0x9}, @TCA_FLOWER_KEY_MPLS_OPT_LSE_DEPTH={0x5, 0x1, 0x2}]}}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x4010}, 0x0) 2.040022695s ago: executing program 1 (id=8220): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000340)={0x3, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @loopback}}}, 0x108) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0x1c}}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x3261e) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000009, 0x12, r1, 0x0) getsockopt$inet_buf(r0, 0x0, 0x30, &(0x7f0000000340)=""/225, &(0x7f0000000180)=0xe1) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000180)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8000000, 0x0, 0x1, 0xa, 0x0, 0x2}, 0x20) 1.828733938s ago: executing program 1 (id=8223): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)}, 0x12141) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000014c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000702000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff6d6405000000000065040400010000000404000001000000b7050000400000006a0a80fe000000008500000053000000b7000000000000009500001000000000a80501363034fdb117168bd07ba00af739d1a1ee35fe163a255c33282044b32495ef8ab9adc67ccc945f105d802f5132143c0a9fc7a84452569957c1002ed7d4d8e17f791f4798c8eb483e9973320d046c3126c6afcfd84de03352c69b3edff5be26f8ffa5f8f2879021c2ea53ea79acd7fb38dd1abb75aa393cea26d465637d11f705000000473e7b7c4ae7dd5e4dee88518ddf12dddd4bfc6a4dd3b6beba51074229b0d4b504516c4c3e5d1aa044d8d00728141cd67bcd68f253288e655c6b34e02e90637ef2912ba7de26ff2357ef17f95a25780c3a057844f226ef4e912f01a201e694e3806e8c70e8b69524cd19f7525d8d66bb766f7f3f918c86a70252236800001897133af94a5a4cfc794d8b9d7c33632152c48eaf302f0b2e0c252b00000000000000006f1bbefbe08de65e3762e194ba4cae8b13535d7d11ee917bca4885bbf597a14ab2458efce78510d86272d88e0c8088f404f011289ebc5623faa1182632161e073af1d69a2e36bed435000025ecd201d2ffb0a7fa4f5d11060cdcf071defd0a8be3b69ce3e4f361aca75827426dde87fdf4617222674280f55e98107450c19b9d86329bd5b4697336112b0b8754ce3574046bf6114d1a88597850b77378fa8edfff8faf8b8ec039bab385cac0535373bb8fab90539b1a65ddff841eb671f3faf37ebdfccea0c002ad2b42047c9ec43193ccf617dbf8a12b4f189edbf9fb7c42b1f435ccd4d96822e6b70100912c92e3943e9c4f45d8bcd528fa8a3ea847f10e9b2506f3bb506f1d7fbde8010000000000a073d0de5538ab42e170b3baae34c35987b0dda497ac3f5e97e6e6aeea15c6d5ed24310100000003bb6030f84b63aaf8690db0221b1705c501f802ff59b4e683efa4b6e77e042072bd2ac37d413008ec9eb8166f6e28b49a77ed91befc65315896f88a8fb1dd679fb4c515f8b7a5b7aca6a251a89d47b728502f7e621cc0e3ba04000000c149ee6601728c750d304197c22da8650579475afd96187d881e93b42a5fdfd686d8900c44c67133dad58037fda65885a15a429edfe3027a5ebf95254744f10fd607bc3300b94932b8d944e0b083bbd86b19cb074577a25ff581d92af08a06f857310a2f14326b0b290205e91a682e00c8762cbc6b904c980eef6e6a1def886c95676dce6a8194479700a02b92bdc8d05eae1f24fdd7b80d1bb404c22f681594de2ebb9687219de8d73ac83823feb402a2415a9850d5f0183ec67be96dc0e4c2d7acf1dfe79d6771903b76e21190c22d641030e1ddacf006c3116e1803af20a5f2b5f7ba58aca5bcabbbab24414a3810788e5503e4be66d683daac5f0001000077339b4200000000108a3c87b19d5b9a00c75d84a92d6dcf00ba96edf35ede0e2b57c26e94801b498924166bde57d5f24258d9fd028096cc15a8b912b494d4bbe609031ea1ca65a548971d5d16296dd08e020000007a27310d5d01f8a8a0f5212d7f628f554afea715ccbc66cbb1016490f5d579308cb3188cf2fcaf67e0c16443d526ba4b968f07ae362c2133c168313e84beb871203880dd453c45d0a137d7f5a8b039dbfa62fb2b4214f8e69f967bf1fbd89e77fcca110000000800000000000000f8877994ebdc35f7efd41e3babd9b3782edd6776d5b6cb4ecd72c9de9b5503747d71440378cf2c2c7ea2dc5febb654a867f853713cf4c0bb322fbbe446d18dee4c821275ef18259cafc346c8b3b9fb0f3adcf6ea310a6b9a3f59e29a5909ea047fb61affb4bc8bbea1fb761b8933795b1a91358a7791aa843d07020e8bb6fc18458c49ac6313e7165b7d9f65e94a62b69f1011b94340cdb7303f01e5cdb5682ddf73d65c3de1d88dd7496d6345d5b9de0223988056a53e19a8b96b9640bc6c09d3c2ff894d626b57c776ed53f94d5e22ff148061b37f72bd92924cb1d0a725e19b264346b7cae0251a850de78316503f3c3d395c7e3f04fc8d52583327cd2341ce4b2d092815376299686f41353b2823814563011a2223b9dd00000000000000000000003a131374a3371cb3e2a9bb4d798b91cefa444501f40b7c9589e8c0bb6c82123d2b45ce905d0903b32ecf30e828c71a07a83f3275f3d661d1af0ffbd5d7f0"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0xfeffff, 0xe80, 0x3f000002, &(0x7f0000000700)="c45c57ce395de5b289f07d637a223920f181c2e57d71483cfb2d075a3ff07258e080a194805cdb0c26d3f7ffb1e0d9cf4fa36dcb2168b72de48ac8f93e6804f1c4d70898d0810e044d7e1778eaac5dfdcc9f1208905522025bcfdf1b6f969b094d5c022c2b7ffefde71e0627b9a2069cc1e0175c4b8860aad4b0a103c589f676b6c4e85eb3950c533b6e62c39ccf9ae9bfe54ee5887358d44f46337fbe090d7c7e55847edee8130ffd3d1e719e01a68b0e691c0d35b0b56e0b514036342fd56f08ac0083f3c2fe41a1295a3d23cf3d160d4fd90f66beba68860456ed41272e1e68d16c2564c85f5556e18784113c493d13253e14d6eb891707fba3c30d07d5ee8619e4426cafec4cf6a3723c455d09b586b248", 0x0, 0xf0, 0x0, 0xf0, 0xffffff0c}, 0x40) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000700)=@mangle={'mangle\x00', 0x64, 0x6, 0x500, 0x340, 0x340, 0x0, 0x340, 0x270, 0x430, 0x430, 0x430, 0x430, 0x430, 0x6, 0x0, {[{{@ipv6={@private0, @private1, [], [], 'ipvlan1\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x3a010000}}, @HL={0x28}}, {{@ipv6={@private1, @loopback, [0x0, 0x0, 0xff000000], [], 'tunl0\x00', 'bridge_slave_1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x270}}, {{@ipv6={@private0, @remote, [], [], 'veth0_to_team\x00', 'tunl0\x00', {}, {}, 0x11, 0x0, 0x3, 0x44}, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28}}, {{@ipv6={@loopback, @private2, [], [], 'syzkaller1\x00', 'veth0_to_batadv\x00'}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, 'vlan0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x560) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18020000004000000000000000000000850000003d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4}, 0x94) r4 = socket$inet6(0xa, 0x3, 0x2f) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f00000003c0)={{{@in=@multicast2, @in6=@loopback, 0x0, 0x0, 0x6e21, 0xfffc, 0xa, 0x0, 0x10}, {0x0, 0x6, 0x0, 0x0, 0x0, 0x4}, {}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in=@empty, 0x0, 0x2b}, 0x0, @in=@dev, 0x0, 0xbcfbddc4f0d79c8f}}, 0xe8) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32=r5, @ANYRES32=r3, @ANYBLOB='\a'], 0x10) r6 = socket(0x10, 0x3, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r8 = socket(0x400000000010, 0x3, 0x0) r9 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'team_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x10}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001300)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r10, {0x0, 0xffe0}, {}, {0xa}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x2}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x20000000) r11 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180), r6) sendmsg$TIPC_CMD_SHOW_STATS(r6, &(0x7f0000000580)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000540)={&(0x7f00000001c0)={0x1c, r11, 0x20, 0x70bd28, 0x25dfdbfe, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4841}, 0x80) sendmmsg(r6, &(0x7f0000000000), 0x4000000000001f2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r5, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20) sendmmsg$inet6(r0, &(0x7f0000000b00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000ac0)="b0", 0x7ffff000}], 0x11}}], 0x2, 0x0) 1.824778972s ago: executing program 0 (id=8225): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)={0x14, 0x13, 0x1, 0x0, 0x0, "", [@typed={0x4}]}, 0x14}], 0x1}, 0x0) r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r1, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r2, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r2, &(0x7f0000001440)=[{{0x0, 0x0, 0x0}, 0xc}], 0x1, 0x0, 0x0) setsockopt$inet6_int(r2, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4) sendto$inet6(r1, 0x0, 0xfffffffffffffe8a, 0x4000800, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, 0x8}, 0x1c) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @empty}, 0x1c) socket$nl_generic(0x10, 0x3, 0x10) connect$inet6(r1, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @private1}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='xfrm0\x00', 0x10) r3 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r3, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r3, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) connect$inet6(r3, &(0x7f0000000300)={0xa, 0x4e22, 0x2, @private1, 0x5}, 0x1c) r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000080)={'team0\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f00000000c0)={@private1={0xfc, 0x1, '\x00', 0x1}, @rand_addr=' \x01\x00', @local, 0x9, 0x400, 0xffff, 0x100, 0x5, 0x8c0004, r5}) r6 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r6, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r8, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0) getsockname$packet(r8, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r9, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=@newqdisc={0x44, 0x24, 0xe0b, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}, {0xffe0, 0xd064db0e491fa98f}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_INGRESS={0x8, 0xf, 0x1}, @TCA_CAKE_MEMORY={0x8, 0xa, 0x842}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x4000080) bind$packet(r6, &(0x7f0000000040)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @remote}, 0x14) 1.548998869s ago: executing program 1 (id=8228): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x6, 0x4, 0x240, 0x7}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0), &(0x7f0000000380), 0xfff, r0, 0x0, 0xa0028000}, 0x38) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="720ac4ff0000837834d2bf0000000000a9"], 0x0}, 0x90) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) write$tun(r2, &(0x7f0000000400)={@val={0x8, 0x800}, @val={0x7, 0x3, 0x3, 0x2, 0x14}, @x25={0x2, 0x2, 0x0, "5d1131846429864fd168cd48a8f352411dd59d"}}, 0x24) r3 = socket(0xa, 0x1, 0x0) ioctl$XFS_IOC_FSGROWFSLOG(r0, 0x4008586f, &(0x7f0000000080)={0x1, 0x6cbf}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000140)={'ip6_vti0\x00', &(0x7f00000000c0)={'syztnl1\x00', 0x0, 0x2f, 0x3, 0x8, 0x8, 0x18, @remote, @private1={0xfc, 0x1, '\x00', 0x1}, 0x40, 0xbf66db7d3a837efe, 0x1, 0x2}}) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@fallback=r1, 0x32, 0x0, 0x6bad, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9, 0x0, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@map=r0, 0xffffffffffffffff, 0x14}, 0x20) ioctl(r3, 0x8936, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x6, 0x4, 0x240, 0x7}, 0x48) (async) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0), &(0x7f0000000380), 0xfff, r0, 0x0, 0xa0028000}, 0x38) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="720ac4ff0000837834d2bf0000000000a9"], 0x0}, 0x90) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) (async) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async) write$tun(r2, &(0x7f0000000400)={@val={0x8, 0x800}, @val={0x7, 0x3, 0x3, 0x2, 0x14}, @x25={0x2, 0x2, 0x0, "5d1131846429864fd168cd48a8f352411dd59d"}}, 0x24) (async) socket(0xa, 0x1, 0x0) (async) ioctl$XFS_IOC_FSGROWFSLOG(r0, 0x4008586f, &(0x7f0000000080)={0x1, 0x6cbf}) (async) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000140)={'ip6_vti0\x00', &(0x7f00000000c0)={'syztnl1\x00', 0x0, 0x2f, 0x3, 0x8, 0x8, 0x18, @remote, @private1={0xfc, 0x1, '\x00', 0x1}, 0x40, 0xbf66db7d3a837efe, 0x1, 0x2}}) (async) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@fallback=r1, 0x32, 0x0, 0x6bad, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9, 0x0, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40) (async) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@map=r0, 0xffffffffffffffff, 0x14}, 0x20) (async) ioctl(r3, 0x8936, &(0x7f0000000000)) (async) 1.448925294s ago: executing program 2 (id=8231): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r0, &(0x7f0000000240)=[{&(0x7f00000000c0)=""/195, 0xc3}], 0x1) write$cgroup_subtree(r1, &(0x7f0000000700)=ANY=[], 0xfe33) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1873875df198d355e50000"], 0x18}}, 0x0) r3 = socket(0x1e, 0x4, 0x0) accept4$nfc_llcp(r3, &(0x7f0000000080), &(0x7f0000000100)=0x60, 0x80000) r4 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0xfffffffc}, 0x10) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$TIPC_GROUP_LEAVE(r4, 0x10f, 0x88) 1.443713456s ago: executing program 4 (id=8232): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000300)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), r4) ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000600)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_KEY(r4, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)={0x2c, r5, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@NL802154_ATTR_SEC_KEY={0x10, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0xc, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}]}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x100}, 0x24000000) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfe, {0x0, 0x0, 0x0, r9, {0x4}, {0xffff}, {0x2, 0xfff3}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xa, 0x8, 0x0, 0xf, 0x10, 0x1, 0x6, 0x2, 0x8, 0x0, 0x7, 0xfd, 0x2, 0x7, 0x8b, 0x6], 0x3, [0xc, 0x0, 0x7fff, 0x2002, 0x8, 0x4, 0x6, 0xd03, 0xae, 0x2, 0xb, 0x1, 0x6, 0x6, 0xd, 0x100], [0xf06f, 0x5, 0xffff, 0xfff5, 0x9, 0x5, 0x3, 0x2a, 0x401, 0x2, 0xc, 0x7, 0xfffc, 0x3, 0x4, 0xfffe]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x810}, 0x0) r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r10) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r11 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r13 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r13, &(0x7f00000005c0)="ba", 0x1, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r12, 0x1, 0xd8, 0x6, @multicast}, 0x14) 1.268732391s ago: executing program 1 (id=8234): r0 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r2, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, @private=0xa010100}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000300)=[{&(0x7f0000002640)=""/102389, 0x18ff5}], 0x1, 0x1903d}}], 0x48}, 0x0) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f00000000c0)=0x8, 0x4) ioctl$BTRFS_IOC_BALANCE_CTL(r1, 0x40049421, 0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x4, &(0x7f0000000580)=@framed={{}, [@jmp={0x5, 0x0, 0x3, 0x7, 0xb, 0x18, 0xfffffffffffffffc}]}, &(0x7f0000000940)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1.248526873s ago: executing program 2 (id=8235): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) (async, rerun: 64) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1500000000"], 0x0}, 0x90) (rerun: 64) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x3, 0x3, &(0x7f0000000040)=@framed={{0x45, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x63}}, &(0x7f0000000000)='GPL\x00'}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="10000000040000000800000002"], 0x48) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)={0x1c, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}, [@nested={0x8, 0x1a, 0x0, 0x1, [@nested={0x4, 0x4}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x42804}, 0x84) (async) r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4) (async) r3 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) bind$packet(r3, &(0x7f00000001c0)={0x11, 0x17, r4, 0x1, 0x7, 0x6, @local}, 0x14) (async, rerun: 32) r5 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) (async) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = socket(0x1, 0x3, 0x4) sendmsg$ETHTOOL_MSG_WOL_SET(r8, &(0x7f0000000a00)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000009c0)={&(0x7f00000007c0)={0x1d8, r6, 0x10, 0x70bd25, 0x25dfdbff, {}, [@ETHTOOL_A_WOL_SOPASS={0xd5, 0x3, "0872a9bd2442ae119e4b3593356ca95fb5fba727150911e37ff76e65fc3f11a3c99e63ce71b69007b2be16549e61dc1ee268f88dbc8cc9b62914f032e12d65fbdf35b2a7195bd3265e280849d4fde8df45b5a97ceeda9219466d68844ec0731a76240543797b6aa4b16cd2357a33c87dad75aa517f7d6a5b004d6b9131176f7dc3b64eec1bdef80dc97e7846cf1c080c80273d04c475e6a4d55c7d2d7c7ea9fdebe5124f22e408209c3ec3e6e5f85717c56ddfcfd92346deb03c2ed754e2aed5d800f428df61643785da5d684eded55bf0"}, @ETHTOOL_A_WOL_MODES={0xec, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0xe8, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, '!\v\\:\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfffffff8}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xffffff98}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, '!#](\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'bridge0\x00'}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'bridge0\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, 'macvlan0\x00'}]}, {0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, 'GPL\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'bridge0\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, '\x97\xf7!!\x00'}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}]}]}]}]}, 0x1d8}, 0x1, 0x0, 0x0, 0x8094}, 0x24000084) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$ETHTOOL_MSG_PAUSE_SET(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000780)={0x20, r6, 0x1, 0x0, 0x0, {0x1e}, [@ETHTOOL_A_PAUSE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}]}, 0x20}}, 0x0) r10 = syz_genetlink_get_family_id$ethtool(&(0x7f00000005c0), r3) sendmsg$ETHTOOL_MSG_FEATURES_SET(r5, &(0x7f0000001e40)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001e00)={&(0x7f0000001c80)={0x150, r10, 0x20, 0x70bd25, 0x25dfdbff, {}, [@ETHTOOL_A_FEATURES_WANTED={0xf8, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0xf4, 0x4, "73fa5937e81c009a5861ef93edff107a8b88a62419ffcc4dfe62a2c562549088e24095cf783edab24c1c4399c64e16a953c40c374c7cfd8794501dcf9d149d87e8a5e8689ae42dba7de42583427242aceab6b3e7ca111ffbca5524c50628659784dd32c86df59c80c54ff2518ef7c2d9e29a72f17d0472f3406080630c88f566a36457f71328de53169e22b0a64c0bc2a1b0e6801c28d96aa806ba0b5d269b65721f1f2c99ba0154705456eb6ad80bfe46e231fd1ef0064fa011cd35b76664469fcb71b0e03fcd947616ebc576ca91ee3281340839cb832dcaacfe12c3f431263bab605b495bfc0c4003231a62f7fe2c"}]}, @ETHTOOL_A_FEATURES_HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @ETHTOOL_A_FEATURES_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}]}]}, 0x150}, 0x1, 0x0, 0x0, 0x10008840}, 0x4) (async) r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x80, 0x1c, 0x2, 0x3cf15, r0, 0x5, '\x00', r4, r2, 0x1, 0x2, 0x5, 0x9, @value=r2}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r11, @ANYBLOB="0000000000000000b7080000000000007b8a00fe00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1.055813011s ago: executing program 3 (id=8237): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@GTPA_VERSION={0x8}]}, 0x1c}}, 0x0) 1.011465486s ago: executing program 4 (id=8238): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}], {0x14}}, 0x68}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb01001800000000000000200000002000000002000000000000000200000d"], 0x0, 0x3a, 0x0, 0x8}, 0x20) sendmsg$NFT_BATCH(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x80}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}], {0x14}}, 0x68}}, 0x0) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb01001800000000000000200000002000000002000000000000000200000d"], 0x0, 0x3a, 0x0, 0x8}, 0x20) (async) sendmsg$NFT_BATCH(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x80}}, 0x0) (async) 856.985484ms ago: executing program 3 (id=8239): r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x1) ioctl$int_in(r0, 0x5421, &(0x7f0000000040)=0xfffffffffffff38d) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x34}}, 0x10) close(r0) 856.738665ms ago: executing program 2 (id=8240): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@deltaction={0x18, 0x31, 0x1, 0x4070bd27, 0x25dfdbfd, {}, [@TCA_ACT_TAB={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x800}, 0x0) 824.137515ms ago: executing program 4 (id=8241): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000004500000002"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$inet6_tcp(0xa, 0x1, 0x0) (async) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) (async) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) (async) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000000)=0x2, 0x4) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x7c, 0x7c, 0x2, [@var, @func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{}, {0x2}, {}, {}, {0x1}, {}]}, @fwd, @volatile, @volatile, @volatile={0x0, 0x0, 0x0, 0x9, 0x6}]}}, 0x0, 0x96}, 0x28) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x28) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x7, &(0x7f00000006c0)=@framed={{}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @exit, @exit, @jmp={0x5, 0x0, 0x9, 0x7, 0x9, 0x100, 0x1}]}, &(0x7f0000000280)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0xffffffff}, 0x10}, 0x94) r4 = socket$phonet_pipe(0x23, 0x5, 0x2) accept(r4, &(0x7f0000000280)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x80) bind$inet6(r2, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x10000000}, 0x1c) socket$alg(0x26, 0x5, 0x0) (async) r5 = socket$alg(0x26, 0x5, 0x0) r6 = socket$rds(0x15, 0x5, 0x0) setsockopt$RDS_FREE_MR(r6, 0x114, 0x3, 0x0, 0x0) bind$alg(r5, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) accept4(r5, 0x0, 0x0, 0x0) (async) r7 = accept4(r5, 0x0, 0x0, 0x0) sendmsg$AUDIT_GET_FEATURE(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)={0x10, 0x3fb, 0x8, 0x70bd2b, 0x25dfdbfe}, 0x10}, 0x1, 0x0, 0x0, 0x10040001}, 0x801) (async) sendmsg$AUDIT_GET_FEATURE(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)={0x10, 0x3fb, 0x8, 0x70bd2b, 0x25dfdbfe}, 0x10}, 0x1, 0x0, 0x0, 0x10040001}, 0x801) ioctl$sock_inet6_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) 821.348982ms ago: executing program 0 (id=8242): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x437, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_STP_STATE={0x8}]}}}]}, 0x3c}}, 0x0) 684.774156ms ago: executing program 2 (id=8243): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f0000000100), 0x10) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r2, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000001140)=""/4055, 0xfd7}, {&(0x7f0000002140)=""/4085, 0xff5}, {&(0x7f0000004680)=""/4085, 0xff5}], 0x3}, 0x0) recvmmsg(r2, &(0x7f000000b9c0)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, 0x0}, 0x2029}, {{0x0, 0x0, 0x0}, 0xe68d}, {{0x0, 0x0, 0x0}, 0x810}, {{0x0, 0x0, 0x0}, 0xda02}], 0x5, 0x2002, 0x0) sendmsg$can_bcm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="05"], 0x48}, 0x1, 0x0, 0x0, 0x48850}, 0x200008c1) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vxcan1\x00', 0x0}) sendmsg$can_bcm(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x1d, r3}, 0x10, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="05"], 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x8001) r4 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x8, &(0x7f00000002c0)=@framed={{}, [@jmp={0x6, 0x0, 0x7, 0x0, 0x0, 0x1, 0x25}, @exit, @cb_func={0x18, 0x0, 0x4, 0x0, 0x2}, @exit]}, &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x807}, 0x94) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000940), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000980)={'wlan1\x00'}) sendmsg$NL80211_CMD_DISASSOCIATE(r4, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000440)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010028bd7000fbdbdf252800000008000300", @ANYBLOB="5cab36987b7ff7832836bb342d7b895ac02dc4a23fa080c95a1d52a993eb3610328b18766aca36d60e3d5fbc3c54c00247a5ce8eaf5190f441541f085ec6ebbc3f560739ede10f26530d6b25af73de818f073a3a7d055e71568ef54cbf74ab5550f8b794f19127580f9e9ef0cb65367c4a6dd7ed56c324e8c05a50"], 0x30}, 0x1, 0x0, 0x0, 0x200408c0}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x4) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r8, &(0x7f00000047c0)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000005f0001"], 0x14}], 0x1}, 0x0) setsockopt$sock_timeval(r6, 0x1, 0x15, &(0x7f0000000140), 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0xa, 0x3, &(0x7f0000000300)=@framed={{0x61, 0x0, 0xa, 0xfe00, 0x0, 0x69, 0x10, 0x85}}, &(0x7f0000000000)='syzkaller\x00'}, 0x90) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32=r7, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028008000200ac1414bb080004"], 0x44}, 0x1, 0x2}, 0x0) ioctl$XFS_IOC_FREE_EOFBLOCKS(r6, 0x8080583a, &(0x7f0000000040)={0x3, 0x4, 0x40, 0xfffffffc, 0xffffff80, 0x0, 0x4}) read(r4, &(0x7f0000000240)=""/73, 0x49) 684.366161ms ago: executing program 3 (id=8244): r0 = socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000240)={'ipvlan0\x00', &(0x7f0000000400)=@ethtool_cmd={0x3, 0x3, 0x401, 0xe681, 0x1, 0x44, 0x6c, 0xd, 0x5, 0x2, 0x400, 0x1ff, 0x2, 0x4, 0x8c, 0x1107b1c4, [0x7fffffff, 0x3704]}}) (async) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x64, 0x10, 0x1, 0x70bd2f, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x102}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_VFINFO_LIST={0x30, 0x16, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@IFLA_VF_MAC={0x28, 0x1, {0x8}}]}]}]}, 0x64}}, 0x24040800) 654.411105ms ago: executing program 4 (id=8245): r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)={0x1c, 0x15, 0x1, 0x0, 0xfffffffc, {0x10}, [@typed={0x8, 0x2, 0x0, 0x0, @u32=0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004080}, 0x20000080) sendmsg$NLBL_UNLABEL_C_STATICADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002, 0x0, 0x80}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000001a0001000000000000000a0080"], 0x38}}, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab415b7ac7", 0x8) r3 = accept(r0, 0x0, 0x0) sendmmsg(r3, &(0x7f0000000280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=[{0x10, 0x117, 0x8}], 0x10}}], 0x1, 0x8001) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xd, 0x5, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffd}]}, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r4}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000006c0)={r4, 0xe0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000200)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, &(0x7f0000000240)=[0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0], 0x0, 0xb5, &(0x7f0000000300)=[{}, {}], 0x10, 0x10, &(0x7f0000000340), &(0x7f0000000380), 0x8, 0x25, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000700)=@base={0xd, 0xffffffff, 0x10001, 0x6, 0x10, r5, 0x6, '\x00', r6, 0xffffffffffffffff, 0x4, 0x4, 0x2}, 0x50) 633.866399ms ago: executing program 0 (id=8246): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="61a94fb7acd2aead6fa23a5c4352115c0300002e00090027bd776d2f68eb347b2322b285e54b3dd589709820cf062ae61ef0d87f59437d61aee463a74a58b15f4eef174eb5"], 0x35c}, 0x1, 0x0, 0x0, 0x42804}, 0x10) 499.382079ms ago: executing program 3 (id=8247): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x32, &(0x7f0000000f00)=0x1000000, 0x4) writev(r0, &(0x7f0000000180)=[{&(0x7f00000001c0)="1600866fe2330be600bfac8591502cf88006877613e6eb5183db19a177bfc0c5567b284ea6d1d0bbd71e467197cbe3344fda45bea057c7435bc6fcb771074d408a75bb8a0570505bdaa4c274f355b33d3a12d36a4fd8bcca795ca5edbeba0aa7b60b9a180e5477c2afa194cad0ef3e2c6280670286ca0da4b412faec909b6236f971bcaffd348bcdad91b27c8688603634fc14d92f75dda6c8f9bdf41cb1de7a312059572ce114413361737a1f469469a1a5352e7a4d142e30f0ced9c29226b97762d08ca932018f8370bfca815207e43af0b91a6b4f385fa998f01c1f0742b088a72a307c30f254b9b1773ace3b55591d3833cbd08aefa844adc04f48c5522814d5fe1d401070e1d877b544ffbd077392345d732e234823058285f0b425b76ebdcee0a18c60789dd83cbff15d61054bd95557f6e847c078833acc108bc29ab4b7047cc9a55be54d773f6f560e73", 0x43}], 0x1) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x8, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="0fef"], 0x0, 0x2, 0x0, 0x0, 0x41100, 0x54, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x110e22fff6) ioctl$TUNGETVNETLE(r1, 0x4010744d, &(0x7f0000000180)) 466.10142ms ago: executing program 0 (id=8248): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@gettaction={0x60, 0x32, 0x9408f9ce2610ee65, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x40, 0x1, [{0xc, 0x4, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7ff}}, {0xc, 0xd, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xf6bc}}, {0xc, 0x1e, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0xc, 0xe, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xffffffff}}, {0xc, 0x20, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0x2e, 0x2, {0x0, 0x1}}]}, 0x60}, 0x1, 0x0, 0x0, 0x44}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x40000) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0x4, 0xfff3}, {0x0, 0xffe0}, {0xfff3, 0x4}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_IPV4_DST={0x8, 0xc, @broadcast}, @TCA_FLOWER_KEY_IPV4_DST_MASK={0x8}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x2400c8c4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000a00000000000000000000071120d0000000000953ee2384b089b042c77abed58e7d506c6dd9f639f005343ae845011c7320cebfc63eeb286b2a7d6e88b496e594b45fb2c2a99e51dd5a4caf6fd56daff989b4b2f5a9a64387740dda7e3412de057453ec9d227d57d2b8ecd17cabafa50d0f7ddbc279b46721f570a048e46fc73180f263509915ae04ffbe211b653fedf467e26900485970e4bf51f8a771a1dbdf4943bb3b00ee5c6d8f87b", @ANYRESHEX, @ANYRES32=r0], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) 424.591111ms ago: executing program 1 (id=8249): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32, @ANYBLOB="08000100", @ANYRES32=r0], 0x90}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xa, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000008000000000000000900000073119d000000000095"], &(0x7f0000000c40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0x94) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(pcrypt(rfc4106-gcm-aesni))\x00'}, 0x58) 352.804639ms ago: executing program 4 (id=8250): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000c80)={'veth0_to_bond\x00', 0x0}) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mmap$xdp(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000002, 0x13, r3, 0x0) r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001cc0)=0xffffffffffffffff, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x6}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x2, 0x1000, &(0x7f0000000cc0)=""/4096, 0x0, 0xc, '\x00', r2, 0x0, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001d00)={0x0, 0x10, 0x7fff, 0x80000000}, 0x10, 0x0, 0x0, 0x7, 0x0, &(0x7f0000001d40)=[{0x1, 0x2, 0xc, 0xa}, {0x3, 0x4, 0x8, 0x1}, {0x0, 0x4, 0xb, 0xc}, {0x5, 0x2, 0x0, 0xa}, {0x0, 0x4, 0xd, 0x3}, {0x4, 0x4, 0xa, 0x8}, {0x5, 0x8000002, 0x7, 0x3}], 0x10, 0x1}, 0x94) getsockname$unix(r4, &(0x7f0000000080)=@abs, &(0x7f0000000100)=0x6e) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)={0x20, r1, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x20000000) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r4, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x14, 0x4, 0x1, 0x302, 0x0, 0x0, {0x5, 0x0, 0x2}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x40042) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) (async) socket$inet6_udp(0xa, 0x2, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000c80)={'veth0_to_bond\x00'}) (async) pipe(&(0x7f00000001c0)) (async) mmap$xdp(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000002, 0x13, r3, 0x0) (async) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001cc0)=0xffffffffffffffff, 0x4) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x6}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x2, 0x1000, &(0x7f0000000cc0)=""/4096, 0x0, 0xc, '\x00', r2, 0x0, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001d00)={0x0, 0x10, 0x7fff, 0x80000000}, 0x10, 0x0, 0x0, 0x7, 0x0, &(0x7f0000001d40)=[{0x1, 0x2, 0xc, 0xa}, {0x3, 0x4, 0x8, 0x1}, {0x0, 0x4, 0xb, 0xc}, {0x5, 0x2, 0x0, 0xa}, {0x0, 0x4, 0xd, 0x3}, {0x4, 0x4, 0xa, 0x8}, {0x5, 0x8000002, 0x7, 0x3}], 0x10, 0x1}, 0x94) (async) getsockname$unix(r4, &(0x7f0000000080)=@abs, &(0x7f0000000100)=0x6e) (async) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)={0x20, r1, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x20000000) (async) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r4, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x14, 0x4, 0x1, 0x302, 0x0, 0x0, {0x5, 0x0, 0x2}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x40042) (async) 316.420364ms ago: executing program 3 (id=8251): r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x894a, &(0x7f00000002c0)={'veth0_to_team\x00', 0x0}) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x68, &(0x7f0000000100)=ANY=[], &(0x7f0000000000)='GPL\x00'}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000003000000140001800d00010075cba93a73"], 0x28}}, 0x0) unshare(0xc040480) bpf$LINK_DETACH(0x22, 0x0, 0x0) accept4$llc(0xffffffffffffffff, &(0x7f0000000080), &(0x7f00000000c0)=0x10, 0x800) 246.84366ms ago: executing program 0 (id=8252): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SWAP(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x5c, 0x6, 0x6, 0x401, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz1\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x41}, 0x24008000) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000007040)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0x2400}, @NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_EXTHDR_TYPE={0x5}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x65}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}}, 0x0) 212.691045ms ago: executing program 2 (id=8253): mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4000002, 0x2010, 0xffffffffffffffff, 0x0) epoll_pwait(0xffffffffffffffff, &(0x7f0000000040)=[{}, {}, {}], 0x3, 0x9, &(0x7f0000000080)={[0x1]}, 0x8) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='syz_tun\x00', 0x10) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x2e, &(0x7f00000000c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0xe, 0x20, 0x66, 0x0, 0x3, 0x11, 0x0, @empty, @empty=0xe0000001}, {0x4e1f, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x3, 0x100, @void}}}}}}}, 0x0) ioctl$AUTOFS_IOC_READY(0xffffffffffffffff, 0x9360, 0x7) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4000002, 0x2010, 0xffffffffffffffff, 0x0) (async) epoll_pwait(0xffffffffffffffff, &(0x7f0000000040)=[{}, {}, {}], 0x3, 0x9, &(0x7f0000000080)={[0x1]}, 0x8) (async) socket$inet_udp(0x2, 0x2, 0x0) (async) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='syz_tun\x00', 0x10) (async) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) (async) syz_emit_ethernet(0x2e, &(0x7f00000000c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0xe, 0x20, 0x66, 0x0, 0x3, 0x11, 0x0, @empty, @empty=0xe0000001}, {0x4e1f, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x3, 0x100, @void}}}}}}}, 0x0) (async) ioctl$AUTOFS_IOC_READY(0xffffffffffffffff, 0x9360, 0x7) (async) 211.990314ms ago: executing program 4 (id=8254): clock_gettime(0x4c25726cb16dd79b, 0x0) r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x6, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000180)=[{0x5, 0x2, 0xd, 0x6}, {0x4, 0x4, 0x1, 0x1}], 0x10, 0x26}, 0x94) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @log={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_LOG_QTHRESHOLD={0x6, 0x4, 0x1, 0x0, 0x5}, @NFTA_LOG_FLAGS={0x8, 0x6, 0x1, 0x0, 0x22}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x78}, 0x1, 0x0, 0x0, 0x4000850}, 0x4040048) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01032757c38d085641a7260000000c000180080001"], 0x20}, 0x1, 0x0, 0x0, 0x20040005}, 0x48d4) sendmmsg$inet6(r1, &(0x7f0000001740)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0xfe}}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000040)="17", 0x1}], 0x1}}, {{&(0x7f0000000600)={0xa, 0x4e1c, 0x6, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7}, 0x1c, &(0x7f0000001480)=[{&(0x7f0000000a40)='~', 0x1}], 0x1}}], 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@struct={0x0, 0x0, 0x0, 0x4, 0x0, 0x4}, @union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x0, 0x1}]}]}}, 0x0, 0x3e, 0x0, 0x1}, 0x20) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c00000002"], 0x5c}}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.memory_pressure\x00', 0x275a, 0x0) r6 = socket(0xa, 0x3, 0xff) sendmsg$inet6(r6, &(0x7f0000000080)={&(0x7f0000000140)={0xa, 0xa, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c, 0x0, 0x0, &(0x7f0000000040)=[@flowinfo={{0x14, 0x29, 0x3b, 0x14}}], 0x18}, 0x922bac8556bda5ce) write$cgroup_subtree(r5, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r5, 0x0) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r7, 0x84, 0x24, 0x0, &(0x7f0000000040)) shutdown(r1, 0x1) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000240)={0x0, 0x5, 0x3, 0x80000000, 0x9, 0x80000001}, 0x14) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'tunl0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0xb}, {0xffff}, {0x8}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) 61.486075ms ago: executing program 3 (id=8255): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000040)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x1f4, 0xe, 0x0, &(0x7f0000000100)="4a460640b083dcc1010f3efc8864", 0x0, 0x2fc, 0x300, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x4}, 0x50) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r3, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000) r4 = socket(0x10, 0x803, 0x0) r5 = socket(0x10, 0x803, 0x2) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r5) getpeername$packet(r5, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r7, @ANYRES16=r6], 0x3c}, 0x1, 0x0, 0x0, 0x40020c1}, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8916, &(0x7f0000000100)={@ipv4={'\x00', '\xff\xff', @multicast2}, 0x56, r3}) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c00000010000305000000000007000000000000", @ANYRES32=0x0, @ANYBLOB="0000000006100000140012800b00010062726964676500000400028008000a00", @ANYRES32=r3], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x440b0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000040000000160a01000900000000000000010000000900010073797a30000000000900020073797a3000000000140003800800014000000000080002400000000048000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000001c00038018000380140002"], 0xd0}, 0x1, 0x0, 0x0, 0x24040841}, 0x0) 61.137779ms ago: executing program 2 (id=8256): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001500add427323b470c45b45602067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03adcac4b74ffffffffffffffffffffffe7ee0000000000000000020000", 0x58}], 0x1) (async) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_GET_ADDR(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="8c000000", @ANYRES16=r2, @ANYBLOB="010028bd7000fddbdf25030000e3eb000000050000006000018014000400fc0100000000a0bc078300000000000000000001b4bc585c08b300000008000300acff140714000400fe8000000000000000330400fc0100c71b92f17f4c032236dbe400000000000000000000000000060005004e200000080003000300000005000500da00"], 0x8c}, 0x1, 0x0, 0x0, 0x80}, 0x14) (async) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)={0x118, 0x2e, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x119}, @nested={0x104, 0x11, 0x0, 0x1, [@nested={0x100, 0xcf, 0x0, 0x1, [@generic="d478b585fcf4962925eb81095dd3d92e983e841d6ef7368187237f5e91a74d57e8aaee05ec6319", @generic="8f3bec68ef62803fe98daf2de4c76a713091d7d093f16995a391c42d5dfc312e9b67f3e831135df00a399b5234733f156436b0ed25721632972efdd7a775655ff99c2abdc650ece6458a5f9db07c36adc6ebcfe60b70e5a54a83041bc8e1c08dc0afd69868eddb1e9634f84ef01b3f9c31b8c76a0e2ac9dba5adc10a3c9a2360cb2fe6e11e9efcaff1b39dd49895a112f947e4923d9b5c428a37b673f33f3ed02d225807d47efe0a590665b49bf5eaa0890c512f2a01eb6713c6b3539790dca05a2632596c591745bbbf4953c0a783a881f8cf755e"]}]}]}, 0x118}], 0x1, 0x0, 0x0, 0x84}, 0x300) 0s ago: executing program 0 (id=8257): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'erspan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000540)=@newlink={0x40, 0x10, 0xc3b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x0, 0x88a8}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_FLAGS={0x6}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x40}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'tunl0\x00', &(0x7f0000000000)={'erspan0\x00', 0x0, 0x8000, 0x700, 0x1, 0x5, {{0xd, 0x4, 0x2, 0x7, 0x34, 0x65, 0x0, 0x6b, 0x2f, 0x0, @multicast1, @empty, {[@noop, @rr={0x7, 0x1f, 0x3b, [@dev={0xac, 0x14, 0x14, 0x19}, @broadcast, @rand_addr=0x64010101, @local, @broadcast, @multicast2, @dev={0xac, 0x14, 0x14, 0x3e}]}]}}}}}) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0xda, 0x0, 0xffffffffffffffff, 0x5, '\x00', r3, 0xffffffffffffffff, 0x3, 0x2, 0x4}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x10, 0x12, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0xa9c}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@ldst={0x3, 0x0, 0x4, 0x0, 0x3388c1196ac39ee7, 0x18}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x2}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x5c, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffff7ff}, 0x94) kernel console output (not intermixed with test programs): laves [ 770.577517][ T5822] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 770.738145][ T5774] IPVS: starting estimator thread 0... [ 770.744532][T31549] IPVS: ip_vs_edit_dest(): server weight less than zero [ 770.778091][T31549] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6600'. [ 770.847476][T31551] IPVS: using max 29 ests per chain, 69600 per kthread [ 770.919302][T31559] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6601'. [ 770.950581][T31561] Bluetooth: MGMT ver 1.23 [ 770.960046][T31561] Bluetooth: hci1: expected 19 bytes, got 2 bytes [ 770.961739][T31559] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6601'. [ 771.446901][ T5774] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 771.616671][ T5822] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 771.761338][T31609] netlink: 276 bytes leftover after parsing attributes in process `syz.1.6612'. [ 772.646064][ T964] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 773.686211][ T964] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 773.888913][T31561] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 774.185211][T31623] lo: entered allmulticast mode [ 774.211051][T31623] tunl0: entered allmulticast mode [ 774.240001][T31623] gre0: entered allmulticast mode [ 774.280743][T31623] gretap0: entered allmulticast mode [ 774.314039][T31623] erspan0: entered allmulticast mode [ 774.366960][T31623] ip_vti0: entered allmulticast mode [ 774.404321][T31652] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 774.417103][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 774.429810][T31623] ip6_vti0: entered allmulticast mode [ 774.487721][ T5774] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 774.502500][T31634] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6618'. [ 774.729019][ T964] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 775.000313][T31674] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6623'. [ 775.027631][T31674] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 775.104210][T31674] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 775.239871][T31681] netlink: 'syz.0.6625': attribute type 11 has an invalid length. [ 775.252118][T31681] netlink: 199820 bytes leftover after parsing attributes in process `syz.0.6625'. [ 775.485030][T31697] netlink: 'syz.1.6629': attribute type 3 has an invalid length. [ 775.505008][T31697] netlink: 666 bytes leftover after parsing attributes in process `syz.1.6629'. [ 775.544453][T31697] syzkaller0: entered promiscuous mode [ 775.560966][T31697] syzkaller0: entered allmulticast mode [ 775.758827][T31704] netlink: 'syz.4.6632': attribute type 8 has an invalid length. [ 775.769193][T31704] sch_fq: defrate 0 ignored. [ 775.779042][ T5822] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 775.955398][T31707] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 776.063889][T31720] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6635'. [ 776.249666][T31707] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 776.362893][T31707] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 776.570234][T31707] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 776.639226][T31738] netlink: 'syz.0.6640': attribute type 14 has an invalid length. [ 776.675533][T31738] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6640'. [ 776.676924][T31737] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6641'. [ 776.807344][T30734] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 776.923586][T19051] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 776.961435][T19051] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 776.990691][T19051] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 777.022119][T19050] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 777.209837][ T5744] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 777.251026][T31760] veth1_macvtap: entered allmulticast mode [ 777.258495][T31760] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6648'. [ 777.302742][T31760] veth1_macvtap (unregistering): left allmulticast mode [ 777.526595][ T5744] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 777.771011][T31786] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6652'. [ 777.850477][ T964] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 778.021097][T31797] bond0: Unable to set peer notification delay as MII monitoring is disabled [ 778.041849][T31797] bond0 (unregistering): Released all slaves [ 778.313443][T31810] xt_addrtype: input interface limitation not valid in POSTROUTING and OUTPUT [ 778.343344][T31806] sctp: [Deprecated]: syz.3.6659 (pid 31806) Use of struct sctp_assoc_value in delayed_ack socket option. [ 778.343344][T31806] Use struct sctp_sack_info instead [ 778.620319][T31826] x_tables: duplicate underflow at hook 1 [ 778.897959][ T964] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 778.975104][T31841] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6668'. [ 779.192143][T31859] netlink: 'syz.3.6673': attribute type 15 has an invalid length. [ 779.220181][T19052] netdevsim netdevsim3 netdevsim0: set [0, 1] type 1 family 0 port 2816 - 0 [ 779.230590][T31859] netlink: 'syz.3.6673': attribute type 15 has an invalid length. [ 779.241174][T19050] netdevsim netdevsim3 netdevsim1: set [0, 1] type 1 family 0 port 2816 - 0 [ 779.256036][T19050] netdevsim netdevsim3 netdevsim2: set [0, 1] type 1 family 0 port 2816 - 0 [ 779.272175][T19050] netdevsim netdevsim3 netdevsim3: set [0, 1] type 1 family 0 port 2816 - 0 [ 779.300608][T31858] netlink: 'syz.1.6674': attribute type 1 has an invalid length. [ 779.422052][T31869] bond0: (slave vxcan3): The slave device specified does not support setting the MAC address [ 779.445717][T31869] bond0: (slave vxcan3): Setting fail_over_mac to active for active-backup mode [ 779.482742][T31869] bond0: (slave vxcan3): making interface the new active one [ 779.513060][T31869] bond0: (slave vxcan3): Enslaving as an active interface with an up link [ 779.624570][T31858] bond0: (slave vxcan5): The slave device specified does not support setting the MAC address [ 779.659954][T31858] bond0: (slave vxcan5): Enslaving as a backup interface with an up link [ 779.771280][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 779.926168][ T5822] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 780.081789][T31905] __nla_validate_parse: 6 callbacks suppressed [ 780.081808][T31905] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6683'. [ 780.559866][T31937] netlink: 'syz.2.6690': attribute type 4 has an invalid length. [ 780.575751][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 780.610003][T31938] netlink: 'syz.2.6690': attribute type 4 has an invalid length. [ 780.633201][T31941] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6691'. [ 780.907748][T31968] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6698'. [ 780.947150][T31968] openvswitch: netlink: Flow key attr not present in new flow. [ 780.968976][ T964] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 781.281138][T31975] syzkaller0: entered promiscuous mode [ 781.288444][T31975] syzkaller0: entered allmulticast mode [ 781.329371][T31988] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6705'. [ 781.339042][T31988] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6705'. [ 781.403862][T31984] bond2: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 781.438344][T31984] bond2: (slave lo): Enslaving as an active interface with an up link [ 781.857563][T32008] netlink: 273 bytes leftover after parsing attributes in process `syz.2.6710'. [ 781.877579][T32008] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6710'. [ 782.016458][ T964] net_ratelimit: 1 callbacks suppressed [ 782.016474][ T964] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 782.806945][ T5774] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 783.057796][ T964] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 783.979346][T32022] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6714'. [ 784.006681][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 784.039305][ T3349] veth1_to_bridge: left allmulticast mode [ 784.056839][T32031] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 784.057784][ T3349] veth1_to_bridge: left promiscuous mode [ 784.067958][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 784.072070][ T3349] bridge0: port 1(veth1_to_bridge) entered disabled state [ 784.100179][ T964] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 784.171040][ T3349] dvmrp0: left allmulticast mode [ 784.247822][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 784.631012][ T3349] bond3 (unregistering): (slave gretap0): Releasing backup interface [ 784.782733][ T3349] bond12 (unregistering): (slave geneve5): Releasing active interface [ 784.816365][ T3349] bond10 (unregistering): (slave geneve4): Releasing active interface [ 784.867652][ T3349] bond1 (unregistering): (slave geneve2): Releasing active interface [ 785.126044][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 785.150541][ T3349] bond6 (unregistering): (slave bridge5): Releasing backup interface [ 785.158997][ T3349] bridge5 (unregistering): left promiscuous mode [ 785.322652][ T3349] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 785.331927][ T3349] bond_slave_0: left promiscuous mode [ 785.340367][ T3349] bond0 (unregistering): Released all slaves [ 785.352246][ T3349] bond1 (unregistering): Released all slaves [ 785.370683][ T3349] bond2 (unregistering): Released all slaves [ 785.388990][ T3349] bond3 (unregistering): (slave bond4): Releasing backup interface [ 785.398463][ T3349] bond3 (unregistering): Released all slaves [ 785.417491][ T3349] bond4 (unregistering): Released all slaves [ 785.436227][ T3349] bond5 (unregistering): Released all slaves [ 785.454203][ T3349] bond6 (unregistering): Released all slaves [ 785.471840][ T3349] bond7 (unregistering): Released all slaves [ 785.488414][ T3349] bond8 (unregistering): Released all slaves [ 785.510955][ T3349] bond9 (unregistering): Released all slaves [ 785.533486][ T3349] bond10 (unregistering): Released all slaves [ 785.549360][ T3349] bond11 (unregistering): Released all slaves [ 785.574659][ T3349] bond12 (unregistering): Released all slaves [ 785.590011][ T3349] bond13 (unregistering): Released all slaves [ 785.807739][T32032] sch_tbf: burst 12 is lower than device bridge1 mtu (1514) ! [ 785.845869][ T5774] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 785.923148][ T3349] : left promiscuous mode [ 786.096051][ T3349] tipc: Left network mode [ 786.404788][T32094] bridge2: the hash_elasticity option has been deprecated and is always 16 [ 786.430846][ T3349] IPVS: stopping master sync thread 22911 ... [ 787.046653][T32087] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 787.112784][T32134] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6730'. [ 787.207260][ T9] net_ratelimit: 2 callbacks suppressed [ 787.207278][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 787.612927][T32144] bridge_slave_0: left allmulticast mode [ 787.663318][T32144] bridge_slave_0: left promiscuous mode [ 787.696521][T32144] bridge0: port 1(bridge_slave_0) entered disabled state [ 787.799276][T32161] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 787.843150][T32168] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6738'. [ 787.861048][T32144] bridge_slave_1: left allmulticast mode [ 787.875385][T32144] bridge_slave_1: left promiscuous mode [ 787.908487][T32144] bridge0: port 2(bridge_slave_1) entered disabled state [ 787.991592][T32144] bond0: (slave bond_slave_0): Releasing backup interface [ 788.062067][T32144] bond0: (slave bond_slave_1): Releasing backup interface [ 788.112728][T32144] team0: Port device team_slave_0 removed [ 788.164652][T32144] team0: Port device team_slave_1 removed [ 788.193165][T32144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 788.208080][T32144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 788.221933][T32144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 788.233400][T32144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 788.243134][T32144] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 788.259785][T32142] nbd0: detected capacity change from 0 to 63 [ 788.270151][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 788.285638][ T5653] block nbd0: Receive control failed (result -32) [ 788.296521][T28678] block nbd0: Receive control failed (result -32) [ 788.324657][T30917] block nbd0: Dead connection, failed to find a fallback [ 788.334914][T30917] block nbd0: shutting down sockets [ 788.341876][T30917] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 788.351966][T30917] Buffer I/O error on dev nbd0, logical block 0, async page read [ 788.360879][T30917] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 788.371425][T30917] Buffer I/O error on dev nbd0, logical block 1, async page read [ 788.379710][T30917] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 788.389276][T30917] Buffer I/O error on dev nbd0, logical block 2, async page read [ 788.397566][T30917] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 788.407460][T30917] Buffer I/O error on dev nbd0, logical block 3, async page read [ 788.419040][T30917] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 788.428347][T30917] Buffer I/O error on dev nbd0, logical block 0, async page read [ 788.436454][T30917] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 788.445596][T30917] Buffer I/O error on dev nbd0, logical block 1, async page read [ 788.453766][T30917] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 788.463805][T30917] Buffer I/O error on dev nbd0, logical block 2, async page read [ 788.542737][T30917] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 788.601659][T30917] Buffer I/O error on dev nbd0, logical block 3, async page read [ 788.652779][T30917] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 788.660783][T32188] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6739'. [ 788.719569][T30917] Buffer I/O error on dev nbd0, logical block 0, async page read [ 788.767955][T30917] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 788.823776][T30917] Buffer I/O error on dev nbd0, logical block 1, async page read [ 788.890211][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 788.910862][T30917] ldm_validate_partition_table(): Disk read failed. [ 788.950927][T30917] Dev nbd0: unable to read RDB block 0 [ 788.983465][T32201] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6744'. [ 788.997741][T30917] nbd0: unable to read partition table [ 789.044838][T32204] IPv6: NLM_F_CREATE should be specified when creating new route [ 789.072767][T32204] netlink: 'syz.0.6741': attribute type 1 has an invalid length. [ 789.119888][T30917] ldm_validate_partition_table(): Disk read failed. [ 789.194734][T30917] Dev nbd0: unable to read RDB block 0 [ 789.217203][T32217] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6741'. [ 789.296989][ T964] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 789.347761][T30917] nbd0: unable to read partition table [ 790.008106][ T5822] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 790.343497][ T5822] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 790.402410][ T3349] hsr_slave_0: left promiscuous mode [ 790.431412][ T3349] hsr_slave_1: left promiscuous mode [ 790.469509][ T3349] veth1_macvtap: left promiscuous mode [ 790.487251][ T3349] veth0_macvtap: left promiscuous mode [ 790.514473][ T3349] veth1_vlan: left promiscuous mode [ 790.767062][T32267] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6755'. [ 791.189114][ T3349] team0 (unregistering): Port device team_slave_1 removed [ 791.216235][ T3349] team0 (unregistering): Port device team_slave_0 removed [ 791.366033][ T964] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 791.398079][T32267] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 791.438112][T32267] netlink: 148 bytes leftover after parsing attributes in process `syz.0.6755'. [ 791.831622][T32308] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6764'. [ 791.881218][T32308] openvswitch: netlink: Unexpected mask (mask=c0, allowed=10048) [ 791.963222][ T3349] IPVS: stop unused estimator thread 0... [ 791.989586][T32315] tipc: Started in network mode [ 792.011333][T32315] tipc: Node identity ac14140f, cluster identity 4711 [ 792.032812][T32315] tipc: New replicast peer: 255.255.255.255 [ 792.047047][T32315] tipc: Enabled bearer , priority 10 [ 792.406620][ T964] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 792.566042][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 792.720952][T32355] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6776'. [ 792.999386][T32376] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6781'. [ 793.017795][T32373] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 793.038433][T32376] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6781'. [ 793.058434][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 793.072764][T32376] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6781'. [ 793.101752][T32379] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6781'. [ 793.155780][ T24] tipc: Node number set to 2886997007 [ 793.180015][T32384] openvswitch: netlink: Flow key attribute not present in set flow. [ 793.429586][T32402] netlink: 11562 bytes leftover after parsing attributes in process `syz.3.6785'. [ 793.449492][ T5822] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 793.519891][T32406] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6788'. [ 793.580906][T32406] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6788'. [ 793.781402][T32417] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.6791'. [ 793.850502][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 794.128448][T32441] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6798'. [ 794.492774][T30734] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 794.976674][T32495] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 795.171477][T32502] xt_nat: multiple ranges no longer supported [ 795.376849][T32511] vlan2: entered promiscuous mode [ 795.395777][T32511] bridge0: entered promiscuous mode [ 795.526686][T30734] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 795.660311][T32532] syzkaller0: entered promiscuous mode [ 795.667374][T32532] syzkaller0: entered allmulticast mode [ 796.277201][T32521] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 796.547692][T32573] netlink: 'syz.0.6829': attribute type 5 has an invalid length. [ 796.747964][T32590] netlink: 'syz.4.6831': attribute type 2 has an invalid length. [ 796.788808][T32590] netlink: 'syz.4.6831': attribute type 8 has an invalid length. [ 797.004800][T32603] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 797.741624][T32645] __nla_validate_parse: 8 callbacks suppressed [ 797.741643][T32645] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6852'. [ 798.029805][T32668] tipc: Started in network mode [ 798.044966][T32668] tipc: Node identity f6cf52fc6203, cluster identity 4711 [ 798.077647][T32668] tipc: Enabled bearer , priority 0 [ 798.120933][T32661] IPVS: Scheduler module ip_vs_sip not found [ 798.145193][T32674] x_tables: duplicate underflow at hook 2 [ 798.183593][T32661] No such timeout policy "syz1" [ 798.233275][T32671] syzkaller0: entered promiscuous mode [ 798.241865][T32671] syzkaller0: entered allmulticast mode [ 798.249518][T32671] tipc: Resetting bearer [ 798.273485][T32659] tipc: Resetting bearer [ 800.474371][T32659] tipc: Disabling bearer [ 800.517369][ T964] tipc: Node number set to 2496418556 [ 800.632233][T32703] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6868'. [ 800.656630][T32703] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6868'. [ 800.687045][T32703] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6868'. [ 800.706757][T32703] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6868'. [ 800.834164][T32720] net_ratelimit: 4 callbacks suppressed [ 800.834184][T32720] openvswitch: netlink: Flow key attr not present in new flow. [ 800.898883][T32710] bond2: Removing last ns target with arp_interval on [ 801.092462][T32735] No such timeout policy "syz1" [ 801.169987][ T30] audit: type=1804 audit(1779014567.193:19): pid=32744 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.6881" name="/newroot/79/cgroup.controllers" dev="tmpfs" ino=422 res=1 errno=0 [ 801.241787][ T30] audit: type=1800 audit(1779014567.193:20): pid=32744 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.6881" name="cgroup.controllers" dev="tmpfs" ino=422 res=0 errno=0 [ 801.367826][T32755] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 801.785070][ T317] bridge_slave_0: left allmulticast mode [ 801.791557][ T317] bridge_slave_0: left promiscuous mode [ 801.798379][ T317] bridge0: port 1(bridge_slave_0) entered disabled state [ 801.811301][ T317] bridge_slave_1: left allmulticast mode [ 801.817508][ T317] bridge_slave_1: left promiscuous mode [ 801.823349][ T317] bridge0: port 2(bridge_slave_1) entered disabled state [ 801.848790][ T317] team0: Port device team_slave_0 removed [ 801.860081][ T317] team0: Port device team_slave_1 removed [ 801.867412][ T317] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 801.874834][ T317] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 801.889460][ T317] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 801.961459][ T319] netlink: 68 bytes leftover after parsing attributes in process `syz.4.6890'. [ 802.178647][ T328] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 802.208402][ T329] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 802.231294][ T332] netlink: 'syz.2.6894': attribute type 1 has an invalid length. [ 802.276152][ T332] netlink: 96 bytes leftover after parsing attributes in process `syz.2.6894'. [ 802.280445][ T337] netlink: 44 bytes leftover after parsing attributes in process `syz.3.6895'. [ 802.296348][ T337] netlink: 43 bytes leftover after parsing attributes in process `syz.3.6895'. [ 802.307280][ T332] netlink: 658 bytes leftover after parsing attributes in process `syz.2.6894'. [ 802.320864][ T337] netlink: 'syz.3.6895': attribute type 6 has an invalid length. [ 802.339396][ T337] netlink: 'syz.3.6895': attribute type 5 has an invalid length. [ 802.463503][ T339] netem: incorrect gi model size [ 802.485375][ T339] netem: change failed [ 802.699488][ T360] vlan2: entered allmulticast mode [ 802.722390][ T360] bond0: entered allmulticast mode [ 802.756750][ T360] bond_slave_0: entered allmulticast mode [ 802.773173][ T371] __nla_validate_parse: 2 callbacks suppressed [ 802.773188][ T371] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6905'. [ 802.800324][ T360] bond_slave_1: entered allmulticast mode [ 802.894774][ T378] netlink: 'syz.1.6906': attribute type 3 has an invalid length. [ 802.924312][ T378] netlink: 'syz.1.6906': attribute type 1 has an invalid length. [ 802.941183][ T378] netlink: 212 bytes leftover after parsing attributes in process `syz.1.6906'. [ 802.973983][ T378] NCSI netlink: No device for ifindex 813332851 [ 803.130270][ T385] veth5: entered allmulticast mode [ 803.151056][ T390] veth0: entered promiscuous mode [ 803.163730][ T389] veth0: left promiscuous mode [ 803.193766][ T393] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6909'. [ 803.248335][ T397] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6909'. [ 803.297712][ T398] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.6912'. [ 803.309899][ T397] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6909'. [ 803.535087][ T415] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6918'. [ 803.579935][ T415] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6918'. [ 803.670350][ T422] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6919'. [ 803.698912][ T422] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6919'. [ 803.823680][ T425] ipvlan2: entered promiscuous mode [ 804.078737][ T440] netlink: 'syz.3.6927': attribute type 8 has an invalid length. [ 804.153731][ T449] siw: device registration error -23 [ 804.399814][ T458] bond2 (unregistering): Released all slaves [ 804.666436][ T481] xt_cluster: node mask cannot exceed total number of nodes [ 804.860443][ T496] netlink: 'syz.3.6942': attribute type 1 has an invalid length. [ 805.009363][ T502] syzkaller0: entered promiscuous mode [ 805.015335][ T502] syzkaller0: entered allmulticast mode [ 805.314422][ T515] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 805.535948][T28678] Bluetooth: hci3: command 0x0406 tx timeout [ 805.702671][ T547] netlink: 'syz.4.6959': attribute type 1 has an invalid length. [ 805.723858][ T534] Bluetooth: hci2: Opcode 0x0401 failed: -4 [ 805.873277][ T556] tipc: Enabling of bearer rejected, failed to enable media [ 805.975046][ T560] tipc: Enabling of bearer rejected, media not registered [ 806.686555][ T609] netlink: 'syz.4.6976': attribute type 1 has an invalid length. [ 806.745490][ T609] bond2: (slave gretap1): making interface the new active one [ 806.755381][ T609] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 806.785131][ T609] bond2: (slave bridge3): Enslaving as an active interface with a down link [ 806.812114][ T609] macvlan2: entered promiscuous mode [ 806.818921][ T609] macvlan2: entered allmulticast mode [ 806.825799][ T609] bond2: entered promiscuous mode [ 806.831837][ T609] gretap1: entered promiscuous mode [ 806.838428][ T609] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 806.846841][ T609] bond2: (slave macvlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 806.863170][ T609] bond2: left promiscuous mode [ 806.868404][ T609] gretap1: left promiscuous mode [ 807.434071][ T638] netlink: 'syz.0.6987': attribute type 24 has an invalid length. [ 807.606465][ T5653] Bluetooth: hci2: command 0x0401 tx timeout [ 807.629131][ T654] ip6t_srh: unknown srh match flags 5F28 [ 807.772725][ T660] netlink: 'syz.0.6994': attribute type 1 has an invalid length. [ 807.799014][ T660] __nla_validate_parse: 21 callbacks suppressed [ 807.799033][ T660] netlink: 48 bytes leftover after parsing attributes in process `syz.0.6994'. [ 807.904768][ T664] netlink: 220 bytes leftover after parsing attributes in process `syz.0.6994'. [ 807.954821][ T664] netlink: 'syz.0.6994': attribute type 2 has an invalid length. [ 807.999331][ T667] netlink: 'syz.1.6997': attribute type 27 has an invalid length. [ 808.228890][ T687] bond1: entered promiscuous mode [ 808.239139][ T687] bond1: entered allmulticast mode [ 808.244828][ T687] 8021q: adding VLAN 0 to HW filter on device bond1 [ 808.260909][ T690] gtp0: entered allmulticast mode [ 808.285870][ T690] team0: Device gtp0 is of different type [ 808.828197][ T731] netlink: 128 bytes leftover after parsing attributes in process `syz.0.7015'. [ 808.863886][ T731] netlink: 128 bytes leftover after parsing attributes in process `syz.0.7015'. [ 809.075557][ T747] bridge1: entered allmulticast mode [ 809.655867][ T769] syzkaller0: entered promiscuous mode [ 809.690323][ T769] syzkaller0: entered allmulticast mode [ 809.853617][ T788] netlink: 14560 bytes leftover after parsing attributes in process `syz.1.7029'. [ 809.879600][ T788] netlink: 16 bytes leftover after parsing attributes in process `syz.1.7029'. [ 810.064395][ T742] lo speed is unknown, defaulting to 1000 [ 810.195001][ T797] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7032'. [ 810.240411][ T797] xt_hashlimit: size too large, truncated to 1048576 [ 810.277538][ T808] IPv6: addrconf: prefix option has invalid lifetime [ 810.432161][ T808] netlink: 56 bytes leftover after parsing attributes in process `syz.1.7035'. [ 810.518241][ T808] netlink: 56 bytes leftover after parsing attributes in process `syz.1.7035'. [ 810.729508][ T5653] Bluetooth: hci0: command 0x0c1a tx timeout [ 810.818457][ T822] netlink: 'syz.1.7038': attribute type 1 has an invalid length. [ 810.963969][ T829] netlink: 'syz.2.7041': attribute type 1 has an invalid length. [ 810.981076][ T831] netlink: 32 bytes leftover after parsing attributes in process `syz.1.7042'. [ 811.021735][ T831] bridge: RTM_NEWNEIGH with invalid ether address [ 811.099393][ T832] bridge: RTM_NEWNEIGH with invalid ether address [ 811.252599][ T845] netlink: 'syz.0.7045': attribute type 58 has an invalid length. [ 811.347539][ T852] netlink: 'syz.1.7046': attribute type 62 has an invalid length. [ 811.494101][ T863] openvswitch: netlink: IP tunnel dst address not specified [ 811.686908][ T873] IPVS: length: 175 != 24 [ 812.019443][ T876] macvtap1: entered promiscuous mode [ 812.024786][ T876] vlan0: entered promiscuous mode [ 812.046060][ T876] macvtap1: entered allmulticast mode [ 812.051498][ T876] vlan0: entered allmulticast mode [ 812.065586][ T876] veth0_vlan: entered allmulticast mode [ 813.350533][ T915] __nla_validate_parse: 4 callbacks suppressed [ 813.350554][ T915] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7064'. [ 813.433654][ T917] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7064'. [ 814.848992][ T905] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7061'. [ 815.501853][ T30] audit: type=1800 audit(1779014581.523:21): pid=967 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.7073" name="memory.events" dev="tmpfs" ino=977 res=0 errno=0 [ 815.539933][ T970] netlink: 'syz.4.7074': attribute type 1 has an invalid length. [ 815.642280][ T926] netlink: 'syz.0.7066': attribute type 9 has an invalid length. [ 815.660106][ T971] bond3: (slave bridge4): making interface the new active one [ 815.671467][ T971] bond3: (slave bridge4): Enslaving as an active interface with an up link [ 815.694870][ T978] netlink: 'syz.3.7076': attribute type 5 has an invalid length. [ 815.723911][ T975] netlink: 'syz.3.7076': attribute type 5 has an invalid length. [ 815.846833][ T986] netlink: 68 bytes leftover after parsing attributes in process `syz.4.7077'. [ 815.881611][ T991] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0001 with DS=0x2 [ 816.102281][ T991] bridge0: port 2(bridge_slave_1) entered disabled state [ 816.110143][ T991] bridge0: port 1(bridge_slave_0) entered disabled state [ 816.151102][ T1006] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7082'. [ 816.166686][ T1006] openvswitch: netlink: Unexpected mask (mask=c0, allowed=10048) [ 816.329016][ T991] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 816.350485][ T991] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 816.574474][ T1014] : renamed from bond0 [ 816.622272][T19051] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 816.645908][T19051] netdevsim netdevsim3 netdevsim0: unset [0, 1] type 1 family 0 port 2816 - 0 [ 816.665872][T19051] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 816.691745][T19051] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 816.708161][T19051] netdevsim netdevsim3 netdevsim1: unset [0, 1] type 1 family 0 port 2816 - 0 [ 816.719993][T19051] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 816.733102][T19051] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 816.765196][T19051] netdevsim netdevsim3 netdevsim2: unset [0, 1] type 1 family 0 port 2816 - 0 [ 816.796359][T19051] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 816.824409][T19051] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 816.845371][T19051] netdevsim netdevsim3 netdevsim3: unset [0, 1] type 1 family 0 port 2816 - 0 [ 816.857297][T19051] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 816.868104][ T24] hsr0: entered promiscuous mode [ 816.970800][ T1040] bond3: option lp_interval: invalid value (0) [ 816.977146][ T1040] bond3: option lp_interval: allowed values 1 - 2147483647 [ 816.990692][ T1040] bond3 (unregistering): Released all slaves [ 817.720963][ T1106] Bluetooth: MGMT ver 1.23 [ 817.761470][ T1109] netlink: 'syz.0.7102': attribute type 4 has an invalid length. [ 817.781471][ T1109] netlink: 156 bytes leftover after parsing attributes in process `syz.0.7102'. [ 817.812957][ T1109] bond_slave_1: mtu greater than device maximum [ 818.016895][ T1121] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7106'. [ 818.026495][ T1121] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7106'. [ 818.080135][ T1121] syzkaller0: entered promiscuous mode [ 818.092278][ T1121] syzkaller0: entered allmulticast mode [ 818.427487][ T1135] netlink: 'syz.4.7109': attribute type 1 has an invalid length. [ 818.449501][ T1135] netlink: 'syz.4.7109': attribute type 1 has an invalid length. [ 818.515214][ T1142] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7111'. [ 818.684669][ T1148] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 818.824263][ T1160] RDS: rds_bind could not find a transport for fe80::, load rds_tcp or rds_rdma? [ 818.845983][ T1163] netlink: 'syz.3.7119': attribute type 64 has an invalid length. [ 818.981033][ T1172] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7122'. [ 819.298031][ T1194] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7127'. [ 819.326675][ T1194] netlink: 60 bytes leftover after parsing attributes in process `syz.0.7127'. [ 819.344661][ T1196] tipc: Started in network mode [ 819.357928][ T1194] netlink: 16 bytes leftover after parsing attributes in process `syz.0.7127'. [ 819.378889][ T1196] tipc: Node identity 4, cluster identity 4711 [ 819.394231][ T1196] tipc: Node number set to 4 [ 819.399647][ T1201] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7128'. [ 819.414279][ T1194] veth0: entered promiscuous mode [ 819.437550][ T1198] veth0_to_batadv: entered allmulticast mode [ 819.473919][ T1205] netlink: 260 bytes leftover after parsing attributes in process `syz.4.7131'. [ 819.497584][ T1193] veth0: left promiscuous mode [ 819.537549][ T1162] Bluetooth: hci0: command 0x0c1a tx timeout [ 819.580347][ T1210] openvswitch: netlink: Tunnel attr 13 has unexpected len 0 expected 16 [ 819.681882][ T1218] netlink: 'syz.0.7136': attribute type 1 has an invalid length. [ 819.732298][ T1218] 8021q: adding VLAN 0 to HW filter on device bond3 [ 820.036828][ T1233] can: request_module (can-proto-0) failed. [ 820.287093][ T1256] syzkaller1: entered promiscuous mode [ 820.292904][ T1256] syzkaller1: entered allmulticast mode [ 820.339289][ T1259] netlink: 104 bytes leftover after parsing attributes in process `syz.0.7145'. [ 820.574352][ T1270] netlink: 52 bytes leftover after parsing attributes in process `syz.2.7149'. [ 820.621441][ T1273] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7151'. [ 820.633186][ T1268] tipc: New replicast peer: fe80:0000:0040:0000:0000:0000:0000:00bb [ 820.643222][ T1268] tipc: Enabled bearer , priority 10 [ 820.835240][ T1271] bond0: (slave syz_tun): Device is not bonding slave [ 820.847736][ T1271] bond0: option active_slave: invalid value (syz_tun) [ 820.858135][ T1286] netlink: 'syz.4.7153': attribute type 62 has an invalid length. [ 820.875031][ T1271] bond0 (unregistering): Released all slaves [ 820.886113][ T1162] Bluetooth: hci5: command 0x0406 tx timeout [ 821.404820][ T1319] --map-set only usable from mangle table [ 821.437269][ T1321] rdma_rxe: rxe_newlink: failed to add lo [ 821.740841][ T1338] netlink: 'syz.2.7168': attribute type 29 has an invalid length. [ 821.845079][ T1345] netlink: 'syz.0.7170': attribute type 39 has an invalid length. [ 821.854795][ T1347] ipt_REJECT: TCP_RESET invalid for non-tcp [ 822.131807][ T1351] xt_CT: No such helper "snmp_trap" [ 822.439116][ T1379] hsr_slave_1 (unregistering): left promiscuous mode [ 822.571802][ T1376] syzkaller1: entered promiscuous mode [ 822.585988][ T1376] syzkaller1: entered allmulticast mode [ 823.008102][ T1353] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 823.257841][ T1418] nbd: must specify a size in bytes for the device [ 823.618160][ T1453] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 823.878267][ T1452] syzkaller0: entered promiscuous mode [ 823.884024][ T1452] syzkaller0: entered allmulticast mode [ 824.100424][ T1462] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 826.616964][ T1504] __nla_validate_parse: 2 callbacks suppressed [ 826.616983][ T1504] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7199'. [ 826.676266][ T1462] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 826.714096][ T1504] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 826.721486][ T1504] IPv6: NLM_F_CREATE should be set when creating new route [ 826.728804][ T1504] IPv6: NLM_F_CREATE should be set when creating new route [ 826.736073][ T1504] IPv6: NLM_F_CREATE should be set when creating new route [ 826.830138][ T1462] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 827.007937][ T1462] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 827.053358][ T1531] x_tables: duplicate underflow at hook 2 [ 827.244136][ T13] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.276523][ T13] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.332767][ T13] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.394149][ T13] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.416274][ T1548] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7211'. [ 827.720164][ T1565] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7220'. [ 827.730801][ T1562] netlink: 'syz.2.7218': attribute type 1 has an invalid length. [ 827.756819][ T1565] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7220'. [ 827.766639][ T1562] netlink: 224 bytes leftover after parsing attributes in process `syz.2.7218'. [ 827.787053][ T1565] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7220'. [ 827.802698][ T1562] Cannot find add_set index 1 as target [ 828.264232][ T1598] netlink: 'syz.3.7232': attribute type 39 has an invalid length. [ 828.310849][ T1594] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7230'. [ 828.322970][ T1594] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7230'. [ 828.336401][ T1594] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7230'. [ 828.365041][ T1603] netlink: 52 bytes leftover after parsing attributes in process `syz.4.7234'. [ 828.446165][ T1603] bridge0: port 2(bridge_slave_1) entered disabled state [ 828.454651][ T1603] bridge0: port 1(bridge_slave_0) entered disabled state [ 828.485491][ T1611] Unsupported ieee802154 address type: 0 [ 828.530699][ T1604] geneve2: entered promiscuous mode [ 828.552506][ T154] netdevsim netdevsim4 eth0: set [1, 1] type 2 family 0 port 56893 - 0 [ 828.577274][ T154] netdevsim netdevsim4 eth1: set [1, 1] type 2 family 0 port 56893 - 0 [ 828.599578][ T154] netdevsim netdevsim4 eth2: set [1, 1] type 2 family 0 port 56893 - 0 [ 828.623848][ T154] netdevsim netdevsim4 eth3: set [1, 1] type 2 family 0 port 56893 - 0 [ 828.716005][ T1618] netlink: 'syz.1.7238': attribute type 6 has an invalid length. [ 828.753055][ T1618] netlink: 'syz.1.7238': attribute type 5 has an invalid length. [ 828.973188][ T1630] tipc: New replicast peer: 255.255.255.255 [ 828.989430][ T1630] tipc: Enabled bearer , priority 10 [ 829.041883][ T1633] bridge0: port 2(bridge_slave_1) entered blocking state [ 829.049143][ T1633] bridge0: port 2(bridge_slave_1) entered forwarding state [ 829.056967][ T1633] bridge0: port 1(bridge_slave_0) entered blocking state [ 829.064128][ T1633] bridge0: port 1(bridge_slave_0) entered forwarding state [ 829.331318][ T1652] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 829.400430][ T1657] mac80211_hwsim hwsim82 wlan0: entered allmulticast mode [ 829.672750][ T1673] tipc: New replicast peer: 255.255.255.255 [ 829.680532][ T1673] tipc: Enabled bearer , priority 10 [ 829.704413][ T1673] netlink: 'syz.0.7259': attribute type 1 has an invalid length. [ 829.822171][ T1677] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 830.412853][ T1703] netlink: 'syz.1.7265': attribute type 6 has an invalid length. [ 851.051583][ T1724] netlink: 'syz.4.7271': attribute type 13 has an invalid length. [ 851.433962][ T1741] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 851.657194][ T1753] __nla_validate_parse: 12 callbacks suppressed [ 851.657214][ T1753] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7280'. [ 851.987743][ T1771] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7286'. [ 852.220133][ T1788] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7291'. [ 852.230097][ T1788] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7291'. [ 852.258007][ T1785] tipc: Enabling of bearer rejected, media not registered [ 852.280554][ T1785] netlink: 'syz.4.7288': attribute type 21 has an invalid length. [ 852.300748][ T1785] netlink: 'syz.4.7288': attribute type 6 has an invalid length. [ 852.326031][ T1785] netlink: 132 bytes leftover after parsing attributes in process `syz.4.7288'. [ 852.512212][ T1802] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 852.522120][ T1805] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7298'. [ 852.574239][ T1805] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 852.590630][ T1805] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 852.606567][ T1805] gretap1: entered promiscuous mode [ 852.617829][ T1805] gretap1: entered allmulticast mode [ 852.681429][ T1808] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7297'. [ 852.790260][ T1818] netem: change failed [ 852.803690][ T1818] netem: change failed [ 853.121972][ T1830] netlink: 340 bytes leftover after parsing attributes in process `syz.2.7303'. [ 853.143143][ T1837] netlink: 212348 bytes leftover after parsing attributes in process `syz.3.7305'. [ 853.164452][ T1838] tap0: tun_chr_ioctl cmd 1074025672 [ 853.172346][ T1837] netlink: Unknown conntrack attr (0) [ 853.183868][ T1838] tap0: ignored: set checksum disabled [ 853.207932][ T1841] syz_tun: entered allmulticast mode [ 853.232807][ T1840] syz_tun: left allmulticast mode [ 853.290556][ T1844] netlink: 'syz.2.7308': attribute type 1 has an invalid length. [ 853.310519][ T1844] netlink: 224 bytes leftover after parsing attributes in process `syz.2.7308'. [ 853.361576][ T1853] IPv6: NLM_F_REPLACE set, but no existing node found! [ 853.381925][ T1849] xt_hashlimit: size too large, truncated to 1048576 [ 853.422014][ T1856] netlink: 'syz.2.7312': attribute type 6 has an invalid length. [ 853.608458][ T1870] netlink: Conntrack attr has 4 unknown bytes [ 853.868649][ T1873] pim6reg: entered allmulticast mode [ 853.924395][ T1873] pim6reg: left allmulticast mode [ 854.245358][ T1890] tipc: Disabling bearer [ 856.759960][ T1906] netlink: 'syz.2.7326': attribute type 1 has an invalid length. [ 857.097313][ T1920] netlink: 'syz.0.7332': attribute type 1 has an invalid length. [ 857.127759][ T1912] ±ÿ: renamed from team_slave_1 [ 857.211009][ T1922] __nla_validate_parse: 6 callbacks suppressed [ 857.211029][ T1922] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7333'. [ 857.256581][ T1922] netlink: 60 bytes leftover after parsing attributes in process `syz.3.7333'. [ 857.277922][ T1924] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7335'. [ 857.287127][ T1922] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7333'. [ 857.300494][ T1922] netlink: 60 bytes leftover after parsing attributes in process `syz.3.7333'. [ 857.330608][ T1922] netlink: 104 bytes leftover after parsing attributes in process `syz.3.7333'. [ 857.561305][ T1948] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7339'. [ 857.690843][ T1954] Bluetooth: MGMT ver 1.23 [ 857.779728][ T1963] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7342'. [ 857.920227][ T1970] netlink: 56 bytes leftover after parsing attributes in process `syz.4.7345'. [ 857.998910][ T1970] bond5 (unregistering): Released all slaves [ 858.005232][ T1984] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 858.202693][ T1991] xt_hl: Unknown TTL match mode: 255 [ 858.219825][ T1991] netlink: 'syz.1.7349': attribute type 24 has an invalid length. [ 858.256514][ T1994] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7351'. [ 858.369272][ T1994] bond5: (slave bridge5): Enslaving as an active interface with an up link [ 858.439230][ T2000] macvlan2: entered promiscuous mode [ 858.446095][ T2004] smc: ib device syz2 ibport 1 applied user defined pnetid SYZ1 [ 858.454575][ T2000] macvlan2: entered allmulticast mode [ 858.466153][ T2000] bond5: entered promiscuous mode [ 858.472662][ T2000] bridge5: entered promiscuous mode [ 858.479344][ T2000] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 858.492527][ T2000] bond5: left promiscuous mode [ 858.499640][ T2000] bridge5: left promiscuous mode [ 858.520159][ T2004] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 858.798003][ T2028] openvswitch: netlink: Flow key attr not present in new flow. [ 858.827036][ T2030] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not security [ 859.343740][ T2063] openvswitch: netlink: Port 167772160 exceeds max allowable 65535 [ 859.487892][ T2058] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 860.013418][ T2069] lo speed is unknown, defaulting to 1000 [ 860.057115][ T2101] netlink: 'syz.3.7380': attribute type 9 has an invalid length. [ 860.117797][ T2107] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 860.145147][ T2107] syzkaller0: entered promiscuous mode [ 860.160666][ T2107] syzkaller0: entered allmulticast mode [ 860.228604][ T2112] openvswitch: netlink: Flow actions attr not present in new flow. [ 860.905706][ T2145] netlink: 'syz.3.7394': attribute type 2 has an invalid length. [ 861.114505][ T2153] syzkaller1: entered promiscuous mode [ 861.127179][ T2153] syzkaller1: entered allmulticast mode [ 861.387817][ T2158] debugfs: 'KŠŸu ™crµ±K:‘£ÿˆÌ¥ÝBßÝ£| “¼ÚÞlS·œ-!' already exists in 'ieee80211' [ 861.704913][ T2183] sock: sock_set_timeout: `syz.0.7405' (pid 2183) tries to set negative timeout [ 861.726261][ T2184] openvswitch: netlink: Unexpected mask (mask=840, allowed=10048) [ 861.766459][T19050] wlan1: Trigger new scan to find an IBSS to join [ 862.080333][ T2199] SET target dimension over the limit! [ 862.256616][ T2206] __nla_validate_parse: 12 callbacks suppressed [ 862.256638][ T2206] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7413'. [ 862.293726][ T2206] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7413'. [ 862.321000][ T2206] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7413'. [ 862.351786][ T2210] xt_NFQUEUE: number of queues (62232) out of range (got 67565) [ 862.434154][ T2214] netlink: 'syz.3.7416': attribute type 1 has an invalid length. [ 862.457981][ T2214] netlink: 96 bytes leftover after parsing attributes in process `syz.3.7416'. [ 862.505752][ T2214] netlink: 1 bytes leftover after parsing attributes in process `syz.3.7416'. [ 862.542310][ T2214] netlink: 'syz.3.7416': attribute type 1 has an invalid length. [ 862.560917][ T2214] netlink: 'syz.3.7416': attribute type 8 has an invalid length. [ 862.573056][ T2214] netlink: 606 bytes leftover after parsing attributes in process `syz.3.7416'. [ 862.585644][ T2222] netlink: 36 bytes leftover after parsing attributes in process `syz.1.7419'. [ 863.075163][ T2241] syzkaller0: entered promiscuous mode [ 863.081329][ T2241] syzkaller0: entered allmulticast mode [ 863.118002][ T30] audit: type=1107 audit(1779014629.143:22): pid=2246 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='k Þ~' [ 863.363172][ T2258] netlink: 96 bytes leftover after parsing attributes in process `syz.3.7429'. [ 863.378692][ T2258] 8021q: VLANs not supported on ip6_vti0 [ 863.393418][ T2258] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 863.622848][ T5774] IPVS: starting estimator thread 0... [ 863.699724][ T2271] bond3: entered allmulticast mode [ 863.725821][ T2276] IPVS: using max 29 ests per chain, 69600 per kthread [ 864.130950][ T2307] 8021q: VLANs not supported on vxcan1 [ 864.155687][ T2308] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1500) ! [ 864.198739][ T2308] netlink: 'syz.0.7440': attribute type 1 has an invalid length. [ 864.219308][ T2311] sctp: [Deprecated]: syz.1.7443 (pid 2311) Use of int in maxseg socket option. [ 864.219308][ T2311] Use struct sctp_assoc_value instead [ 864.470150][ T2331] netlink: 68 bytes leftover after parsing attributes in process `syz.4.7447'. [ 864.488754][ T2331] netlink: 'syz.4.7447': attribute type 3 has an invalid length. [ 864.637938][ T2343] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.7451'. [ 864.692190][ T2347] netlink: 'syz.1.7453': attribute type 1 has an invalid length. [ 864.726443][ T12] wlan1: Trigger new scan to find an IBSS to join [ 865.198116][ T2379] netlink: 'syz.3.7461': attribute type 1 has an invalid length. [ 865.206600][ T2377] syzkaller0: entered promiscuous mode [ 865.247542][ T2377] syzkaller0: entered allmulticast mode [ 865.464751][ T2382] bond2: entered promiscuous mode [ 865.480056][ T2382] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 865.518580][ T2382] bond2: left promiscuous mode [ 866.128559][ T2436] erspan0: entered promiscuous mode [ 866.157952][ T2434] netlink: 'syz.1.7473': attribute type 8 has an invalid length. [ 866.538930][ T2474] netlink: 'syz.4.7485': attribute type 2 has an invalid length. [ 866.834697][ T2491] IPVS: Unknown mcast interface: vcan0 [ 867.093103][ T2530] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 867.175985][ T2531] bond3: Unable to set down delay as MII monitoring is disabled [ 867.192416][ T2531] bond3 (unregistering): Released all slaves [ 867.336384][ T2551] __nla_validate_parse: 16 callbacks suppressed [ 867.336407][ T2551] netlink: 76 bytes leftover after parsing attributes in process `syz.2.7499'. [ 867.357326][ T2546] syzkaller1: entered promiscuous mode [ 867.386312][ T2546] syzkaller1: entered allmulticast mode [ 867.392152][ T2553] IPVS: set_ctl: invalid protocol: 255 172.20.20.15:20001 [ 867.417574][ T2525] syzkaller1: left promiscuous mode [ 867.435957][ T2525] syzkaller1: left allmulticast mode [ 867.766732][T19051] wlan1: Trigger new scan to find an IBSS to join [ 867.856863][ T2567] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7508'. [ 868.102030][ T2588] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7515'. [ 868.172861][ T2595] netlink: 'syz.3.7516': attribute type 83 has an invalid length. [ 868.185074][ T2596] netlink: 'syz.3.7516': attribute type 83 has an invalid length. [ 868.208288][ T2597] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7514'. [ 868.230737][ T2596] netlink: 'syz.3.7516': attribute type 11 has an invalid length. [ 868.243752][ T2595] netlink: 'syz.3.7516': attribute type 11 has an invalid length. [ 868.252194][ T2596] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7516'. [ 868.264289][ T2595] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7516'. [ 868.399461][ T2610] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7514'. [ 868.760895][T19051] wlan1: Creating new IBSS network, BSSID 72:24:c7:35:12:42 [ 870.094289][ T2524] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 870.713819][ T2632] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7523'. [ 870.798770][ T2637] syzkaller0: entered promiscuous mode [ 870.805228][ T2637] syzkaller0: entered allmulticast mode [ 870.868030][ T2644] netlink: 'syz.4.7528': attribute type 3 has an invalid length. [ 870.913055][ T2649] netlink: 'syz.2.7530': attribute type 9 has an invalid length. [ 871.394921][ T2685] netlink: 'syz.4.7540': attribute type 1 has an invalid length. [ 871.473068][ T2698] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7544'. [ 871.549671][ T2702] netlink: 45 bytes leftover after parsing attributes in process `syz.3.7545'. [ 871.567460][ T2685] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR [ 871.661304][ T2715] IPVS: length: 239 != 24 [ 871.823393][ T2726] netlink: 'syz.3.7550': attribute type 1 has an invalid length. [ 871.944060][ T2726] 8021q: adding VLAN 0 to HW filter on device bond3 [ 872.014188][ T2732] vlan2: entered allmulticast mode [ 872.024400][ T2732] bond3: entered allmulticast mode [ 873.325137][ T2766] __nla_validate_parse: 2 callbacks suppressed [ 873.325155][ T2766] netlink: 256 bytes leftover after parsing attributes in process `syz.3.7558'. [ 874.580866][ T2772] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 874.591416][ T2772] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 874.615500][ T2772] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 874.713456][ T2774] veth1_macvtap: left promiscuous mode [ 874.854130][ T2779] bond5: option xmit_hash_policy: invalid value (249) [ 874.871128][ T2779] bond5 (unregistering): Released all slaves [ 874.943397][ T2786] gretap0: entered promiscuous mode [ 874.950177][ T2786] gretap0: entered allmulticast mode [ 875.058280][ T2801] netlink: 'syz.0.7566': attribute type 2 has an invalid length. [ 875.204575][ T2812] ipvlan2: entered promiscuous mode [ 875.215284][ T2809] netlink: 288 bytes leftover after parsing attributes in process `syz.2.7567'. [ 875.376939][ T2822] syzkaller0: entered promiscuous mode [ 875.382462][ T2822] syzkaller0: entered allmulticast mode [ 875.398943][ T2822] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7571'. [ 877.207309][ T1162] Bluetooth: hci2: command 0x0401 tx timeout [ 878.041924][ T2847] xt_TCPMSS: Only works on TCP SYN packets [ 878.058839][ T2847] netlink: 16 bytes leftover after parsing attributes in process `syz.0.7577'. [ 878.091025][ T2847] netlink: 32 bytes leftover after parsing attributes in process `syz.0.7577'. [ 878.154570][ T2857] IPv6: NLM_F_CREATE should be specified when creating new route [ 878.161577][ T2847] gretap2: entered promiscuous mode [ 878.184222][ T2847] gretap2: entered allmulticast mode [ 878.199898][ T2857] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7579'. [ 878.217964][ T2867] netlink: 'syz.2.7579': attribute type 3 has an invalid length. [ 878.374450][ T2878] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7583'. [ 878.426314][ T2878] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7583'. [ 878.569302][ T2893] netlink: 196 bytes leftover after parsing attributes in process `syz.1.7586'. [ 878.598878][ T2893] netlink: 196 bytes leftover after parsing attributes in process `syz.1.7586'. [ 878.629351][ T2893] netlink: 19 bytes leftover after parsing attributes in process `syz.1.7586'. [ 878.837073][ T2909] bond0: entered promiscuous mode [ 878.857800][ T2909] bond_slave_0: entered promiscuous mode [ 878.880806][ T2908] netlink: 40 bytes leftover after parsing attributes in process `syz.2.7591'. [ 878.924265][ T2908] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.7591'. [ 878.935809][ T2912] openvswitch: netlink: Missing key (keys=40, expected=80) [ 879.091553][ T2919] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7595'. [ 879.111373][ T2919] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7595'. [ 879.155751][ T2921] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7596'. [ 880.520571][ T2985] netlink: 'syz.1.7608': attribute type 9 has an invalid length. [ 880.672468][ T2996] ±ÿ: renamed from team_slave_1 [ 882.325795][T28678] Bluetooth: hci1: command 0x0406 tx timeout [ 882.576841][ T2948] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 883.488927][ T3060] syzkaller1: entered allmulticast mode [ 883.531363][ T3064] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 883.548062][ T3064] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 883.648668][ T3071] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 883.667559][ T3072] __nla_validate_parse: 7 callbacks suppressed [ 883.667576][ T3072] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7635'. [ 883.685292][ T3071] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7635'. [ 883.896396][ T3080] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7637'. [ 883.915891][ T3080] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7637'. [ 884.280255][ T3104] netem: change failed [ 884.864800][ T3141] netlink: 'syz.2.7653': attribute type 17 has an invalid length. [ 884.900359][ T3141] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7653'. [ 884.922738][ T3147] gretap0: entered promiscuous mode [ 884.930075][ T3141] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7653'. [ 884.947207][ T3147] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7658'. [ 884.989662][ T3147] gretap0: left promiscuous mode [ 885.103341][ T3154] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7658'. [ 885.233686][ T3159] ip6t_rpfilter: unknown options [ 885.595208][ T3135] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 885.639169][ T3181] bond_slave_1: entered promiscuous mode [ 885.666625][ T3181] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 885.902378][ T3197] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 886.030671][ T3205] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 886.168475][ T3213] netlink: 'syz.3.7674': attribute type 1 has an invalid length. [ 886.325293][ T3213] 8021q: adding VLAN 0 to HW filter on device bond4 [ 886.384452][ T3226] bond4: (slave geneve3): making interface the new active one [ 886.397333][ T3226] bond4: (slave geneve3): Enslaving as an active interface with an up link [ 886.461371][ T3234] bond5: option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-xor(2) [ 886.487713][ T3234] bond5 (unregistering): Released all slaves [ 886.532463][ T57] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 20004 - 0 [ 886.555009][ T3243] netlink: 'syz.3.7681': attribute type 1 has an invalid length. [ 886.651096][ T3246] bond6: Unable to set down delay as MII monitoring is disabled [ 886.684931][ T3246] bond6 (unregistering): Released all slaves [ 886.729807][ T57] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 20004 - 0 [ 886.810530][ T3243] 8021q: adding VLAN 0 to HW filter on device bond5 [ 886.818745][ T3244] FAULT_INJECTION: forcing a failure. [ 886.818745][ T3244] name failslab, interval 1, probability 0, space 0, times 1 [ 886.831658][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 20004 - 0 [ 886.836582][ T3244] CPU: 1 UID: 0 PID: 3244 Comm: syz.1.7680 Not tainted syzkaller #0 PREEMPT(full) [ 886.836657][ T3244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 886.836696][ T3244] Call Trace: [ 886.836719][ T3244] [ 886.836748][ T3244] dump_stack_lvl+0xe8/0x150 [ 886.836834][ T3244] should_fail_ex+0x412/0x560 [ 886.837065][ T3244] should_failslab+0xa8/0x100 [ 886.837159][ T3244] ? skb_clone+0x212/0x3a0 [ 886.837299][ T3244] kmem_cache_alloc_noprof+0x87/0x650 [ 886.837435][ T3244] skb_clone+0x212/0x3a0 [ 886.837520][ T3244] __netlink_deliver_tap+0x404/0x850 [ 886.837711][ T3244] ? netlink_deliver_tap+0x2e/0x1b0 [ 886.837785][ T3244] netlink_deliver_tap+0x19c/0x1b0 [ 886.837868][ T3244] netlink_sendskb+0x68/0x140 [ 886.837935][ T3244] netlink_rcv_skb+0x2b6/0x4b0 [ 886.838025][ T3244] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 886.838124][ T3244] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 886.838239][ T3244] ? netlink_deliver_tap+0x2e/0x1b0 [ 886.838306][ T3244] ? netlink_deliver_tap+0x2e/0x1b0 [ 886.838386][ T3244] netlink_unicast+0x75c/0x8e0 [ 886.838504][ T3244] netlink_sendmsg+0x813/0xb40 [ 886.838601][ T3244] ? __pfx_netlink_sendmsg+0x10/0x10 [ 886.838684][ T3244] ? aa_sock_msg_perm+0xf1/0x1b0 [ 886.838783][ T3244] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 886.838905][ T3244] ____sys_sendmsg+0x972/0x9f0 [ 886.838988][ T3244] ? __might_fault+0xaf/0x130 [ 886.839072][ T3244] ? __pfx_____sys_sendmsg+0x10/0x10 [ 886.839176][ T3244] ? import_iovec+0x73/0xa0 [ 886.839305][ T3244] ___sys_sendmsg+0x2a5/0x360 [ 886.839371][ T3244] ? __lock_acquire+0x6b5/0x2cf0 [ 886.839446][ T3244] ? __pfx____sys_sendmsg+0x10/0x10 [ 886.839602][ T3244] ? __fget_files+0x2a/0x420 [ 886.839684][ T3244] ? __fget_files+0x3a0/0x420 [ 886.839763][ T3244] __x64_sys_sendmsg+0x1bd/0x2a0 [ 886.839849][ T3244] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 886.839970][ T3244] ? __pfx_ksys_write+0x10/0x10 [ 886.840077][ T3244] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.840158][ T3244] do_syscall_64+0x15f/0xf80 [ 886.840269][ T3244] ? clear_bhb_loop+0x40/0x90 [ 886.840333][ T3244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.840387][ T3244] RIP: 0033:0x7fdb23b9ce59 [ 886.840452][ T3244] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 886.840480][ T3244] RSP: 002b:00007fdb24aa4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 886.840501][ T3244] RAX: ffffffffffffffda RBX: 00007fdb23e16090 RCX: 00007fdb23b9ce59 [ 886.840515][ T3244] RDX: 0000000004000000 RSI: 0000200000001200 RDI: 0000000000000008 [ 886.840528][ T3244] RBP: 00007fdb24aa4090 R08: 0000000000000000 R09: 0000000000000000 [ 886.840541][ T3244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 886.840553][ T3244] R13: 00007fdb23e16128 R14: 00007fdb23e16090 R15: 00007ffdcbf8ed58 [ 886.840594][ T3244] [ 887.165919][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 20004 - 0 [ 887.174767][ T3253] netlink: 16 bytes leftover after parsing attributes in process `syz.0.7684'. [ 887.199152][ T3262] netlink: 'syz.2.7685': attribute type 13 has an invalid length. [ 887.300264][ T3268] netlink: 71 bytes leftover after parsing attributes in process `syz.4.7686'. [ 887.935078][ T154] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 887.964740][ T154] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 887.995249][ T154] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 888.019329][ T154] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 888.127722][ T3308] tc_dump_action: action bad kind [ 888.652284][ T3341] netlink: 'syz.3.7704': attribute type 1 has an invalid length. [ 888.999234][ T3369] FAULT_INJECTION: forcing a failure. [ 888.999234][ T3369] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 889.049394][ T3369] CPU: 1 UID: 0 PID: 3369 Comm: syz.1.7712 Not tainted syzkaller #0 PREEMPT(full) [ 889.049423][ T3369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 889.049436][ T3369] Call Trace: [ 889.049445][ T3369] [ 889.049455][ T3369] dump_stack_lvl+0xe8/0x150 [ 889.049484][ T3369] should_fail_ex+0x412/0x560 [ 889.049516][ T3369] _copy_from_iter+0x1d3/0x1670 [ 889.049548][ T3369] ? rcu_is_watching+0x15/0xb0 [ 889.049606][ T3369] ? __pfx__copy_from_iter+0x10/0x10 [ 889.049641][ T3369] ? netlink_sendmsg+0x650/0xb40 [ 889.049668][ T3369] ? skb_put+0x11b/0x210 [ 889.049698][ T3369] netlink_sendmsg+0x6c0/0xb40 [ 889.049735][ T3369] ? __pfx_netlink_sendmsg+0x10/0x10 [ 889.049766][ T3369] ? aa_sock_msg_perm+0xf1/0x1b0 [ 889.049794][ T3369] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 889.049825][ T3369] ____sys_sendmsg+0x972/0x9f0 [ 889.049853][ T3369] ? __might_fault+0xaf/0x130 [ 889.049885][ T3369] ? __pfx_____sys_sendmsg+0x10/0x10 [ 889.049923][ T3369] ? import_iovec+0x73/0xa0 [ 889.049955][ T3369] ___sys_sendmsg+0x2a5/0x360 [ 889.049981][ T3369] ? __lock_acquire+0x6b5/0x2cf0 [ 889.050007][ T3369] ? __pfx____sys_sendmsg+0x10/0x10 [ 889.050072][ T3369] ? __fget_files+0x2a/0x420 [ 889.050095][ T3369] ? __fget_files+0x3a0/0x420 [ 889.050129][ T3369] __x64_sys_sendmsg+0x1bd/0x2a0 [ 889.050160][ T3369] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 889.050199][ T3369] ? __pfx_ksys_write+0x10/0x10 [ 889.050235][ T3369] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 889.050266][ T3369] do_syscall_64+0x15f/0xf80 [ 889.050294][ T3369] ? trace_irq_disable+0x3b/0x140 [ 889.050323][ T3369] ? clear_bhb_loop+0x40/0x90 [ 889.050348][ T3369] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 889.050368][ T3369] RIP: 0033:0x7fdb23b9ce59 [ 889.050387][ T3369] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 889.050404][ T3369] RSP: 002b:00007fdb24aa4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 889.050425][ T3369] RAX: ffffffffffffffda RBX: 00007fdb23e16090 RCX: 00007fdb23b9ce59 [ 889.050440][ T3369] RDX: 0000000000000080 RSI: 0000200000000300 RDI: 0000000000000003 [ 889.050453][ T3369] RBP: 00007fdb24aa4090 R08: 0000000000000000 R09: 0000000000000000 [ 889.050466][ T3369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 889.050478][ T3369] R13: 00007fdb23e16128 R14: 00007fdb23e16090 R15: 00007ffdcbf8ed58 [ 889.050511][ T3369] [ 889.396959][ T3374] netlink: 'syz.0.7713': attribute type 16 has an invalid length. [ 889.410952][ T3374] netlink: 'syz.0.7713': attribute type 17 has an invalid length. [ 889.562474][ T3374] ip6gre0: left promiscuous mode [ 889.587488][ T3374] ip6gre0: left allmulticast mode [ 889.685119][ T3374] bridge0: port 1(bridge_slave_0) entered disabled state [ 889.712465][ T3374] bridge0: port 2(bridge_slave_1) entered disabled state [ 889.781221][ T3374] netdevsim netdevsim0 netdevsim0: left allmulticast mode [ 889.790439][ T3374] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 889.810852][ T3374] macsec1: left promiscuous mode [ 889.816143][ T3374] macsec1: left allmulticast mode [ 889.821244][ T3374] geneve1: left allmulticast mode [ 889.834358][ T3374] gretap1: left promiscuous mode [ 889.841876][ T3374] batman_adv: batadv0: Interface activated: gretap1 [ 889.859379][ T3374] 8021q: adding VLAN 0 to HW filter on device bond2 [ 889.874398][ T3374] macvtap1: left promiscuous mode [ 889.880374][ T3374] vlan0: left promiscuous mode [ 889.885723][ T3374] macvtap1: left allmulticast mode [ 889.891006][ T3374] vlan0: left allmulticast mode [ 889.899981][ T3374] veth0_vlan: left allmulticast mode [ 889.925590][ T3374] ipvlan2: left promiscuous mode [ 889.934011][ T3374] gretap2: left promiscuous mode [ 889.941214][ T3374] gretap2: left allmulticast mode [ 890.119346][ T3402] xt_hashlimit: size too large, truncated to 1048576 [ 890.212590][ T3409] netlink: 'syz.0.7723': attribute type 5 has an invalid length. [ 890.271212][ T3405] syzkaller0: entered promiscuous mode [ 890.286041][ T3405] syzkaller0: entered allmulticast mode [ 890.298508][ T3405] TC_ACT_REPEAT abuse ? [ 890.304441][ T3413] FAULT_INJECTION: forcing a failure. [ 890.304441][ T3413] name failslab, interval 1, probability 0, space 0, times 0 [ 890.304472][ T3413] CPU: 1 UID: 0 PID: 3413 Comm: syz.3.7724 Not tainted syzkaller #0 PREEMPT(full) [ 890.304492][ T3413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 890.304503][ T3413] Call Trace: [ 890.304510][ T3413] [ 890.304517][ T3413] dump_stack_lvl+0xe8/0x150 [ 890.304544][ T3413] should_fail_ex+0x412/0x560 [ 890.304572][ T3413] should_failslab+0xa8/0x100 [ 890.304602][ T3413] __kmalloc_noprof+0xe8/0x760 [ 890.304627][ T3413] ? genl_family_rcv_msg_attrs_parse+0xd0/0x2f0 [ 890.304654][ T3413] genl_family_rcv_msg_attrs_parse+0xd0/0x2f0 [ 890.304681][ T3413] genl_family_rcv_msg_doit+0xd9/0x330 [ 890.304707][ T3413] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 890.304737][ T3413] ? apparmor_capable+0x126/0x170 [ 890.304817][ T3413] ? bpf_lsm_capable+0x9/0x20 [ 890.304833][ T3413] ? security_capable+0x7e/0x2c0 [ 890.304920][ T3413] genl_rcv_msg+0x61c/0x7a0 [ 890.304944][ T3413] ? __pfx_genl_rcv_msg+0x10/0x10 [ 890.304961][ T3413] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 890.305081][ T3413] ? __pfx_nl80211_authenticate+0x10/0x10 [ 890.305212][ T3413] ? __pfx_nl80211_post_doit+0x10/0x10 [ 890.305360][ T3413] netlink_rcv_skb+0x232/0x4b0 [ 890.305436][ T3413] ? __pfx_genl_rcv_msg+0x10/0x10 [ 890.305491][ T3413] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 890.305600][ T3413] ? down_read+0x270/0x2e0 [ 890.305683][ T3413] ? genl_rcv+0xd/0x40 [ 890.305737][ T3413] genl_rcv+0x28/0x40 [ 890.305788][ T3413] netlink_unicast+0x75c/0x8e0 [ 890.305883][ T3413] netlink_sendmsg+0x813/0xb40 [ 890.305980][ T3413] ? __pfx_netlink_sendmsg+0x10/0x10 [ 890.306066][ T3413] ? aa_sock_msg_perm+0xf1/0x1b0 [ 890.306149][ T3413] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 890.306231][ T3413] ____sys_sendmsg+0x972/0x9f0 [ 890.306312][ T3413] ? __might_fault+0xaf/0x130 [ 890.306398][ T3413] ? __pfx_____sys_sendmsg+0x10/0x10 [ 890.306498][ T3413] ? import_iovec+0x73/0xa0 [ 890.306608][ T3413] ___sys_sendmsg+0x2a5/0x360 [ 890.306719][ T3413] ? __lock_acquire+0x6b5/0x2cf0 [ 890.306808][ T3413] ? __pfx____sys_sendmsg+0x10/0x10 [ 890.306978][ T3413] ? __fget_files+0x2a/0x420 [ 890.307041][ T3413] ? __fget_files+0x3a0/0x420 [ 890.307135][ T3413] __x64_sys_sendmsg+0x1bd/0x2a0 [ 890.307218][ T3413] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 890.307324][ T3413] ? __pfx_ksys_write+0x10/0x10 [ 890.307422][ T3413] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 890.307484][ T3413] do_syscall_64+0x15f/0xf80 [ 890.307558][ T3413] ? trace_irq_disable+0x3b/0x140 [ 890.307648][ T3413] ? clear_bhb_loop+0x40/0x90 [ 890.307713][ T3413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 890.307763][ T3413] RIP: 0033:0x7f3edd99ce59 [ 890.307821][ T3413] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 890.307857][ T3413] RSP: 002b:00007f3ede864028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 890.307929][ T3413] RAX: ffffffffffffffda RBX: 00007f3eddc15fa0 RCX: 00007f3edd99ce59 [ 890.307974][ T3413] RDX: 0000000000000080 RSI: 0000200000000300 RDI: 0000000000000003 [ 890.308034][ T3413] RBP: 00007f3ede864090 R08: 0000000000000000 R09: 0000000000000000 [ 890.308073][ T3413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 890.308113][ T3413] R13: 00007f3eddc16038 R14: 00007f3eddc15fa0 R15: 00007fff50dfda88 [ 890.308202][ T3413] [ 890.734274][ T3418] __nla_validate_parse: 1 callbacks suppressed [ 890.734293][ T3418] netlink: 52 bytes leftover after parsing attributes in process `syz.3.7725'. [ 891.001014][ T3424] syz_tun: entered allmulticast mode [ 891.022618][ T3423] syz_tun: left allmulticast mode [ 891.393167][ T3444] netlink: 'syz.0.7733': attribute type 1 has an invalid length. [ 891.414424][ T3444] netlink: 224 bytes leftover after parsing attributes in process `syz.0.7733'. [ 891.436614][ T3449] FAULT_INJECTION: forcing a failure. [ 891.436614][ T3449] name failslab, interval 1, probability 0, space 0, times 0 [ 891.478989][ T3449] CPU: 0 UID: 0 PID: 3449 Comm: syz.1.7735 Not tainted syzkaller #0 PREEMPT(full) [ 891.479021][ T3449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 891.479036][ T3449] Call Trace: [ 891.479047][ T3449] [ 891.479057][ T3449] dump_stack_lvl+0xe8/0x150 [ 891.479092][ T3449] should_fail_ex+0x412/0x560 [ 891.479129][ T3449] should_failslab+0xa8/0x100 [ 891.479167][ T3449] __kmalloc_noprof+0xe8/0x760 [ 891.479200][ T3449] ? genl_family_rcv_msg_attrs_parse+0xd0/0x2f0 [ 891.479235][ T3449] genl_family_rcv_msg_attrs_parse+0xd0/0x2f0 [ 891.479272][ T3449] genl_family_rcv_msg_doit+0xd9/0x330 [ 891.479306][ T3449] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 891.479342][ T3449] ? apparmor_capable+0x126/0x170 [ 891.479381][ T3449] ? bpf_lsm_capable+0x9/0x20 [ 891.479404][ T3449] ? security_capable+0x7e/0x2c0 [ 891.479441][ T3449] genl_rcv_msg+0x61c/0x7a0 [ 891.479482][ T3449] ? __pfx_genl_rcv_msg+0x10/0x10 [ 891.479509][ T3449] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 891.479536][ T3449] ? __pfx_nl80211_authenticate+0x10/0x10 [ 891.479570][ T3449] ? __pfx_nl80211_post_doit+0x10/0x10 [ 891.479600][ T3449] ? __pfx_ref_tracker_free+0x10/0x10 [ 891.479738][ T3449] netlink_rcv_skb+0x232/0x4b0 [ 891.479771][ T3449] ? __pfx_genl_rcv_msg+0x10/0x10 [ 891.479798][ T3449] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 891.479850][ T3449] ? down_read+0x270/0x2e0 [ 891.479870][ T3449] ? genl_rcv+0xd/0x40 [ 891.479895][ T3449] genl_rcv+0x28/0x40 [ 891.479916][ T3449] netlink_unicast+0x75c/0x8e0 [ 891.479958][ T3449] netlink_sendmsg+0x813/0xb40 [ 891.480003][ T3449] ? __pfx_netlink_sendmsg+0x10/0x10 [ 891.480039][ T3449] ? aa_sock_msg_perm+0xf1/0x1b0 [ 891.480072][ T3449] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 891.480107][ T3449] ____sys_sendmsg+0x972/0x9f0 [ 891.480139][ T3449] ? __might_fault+0xaf/0x130 [ 891.480176][ T3449] ? __pfx_____sys_sendmsg+0x10/0x10 [ 891.480221][ T3449] ? import_iovec+0x73/0xa0 [ 891.480260][ T3449] ___sys_sendmsg+0x2a5/0x360 [ 891.480292][ T3449] ? __lock_acquire+0x6b5/0x2cf0 [ 891.480323][ T3449] ? __pfx____sys_sendmsg+0x10/0x10 [ 891.480400][ T3449] ? __fget_files+0x2a/0x420 [ 891.480428][ T3449] ? __fget_files+0x3a0/0x420 [ 891.480476][ T3449] __x64_sys_sendmsg+0x1bd/0x2a0 [ 891.480513][ T3449] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 891.480558][ T3449] ? __pfx_ksys_write+0x10/0x10 [ 891.480602][ T3449] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 891.480629][ T3449] do_syscall_64+0x15f/0xf80 [ 891.480661][ T3449] ? trace_irq_disable+0x3b/0x140 [ 891.480729][ T3449] ? clear_bhb_loop+0x40/0x90 [ 891.480760][ T3449] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 891.480784][ T3449] RIP: 0033:0x7fdb23b9ce59 [ 891.480806][ T3449] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 891.480827][ T3449] RSP: 002b:00007fdb24ac5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 891.480851][ T3449] RAX: ffffffffffffffda RBX: 00007fdb23e15fa0 RCX: 00007fdb23b9ce59 [ 891.480869][ T3449] RDX: 0000000000000080 RSI: 0000200000000300 RDI: 0000000000000003 [ 891.480884][ T3449] RBP: 00007fdb24ac5090 R08: 0000000000000000 R09: 0000000000000000 [ 891.480899][ T3449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 891.480914][ T3449] R13: 00007fdb23e16038 R14: 00007fdb23e15fa0 R15: 00007ffdcbf8ed58 [ 891.480954][ T3449] [ 891.841574][T30734] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 891.969486][ T3454] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7739'. [ 891.992892][ T3454] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7739'. [ 892.034835][ T3462] netlink: 'syz.0.7737': attribute type 3 has an invalid length. [ 892.251937][ T3471] FAULT_INJECTION: forcing a failure. [ 892.251937][ T3471] name failslab, interval 1, probability 0, space 0, times 0 [ 892.294576][ T3471] CPU: 0 UID: 0 PID: 3471 Comm: syz.0.7744 Not tainted syzkaller #0 PREEMPT(full) [ 892.294604][ T3471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 892.294616][ T3471] Call Trace: [ 892.294625][ T3471] [ 892.294634][ T3471] dump_stack_lvl+0xe8/0x150 [ 892.294664][ T3471] should_fail_ex+0x412/0x560 [ 892.294697][ T3471] should_failslab+0xa8/0x100 [ 892.294729][ T3471] __kmalloc_cache_noprof+0x88/0x660 [ 892.294755][ T3471] ? rcu_is_watching+0x15/0xb0 [ 892.294780][ T3471] ? flow_indr_dev_setup_offload+0x255/0x670 [ 892.294903][ T3471] ? trace_contention_end+0x3d/0x140 [ 892.294935][ T3471] flow_indr_dev_setup_offload+0x255/0x670 [ 892.294963][ T3471] ? __pfx_tc_block_indr_cleanup+0x10/0x10 [ 892.295062][ T3471] tcf_block_offload_cmd+0x287/0x3b0 [ 892.295100][ T3471] ? __pfx_tcf_block_offload_cmd+0x10/0x10 [ 892.295137][ T3471] ? __pfx_down_write+0x10/0x10 [ 892.295158][ T3471] ? __kmalloc_cache_noprof+0x31c/0x660 [ 892.295188][ T3471] ? __kmalloc_cache_noprof+0x15b/0x660 [ 892.295221][ T3471] tcf_block_get_ext+0xfcd/0x17d0 [ 892.295264][ T3471] tcf_block_get+0x67/0xa0 [ 892.295289][ T3471] ? __pfx_tcf_chain_head_change_dflt+0x10/0x10 [ 892.295321][ T3471] hfsc_change_class+0x183c/0x2270 [ 892.295395][ T3471] ? __pfx_hfsc_change_class+0x10/0x10 [ 892.295422][ T3471] ? lockdep_rtnl_is_held+0x26/0x40 [ 892.295479][ T3471] ? qdisc_lookup+0x179/0x6d0 [ 892.295501][ T3471] tc_ctl_tclass+0xb7e/0x1690 [ 892.295540][ T3471] ? __pfx_tc_ctl_tclass+0x10/0x10 [ 892.295562][ T3471] ? trace_contention_end+0x3d/0x140 [ 892.295591][ T3471] ? __mutex_lock+0x319/0x1550 [ 892.295664][ T3471] ? __dev_queue_xmit+0x2b6/0x3950 [ 892.295736][ T3471] ? __local_bh_enable_ip+0xd0/0x130 [ 892.295768][ T3471] ? lockdep_hardirqs_on+0x7a/0x110 [ 892.295791][ T3471] ? __dev_queue_xmit+0x2b6/0x3950 [ 892.295842][ T3471] ? __pfx_tc_ctl_tclass+0x10/0x10 [ 892.295860][ T3471] rtnetlink_rcv_msg+0x77e/0xbe0 [ 892.295887][ T3471] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 892.295906][ T3471] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 892.295925][ T3471] ? ref_tracker_free+0x693/0x840 [ 892.295951][ T3471] ? __pfx_ref_tracker_free+0x10/0x10 [ 892.295981][ T3471] netlink_rcv_skb+0x232/0x4b0 [ 892.296005][ T3471] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 892.296027][ T3471] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 892.296060][ T3471] ? netlink_deliver_tap+0x2e/0x1b0 [ 892.296081][ T3471] ? netlink_deliver_tap+0x2e/0x1b0 [ 892.296108][ T3471] netlink_unicast+0x75c/0x8e0 [ 892.296137][ T3471] netlink_sendmsg+0x813/0xb40 [ 892.296168][ T3471] ? __pfx_netlink_sendmsg+0x10/0x10 [ 892.296193][ T3471] ? aa_sock_msg_perm+0xf1/0x1b0 [ 892.296216][ T3471] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 892.296242][ T3471] ____sys_sendmsg+0x972/0x9f0 [ 892.296265][ T3471] ? __might_fault+0xaf/0x130 [ 892.296292][ T3471] ? __pfx_____sys_sendmsg+0x10/0x10 [ 892.296322][ T3471] ? import_iovec+0x73/0xa0 [ 892.296349][ T3471] ___sys_sendmsg+0x2a5/0x360 [ 892.296379][ T3471] ? __lock_acquire+0x6b5/0x2cf0 [ 892.296400][ T3471] ? __pfx____sys_sendmsg+0x10/0x10 [ 892.296453][ T3471] ? __fget_files+0x2a/0x420 [ 892.296472][ T3471] ? __fget_files+0x3a0/0x420 [ 892.296500][ T3471] __x64_sys_sendmsg+0x1bd/0x2a0 [ 892.296526][ T3471] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 892.296557][ T3471] ? __pfx_ksys_write+0x10/0x10 [ 892.296588][ T3471] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 892.296606][ T3471] do_syscall_64+0x15f/0xf80 [ 892.296629][ T3471] ? trace_irq_disable+0x3b/0x140 [ 892.296654][ T3471] ? clear_bhb_loop+0x40/0x90 [ 892.296674][ T3471] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 892.296690][ T3471] RIP: 0033:0x7fbd48f9ce59 [ 892.296706][ T3471] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 892.296720][ T3471] RSP: 002b:00007fbd49ee8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 892.296737][ T3471] RAX: ffffffffffffffda RBX: 00007fbd49215fa0 RCX: 00007fbd48f9ce59 [ 892.296749][ T3471] RDX: 0000000004000000 RSI: 0000200000001200 RDI: 0000000000000008 [ 892.296760][ T3471] RBP: 00007fbd49ee8090 R08: 0000000000000000 R09: 0000000000000000 [ 892.296770][ T3471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 892.296780][ T3471] R13: 00007fbd49216038 R14: 00007fbd49215fa0 R15: 00007ffccb7a6208 [ 892.296807][ T3471] [ 892.334551][ T3476] netlink: 7 bytes leftover after parsing attributes in process `syz.4.7743'. [ 892.739410][ T3494] IPVS: set_ctl: invalid protocol: 59 10.1.1.2:20001 [ 892.792165][ T3495] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7749'. [ 892.891895][T30734] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 893.014282][ T3506] netlink: 164 bytes leftover after parsing attributes in process `syz.0.7752'. [ 893.119129][ T3514] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 893.129764][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 893.211502][ T3519] vlan3: entered allmulticast mode [ 893.379863][ T3532] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7759'. [ 893.397609][ T3532] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7759'. [ 893.407036][ T3532] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7759'. [ 893.537957][ T3537] FAULT_INJECTION: forcing a failure. [ 893.537957][ T3537] name failslab, interval 1, probability 0, space 0, times 0 [ 893.554629][ T3537] CPU: 1 UID: 0 PID: 3537 Comm: syz.4.7761 Not tainted syzkaller #0 PREEMPT(full) [ 893.554656][ T3537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 893.554669][ T3537] Call Trace: [ 893.554677][ T3537] [ 893.554686][ T3537] dump_stack_lvl+0xe8/0x150 [ 893.554715][ T3537] should_fail_ex+0x412/0x560 [ 893.554757][ T3537] should_failslab+0xa8/0x100 [ 893.554790][ T3537] __kmalloc_node_noprof+0xf0/0x7c0 [ 893.554819][ T3537] ? qdisc_alloc+0x92/0x9e0 [ 893.554924][ T3537] qdisc_alloc+0x92/0x9e0 [ 893.554959][ T3537] qdisc_create_dflt+0x8e/0x4e0 [ 893.554988][ T3537] hfsc_change_class+0x1a10/0x2270 [ 893.555027][ T3537] ? __pfx_hfsc_change_class+0x10/0x10 [ 893.555055][ T3537] ? lockdep_rtnl_is_held+0x26/0x40 [ 893.555084][ T3537] ? qdisc_lookup+0x179/0x6d0 [ 893.555107][ T3537] tc_ctl_tclass+0xb7e/0x1690 [ 893.555146][ T3537] ? __pfx_tc_ctl_tclass+0x10/0x10 [ 893.555166][ T3537] ? trace_contention_end+0x3d/0x140 [ 893.555197][ T3537] ? __mutex_lock+0x319/0x1550 [ 893.555228][ T3537] ? __dev_queue_xmit+0x2b6/0x3950 [ 893.555260][ T3537] ? __local_bh_enable_ip+0xd0/0x130 [ 893.555281][ T3537] ? lockdep_hardirqs_on+0x7a/0x110 [ 893.555310][ T3537] ? __dev_queue_xmit+0x2b6/0x3950 [ 893.555366][ T3537] ? __pfx_tc_ctl_tclass+0x10/0x10 [ 893.555392][ T3537] rtnetlink_rcv_msg+0x77e/0xbe0 [ 893.555421][ T3537] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 893.555445][ T3537] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 893.555467][ T3537] ? ref_tracker_free+0x693/0x840 [ 893.555498][ T3537] ? __pfx_ref_tracker_free+0x10/0x10 [ 893.555536][ T3537] netlink_rcv_skb+0x232/0x4b0 [ 893.555565][ T3537] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 893.555592][ T3537] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 893.555633][ T3537] ? netlink_deliver_tap+0x2e/0x1b0 [ 893.555660][ T3537] ? netlink_deliver_tap+0x2e/0x1b0 [ 893.555692][ T3537] netlink_unicast+0x75c/0x8e0 [ 893.555728][ T3537] netlink_sendmsg+0x813/0xb40 [ 893.555774][ T3537] ? __pfx_netlink_sendmsg+0x10/0x10 [ 893.555804][ T3537] ? aa_sock_msg_perm+0xf1/0x1b0 [ 893.555833][ T3537] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 893.555863][ T3537] ____sys_sendmsg+0x972/0x9f0 [ 893.555891][ T3537] ? __might_fault+0xaf/0x130 [ 893.555923][ T3537] ? __pfx_____sys_sendmsg+0x10/0x10 [ 893.555958][ T3537] ? import_iovec+0x73/0xa0 [ 893.555990][ T3537] ___sys_sendmsg+0x2a5/0x360 [ 893.556017][ T3537] ? __lock_acquire+0x6b5/0x2cf0 [ 893.556043][ T3537] ? __pfx____sys_sendmsg+0x10/0x10 [ 893.556107][ T3537] ? __fget_files+0x2a/0x420 [ 893.556131][ T3537] ? __fget_files+0x3a0/0x420 [ 893.556166][ T3537] __x64_sys_sendmsg+0x1bd/0x2a0 [ 893.556198][ T3537] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 893.556236][ T3537] ? __pfx_ksys_write+0x10/0x10 [ 893.556275][ T3537] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 893.556297][ T3537] do_syscall_64+0x15f/0xf80 [ 893.556326][ T3537] ? trace_irq_disable+0x3b/0x140 [ 893.556355][ T3537] ? clear_bhb_loop+0x40/0x90 [ 893.556381][ T3537] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 893.556400][ T3537] RIP: 0033:0x7f7ae8f9ce59 [ 893.556419][ T3537] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 893.556436][ T3537] RSP: 002b:00007f7ae9e1a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 893.556456][ T3537] RAX: ffffffffffffffda RBX: 00007f7ae9215fa0 RCX: 00007f7ae8f9ce59 [ 893.556470][ T3537] RDX: 0000000004000000 RSI: 0000200000001200 RDI: 0000000000000008 [ 893.556483][ T3537] RBP: 00007f7ae9e1a090 R08: 0000000000000000 R09: 0000000000000000 [ 893.556495][ T3537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 893.556507][ T3537] R13: 00007f7ae9216038 R14: 00007f7ae9215fa0 R15: 00007fffe58b7e28 [ 893.556539][ T3537] [ 893.667203][ T3542] x_tables: unsorted entry at hook 2 [ 893.950655][ T964] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 893.967781][ T3547] xt_limit: Overflow, try lower: 271964/0 [ 894.031255][ T3541] tipc: Enabling of bearer rejected, failed to enable media [ 894.171010][ T5774] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 894.214888][ T3557] netlink: 'syz.3.7766': attribute type 11 has an invalid length. [ 894.328151][ T3565] syzkaller1: entered promiscuous mode [ 894.348303][ T3565] syzkaller1: entered allmulticast mode [ 894.455146][ T3575] veth0: entered promiscuous mode [ 894.500778][ T3573] veth0: left promiscuous mode [ 894.784191][ T3594] FAULT_INJECTION: forcing a failure. [ 894.784191][ T3594] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 894.813998][ T3594] CPU: 1 UID: 0 PID: 3594 Comm: syz.4.7779 Not tainted syzkaller #0 PREEMPT(full) [ 894.814025][ T3594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 894.814037][ T3594] Call Trace: [ 894.814046][ T3594] [ 894.814054][ T3594] dump_stack_lvl+0xe8/0x150 [ 894.814083][ T3594] should_fail_ex+0x412/0x560 [ 894.814116][ T3594] _copy_to_user+0x31/0xb0 [ 894.814220][ T3594] simple_read_from_buffer+0xe1/0x170 [ 894.814252][ T3594] proc_fail_nth_read+0x1bb/0x230 [ 894.814309][ T3594] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 894.814338][ T3594] ? rw_verify_area+0x2a6/0x4d0 [ 894.814365][ T3594] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 894.814404][ T3594] vfs_read+0x20c/0xa70 [ 894.814435][ T3594] ? __pfx___mutex_lock+0x10/0x10 [ 894.814464][ T3594] ? __pfx_vfs_read+0x10/0x10 [ 894.814492][ T3594] ? __fget_files+0x2a/0x420 [ 894.814521][ T3594] ? __fget_files+0x3a0/0x420 [ 894.814543][ T3594] ? __fget_files+0x2a/0x420 [ 894.814584][ T3594] ksys_read+0x150/0x270 [ 894.814615][ T3594] ? __pfx_ksys_read+0x10/0x10 [ 894.814652][ T3594] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 894.814675][ T3594] do_syscall_64+0x15f/0xf80 [ 894.814702][ T3594] ? trace_irq_disable+0x3b/0x140 [ 894.814733][ T3594] ? clear_bhb_loop+0x40/0x90 [ 894.814758][ T3594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 894.814777][ T3594] RIP: 0033:0x7f7ae8f5d68e [ 894.814797][ T3594] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 894.814814][ T3594] RSP: 002b:00007f7ae9e19fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 894.814835][ T3594] RAX: ffffffffffffffda RBX: 00007f7ae9e1a6c0 RCX: 00007f7ae8f5d68e [ 894.814850][ T3594] RDX: 000000000000000f RSI: 00007f7ae9e1a0a0 RDI: 000000000000000a [ 894.814863][ T3594] RBP: 00007f7ae9e1a090 R08: 0000000000000000 R09: 0000000000000000 [ 894.814875][ T3594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 894.814886][ T3594] R13: 00007f7ae9216038 R14: 00007f7ae9215fa0 R15: 00007fffe58b7e28 [ 894.814920][ T3594] [ 894.994626][ T964] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 895.395574][ T3611] netlink: 'syz.1.7784': attribute type 1 has an invalid length. [ 895.690281][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 896.019296][ T5822] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 896.284136][ T57] erspan0 (unregistering): left allmulticast mode [ 896.547994][ T57] batman_adv: batadv0: Removing interface: gretap1 [ 896.772562][ T57] bond0 (unregistering): Released all slaves [ 896.787135][ T57] bond1 (unregistering): Released all slaves [ 896.822001][ T57] bond2 (unregistering): (slave bond3): Releasing active interface [ 896.831959][ T57] bond2 (unregistering): Released all slaves [ 896.853762][ T57] bond3 (unregistering): Released all slaves [ 896.886258][T19051] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 896.900833][ T57] bond4 (unregistering): Released all slaves [ 896.922903][ T57] bond5 (unregistering): Released all slaves [ 896.944716][ T57] bond6 (unregistering): Released all slaves [ 896.972947][ T57] bond7 (unregistering): Released all slaves [ 896.993531][ T57] bond8 (unregistering): Released all slaves [ 897.022440][ T57] bond9 (unregistering): Released all slaves [ 897.047686][ T57] bond10 (unregistering): Released all slaves [ 897.060290][T28978] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 897.073416][ T57] bond11 (unregistering): Released all slaves [ 897.110257][ T57] bond12 (unregistering): Released all slaves [ 897.142473][ T57] bond13 (unregistering): Released all slaves [ 897.168793][ T57] bond14 (unregistering): (slave vxcan1): Releasing backup interface [ 897.179525][ T57] bond14 (unregistering): (slave vxcan3): Releasing backup interface [ 897.193311][ T57] bond14 (unregistering): Released all slaves [ 897.216967][ T57] bond15 (unregistering): Released all slaves [ 897.237278][ T57] bond16 (unregistering): Released all slaves [ 897.268672][ T57] bond17 (unregistering): Released all slaves [ 897.329713][ T3655] tipc: Enabled bearer , priority 0 [ 897.375238][ T3668] __nla_validate_parse: 1 callbacks suppressed [ 897.375258][ T3668] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7790'. [ 897.701018][ T3648] syzkaller0: entered promiscuous mode [ 897.707549][ T3648] syzkaller0: entered allmulticast mode [ 897.714004][ T3648] tipc: Resetting bearer [ 897.727514][ T57] tipc: Disabling bearer [ 897.742780][ T57] tipc: Left network mode [ 897.750072][ T3677] netlink: 20 bytes leftover after parsing attributes in process `syz.4.7794'. [ 897.819182][ T3677] block nbd0: reconnected socket [ 897.895256][ T3679] netlink: 36 bytes leftover after parsing attributes in process `syz.4.7794'. [ 897.974151][ T3648] tipc: Resetting bearer [ 898.104541][ T964] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 898.390809][ T1162] block nbd0: Receive control failed (result -32) [ 898.779671][ T13] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 899.143135][T30734] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 899.931720][ T5774] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 900.181240][ T5822] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 900.277635][ T3648] tipc: Disabling bearer [ 900.322871][ T3696] bond0: Caught tx_queue_len zero misconfig [ 900.380496][ T3700] openvswitch: netlink: Flow key attr not present in new flow. [ 900.634562][ T3717] xt_l2tp: invalid flags combination: 8 [ 900.662084][ T3720] xt_socket: unknown flags 0x50 [ 900.688720][ T3719] xt_socket: unknown flags 0x50 [ 900.717764][ T3719] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7809'. [ 900.757485][ T3719] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7809'. [ 900.850366][ T3725] netlink: 36 bytes leftover after parsing attributes in process `syz.1.7809'. [ 900.887621][ T3725] netlink: 16 bytes leftover after parsing attributes in process `syz.1.7809'. [ 900.911856][ T3725] netlink: 36 bytes leftover after parsing attributes in process `syz.1.7809'. [ 901.134608][ T3743] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7811'. [ 901.216843][ T3748] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7814'. [ 901.220132][ T5822] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 901.266677][ T3742] netlink: 'syz.4.7813': attribute type 2 has an invalid length. [ 901.367153][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 901.465069][ T3750] syzkaller1: entered promiscuous mode [ 901.484222][ T3750] syzkaller1: entered allmulticast mode [ 901.535872][ T3756] hsr_slave_0: left promiscuous mode [ 901.572038][ T3756] hsr_slave_1: left promiscuous mode [ 902.130229][ T3772] syzkaller0: entered promiscuous mode [ 902.136029][ T3772] syzkaller0: entered allmulticast mode [ 902.264885][T28978] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 902.646197][T19050] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 903.293308][T28978] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 904.338618][T28978] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 904.434189][ T57] hsr_slave_0: left promiscuous mode [ 904.478229][ T57] veth1_vlan: left allmulticast mode [ 904.487806][ T57] veth1_macvtap: left promiscuous mode [ 904.498434][ T57] veth0_macvtap: left promiscuous mode [ 904.513335][ T57] veth0_vlan: left promiscuous mode [ 904.613659][ T3807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 904.623446][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 904.659778][ T3807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 904.712310][ T3807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 904.723570][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 905.302454][ T3835] netlink: 'syz.1.7835': attribute type 1 has an invalid length. [ 905.322425][ T3835] netlink: 'syz.1.7835': attribute type 1 has an invalid length. [ 905.340612][ T3835] netlink: 'syz.1.7835': attribute type 1 has an invalid length. [ 905.361346][ T3835] netlink: 'syz.1.7835': attribute type 1 has an invalid length. [ 905.380036][ T3835] netlink: 'syz.1.7835': attribute type 1 has an invalid length. [ 905.390820][T28978] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 905.399186][ T3835] netlink: 'syz.1.7835': attribute type 1 has an invalid length. [ 905.417716][ T3835] netlink: 'syz.1.7835': attribute type 1 has an invalid length. [ 905.438967][ T3835] netlink: 'syz.1.7835': attribute type 1 has an invalid length. [ 905.462254][ T3835] netlink: 'syz.1.7835': attribute type 1 has an invalid length. [ 905.605358][ T3797] macvlan0: entered promiscuous mode [ 905.902322][ T3850] IPVS: persistence engine module ip_vs_pe_À not found [ 905.921565][ T3855] __nla_validate_parse: 9 callbacks suppressed [ 905.921586][ T3855] netlink: 72 bytes leftover after parsing attributes in process `syz.3.7841'. [ 905.968068][ T3860] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7843'. [ 906.032119][ T3860] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.7843'. [ 906.163514][ T3871] netlink: 36 bytes leftover after parsing attributes in process `syz.2.7845'. [ 906.177958][ T3870] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7846'. [ 906.325004][ T3874] syzkaller0: entered promiscuous mode [ 906.340829][ T3874] syzkaller0: entered allmulticast mode [ 906.358466][ T57] IPVS: stop unused estimator thread 0... [ 906.409787][ T3874] bond5: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 906.442410][ T3874] bond5 (unregistering): Released all slaves [ 906.537085][ T3890] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7850'. [ 906.715244][ T3900] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7852'. [ 906.726673][ T3900] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7852'. [ 906.737213][ T3900] validate_nla: 24 callbacks suppressed [ 906.737228][ T3900] netlink: 'syz.1.7852': attribute type 12 has an invalid length. [ 906.754549][ T3900] netlink: 'syz.1.7852': attribute type 11 has an invalid length. [ 906.764448][ T3903] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7854'. [ 907.009017][ T3918] netlink: 'syz.0.7860': attribute type 11 has an invalid length. [ 907.017271][ T3918] netlink: 'syz.0.7860': attribute type 5 has an invalid length. [ 907.025169][ T3918] netlink: 6548 bytes leftover after parsing attributes in process `syz.0.7860'. [ 907.037385][ T3920] netlink: 'syz.0.7860': attribute type 11 has an invalid length. [ 907.046253][ T3920] netlink: 'syz.0.7860': attribute type 5 has an invalid length. [ 907.280660][ T3933] IPv6: sit1: Disabled Multicast RS [ 907.329723][ T3939] netlink: 'syz.2.7864': attribute type 58 has an invalid length. [ 907.463161][ T5822] net_ratelimit: 5 callbacks suppressed [ 907.463183][ T5822] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 907.781233][ T3981] syzkaller0: entered promiscuous mode [ 907.787923][ T3981] syzkaller0: entered allmulticast mode [ 908.405886][ T3395] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 908.496015][T28978] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 909.531423][T30734] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 910.404183][ T3948] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 910.571159][T30734] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 910.723498][ T4001] bond4: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 910.757823][ T4001] bond4 (unregistering): Released all slaves [ 910.920949][ T4018] bond5: Unable to set peer notification delay as MII monitoring is disabled [ 910.937375][ T4018] bond5 (unregistering): Released all slaves [ 911.008702][ T4025] syz_tun: refused to change device tx_queue_len [ 911.202479][ T4038] __nla_validate_parse: 9 callbacks suppressed [ 911.202498][ T4038] netlink: 52 bytes leftover after parsing attributes in process `syz.4.7890'. [ 911.297470][ T4048] netlink: 'syz.0.7892': attribute type 12 has an invalid length. [ 911.305602][ T4048] netlink: 'syz.0.7892': attribute type 29 has an invalid length. [ 911.313473][ T4048] netlink: 148 bytes leftover after parsing attributes in process `syz.0.7892'. [ 911.324608][ T4048] netlink: 'syz.0.7892': attribute type 3 has an invalid length. [ 911.332612][ T4048] netlink: 'syz.0.7892': attribute type 2 has an invalid length. [ 911.340791][ T4048] netlink: 35 bytes leftover after parsing attributes in process `syz.0.7892'. [ 914.084745][ T4027] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 914.095696][ T4053] netlink: 'syz.0.7894': attribute type 1 has an invalid length. [ 914.259791][ T4058] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 914.282932][ T4061] IPVS: length: 12 != 8 [ 914.310336][ T4068] ip6tnl0: Caught tx_queue_len zero misconfig [ 914.349287][ T4071] netlink: 212336 bytes leftover after parsing attributes in process `syz.4.7895'. [ 914.493756][ T4082] netlink: 'syz.1.7904': attribute type 33 has an invalid length. [ 914.621662][ T4090] netlink: 'syz.2.7905': attribute type 3 has an invalid length. [ 914.641816][ T4090] netlink: 32 bytes leftover after parsing attributes in process `syz.2.7905'. [ 914.714902][ T4091] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7905'. [ 914.992591][ T4107] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7910'. [ 915.283056][ T4079] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 915.294845][ T4079] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 915.433799][ T4079] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 915.440437][ T4079] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 915.487582][ T4079] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 915.494382][ T4136] netlink: 16 bytes leftover after parsing attributes in process `syz.1.7915'. [ 915.507993][ T4079] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 915.588490][ T4079] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 915.594493][ T4079] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 915.680995][ T4145] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7918'. [ 915.751578][ T4079] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 915.776181][ T4079] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 916.114899][ T4156] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7919'. [ 916.217173][ T4166] __nla_validate_parse: 1 callbacks suppressed [ 916.217191][ T4166] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7921'. [ 916.530252][ T4188] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.7926'. [ 916.613249][ T4182] netlink: 'syz.2.7924': attribute type 3 has an invalid length. [ 916.670639][ T4194] Cannot find set identified by id 65534 to match [ 916.752778][ T4197] netlink: zone id is out of range [ 916.778387][ T4197] netlink: zone id is out of range [ 916.788782][ T4197] netlink: zone id is out of range [ 916.794016][ T4197] netlink: zone id is out of range [ 916.801802][ T4197] netlink: zone id is out of range [ 916.812829][ T4197] netlink: zone id is out of range [ 916.818404][ T4197] netlink: zone id is out of range [ 916.823642][ T4197] netlink: zone id is out of range [ 916.830378][ T4197] netlink: zone id is out of range [ 916.840133][ T4197] netlink: zone id is out of range [ 916.879802][ T4205] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7930'. [ 916.997534][ T4201] netlink: 48 bytes leftover after parsing attributes in process `syz.2.7930'. [ 919.027631][ T4211] sctp: [Deprecated]: syz.4.7931 (pid 4211) Use of struct sctp_assoc_value in delayed_ack socket option. [ 919.027631][ T4211] Use struct sctp_sack_info instead [ 919.138548][ T4215] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7932'. [ 919.169370][ T4215] netlink: 'syz.3.7932': attribute type 1 has an invalid length. [ 919.186973][ T4215] netlink: 'syz.3.7932': attribute type 2 has an invalid length. [ 919.834424][ T4263] lo: Caught tx_queue_len zero misconfig [ 920.484569][ T4295] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7952'. [ 920.495206][ T4296] netlink: 64 bytes leftover after parsing attributes in process `syz.2.7953'. [ 920.571382][ T4298] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7953'. [ 920.597451][ T4299] netlink: 'syz.3.7954': attribute type 2 has an invalid length. [ 920.616585][ T4299] netlink: 'syz.3.7954': attribute type 8 has an invalid length. [ 920.630160][ T4299] netlink: 132 bytes leftover after parsing attributes in process `syz.3.7954'. [ 921.139258][ T4336] netlink: 'syz.1.7963': attribute type 1 has an invalid length. [ 921.153967][ T4327] IPVS: Scheduler module ip_vs_sip not found [ 921.233384][ T4336] bond4: entered promiscuous mode [ 921.260804][ T4339] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7963'. [ 921.271224][ T4336] 8021q: adding VLAN 0 to HW filter on device bond4 [ 921.434658][ T4336] 8021q: adding VLAN 0 to HW filter on device bond4 [ 921.466062][ T4336] bond4: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 921.485581][ T4336] bond4: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode [ 921.517838][ T4336] bond4: (slave ip6gre1): making interface the new active one [ 921.534412][ T4336] ip6gre1: entered promiscuous mode [ 921.549656][ T4336] bond4: (slave ip6gre1): Enslaving as an active interface with an up link [ 921.824724][ T4354] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7967'. [ 921.884853][ T4355] netlink: 52 bytes leftover after parsing attributes in process `syz.2.7967'. [ 922.028287][ T4358] net_ratelimit: 135 callbacks suppressed [ 922.028309][ T4358] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 922.111544][ T4358] netlink: 45349 bytes leftover after parsing attributes in process `syz.1.7968'. [ 922.153332][ T4358] 0ªX¹¦Dö»: renamed from gretap0 (while UP) [ 922.168191][ T4361] netlink: 84 bytes leftover after parsing attributes in process `syz.2.7969'. [ 922.192081][ T4358] 0ªX¹¦Dö»: entered allmulticast mode [ 922.382498][ T4369] openvswitch: netlink: Key type 30 is not supported [ 922.569550][ T4381] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7976'. [ 922.750973][ T4390] netlink: 20 bytes leftover after parsing attributes in process `syz.2.7979'. [ 922.758332][ T4391] netlink: 'syz.3.7978': attribute type 1 has an invalid length. [ 922.789348][ T4357] lo speed is unknown, defaulting to 1000 [ 922.908452][ T4391] 8021q: adding VLAN 0 to HW filter on device bond6 [ 922.980107][ T4403] netlink: 208240 bytes leftover after parsing attributes in process `syz.2.7981'. [ 923.001414][ T4397] bond6: (slave gretap1): making interface the new active one [ 923.026533][ T4397] bond6: (slave gretap1): Enslaving as an active interface with an up link [ 923.178643][ T4405] netlink: 20 bytes leftover after parsing attributes in process `syz.2.7982'. [ 923.352352][ T4412] syzkaller0: entered promiscuous mode [ 923.358285][ T4412] syzkaller0: entered allmulticast mode [ 923.794542][ T4326] syz.4.7962 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 923.823166][ T4326] CPU: 0 UID: 0 PID: 4326 Comm: syz.4.7962 Not tainted syzkaller #0 PREEMPT(full) [ 923.823192][ T4326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 923.823204][ T4326] Call Trace: [ 923.823212][ T4326] [ 923.823220][ T4326] dump_stack_lvl+0xe8/0x150 [ 923.823251][ T4326] dump_header+0xd3/0x4c0 [ 923.823316][ T4326] oom_kill_process+0x3ab/0x970 [ 923.823353][ T4326] out_of_memory+0x106c/0x1410 [ 923.823375][ T4326] ? try_charge_memcg+0xbb9/0x1570 [ 923.823411][ T4326] ? __pfx___mutex_lock+0x10/0x10 [ 923.823446][ T4326] ? __pfx_out_of_memory+0x10/0x10 [ 923.823467][ T4326] ? do_raw_spin_unlock+0xf5/0x210 [ 923.823504][ T4326] try_charge_memcg+0xc77/0x1570 [ 923.823551][ T4326] ? __pfx_try_charge_memcg+0x10/0x10 [ 923.823576][ T4326] ? percpu_ref_tryget+0x15/0x180 [ 923.823624][ T4326] ? charge_memcg+0x23/0x2b0 [ 923.823653][ T4326] charge_memcg+0x1a2/0x2b0 [ 923.823698][ T4326] ? mem_cgroup_swapin_charge_folio+0x33/0x390 [ 923.823724][ T4326] mem_cgroup_swapin_charge_folio+0x262/0x390 [ 923.823754][ T4326] __swap_cache_prepare_and_add+0xdc/0x700 [ 923.823784][ T4326] ? page_rmappable_folio+0x9a/0x170 [ 923.823822][ T4326] swap_cache_alloc_folio+0xf1/0x240 [ 923.823848][ T4326] swap_cluster_readahead+0x355/0x670 [ 923.823879][ T4326] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 923.823916][ T4326] ? get_vma_policy+0x27b/0x3c0 [ 923.823948][ T4326] swapin_readahead+0x196/0xc50 [ 923.823974][ T4326] ? swap_table_get+0x1e/0x260 [ 923.824002][ T4326] ? __pfx_swapin_readahead+0x10/0x10 [ 923.824035][ T4326] ? swap_table_get+0x1e/0x260 [ 923.824055][ T4326] ? swap_table_get+0x1e/0x260 [ 923.824074][ T4326] ? swap_table_get+0x1e/0x260 [ 923.824097][ T4326] ? swap_table_get+0x216/0x260 [ 923.824134][ T4326] ? swap_cache_get_folio+0x2e4/0x2f0 [ 923.824163][ T4326] do_swap_page+0x555/0x5120 [ 923.824192][ T4326] ? __pte_offset_map+0x29/0x240 [ 923.824217][ T4326] ? __pte_offset_map+0x29/0x240 [ 923.824251][ T4326] ? do_swap_page+0x128/0x5120 [ 923.824274][ T4326] ? __pfx_do_swap_page+0x10/0x10 [ 923.824294][ T4326] ? __pte_offset_map+0x1ae/0x240 [ 923.824322][ T4326] ? pte_offset_map_rw_nolock+0xea/0x160 [ 923.824350][ T4326] handle_mm_fault+0x12d4/0x3170 [ 923.824392][ T4326] ? handle_mm_fault+0xee/0x3170 [ 923.824425][ T4326] ? __pfx_handle_mm_fault+0x10/0x10 [ 923.824447][ T4326] ? lock_vma_under_rcu+0x45a/0x500 [ 923.824488][ T4326] ? task_work_run+0x21f/0x270 [ 923.824529][ T4326] do_user_addr_fault+0xa73/0x1340 [ 923.824569][ T4326] ? rcu_is_watching+0x15/0xb0 [ 923.824595][ T4326] ? trace_page_fault_user+0x84/0x1e0 [ 923.824620][ T4326] exc_page_fault+0x6a/0xc0 [ 923.824650][ T4326] asm_exc_page_fault+0x26/0x30 [ 923.824670][ T4326] RIP: 0033:0x7f7ae8f9ce61 [ 923.824709][ T4326] Code: 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 923.824727][ T4326] RSP: 002b:00007fffe58b7f88 EFLAGS: 00010217 [ 923.824747][ T4326] RAX: 0000000000000000 RBX: 00007f7ae9217da0 RCX: 00007f7ae8f9ce59 [ 923.824761][ T4326] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 923.824774][ T4326] RBP: 00007f7ae9217da0 R08: 0000000000000006 R09: 0000000000000000 [ 923.824787][ T4326] R10: 00007f7ae9217cb0 R11: 0000000000000246 R12: 00000000000e10ee [ 923.824800][ T4326] R13: 00007f7ae921618c R14: 00000000000e0eaa R15: 00007f7ae9216180 [ 923.824837][ T4326] [ 924.172673][ T4326] memory: usage 307200kB, limit 307200kB, failcnt 499 [ 924.181854][ T4326] memory+swap: usage 307400kB, limit 9007199254740988kB, failcnt 0 [ 924.190556][ T4326] kmem: usage 307184kB, limit 9007199254740988kB, failcnt 0 [ 924.198927][ T4326] Memory cgroup stats for /syz4: [ 924.199449][ T4326] cache 0 [ 924.209173][ T4326] rss 0 [ 924.211977][ T4326] rss_huge 0 [ 924.215205][ T4326] shmem 0 [ 924.218563][ T4326] mapped_file 0 [ 924.222068][ T4326] dirty 0 [ 924.225054][ T4326] writeback 0 [ 924.228402][ T4326] workingset_refault_anon 3 [ 924.232936][ T4326] workingset_refault_file 0 [ 924.237503][ T4326] swap 204800 [ 924.240813][ T4326] swapcached 229376 [ 924.244645][ T4326] pgpgin 116208 [ 924.248574][ T4326] pgpgout 116205 [ 924.252162][ T4326] pgfault 251013 [ 924.255782][ T4326] pgmajfault 3 [ 924.259190][ T4326] inactive_anon 0 [ 924.262844][ T4326] active_anon 12288 [ 924.267925][ T4326] inactive_file 0 [ 924.271600][ T4326] active_file 0 [ 924.275085][ T4326] unevictable 0 [ 924.278875][ T4326] hierarchical_memory_limit 314572800 [ 924.284307][ T4326] hierarchical_memsw_limit 9223372036854771712 [ 924.290691][ T4326] total_cache 0 [ 924.294194][ T4326] total_rss 0 [ 924.297580][ T4326] total_rss_huge 0 [ 924.301322][ T4326] total_shmem 0 [ 924.304802][ T4326] total_mapped_file 0 [ 924.309915][ T4326] total_dirty 0 [ 924.313402][ T4326] total_writeback 0 [ 924.317268][ T4326] total_workingset_refault_anon 3 [ 924.322314][ T4326] total_workingset_refault_file 0 [ 924.327467][ T4326] total_swap 204800 [ 924.331298][ T4326] total_swapcached 229376 [ 924.336106][ T4326] total_pgpgin 116208 [ 924.340133][ T4326] total_pgpgout 116205 [ 924.346303][ T4326] total_pgfault 251013 [ 924.350440][ T4326] total_pgmajfault 3 [ 924.354393][ T4326] total_inactive_anon 0 [ 924.358773][ T4326] total_active_anon 12288 [ 924.363134][ T4326] total_inactive_file 0 [ 924.367658][ T4326] total_active_file 0 [ 924.371681][ T4326] total_unevictable 0 [ 924.375973][ T4326] anon_cost 0 [ 924.379293][ T4326] file_cost 0 [ 924.382622][ T4326] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.7962,pid=4326,uid=0 [ 924.401719][ T4326] Memory cgroup out of memory: Killed process 4326 (syz.4.7962) total-vm:102424kB, anon-rss:1240kB, file-rss:23132kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 924.980327][ T4444] syzkaller0: entered promiscuous mode [ 925.005632][ T4444] syzkaller0: entered allmulticast mode [ 925.038964][ T4445] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7993'. [ 925.105722][ T4450] netlink: 'syz.3.7995': attribute type 1 has an invalid length. [ 925.609938][ T4469] openvswitch: netlink: Missing key (keys=40, expected=100) [ 926.289556][ T4487] __nla_validate_parse: 4 callbacks suppressed [ 926.289576][ T4487] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8006'. [ 926.320570][ T4486] syzkaller0: entered promiscuous mode [ 926.352712][ T4486] syzkaller0: entered allmulticast mode [ 926.596930][ T4488] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap2 [ 926.671996][ T4500] : entered promiscuous mode [ 926.685921][ T4505] netlink: 'syz.3.8009': attribute type 12 has an invalid length. [ 926.708452][ T4505] netlink: 'syz.3.8009': attribute type 29 has an invalid length. [ 926.724902][ T4505] netlink: 148 bytes leftover after parsing attributes in process `syz.3.8009'. [ 926.758049][ T4505] netlink: 35 bytes leftover after parsing attributes in process `syz.3.8009'. [ 926.973901][ T4511] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8012'. [ 927.622959][ T4552] netlink: 'syz.3.8022': attribute type 5 has an invalid length. [ 927.650545][ T4546] netlink: 96 bytes leftover after parsing attributes in process `syz.3.8022'. [ 927.673329][ T4546] 8021q: VLANs not supported on sit0 [ 927.757835][ T4554] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8024'. [ 927.811274][ T4557] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8024'. [ 928.252479][ T4584] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8032'. [ 928.838525][ T4614] IPv6: sit2: Disabled Multicast RS [ 929.051399][ T4616] netlink: 76 bytes leftover after parsing attributes in process `syz.4.8036'. [ 929.209110][ T4626] netlink: 40 bytes leftover after parsing attributes in process `syz.3.8041'. [ 929.302331][ T4598] lo speed is unknown, defaulting to 1000 [ 930.093695][ T4640] netlink: 'syz.4.8044': attribute type 1 has an invalid length. [ 930.968707][ T4689] 8021q: adding VLAN 0 to HW filter on device bond4 [ 931.226714][ T4718] IPVS: ovf: SCTP 172.20.20.187:0 - no destination available [ 931.671249][ T4742] __nla_validate_parse: 4 callbacks suppressed [ 931.671268][ T4742] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.8074'. [ 932.216135][ T4775] netlink: 344 bytes leftover after parsing attributes in process `syz.2.8081'. [ 932.247603][ T4775] openvswitch: netlink: Flow key attr not present in new flow. [ 932.459877][ T4784] netlink: 'syz.2.8084': attribute type 4 has an invalid length. [ 932.482613][ T4784] netlink: 156 bytes leftover after parsing attributes in process `syz.2.8084'. [ 932.511934][ T4789] : entered promiscuous mode [ 932.540848][ T4784] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 932.764134][ T4804] bridge3: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 933.085357][ T4828] netlink: 180 bytes leftover after parsing attributes in process `syz.0.8098'. [ 933.233837][ T4839] netlink: 'syz.4.8101': attribute type 13 has an invalid length. [ 933.264308][ T4839] netlink: 'syz.4.8101': attribute type 5 has an invalid length. [ 933.529011][ T4859] netlink: 'syz.0.8105': attribute type 1 has an invalid length. [ 933.663715][ T4859] bond5: entered promiscuous mode [ 933.671909][ T4859] 8021q: adding VLAN 0 to HW filter on device bond5 [ 933.789094][ T4859] 8021q: adding VLAN 0 to HW filter on device bond5 [ 933.810604][ T4859] bond5: (slave vti0): The slave device specified does not support setting the MAC address [ 933.838756][ T4859] bond5: (slave vti0): Setting fail_over_mac to active for active-backup mode [ 933.848974][ T4874] netlink: 'syz.3.8108': attribute type 1 has an invalid length. [ 933.882872][ T4859] bond5: (slave vti0): making interface the new active one [ 933.902109][ T4875] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8108'. [ 933.903112][ T4859] vti0: entered promiscuous mode [ 933.935048][ T4875] openvswitch: netlink: Missing key (keys=40, expected=80) [ 933.948314][ T4859] bond5: (slave vti0): Enslaving as an active interface with an up link [ 933.996649][ T4874] workqueue: Failed to create a rescuer kthread for wq "bond7": -EINTR [ 934.044105][ T4883] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8109'. [ 934.500956][ T4903] netlink: 'syz.2.8116': attribute type 1 has an invalid length. [ 934.523830][ T4893] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 934.540259][ T4903] netlink: 224 bytes leftover after parsing attributes in process `syz.2.8116'. [ 934.607453][ T4903] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8116'. [ 934.770274][ T4916] xt_socket: unknown flags 0x50 [ 934.973574][ T4924] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 935.067703][ T4935] netlink: 'syz.0.8124': attribute type 1 has an invalid length. [ 935.131045][ T4935] 8021q: adding VLAN 0 to HW filter on device bond6 [ 935.248149][ T4948] netlink: 24 bytes leftover after parsing attributes in process `syz.2.8125'. [ 935.272825][ T4949] netlink: 96 bytes leftover after parsing attributes in process `syz.1.8126'. [ 935.309333][ T4935] bond6: (slave geneve2): making interface the new active one [ 935.328702][ T4949] openvswitch: netlink: Flow key attr not present in new flow. [ 935.338591][ T4935] bond6: (slave geneve2): Enslaving as an active interface with an up link [ 935.432500][ T4951] netlink: 'syz.3.8128': attribute type 1 has an invalid length. [ 935.455961][ T4951] netlink: 'syz.3.8128': attribute type 4 has an invalid length. [ 935.474524][ T4951] netlink: 'syz.3.8128': attribute type 1 has an invalid length. [ 935.536883][ T4964] veth1_macvtap: entered allmulticast mode [ 935.578355][ T4964] veth1_macvtap (unregistering): left allmulticast mode [ 935.667266][ T4970] openvswitch: netlink: Flow actions attr not present in new flow. [ 935.679603][ T5744] IPVS: starting estimator thread 0... [ 935.795549][ T4974] IPVS: using max 30 ests per chain, 72000 per kthread [ 936.464983][ T5018] sctp: [Deprecated]: syz.4.8142 (pid 5018) Use of int in maxseg socket option. [ 936.464983][ T5018] Use struct sctp_assoc_value instead [ 936.776518][ T5045] __nla_validate_parse: 7 callbacks suppressed [ 936.776538][ T5045] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8151'. [ 936.947019][ T5056] netlink: 168 bytes leftover after parsing attributes in process `syz.1.8153'. [ 936.953866][ T5045] bond7: option coupled_control: invalid value (192) [ 936.981781][ T5060] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8154'. [ 937.000811][ T5045] bond7 (unregistering): Released all slaves [ 937.130126][ T5058] macvlan2: entered promiscuous mode [ 937.149309][ T5058] macvlan2: entered allmulticast mode [ 937.167922][ T5058] bond6: entered promiscuous mode [ 937.173960][ T5058] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 937.198158][ T5058] bond6: left promiscuous mode [ 937.260102][ T5060] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8154'. [ 937.494405][ T5091] netlink: 40 bytes leftover after parsing attributes in process `syz.3.8162'. [ 937.519004][ T5091] netlink: 72 bytes leftover after parsing attributes in process `syz.3.8162'. [ 937.540324][ T5091] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8162'. [ 937.796437][ T5112] netlink: 68 bytes leftover after parsing attributes in process `syz.0.8168'. [ 937.891355][ T5112] netlink: 176 bytes leftover after parsing attributes in process `syz.0.8168'. [ 937.917437][ T5112] openvswitch: netlink: IP tunnel dst address not specified [ 937.930695][ T5121] netlink: 'syz.2.8169': attribute type 11 has an invalid length. [ 937.953742][ T5121] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.8169'. [ 939.527717][ T5201] validate_nla: 2 callbacks suppressed [ 939.527736][ T5201] netlink: 'syz.0.8193': attribute type 39 has an invalid length. [ 940.036128][ T5219] sock: sock_set_timeout: `syz.3.8199' (pid 5219) tries to set negative timeout [ 941.937040][ T5213] netlink: 'syz.2.8198': attribute type 1 has an invalid length. [ 941.955549][ T5213] __nla_validate_parse: 8 callbacks suppressed [ 941.955568][ T5213] netlink: 96 bytes leftover after parsing attributes in process `syz.2.8198'. [ 941.995555][ T5213] netlink: 'syz.2.8198': attribute type 1 has an invalid length. [ 942.011451][ T5213] netlink: 'syz.2.8198': attribute type 8 has an invalid length. [ 942.023473][ T5213] netlink: 606 bytes leftover after parsing attributes in process `syz.2.8198'. [ 942.156888][ T5230] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 942.164417][ T5231] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8203'. [ 942.297904][ T5244] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 942.305276][ T5244] IPv6: NLM_F_CREATE should be set when creating new route [ 942.312617][ T5244] IPv6: NLM_F_CREATE should be set when creating new route [ 942.319903][ T5244] IPv6: NLM_F_CREATE should be set when creating new route [ 942.356712][ T5245] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 942.435221][ T3303] tipc: Subscription rejected, illegal request [ 942.550515][ T5265] syz_tun: entered allmulticast mode [ 942.561595][ T5265] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8210'. [ 942.572486][ T5264] syz_tun: left allmulticast mode [ 942.604303][ T5260] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8209'. [ 942.635292][ T5270] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8212'. [ 942.752727][ T5273] tunl0: Caught tx_queue_len zero misconfig [ 942.844448][ T5283] netlink: 'syz.4.8216': attribute type 10 has an invalid length. [ 942.904941][ T5283] team0 (unregistering): Port device team_slave_0 removed [ 942.954213][ T5283] team0 (unregistering): Port device team_slave_1 removed [ 943.260758][ T5306] netlink: 'syz.0.8219': attribute type 12 has an invalid length. [ 943.277070][ T5306] netlink: 132 bytes leftover after parsing attributes in process `syz.0.8219'. [ 943.329141][ T5310] macvtap1: entered promiscuous mode [ 943.342221][ T5310] team0: entered promiscuous mode [ 943.357865][ T5310] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 943.375556][ T5310] team0: Device macvtap1 is already an upper device of the team interface [ 943.417889][ T5310] team0: left promiscuous mode [ 943.460389][ T5316] RDS: rds_bind could not find a transport for ::ffff:172.30.0.5, load rds_tcp or rds_rdma? [ 943.688858][ T5332] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8225'. [ 943.932109][ T5345] syzkaller0: entered promiscuous mode [ 943.946090][ T5345] syzkaller0: entered allmulticast mode [ 943.959587][ T5348] netlink: 48 bytes leftover after parsing attributes in process `syz.3.8233'. [ 944.536319][ T5380] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 944.572270][ T5382] netlink: 'syz.2.8243': attribute type 29 has an invalid length. [ 944.599188][ T5382] netlink: 'syz.2.8243': attribute type 29 has an invalid length. [ 944.616870][ T5382] netlink: 'syz.2.8243': attribute type 29 has an invalid length. [ 944.634340][ T5382] netlink: 'syz.2.8243': attribute type 29 has an invalid length. [ 944.646252][ T5382] netlink: 'syz.2.8243': attribute type 29 has an invalid length. [ 944.654340][ T5386] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8245'. [ 944.674137][ T5382] netlink: 'syz.2.8243': attribute type 29 has an invalid length. [ 944.694750][ T5382] netlink: 'syz.2.8243': attribute type 29 has an invalid length. [ 944.834580][ T5395] tc_dump_action: action bad kind [ 944.943079][ T5405] tipc: Enabling of bearer rejected, media not registered [ 945.211960][ T5424] [ 945.214347][ T5424] ====================================================== [ 945.221420][ T5424] WARNING: possible circular locking dependency detected [ 945.228571][ T5424] syzkaller #0 Not tainted [ 945.233037][ T5424] ------------------------------------------------------ [ 945.240107][ T5424] cryptomgr_probe/5424 is trying to acquire lock: [ 945.246531][ T5424] ffffffff8ea5f8c0 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0x261/0x19c0 [ 945.256226][ T5424] [ 945.256226][ T5424] but task is already holding lock: [ 945.263605][ T5424] ffffffff8e7eb750 (cpu_hotplug_lock){++++}-{0:0}, at: padata_alloc_shell+0x82/0x1d0 [ 945.273111][ T5424] [ 945.273111][ T5424] which lock already depends on the new lock. [ 945.273111][ T5424] [ 945.283529][ T5424] [ 945.283529][ T5424] the existing dependency chain (in reverse order) is: [ 945.292559][ T5424] [ 945.292559][ T5424] -> #7 (cpu_hotplug_lock){++++}-{0:0}: [ 945.300483][ T5424] cpus_read_lock+0x42/0x160 [ 945.305641][ T5424] static_key_slow_inc+0x12/0x30 [ 945.311121][ T5424] nbd_genl_reconfigure+0x132f/0x1ea0 [ 945.317121][ T5424] genl_family_rcv_msg_doit+0x22a/0x330 [ 945.323228][ T5424] genl_rcv_msg+0x61c/0x7a0 [ 945.328275][ T5424] netlink_rcv_skb+0x232/0x4b0 [ 945.333589][ T5424] genl_rcv+0x28/0x40 [ 945.338109][ T5424] netlink_unicast+0x75c/0x8e0 [ 945.343418][ T5424] netlink_sendmsg+0x813/0xb40 [ 945.348728][ T5424] ____sys_sendmsg+0x972/0x9f0 [ 945.354030][ T5424] ___sys_sendmsg+0x2a5/0x360 [ 945.359248][ T5424] __x64_sys_sendmsg+0x1bd/0x2a0 [ 945.364721][ T5424] do_syscall_64+0x15f/0xf80 [ 945.369858][ T5424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.376302][ T5424] [ 945.376302][ T5424] -> #6 (&nsock->tx_lock){+.+.}-{4:4}: [ 945.384068][ T5424] __mutex_lock+0x1a3/0x1550 [ 945.389222][ T5424] nbd_queue_rq+0x37b/0x1100 [ 945.394348][ T5424] blk_mq_dispatch_rq_list+0xa70/0x1910 [ 945.400507][ T5424] __blk_mq_sched_dispatch_requests+0xdcc/0x1600 [ 945.407425][ T5424] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 945.413956][ T5424] blk_mq_run_hw_queue+0x348/0x4f0 [ 945.419608][ T5424] blk_mq_dispatch_list+0xd16/0xe10 [ 945.425369][ T5424] blk_mq_flush_plug_list+0x48d/0x570 [ 945.431293][ T5424] __blk_flush_plug+0x3ed/0x4d0 [ 945.436738][ T5424] __submit_bio+0x28d/0x580 [ 945.441799][ T5424] submit_bio_noacct_nocheck+0x2f4/0xa40 [ 945.447977][ T5424] block_read_full_folio+0x599/0x830 [ 945.453811][ T5424] filemap_read_folio+0x137/0x3b0 [ 945.459385][ T5424] do_read_cache_folio+0x358/0x590 [ 945.465046][ T5424] read_part_sector+0xb6/0x2b0 [ 945.470355][ T5424] adfspart_check_ICS+0xb1/0x960 [ 945.475839][ T5424] bdev_disk_changed+0x817/0x1770 [ 945.481403][ T5424] blkdev_get_whole+0x380/0x510 [ 945.486874][ T5424] bdev_open+0x31e/0xd30 [ 945.491660][ T5424] blkdev_open+0x470/0x610 [ 945.496620][ T5424] do_dentry_open+0x785/0x14e0 [ 945.501923][ T5424] vfs_open+0x3b/0x340 [ 945.506527][ T5424] path_openat+0x2e08/0x3860 [ 945.511659][ T5424] do_file_open+0x23e/0x4a0 [ 945.516699][ T5424] do_sys_openat2+0x113/0x200 [ 945.521910][ T5424] __x64_sys_openat+0x138/0x170 [ 945.527298][ T5424] do_syscall_64+0x15f/0xf80 [ 945.532435][ T5424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.538868][ T5424] [ 945.538868][ T5424] -> #5 (&cmd->lock){+.+.}-{4:4}: [ 945.546100][ T5424] __mutex_lock+0x1a3/0x1550 [ 945.551227][ T5424] nbd_queue_rq+0xc6/0x1100 [ 945.556262][ T5424] blk_mq_dispatch_rq_list+0xa70/0x1910 [ 945.562363][ T5424] __blk_mq_sched_dispatch_requests+0xdcc/0x1600 [ 945.569239][ T5424] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 945.575783][ T5424] blk_mq_run_hw_queue+0x348/0x4f0 [ 945.581427][ T5424] blk_mq_dispatch_list+0xd16/0xe10 [ 945.587167][ T5424] blk_mq_flush_plug_list+0x48d/0x570 [ 945.593080][ T5424] __blk_flush_plug+0x3ed/0x4d0 [ 945.598509][ T5424] __submit_bio+0x28d/0x580 [ 945.603546][ T5424] submit_bio_noacct_nocheck+0x2f4/0xa40 [ 945.609714][ T5424] block_read_full_folio+0x599/0x830 [ 945.615545][ T5424] filemap_read_folio+0x137/0x3b0 [ 945.621143][ T5424] do_read_cache_folio+0x358/0x590 [ 945.626814][ T5424] read_part_sector+0xb6/0x2b0 [ 945.632125][ T5424] adfspart_check_ICS+0xb1/0x960 [ 945.637617][ T5424] bdev_disk_changed+0x817/0x1770 [ 945.643178][ T5424] blkdev_get_whole+0x380/0x510 [ 945.648566][ T5424] bdev_open+0x31e/0xd30 [ 945.653357][ T5424] blkdev_open+0x470/0x610 [ 945.658322][ T5424] do_dentry_open+0x785/0x14e0 [ 945.663635][ T5424] vfs_open+0x3b/0x340 [ 945.668258][ T5424] path_openat+0x2e08/0x3860 [ 945.673383][ T5424] do_file_open+0x23e/0x4a0 [ 945.678432][ T5424] do_sys_openat2+0x113/0x200 [ 945.683642][ T5424] __x64_sys_openat+0x138/0x170 [ 945.689027][ T5424] do_syscall_64+0x15f/0xf80 [ 945.694247][ T5424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.700680][ T5424] [ 945.700680][ T5424] -> #4 (set->srcu){.+.+}-{0:0}: [ 945.707816][ T5424] __synchronize_srcu+0xca/0x300 [ 945.713288][ T5424] elevator_switch+0x1e8/0x7a0 [ 945.718591][ T5424] elevator_change+0x2cc/0x450 [ 945.723905][ T5424] elevator_set_default+0x36c/0x430 [ 945.729647][ T5424] blk_register_queue+0x3e9/0x4e0 [ 945.735214][ T5424] __add_disk+0x677/0xd50 [ 945.740071][ T5424] add_disk_fwnode+0xfb/0x480 [ 945.745276][ T5424] nbd_dev_add+0x72c/0xb50 [ 945.750222][ T5424] nbd_init+0x168/0x1f0 [ 945.755013][ T5424] do_one_initcall+0x250/0x870 [ 945.760315][ T5424] do_initcall_level+0x104/0x190 [ 945.765851][ T5424] do_initcalls+0x59/0xa0 [ 945.770734][ T5424] kernel_init_freeable+0x2a6/0x3e0 [ 945.776465][ T5424] kernel_init+0x1d/0x1d0 [ 945.781323][ T5424] ret_from_fork+0x514/0xb70 [ 945.786473][ T5424] ret_from_fork_asm+0x1a/0x30 [ 945.791767][ T5424] [ 945.791767][ T5424] -> #3 (&q->elevator_lock){+.+.}-{4:4}: [ 945.799613][ T5424] __mutex_lock+0x1a3/0x1550 [ 945.804742][ T5424] elevator_change+0x1b3/0x450 [ 945.810042][ T5424] elevator_set_none+0xb5/0x140 [ 945.815444][ T5424] blk_mq_update_nr_hw_queues+0x5e7/0x1a60 [ 945.821787][ T5424] nbd_start_device+0x17f/0xb10 [ 945.827192][ T5424] nbd_genl_connect+0x165b/0x1cf0 [ 945.832749][ T5424] genl_family_rcv_msg_doit+0x22a/0x330 [ 945.838827][ T5424] genl_rcv_msg+0x61c/0x7a0 [ 945.843862][ T5424] netlink_rcv_skb+0x232/0x4b0 [ 945.849159][ T5424] genl_rcv+0x28/0x40 [ 945.853667][ T5424] netlink_unicast+0x75c/0x8e0 [ 945.858955][ T5424] netlink_sendmsg+0x813/0xb40 [ 945.864257][ T5424] ____sys_sendmsg+0x972/0x9f0 [ 945.869561][ T5424] ___sys_sendmsg+0x2a5/0x360 [ 945.874783][ T5424] __x64_sys_sendmsg+0x1bd/0x2a0 [ 945.880255][ T5424] do_syscall_64+0x15f/0xf80 [ 945.885384][ T5424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.891810][ T5424] [ 945.891810][ T5424] -> #2 (&q->q_usage_counter(io)#69){++++}-{0:0}: [ 945.900527][ T5424] blk_alloc_queue+0x546/0x680 [ 945.905860][ T5424] __blk_mq_alloc_disk+0x197/0x390 [ 945.911502][ T5424] nbd_dev_add+0x499/0xb50 [ 945.916537][ T5424] nbd_genl_connect+0x962/0x1cf0 [ 945.922009][ T5424] genl_family_rcv_msg_doit+0x22a/0x330 [ 945.928094][ T5424] genl_rcv_msg+0x61c/0x7a0 [ 945.933157][ T5424] netlink_rcv_skb+0x232/0x4b0 [ 945.938455][ T5424] genl_rcv+0x28/0x40 [ 945.942971][ T5424] netlink_unicast+0x75c/0x8e0 [ 945.948263][ T5424] netlink_sendmsg+0x813/0xb40 [ 945.953559][ T5424] ____sys_sendmsg+0x972/0x9f0 [ 945.958855][ T5424] ___sys_sendmsg+0x2a5/0x360 [ 945.964059][ T5424] __x64_sys_sendmsg+0x1bd/0x2a0 [ 945.969544][ T5424] do_syscall_64+0x15f/0xf80 [ 945.974690][ T5424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.981142][ T5424] [ 945.981142][ T5424] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 945.988380][ T5424] fs_reclaim_acquire+0x71/0x100 [ 945.993873][ T5424] prepare_alloc_pages+0x152/0x650 [ 945.999523][ T5424] __alloc_frozen_pages_noprof+0x12f/0x380 [ 946.005865][ T5424] __alloc_pages_noprof+0x10/0x100 [ 946.011514][ T5424] pcpu_populate_chunk+0x182/0xb30 [ 946.017162][ T5424] pcpu_alloc_noprof+0xcc2/0x19c0 [ 946.022729][ T5424] xt_percpu_counter_alloc+0x161/0x220 [ 946.028824][ T5424] translate_table+0x1332/0x20b0 [ 946.034367][ T5424] ip6t_register_table+0x11b/0x330 [ 946.040021][ T5424] ip6table_raw_table_init+0x54/0x80 [ 946.045842][ T5424] xt_find_table_lock+0x30c/0x3f0 [ 946.051394][ T5424] xt_request_find_table_lock+0x26/0x100 [ 946.057552][ T5424] do_ip6t_get_ctl+0x716/0x1230 [ 946.062935][ T5424] nf_getsockopt+0x26e/0x290 [ 946.068101][ T5424] ipv6_getsockopt+0x1fd/0x2b0 [ 946.073468][ T5424] do_sock_getsockopt+0x51d/0x7e0 [ 946.079033][ T5424] __x64_sys_getsockopt+0x1a4/0x240 [ 946.084767][ T5424] do_syscall_64+0x15f/0xf80 [ 946.089895][ T5424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 946.096320][ T5424] [ 946.096320][ T5424] -> #0 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 946.104069][ T5424] __lock_acquire+0x15a5/0x2cf0 [ 946.109473][ T5424] lock_acquire+0x106/0x350 [ 946.114532][ T5424] __mutex_lock+0x1a3/0x1550 [ 946.119683][ T5424] pcpu_alloc_noprof+0x261/0x19c0 [ 946.125253][ T5424] padata_alloc_pd+0x94/0x730 [ 946.130467][ T5424] padata_alloc_shell+0x8f/0x1d0 [ 946.135938][ T5424] pcrypt_create+0xea/0x750 [ 946.141031][ T5424] cryptomgr_probe+0x86/0x220 [ 946.146299][ T5424] kthread+0x389/0x470 [ 946.150923][ T5424] ret_from_fork+0x514/0xb70 [ 946.156046][ T5424] ret_from_fork_asm+0x1a/0x30 [ 946.161356][ T5424] [ 946.161356][ T5424] other info that might help us debug this: [ 946.161356][ T5424] [ 946.171595][ T5424] Chain exists of: [ 946.171595][ T5424] pcpu_alloc_mutex --> &nsock->tx_lock --> cpu_hotplug_lock [ 946.171595][ T5424] [ 946.184818][ T5424] Possible unsafe locking scenario: [ 946.184818][ T5424] [ 946.192332][ T5424] CPU0 CPU1 [ 946.197746][ T5424] ---- ---- [ 946.203120][ T5424] rlock(cpu_hotplug_lock); [ 946.207721][ T5424] lock(&nsock->tx_lock); [ 946.214669][ T5424] lock(cpu_hotplug_lock); [ 946.221719][ T5424] lock(pcpu_alloc_mutex); [ 946.226263][ T5424] [ 946.226263][ T5424] *** DEADLOCK *** [ 946.226263][ T5424] [ 946.234410][ T5424] 1 lock held by cryptomgr_probe/5424: [ 946.239875][ T5424] #0: ffffffff8e7eb750 (cpu_hotplug_lock){++++}-{0:0}, at: padata_alloc_shell+0x82/0x1d0 [ 946.249885][ T5424] [ 946.249885][ T5424] stack backtrace: [ 946.255776][ T5424] CPU: 1 UID: 0 PID: 5424 Comm: cryptomgr_probe Not tainted syzkaller #0 PREEMPT(full) [ 946.255795][ T5424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 946.255805][ T5424] Call Trace: [ 946.255814][ T5424] [ 946.255822][ T5424] dump_stack_lvl+0xe8/0x150 [ 946.255841][ T5424] print_circular_bug+0x2e1/0x300 [ 946.255864][ T5424] check_noncircular+0x12e/0x150 [ 946.255887][ T5424] __lock_acquire+0x15a5/0x2cf0 [ 946.255908][ T5424] ? do_raw_spin_lock+0x12b/0x2f0 [ 946.255936][ T5424] ? pcpu_alloc_noprof+0x261/0x19c0 [ 946.255957][ T5424] lock_acquire+0x106/0x350 [ 946.255973][ T5424] ? pcpu_alloc_noprof+0x261/0x19c0 [ 946.256000][ T5424] __mutex_lock+0x1a3/0x1550 [ 946.256024][ T5424] ? pcpu_alloc_noprof+0x261/0x19c0 [ 946.256045][ T5424] ? cryptomgr_probe+0x86/0x220 [ 946.256070][ T5424] ? kthread+0x389/0x470 [ 946.256090][ T5424] ? ret_from_fork+0x514/0xb70 [ 946.256105][ T5424] ? ret_from_fork_asm+0x1a/0x30 [ 946.256128][ T5424] ? pcpu_alloc_noprof+0x261/0x19c0 [ 946.256150][ T5424] ? __pfx___mutex_lock+0x10/0x10 [ 946.256181][ T5424] pcpu_alloc_noprof+0x261/0x19c0 [ 946.256202][ T5424] ? rcu_is_watching+0x15/0xb0 [ 946.256224][ T5424] ? __kmalloc_cache_noprof+0x31c/0x660 [ 946.256246][ T5424] ? padata_alloc_pd+0x72/0x730 [ 946.256260][ T5424] ? __kmalloc_cache_noprof+0x15b/0x660 [ 946.256284][ T5424] padata_alloc_pd+0x94/0x730 [ 946.256303][ T5424] padata_alloc_shell+0x8f/0x1d0 [ 946.256321][ T5424] pcrypt_create+0xea/0x750 [ 946.256340][ T5424] cryptomgr_probe+0x86/0x220 [ 946.256362][ T5424] kthread+0x389/0x470 [ 946.256382][ T5424] ? __pfx_cryptomgr_probe+0x10/0x10 [ 946.256401][ T5424] ? __pfx_kthread+0x10/0x10 [ 946.256421][ T5424] ret_from_fork+0x514/0xb70 [ 946.256438][ T5424] ? __pfx_ret_from_fork+0x10/0x10 [ 946.256454][ T5424] ? __switch_to+0xc79/0x1410 [ 946.256477][ T5424] ? __pfx_kthread+0x10/0x10 [ 946.256497][ T5424] ret_from_fork_asm+0x1a/0x30 [ 946.256522][ T5424] [ 946.450952][ T5426] netlink: 'syz.3.8255': attribute type 1 has an invalid length. [ 946.544069][ T5426] bond7: entered promiscuous mode [ 946.550106][ T5426] 8021q: adding VLAN 0 to HW filter on device bond7 [ 946.561571][ T5430] bond7: entered allmulticast mode [ 946.574726][ T5427] ieee80211 phy99: Selected rate control algorithm 'minstrel_ht' [ 946.614435][ T5422] bond7: (slave bridge4): making interface the new active one [ 946.623332][ T5422] bridge4: entered promiscuous mode [ 946.628952][ T5422] bridge4: entered allmulticast mode [ 946.639032][ T5422] bond7: (slave bridge4): Enslaving as an active interface with an up link