last executing test programs: 5.917869092s ago: executing program 0 (id=6282): r0 = socket(0x8, 0x5, 0xffffffff) (async) r1 = socket$packet(0x11, 0x2, 0x300) (async) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-avx2\x00'}, 0x58) (async) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440) r3 = accept4(r2, 0x0, 0x0, 0x800) (async) sendto$inet(r0, &(0x7f00000000c0)="0f3bd5aefc84fb57f4be89ff66ba5dfd67ddacbc2bb09c55b511f82476a74ce00ae167bc0f0816f9ed", 0x29, 0x80, &(0x7f00000001c0)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3e}}, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x20200, 0x0) (async) sendmsg$IPSET_CMD_FLUSH(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYRES64=r2], 0x24}, 0x1, 0x0, 0x0, 0x48024}, 0x4000800) (async) r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$int_in(r4, 0x5421, &(0x7f0000000000)=0xfffffffffffffff9) (async) listen(r4, 0x0) accept4(r4, 0x0, 0x0, 0x0) (async) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r5, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001240)={&(0x7f00000011c0)=ANY=[@ANYBLOB="280000000b14010000e0ffffffffffff070001"], 0x28}}, 0x8004) (async) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DEL(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="440000000a060101050000000000000001000000050001000700000014000880100007800900120073797ab2000000000900020073797a32000000000800094000000000"], 0x44}}, 0x0) (async) socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)}, 0x40000) (async) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_GET_ADDR(r0, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000380)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="000827bd7000ffdbdf250300200008000200cefddf3921acaab9664d7dc40100000208000400100000001400018008000300e000000205000200"], 0x40}, 0x1, 0x0, 0x0, 0x8c0}, 0x10000801) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) (async) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000280)=0xffff, 0x4) (async) r8 = socket(0x18, 0x6, 0xfb) setsockopt$inet6_int(r8, 0x29, 0x3, &(0x7f0000000040)=0x7, 0x4) syz_emit_ethernet(0x3e, &(0x7f0000000480)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa3986dd6c4000000000000000010000000000000000000000000000fe8000000000000000000000000000aaff1a963f3500000000000000"], 0x0) (async) recvmmsg(r8, &(0x7f00000012c0)=[{{0x0, 0x0, 0x0}, 0xe}], 0x1, 0x4022, 0x0) socket$netlink(0x10, 0x3, 0xf) (async) ioctl$sock_SIOCBRADDBR(0xffffffffffffffff, 0x89a0, &(0x7f0000000200)='pimreg0\x00') sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000300)=ANY=[], 0x40}}, 0x0) 5.790715287s ago: executing program 0 (id=6285): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x16, 0x10, &(0x7f00000000c0)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x900}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xa0}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 5.486638455s ago: executing program 0 (id=6289): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8}, @void}}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000880}, 0x4) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$inet_smc(0x2b, 0x1, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r4, 0x0, 0xf3c, 0x0) sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x14, r2, 0x1, 0x0, 0x25dfdbfb, {0x25}}, 0x14}, 0x1, 0x0, 0x0, 0x41}, 0x0) 5.452974215s ago: executing program 0 (id=6292): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x2, &(0x7f0000000240)=0x9, 0x4) setsockopt$sock_int(r0, 0x1, 0x2, &(0x7f00000002c0)=0xffff, 0x4) bind$inet6(r1, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) write(r0, &(0x7f0000000000)="1ec6677c47c40dd89b00de32d7ac41771f2250d5ecc3ae93d0c614", 0x1b) syz_emit_ethernet(0x4e, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa1780c206050086dd6000000000182c00fe8000000000000000000008000000bbfe8000000000000200000002020300004000ff020000000000000000000000000001"], 0x0) syz_emit_ethernet(0x6e, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa1780c206050086dd6018232500382c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa2b0002"], 0x0) syz_emit_ethernet(0xd2, &(0x7f0000000d00)=ANY=[@ANYBLOB="0180c2000000ffffffffffff86dd60000000009c1100fe8000000000000000000000000000bbff02000000000000000000000000000100000e22009c90"], 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="8500000088000000791000000000000063000000001000009500740000000000"], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xc3, &(0x7f0000000400)=""/198, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffff52}, 0x37) r2 = accept(r1, 0x0, &(0x7f0000000080)) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)={0x2, 0x18, 0x8, 0x9, 0x2161, 0x0, 0x70bd28, 0x25dfdbfe, [@sadb_sa={0x2, 0x1, 0x4d3, 0x0, 0x5, 0x7a, 0x2}, @sadb_ident={0x2, 0xb, 0x2, 0x0, 0xfffffffffffffffb}, @sadb_x_filter={0x0, 0x1a, @in=@private=0xa010101, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x25}, @sadb_address={0x5, 0x5, 0x6c, 0x0, 0x0, @in6={0xa, 0x4e22, 0x2b, @private0, 0x8000}}, @sadb_x_sec_ctx={0x11, 0x18, 0x47, 0x5, 0x7c, "d5e2e0e0b8a3b4cbef44ce4223bd089841dd4d9178ef6b57bbddc57e5a55955b296a6ece35f0c496054dd07b7f070a01e080c23a0608e27860b3430c04ced4df898ba1896ee8da197686b8537e2a02369d863b720709f23004b407482a135fc65c330a5ba176cc2ec416a05b9bb4be8448816196791f88db559c2128"}, @sadb_x_kmaddress={0x7, 0x19, 0x0, @in6={0xa, 0x4e22, 0x7fffffff, @mcast2, 0x6}, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x41}}}, @sadb_x_sa2={0x2, 0x13, 0x6, 0x0, 0x0, 0x70bd25, 0x3504}, @sadb_x_kmaddress={0x8, 0x19, 0x0, @in6={0xa, 0x4e23, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8}, @in6={0xa, 0x4e24, 0x8, @empty, 0x7fffffff}}]}, 0x190}}, 0x4000885) 5.374226082s ago: executing program 0 (id=6293): r0 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64) r1 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async, rerun: 64) r3 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x30, r2, 0x5, 0x70bd2d, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_BEACON_INTERVAL={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x24004090}, 0x0) (async) sendmsg$netlink(r0, &(0x7f00000068c0)={0x0, 0x0, &(0x7f0000006800)=[{&(0x7f0000003ec0)={0x20, 0x1e, 0x1, 0x70bd2a, 0x25dfdbfd, "", [@typed={0x8, 0x13a, 0x0, 0x0, @ipv4=@loopback}, @typed={0x8, 0x8a, 0x0, 0x0, @uid=0xee00}]}, 0x20}], 0x1, 0x0, 0x0, 0x24000001}, 0x20001020) (async) r5 = socket$inet(0xa, 0x801, 0x84) connect$inet(r5, &(0x7f0000000340)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) (async) listen(r5, 0xffffffff) r6 = accept4(r5, 0x0, 0x0, 0x0) sendmsg$netlink(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000006c0)={0x10, 0x2d, 0x1, 0x70bd26}, 0x10}], 0x1}, 0x4) (async) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r6, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x2}, 0x8) (async, rerun: 32) sendmmsg$unix(r6, &(0x7f0000001840)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="c7", 0x1}], 0x1, 0x0, 0x0, 0x8054}}], 0x1, 0x4000045) (async, rerun: 32) close(r6) 5.138130733s ago: executing program 0 (id=6296): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x22, &(0x7f0000001680)=0x1, 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002e00)={'filter\x00', 0x7, 0x4, 0x3f0, 0x110, 0x1f8, 0x0, 0x308, 0x308, 0x308, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@random="d1f5c2b93bc3", @empty, @empty, @loopback, 0x2, 0xffffffff}}}, {{@arp={@loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xffffff00, 0xff000000, 0x6, 0xb, {@empty, {[0xff, 0x0, 0xff, 0x0, 0xff, 0xff]}}, {@mac=@multicast, {[0xb4e44995cf4cc780, 0x5400faa9f5c6f977, 0x0, 0x0, 0xff, 0xff]}}, 0x5, 0x8, 0xf, 0x6, 0x8, 0x100, 'dummy0\x00', 'macvtap0\x00', {0xeddc69e01a7ac061}, {}, 0x0, 0x4}, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0x1f8}}, {{@arp={@remote, @multicast2, 0xffffff00, 0x0, 0x4, 0xb, {@empty, {[0xff, 0x0, 0x0, 0xff, 0x0, 0xff]}}, {@mac=@multicast, {[0x0, 0xff, 0x0, 0xff, 0xff]}}, 0x1ff, 0x1, 0xc, 0x68d9, 0xfff, 0x5, 'nicvf0\x00', 'batadv0\x00', {0xff}, {}, 0x0, 0x220}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x13}, @empty, @rand_addr=0x64010102, @private, 0x1}}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x440) shutdown(r0, 0x2) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) ioctl$TUNSETGROUP(r2, 0x400454ce, 0xffffffffffffffff) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x9, @empty, 0x5}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000140)=[{{&(0x7f0000000100)={0xa, 0x4e24, 0x2, @empty, 0x10002}, 0x1c, &(0x7f0000000280)=[{&(0x7f0000000a40)="fb", 0x1}], 0x1}}], 0x1, 0x20080058) 4.334162016s ago: executing program 1 (id=6309): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000300)={0x1f, 0x0, @any, 0x4}, 0xe) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000280)={0x3, 0x101, 0xfffd, 0x4}, 0xc) listen(r0, 0x7) r1 = socket$can_bcm(0x1d, 0x2, 0x2) r2 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000100)={'vcan0\x00'}) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c0000001a00010000000000000000008180806a"], 0x30}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000080)={'vxcan1\x00'}) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x7, 0x58) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=@deltaction={0x64, 0x31, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@TCA_ACT_TAB={0x50, 0x1, [{0xc, 0x14, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}, {0xc, 0x10, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0xc, 0x2, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}, {0x10, 0x2, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0xc, 0x1c, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0xc, 0x6, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}]}]}, 0x64}, 0x1, 0xf0ffffffffffff}, 0x8000) 2.317616125s ago: executing program 1 (id=6319): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x6, 0xb, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000300000000000000010000001801000020756c0000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000009002000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ec}, 0x94) r7 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r6, r8, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0x56, &(0x7f00000008c0)={@multicast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x20, 0x3a, 0xff, @empty, @mcast2, {[@hopopts={0x3a}, @dstopts={0x3a}], @ndisc_ra}}}}}, 0x0) r9 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x5c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9, 0x1}, {0x4}, {0xe, 0xd}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x401}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}, @TCA_INGRESS_BLOCK={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x90}, 0x4000c00) sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd2d, 0x25dfdbfe, {0x0, 0x0, 0x0, r5, {0x0, 0xf}, {}, {0x11, 0x10}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_HASH={0x8, 0x2, 0x80040000}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20048084}, 0x2008c014) bind$bt_l2cap(r1, &(0x7f0000000280)={0x1f, 0xfffe}, 0xe) listen(r1, 0x0) r10 = accept4(r1, 0x0, 0x0, 0x80000) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), r1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) getsockopt$inet6_buf(r10, 0x29, 0xcd, &(0x7f0000001300)=""/4096, &(0x7f00000001c0)=0x1000) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=ANY=[@ANYBLOB="540000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="15020000fe0f00001c00128009000100766c616e000000000c000280060001000000000008000500", @ANYRES32=r11, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="080004"], 0x54}, 0x1, 0xba01, 0x0, 0x4010}, 0x4000000) 1.389776214s ago: executing program 1 (id=6331): r0 = socket$netlink(0x10, 0x3, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x14, r2, 0x495b866df80b4e6b}, 0x14}}, 0x0) (async) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000080)={@multicast2, @empty, 0x0}, &(0x7f00000000c0)=0xc) (async) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r4, 0x0, 0x6, &(0x7f0000000000)=0x7fff, 0x4) sendto$inet(r4, &(0x7f00000000c0)="f461830000000000", 0x8, 0x4084, &(0x7f0000000100)={0x2, 0x0, @empty}, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'virt_wifi0\x00', 0x0}) (async) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) (async) r8 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)={0x1c, r8, 0x303, 0x70bd29, 0x25dfdbff, {0xa}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48000}, 0x4) (async) sendmsg$MPTCP_PM_CMD_SET_FLAGS(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xa4, r2, 0x400, 0x70bd25, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x2}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x3}, @MPTCP_PM_ATTR_ADDR={0x3c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x4}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x8}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @broadcast}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r3}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x5}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @loopback}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x2}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x4}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x2}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x24, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r5}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x15}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r7}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x5}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x40001}, 0x2000) (async) r9 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r9, 0x8916, &(0x7f0000000000)={'lo\x00', {0x2, 0x4e21, @multicast1}}) (async) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001880)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="1c0000005e0001002bbd7000ffdbdf2500000000", @ANYRES32=r10, @ANYBLOB='_'], 0x1c}}, 0x20024090) (async) r11 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000600), r0) (async) r12 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000800), r0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000900)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x54, r12, 0x300, 0x70bd2a, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x14, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @initdev={0xac, 0x1e, 0x0, 0x0}}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}]}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x801}, 0x20040000) socket(0x10, 0x803, 0x0) r13 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) (async) ioctl$ifreq_SIOCGIFINDEX_team(r9, 0x8933, &(0x7f0000000940)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r13, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@gettclass={0x24, 0x2a, 0x200, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r14, {0x2, 0xffe0}, {0x5, 0xa}, {0xfffc, 0x3}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) (async) sendmsg$nl_route(r13, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=@newlink={0x34, 0x10, 0x437, 0xfffffff8, 0xfffffffc, {0x0, 0x0, 0x0, 0x0, 0x5044, 0x21000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x4}}}]}, 0x34}}, 0x48000) (async) sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f0000000780)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000740)={&(0x7f0000000640)={0xd0, r11, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@HEADER={0x80, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team0\x00'}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4000040}, 0x2000c004) sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f0000000340)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000480)={0x154, 0x13, 0x4, 0x70bd26, 0x25dfdbfc, {0x5, 0x8, 0x2, 0x78, {0x4e24, 0x4e22, [0xff, 0x4, 0x12a, 0xfffffff8], [0xa, 0x1, 0x5, 0x5], r7, [0x9, 0x3]}, 0xc751, 0x3f8}, [@INET_DIAG_REQ_BYTECODE={0x24, 0x1, "e9213196389b32337a4c6d3a8fa1736a1d17f61ca4ac1a48135c0f77a63bcd15"}, @INET_DIAG_REQ_BYTECODE={0x25, 0x1, "1e891809148072c50b77a29086a349f272d31af8e3c74f8d8f3d165093194d0cde"}, @INET_DIAG_REQ_BYTECODE={0xba, 0x1, "e17a949079019fb36fbe02c5d30ee4337075fd934781cef26fb18b8ff9e35bfe37d2d26fb50c18fd9476fb0db0849e9c3a722b37339ec7c804ba3e9191f4190f2442ef921a59e66fba74eda7d7be1934c0db072e64fbdc9aad8dad927c2e5ff6a28a0bc60209484084c8f080358c30ea315e0a5bf10b247bf769e3ebfe2ccd4b1501c765408b6b673cb285438f54cb28037e6a2b10f3ade6d457ed034647d43f2c18d3bfacb36e7690111995c4925c1b4d506c20a0f4"}]}, 0x154}, 0x1, 0x0, 0x0, 0x24008045}, 0x841) 1.302956146s ago: executing program 2 (id=6332): socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0xc) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_DEL(r0, &(0x7f0000000600)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x11003f00}, 0xc, &(0x7f0000000580)={0x0}}, 0x4) setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, &(0x7f00000002c0)=0x1, 0x4) socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f406", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 1.187333348s ago: executing program 1 (id=6334): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f0000000400)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x6a) recvfrom$inet(r0, &(0x7f0000001380)=""/4096, 0x1000, 0x40000082, 0x0, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r2, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r2], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0) r4 = socket(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x3, 0x2}}}}]}, 0x44}}, 0x800) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000007c0)=@newtfilter={0x40, 0x28, 0xd27, 0x1003ffd, 0x0, {0x0, 0x0, 0x0, r5, {0x8, 0x9}, {0x5, 0x9}, {0xb, 0xfff1}}, [@filter_kind_options=@f_fw={{0x7}, {0x14, 0x2, [@TCA_FW_POLICE={0x10, 0x2, [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0xf52}]}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x810}, 0x4000010) sendmsg(r4, &(0x7f0000000300)={&(0x7f0000000640)=@l2={0x1f, 0x5, @any, 0x6}, 0x80, &(0x7f0000000cc0)=[{&(0x7f00000006c0)="d7df870258c7aabd5a4958303001e9ff51689c23ef56723dab4a5d0cdf07a93f71268658e269f713b1733114002bfd4ced76e32379c80d396b9dd64a24e526cb05dbda55d994df88356a5ac8297c07423e61385588f88022f8e7634879d4ebcc1ec4b0ed8940165e602cf45913c417f6dafaf24efcd67c68186a9a52b51607c64a", 0x81}, {&(0x7f0000000800)="6faf1997f3271c5dd30653ac45d292855dfb382910fd5de59e420aee5a30a15557acb94e9da852807fc60383692fd09411837263c7db3c626cab1c917895bdafa5d7ae994f368e3e4733c63fcf8dc8b9581bc9b280601edabd8e63c638dcd18d44516959351cd0998aa3f2376e9cdf67c53768b550dfff9a52", 0x79}, {&(0x7f0000000040)="d450732af73f2b94a949a0cb694745dd1fc8df8da74cf58487e0a5046155b50ec3f9502ad2b2598fa4ca6a2370b32be897567fbd92", 0x35}, {&(0x7f0000000880)="68f5d5fe70778f3cc32f944609526a180dc0868462b0e42c5b228d04a4e02c6f578a38117be716ca7ac58eb6db54e54992dce6537f4236f71248dffb232d597a31514ac624307ce0d965a0d8dec6ec6699952b6e745046d497fc604698cb7705c6f628c84ddf2ad16befc456d3eb5519a4c4a5e49a7cef6c40603e20fe4c26531066ba9dd8166bd35ffce21e4f0cb6d6201a6a28c18e746b90cc10578d3f6253c36ef334dde26a998576b31e62576267e58b41096fbafe5700aaacdfadf8e1c447e3837ee4d53da4f1a561a0df6e2e13a84608c8a0eab16f81910f0506d315c2b04473f62af32c284b5482358c15b7453f05615882d64a9b18024cc0", 0xfc}, {&(0x7f0000000980)="bfd5283d8d0a4c7bc6563f6dc6a11c8f2dedd9b5e36d7fc2102b186ff880cf605c7fb3f12dfda731bc0ce224e6cb4e9e87b8afbb691264e6673316e87e0d4d919194f0e8c65b2981a71e98a1c2641a410aed62654bf2227c6a56bc8919a1ebff58036fdf50539b1b4baf71513adb7754ad6f20bf524455216832a3444c4f530e4e00080d1fb885480d30f04ec86015aa868005c0cd62f00d46cd514bdef5cb75ce41ba6d203fc855be3551468007a7d6567be0ccc63a318eaf6b17fc11199a8172644371e04c79a85988a200048b66477e6c99640245e859a7d4c239732452d2f6efe5a97574bd7b2a053e40b5ddb56c65f83f83bb2af132fb", 0xf9}, {&(0x7f00000001c0)="db5156c737a55edf1ee7e69c83", 0xd}, {&(0x7f0000000a80)="9111d8f72fdca6c2c831fd84e96235a733fd09d2e00dec73087e84b496619f426738ab6309a51f7e5a7542845184ec70cc32c1d325675eb31dbec873a9618341bb3066dd365cfe145979861219fd9d5634c68816a9ffc361d6c2815e3f9aeb03936b0b040c1889f4410038c7776d3d76f51a07e7ab37a8313a395a1f9b2ec15a1fa1359da12be65c8d61ef7d5b560fec", 0x90}, {&(0x7f0000000b40)="90dcd8cacce5feded0e6ac6d2929a4e2310e646d28e170859dedba9597de4b7fac9c4da4a819a66502fa9f2f6ecffd6fb326370a270b5d3be6e8b9c6c2fe50b1ba58e526373d19b1bbb8a4b6e08980da29f3105a0d6a04e8280bf61596cef4400830d3eb74609d948ab77169327033b4bdadc3e7674fd9e63d9d2e24c83d8af39c3e135f24a69e6ea1758fc4d587a12c1c7a2715b513f330f3352870a5493a4d6e144e1816a94ea16ad0a50622fde2ea06122bc8b736f30964", 0xb9}, {&(0x7f0000000c00)="44b0582926b25f998c1ea5f44d68596b63f75156b60482b5a6cf5685928a5809e38362cc6783bf09b7f1e932f5d45a92234244b98e9f5bf311449f20c252b2173f676d33c6319113adb8b6e3969bf4f7d1508b37c47d3f3e16be077b4827a33587ca14a33a347e43be7c7c8cd14d5e0ccf73569f2c1cbd0cf6ed6ec7cd359ee37cbd220bbeb42e4429e091a54816d9088f2313fb383a5da5f4992e26f7890aef94d654f5a96aad7e7a4c3259a65e", 0xae}], 0x9, &(0x7f0000000d80)=[{0x58, 0x110, 0xb, "f5ce6d7b4c0bb42621f034c8b3c9813fc53f2f2954a4d17208d877626a8ef8167637c837fad974220c60d08a29d16e5af974682582fea7b26653d1d4419a809c21e4b2e2"}], 0x58}, 0xc004020) r6 = socket(0x10, 0x3, 0x0) sendmmsg(r6, &(0x7f0000000000), 0x4000000000001f2, 0x0) shutdown(r0, 0x1) 1.067044123s ago: executing program 3 (id=6335): r0 = accept$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000080)=0x14) getsockopt$SO_COOKIE(r0, 0x1, 0x39, &(0x7f00000000c0), &(0x7f0000000100)=0x8) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001a00)={0x30, r2, 0x1, 0x0, 0x0, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_SOCKETS={0x4}]}, 0x30}}, 0x0) socket$netlink(0x10, 0x3, 0x4) 945.643171ms ago: executing program 2 (id=6337): syz_extract_tcp_res(&(0x7f0000000040), 0x1, 0x8000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000380)='memory.stat\x00', 0x0, 0x0) (async) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) (async) sendfile(r2, r1, 0x0, 0x800) (async, rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000073116f00000000008510ffff02000000850000000000000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) (rerun: 32) 871.079165ms ago: executing program 3 (id=6339): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000ec0)={'batadv0\x00', 0x0}) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)={0x1c, r2, 0x303, 0x0, 0xfffffffc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8001}, 0x0) r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000840)='ns/time_for_children\x00') ioctl$NS_GET_OWNER_UID(r3, 0x8008b70d, 0x0) r4 = socket$netlink(0x10, 0x3, 0xa) sendmsg$NL80211_CMD_EXTERNAL_AUTH(r4, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000001bc0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2800001eff708a998481cf0b", @ANYRES16=0x0, @ANYBLOB="000327bd7000ffdbdf257f00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900e10800001e000000"], 0x28}, 0x1, 0x0, 0x0, 0x400e080}, 0x4) 822.310673ms ago: executing program 3 (id=6340): socket$netlink(0x10, 0x3, 0x0) syz_emit_ethernet(0x3b6, &(0x7f0000000680)={@local, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '!\x00', 0x380, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x19, 0x300, 0x0, [{0x5, 0xa, "a78ce5400659808000000000004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "0000000000fc001991319c00"}, {0x19, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde27a5b85b9d930914625d8a049b4cf0d129806a610ad8467a6b2600000000000055a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef5523e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0822a18989f7c5eba31fb68b2d734a6671e27182aee4df24a4a5c6186c0d3baa75af390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5acaa556b9f30dcab2b90aa235a670670ffc5dc49dfb58d89310000000000"}, {0x0, 0xb, "d47ae6e8805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x7, "fcf98a102ec1876d4e6fa3b20519bbaa8a029cee00b8d3485e3b63ed09bdb581c9fe68a356f542b01b9387f85932e740e077e1d16212fb"}, {0x0, 0x14, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa76ffff9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4828288e62afbf03269f1f98aea6a58cf45d7c5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c258a6f"}, {0x0, 0x5, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02c226a6bce65f81ed"}]}}}}}}, 0x0) 797.627788ms ago: executing program 1 (id=6341): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0x3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x3c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}, [@TCA_NETEM_ECN={0x8, 0x7, 0xfffffff8}, @TCA_NETEM_LOSS={0x18, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0x2, 0x9, 0x3, 0xffffff2e}}]}]}}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r4, &(0x7f00000005c0)="bad330fbc9b55400040000ea0756a85d86dd", 0x5ea, 0x40, &(0x7f00000001c0)={0x11, 0x88a8, r3, 0x1, 0xd8, 0x6, @multicast}, 0x14) socketpair$unix(0x1, 0x1, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) r8 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet(r8, &(0x7f0000000e40)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)}}, {{&(0x7f0000000440)={0x2, 0x4e22, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000980)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r7, @loopback, @remote}}}], 0x20}}], 0x2, 0x8000004) sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r9}, 0x18) r10 = accept$packet(r4, 0x0, &(0x7f0000000340)) splice(r10, &(0x7f0000000380)=0x4b9, r0, &(0x7f00000003c0)=0x93, 0xff, 0x3) r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000000000000000000000009500000300000000"], &(0x7f0000000040)='syzkaller\x00'}, 0x80) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000300)=@generic={&(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r11}, 0x18) 659.019334ms ago: executing program 3 (id=6342): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0x6}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000700)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x0, 0x2}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) socket(0x2, 0x5, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) sendmmsg$inet(r3, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @dev={0xac, 0x14, 0x14, 0x41}, @rand_addr=0x64010102}}}], 0x20}}], 0x1, 0x10000000000) 658.559797ms ago: executing program 2 (id=6343): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), 0xffffffffffffffff) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000580)={0x3c, r3, 0x1, 0x70b92b, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_LEVEL={0x1c, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x7}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4004}, 0x20044010) sendmsg$NL802154_CMD_NEW_INTERFACE(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, r3, 0x400, 0x70bd26, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0x1}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x4000800) sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14010009f67c38dc66543bbfc94ca620148ebe0bc4bc00fdb2800a9181f973d6d063bebcc48d1727ae4b752257a377dbffed800be15ad7f14f516bd35e81046288a40d8189c4a2cc298b003b71e1ca4f9336daab742f44a1e97adbc02858c703f7de9efadc26507e7393e1d1998442a1136fe6efe2e8eb530ed3ddbabc70429be96ec886e9fbdf9cd68786ddbaee997015822e8f7ee661af6e0787e3", @ANYRES16=r1, @ANYBLOB="cd3e0000000000000000010000000800020005000000ce00010043ecf8a077157cd8bc73e1b93314cdcbb6b9bb84e5bcdb7f9af2eacc913a7640e8332d1daa67516c7f094b740c631f175dd5d0f0a8ebd2679204020b006f64e62cd3404917f3be657330adc6bf2f2ab6286f917412935536f4406edcdc8a3779814659bebb63d2c301a5e2568cb3696d7ed256da47bd6246c86e86ac9cfbdae22622b43a13e9096385b4cb17bf6d8436e77f709e436462ad3ba28f73bf36e8e358673326e220d60a9d3d7e3c932faf89062b965db52beeff385e442adbb8d87480d48f4b3d4530e85283000014000500fe80000000000000000000000000000014000600ff010000000000000000000000000001"], 0x114}}, 0x0) r5 = socket$kcm(0x29, 0x0, 0x0) ioctl$sock_SIOCINQ(r5, 0x541b, &(0x7f0000000000)) 605.60446ms ago: executing program 4 (id=6344): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x110}, 0x0) ioctl$BTRFS_IOC_SET_FEATURES(r0, 0x40309439, &(0x7f0000000000)={0x2, 0x2, 0x12}) 533.095676ms ago: executing program 2 (id=6345): r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f8483d0000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r5, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'macvlan0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c0000001000030500000000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="0000000090280500140012800b0001006c6f7770616e00000400028008000500", @ANYRES32=r8], 0x44}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=@newqdisc={0x40, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xfff6}, {0xffff, 0xffff}, {0xffe0, 0xb}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x10, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x4}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8810}, 0x4000080) bind$packet(r1, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14) sendto$inet6(r1, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f000006892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0) socket(0x10, 0x803, 0x6) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x48, 0x10, 0x401, 0x0, 0x700, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x10, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR={0xa, 0x9}]}}}, @IFLA_LINK={0x8, 0x5, r9}]}, 0x48}}, 0x0) 471.009016ms ago: executing program 4 (id=6346): socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0xc) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_DEL(r0, &(0x7f0000000600)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x11003f00}, 0xc, &(0x7f0000000580)={0x0}}, 0x4) setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, &(0x7f00000002c0)=0x1, 0x4) socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f406", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 379.657394ms ago: executing program 4 (id=6347): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a0b040000000000000000020000002400048020000180070001006374000014000280080002400000000a08000140000000170900010073797a30000000000900020073797a3200"], 0x78}, 0x1, 0x64}, 0x10) 320.829577ms ago: executing program 4 (id=6348): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x16, 0x10, &(0x7f00000000c0)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x1800}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xa0}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 241.839572ms ago: executing program 1 (id=6349): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newlink={0x58, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_VFINFO_LIST={0x30, 0x16, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@IFLA_VF_MAC={0x28, 0x1, {0x0, @local}}]}]}, @IFLA_GROUP={0x8}]}, 0x58}}, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b70200000000e6ccbba30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe02000000850000001a000000b7000000100000009500000000000000455781a5fee65e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde43a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d1106fb0289ce67a66afd92c3d09e29a9d542ca9da83a060000009b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece6d311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da326018362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f707777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c01840219829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47911834118093b6cabaa17a57727474e1785ee23483508818b897e3b677d3d342640e328504ae2dbf8fe1d704765de74891f7c8dae85739c50409c62040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528d46362ea0d8d79c79ddca066da478c1b7d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5f001000000100008000000000ed6f6663677df37de0ec0d0f548b273940be5d1fe0aae14d1a76e0741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ce0000000000000000000000000000000064d3210f806a4877e73c19072e358da1cdbef27967e918e6f2bab4a78ce0103a91789340b00db45df429d650e2f6acfbf9bf2f1b23064f3e60a9ded23b652f110940813a14c97abc84ab3cf728efd94ba2895a0884e7f7c53bc60d1b9768a979929055be8565b8a15dffc8692476ff03963b626afbc18750629666d1f449f02271064768c0731aeccb2c342ae3fa9956354e847f086eee8cd78617ad6ae28f121b23c1128b78f521eea8c487ae31f9112db0e671dd47d95ea9653e51da8c99a996656149a65f8e88032ddf35717407"], &(0x7f0000000100)='GPL\x00', 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x7fd2d55a}, 0x10}, 0x94) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000040)=r3, 0x4) sendmsg$inet(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000040)="5c00000013006bcd9e3fe3dc6e48aa310b6b8703340000001f03000000000000040014000d000a000d0000009ee517d3334abc24eab556a705251e6182949a3651f60a84c9f5d19380", 0x49}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x20004002) recvmsg$unix(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f00000002c0)=""/128, 0x80}, {&(0x7f0000000500)=""/177, 0xb1}, {&(0x7f00000005c0)=""/177, 0xb1}, {&(0x7f0000000680)=""/147, 0x93}, {&(0x7f0000000740)=""/254, 0xfe}], 0x5, &(0x7f00000008c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x118}, 0x2) ioctl$sock_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000240)) readv(r0, &(0x7f0000000140)=[{&(0x7f00000001c0)=""/123, 0x7b}, {&(0x7f0000000440)=""/132, 0x84}], 0x2) ioctl$BTRFS_IOC_DEV_INFO(r3, 0xd000941e, &(0x7f0000001300)={0x0, "c551835f24d6152c46e7b8ff8f8fd268"}) ioctl$BTRFS_IOC_SNAP_CREATE_V2(r3, 0x50009417, &(0x7f0000002300)={{r0}, 0x0, 0x0, @unused=[0x0, 0x3, 0x5, 0x100000000], @devid=r4}) 241.190835ms ago: executing program 4 (id=6350): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000780)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@func_proto={0x0, 0x0, 0x0, 0xd, 0x2}, @union]}}, &(0x7f0000000f40)=""/4089, 0x32, 0xff9, 0xa}, 0x20) r0 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x82, 0x2, 0x1000000}}}}}, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00', 0x0}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000007c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x370, 0x160, 0x1170, 0x1398, 0x160, 0x1170, 0x2a0, 0x1398, 0x1398, 0x2a0, 0x1398, 0x3, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x13}, @loopback, [0x0, 0xff000000], [0xffffff00], 'ip6tnl0\x00', 'veth0_to_hsr\x00', {}, {}, 0x18}, 0x0, 0xf8, 0x160, 0x0, {}, [@common=@inet=@ecn={{0x28}, {0x21}}, @common=@unspec=@addrtype1={{0x28}, {0x94, 0x804, 0x9}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @multicast2}, [], [], 'geneve1\x00', 'veth1_vlan\x00', {}, {}, 0x0, 0x0, 0x0, 0x12}, 0x0, 0xf8, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}, {0x3}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d0) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000004c0)={r1, 0x3, 0x6, @remote}, 0x10) socket(0x21, 0x800, 0x3) r3 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000000)={r1, 0x1, 0x6, @random="790c7edd3d8d"}, 0x10) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=@getchain={0x24, 0x11, 0x400, 0x0, 0x2000001, {0x0, 0x0, 0x0, r1, {0x5, 0xfff1}, {0xd, 0xc}, {0x8, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x20048054) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000780)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@func_proto={0x0, 0x0, 0x0, 0xd, 0x2}, @union]}}, &(0x7f0000000f40)=""/4089, 0x32, 0xff9, 0xa}, 0x20) (async) socket$packet(0x11, 0x3, 0x300) (async) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x82, 0x2, 0x1000000}}}}}, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00'}) (async) socket$inet6_tcp(0xa, 0x1, 0x0) (async) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000007c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x370, 0x160, 0x1170, 0x1398, 0x160, 0x1170, 0x2a0, 0x1398, 0x1398, 0x2a0, 0x1398, 0x3, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x13}, @loopback, [0x0, 0xff000000], [0xffffff00], 'ip6tnl0\x00', 'veth0_to_hsr\x00', {}, {}, 0x18}, 0x0, 0xf8, 0x160, 0x0, {}, [@common=@inet=@ecn={{0x28}, {0x21}}, @common=@unspec=@addrtype1={{0x28}, {0x94, 0x804, 0x9}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @multicast2}, [], [], 'geneve1\x00', 'veth1_vlan\x00', {}, {}, 0x0, 0x0, 0x0, 0x12}, 0x0, 0xf8, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}, {0x3}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d0) (async) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000004c0)={r1, 0x3, 0x6, @remote}, 0x10) (async) socket(0x21, 0x800, 0x3) (async) socket$nl_route(0x10, 0x3, 0x0) (async) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000000)={r1, 0x1, 0x6, @random="790c7edd3d8d"}, 0x10) (async) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=@getchain={0x24, 0x11, 0x400, 0x0, 0x2000001, {0x0, 0x0, 0x0, r1, {0x5, 0xfff1}, {0xd, 0xc}, {0x8, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x20048054) (async) 181.878011ms ago: executing program 3 (id=6351): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x90, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x64, 0x4, 0x0, 0x1, [{0x48, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_FLAGS={0x8}, @NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x596}, @NFTA_CONNLIMIT_FLAGS={0x8}, @NFTA_CONNLIMIT_FLAGS={0x8}, @NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0xb}, @NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x10001}]}}}, {0x18, 0x1, 0x0, 0x1, @dup_ipv6={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_DUP_SREG_ADDR={0x8, 0x1, 0x1, 0x0, 0xc}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xb8}}, 0x0) 154.603956ms ago: executing program 2 (id=6352): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000440)="580000001400192340834b80040d8c560a067fbc45ff81050000000fff0058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd000000100001000c0808004149014006040800", 0x58}], 0x1) 82.836659ms ago: executing program 3 (id=6353): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=@newtaction={0xd8, 0x30, 0xffff, 0x0, 0x0, {}, [{0xc4, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x54, 0x2, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x0, 0x20000000}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xd8}}, 0x0) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f511, &(0x7f0000000100)) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='memory.events\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000180)={0x0, 0x15, "b47c0fdea3eea5c377499714b95340f9ac4779ce0d"}, &(0x7f00000001c0)=0x1d) socket$inet_icmp_raw(0x2, 0x3, 0x1) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_procs(r4, &(0x7f0000000040)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r5, &(0x7f00000001c0), 0x12) r6 = socket(0x10, 0x3, 0x0) write(r6, &(0x7f0000000080)="24000000580025000307f4f9002304000a04f55f08000100020100020800038005000000", 0x24) r7 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030ec0007f03e3f7ff1f400100e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f0000000400)={{{@in=@multicast2, @in6=@initdev}}, {{@in=@initdev}, 0x0, @in6=@private1}}, &(0x7f0000000380)=0xe8) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r9 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r9, 0x0, 0x23, &(0x7f0000000340)={@dev={0xac, 0x14, 0x14, 0x22}, @rand_addr=0x64010100}, 0xc) socket$key(0xf, 0x3, 0x2) r10 = socket$netlink(0x10, 0x3, 0x0) writev(r10, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r10, 0x0, 0x0) r11 = openat$cgroup_ro(r8, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x6011, r11, 0x0) getsockopt$inet_sctp_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000200)={r3, 0x1, 0x0, 0x6, 0x4, 0xe2}, &(0x7f0000000240)=0x14) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x30, 0x0, 0x800, 0x70bd2d, 0x25dfdbfb, {{}, {}, {0x14, 0x19, {0x4b86, 0xb7, 0x8, 0x8}}}, ["", "", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x20040040}, 0x140080c0) 29.79372ms ago: executing program 4 (id=6354): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000540)={'ip_vti0\x00', &(0x7f0000000500)=@ethtool_cmd={0x27, 0x0, 0xf, 0xd1cd, 0x9, 0x9, 0x7, 0x6, 0x5, 0x2, 0xa, 0x6, 0x3, 0x2, 0x6, 0x20000000, [0x9, 0x45de]}}) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000080000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000005400038008000140000000000800024000000000400003801400010076657468305f746f5f2872696467650014000100767863616e310000000000000000000014000100767863616e31"], 0xc8}}, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000040)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000100)) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1) r7 = accept(r3, &(0x7f0000000440)=@tipc=@id, &(0x7f00000004c0)=0x80) recvmsg$can_raw(r7, &(0x7f0000000a00)={&(0x7f0000000580)=@tipc=@id, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000600)=""/214, 0xd6}, {&(0x7f0000000700)=""/226, 0xe2}, {&(0x7f0000000800)=""/134, 0x86}], 0x3, &(0x7f0000000900)=""/226, 0xe2}, 0x40000100) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000240)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x4c, r6, 0x800, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x76b6, 0x56}}}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @deauth={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {}, @device_b, @device_a, @random="234d0332b6fc", {0x5, 0x1}, @value=@ver_80211n={0x0, 0x7, 0x1, 0x2, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1}}, 0x10, @void}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c00000010003df600"/20, @ANYRES32=0x0, @ANYBLOB="000000e8ff07000014000300000000000000000000000000000000001800128008000100707070000c00028008000100", @ANYRES32=r2], 0x4c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) (async) socket$igmp6(0xa, 0x3, 0x2) (async) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000540)={'ip_vti0\x00', &(0x7f0000000500)=@ethtool_cmd={0x27, 0x0, 0xf, 0xd1cd, 0x9, 0x9, 0x7, 0x6, 0x5, 0x2, 0xa, 0x6, 0x3, 0x2, 0x6, 0x20000000, [0x9, 0x45de]}}) (async) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000080000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000005400038008000140000000000800024000000000400003801400010076657468305f746f5f2872696467650014000100767863616e310000000000000000000014000100767863616e31"], 0xc8}}, 0x0) (async) epoll_create1(0x0) (async) epoll_create1(0x0) (async) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000040)) (async) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000100)) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1) (async) accept(r3, &(0x7f0000000440)=@tipc=@id, &(0x7f00000004c0)=0x80) (async) recvmsg$can_raw(r7, &(0x7f0000000a00)={&(0x7f0000000580)=@tipc=@id, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000600)=""/214, 0xd6}, {&(0x7f0000000700)=""/226, 0xe2}, {&(0x7f0000000800)=""/134, 0x86}], 0x3, &(0x7f0000000900)=""/226, 0xe2}, 0x40000100) (async) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000240)={'wlan0\x00'}) (async) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x4c, r6, 0x800, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x76b6, 0x56}}}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @deauth={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {}, @device_b, @device_a, @random="234d0332b6fc", {0x5, 0x1}, @value=@ver_80211n={0x0, 0x7, 0x1, 0x2, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1}}, 0x10, @void}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000) (async) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c00000010003df600"/20, @ANYRES32=0x0, @ANYBLOB="000000e8ff07000014000300000000000000000000000000000000001800128008000100707070000c00028008000100", @ANYRES32=r2], 0x4c}}, 0x0) (async) 0s ago: executing program 2 (id=6355): socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xb, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x11, 0x65}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000140)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x8016, 0x1400, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @local, @loopback}}}}, 0xfdef) r2 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)=@generic={&(0x7f0000000040)='./file0\x00'}, 0x18) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@map=0x1, 0xd, 0x0, 0x2, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x0, &(0x7f0000000100)=[0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0}, 0x40) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000300)={'team0\x00', 0x0}) r5 = socket$inet_sctp(0x2, 0x5, 0x84) close(r5) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x1c, &(0x7f0000000100)=[@in6={0xa, 0x4e23, 0x1574, @private1={0xfc, 0x1, '\x00', 0x1}, 0xc83}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) sendmsg$inet_sctp(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000001c0)='F', 0x1}, {0x0, 0xe0}], 0x2, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b, r7}}], 0x20, 0x2400e044}, 0x0) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000340)={0x1, 0x0}, 0x8) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)={@ifindex=r4, r2, 0x19, 0x2028, 0x0, @void, @void, @value=r8, @void, r3}, 0x20) kernel console output (not intermixed with test programs): allmulticast mode [ 560.347904][T20910] hsr_slave_1: left allmulticast mode [ 560.429420][T20922] bond7: option mode: invalid value (133) [ 560.448226][T20922] bond7 (unregistering): Released all slaves [ 560.590361][T20938] syzkaller0: entered promiscuous mode [ 560.608785][T20938] syzkaller0: entered allmulticast mode [ 560.640827][T20938] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5158'. [ 560.667945][T20944] macvlan2: entered promiscuous mode [ 560.688009][T20944] macvlan2: entered allmulticast mode [ 560.705935][T20944] bond0: (slave macvlan2): Opening slave failed [ 560.981690][T20967] netlink: 'syz.0.5167': attribute type 2 has an invalid length. [ 561.077603][T20980] vxcan2: entered allmulticast mode [ 561.296109][T20997] gtp1: entered promiscuous mode [ 561.316292][T20997] netlink: 'syz.4.5176': attribute type 29 has an invalid length. [ 561.482873][T21009] xt_hashlimit: size too large, truncated to 1048576 [ 561.561911][T21018] 8021q: adding VLAN 0 to HW filter on device bond10 [ 561.703249][T21021] 8021q: adding VLAN 0 to HW filter on device bond10 [ 561.731468][T21021] bond10: (slave vxcan1): The slave device specified does not support setting the MAC address [ 561.742925][T21021] bond10: (slave vxcan1): Error -95 calling set_mac_address [ 561.755696][T21027] nbd2: detected capacity change from 0 to 127 [ 561.770794][ T51] block nbd2: Receive control failed (result -32) [ 561.931699][T21038] netlink: 'syz.4.5190': attribute type 1 has an invalid length. [ 562.040636][T21038] 8021q: adding VLAN 0 to HW filter on device bond11 [ 562.091082][T21038] veth9: entered promiscuous mode [ 562.110981][T21038] bond11: (slave veth9): Enslaving as a backup interface with a down link [ 562.151307][T21052] netlink: 'syz.1.5195': attribute type 8 has an invalid length. [ 562.610147][T21060] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 562.930591][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.040281][ T13] netdevsim netdevsim3 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 563.058159][ T13] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 563.075249][ T13] netdevsim netdevsim3 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 563.084365][ T13] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 563.093443][ T13] netdevsim netdevsim3 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 563.102938][ T13] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 563.245222][ T13] netdevsim netdevsim3 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 563.253945][ T13] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 563.288064][T21100] pim6reg1: entered promiscuous mode [ 563.293643][T21100] pim6reg1: entered allmulticast mode [ 563.382856][T21114] netlink: 'syz.0.5210': attribute type 1 has an invalid length. [ 563.559885][T21123] 8021q: adding VLAN 0 to HW filter on device bond6 [ 563.728043][T21134] FAULT_INJECTION: forcing a failure. [ 563.728043][T21134] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 563.759358][T21134] CPU: 0 UID: 0 PID: 21134 Comm: syz.3.5215 Not tainted syzkaller #0 PREEMPT(full) [ 563.759383][T21134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 563.759395][T21134] Call Trace: [ 563.759402][T21134] [ 563.759411][T21134] dump_stack_lvl+0x189/0x250 [ 563.759439][T21134] ? __pfx____ratelimit+0x10/0x10 [ 563.759470][T21134] ? __pfx_dump_stack_lvl+0x10/0x10 [ 563.759493][T21134] ? __pfx__printk+0x10/0x10 [ 563.759511][T21134] ? __might_fault+0xb0/0x130 [ 563.759546][T21134] should_fail_ex+0x414/0x560 [ 563.759575][T21134] _copy_from_iter+0x1de/0x1790 [ 563.759611][T21134] ? __pfx__copy_from_iter+0x10/0x10 [ 563.759633][T21134] ? __build_skb_around+0x262/0x3f0 [ 563.759662][T21134] ? netlink_sendmsg+0x642/0xb30 [ 563.759677][T21134] ? skb_put+0x11b/0x210 [ 563.759699][T21134] netlink_sendmsg+0x6b2/0xb30 [ 563.759726][T21134] ? __pfx_netlink_sendmsg+0x10/0x10 [ 563.759747][T21134] ? aa_sock_msg_perm+0xf1/0x1d0 [ 563.759773][T21134] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 563.759791][T21134] ? __pfx_netlink_sendmsg+0x10/0x10 [ 563.759810][T21134] __sock_sendmsg+0x21c/0x270 [ 563.759836][T21134] ____sys_sendmsg+0x505/0x830 [ 563.759861][T21134] ? __pfx_____sys_sendmsg+0x10/0x10 [ 563.759890][T21134] ? import_iovec+0x74/0xa0 [ 563.759915][T21134] ___sys_sendmsg+0x21f/0x2a0 [ 563.759937][T21134] ? __pfx____sys_sendmsg+0x10/0x10 [ 563.759991][T21134] ? __fget_files+0x2a/0x420 [ 563.760007][T21134] ? __fget_files+0x3a0/0x420 [ 563.760034][T21134] __x64_sys_sendmsg+0x19b/0x260 [ 563.760056][T21134] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 563.760085][T21134] ? __pfx_ksys_write+0x10/0x10 [ 563.760111][T21134] ? do_syscall_64+0xbe/0xfa0 [ 563.760138][T21134] do_syscall_64+0xfa/0xfa0 [ 563.760159][T21134] ? lockdep_hardirqs_on+0x9c/0x150 [ 563.760182][T21134] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 563.760198][T21134] ? clear_bhb_loop+0x60/0xb0 [ 563.760219][T21134] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 563.760236][T21134] RIP: 0033:0x7fbc24d8f749 [ 563.760253][T21134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 563.760266][T21134] RSP: 002b:00007fbc25c9f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 563.760286][T21134] RAX: ffffffffffffffda RBX: 00007fbc24fe5fa0 RCX: 00007fbc24d8f749 [ 563.760298][T21134] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 563.760310][T21134] RBP: 00007fbc25c9f090 R08: 0000000000000000 R09: 0000000000000000 [ 563.760321][T21134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 563.760332][T21134] R13: 00007fbc24fe6038 R14: 00007fbc24fe5fa0 R15: 00007fff577d9da8 [ 563.760363][T21134] [ 564.101664][T21140] syzkaller0: entered promiscuous mode [ 564.109862][T21140] syzkaller0: entered allmulticast mode [ 564.272635][T21157] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 564.332537][T21153] tc_dump_action: action bad kind [ 564.366197][ T3558] net_ratelimit: 51 callbacks suppressed [ 564.366219][ T3558] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 564.396386][ T3558] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 564.416887][T21171] openvswitch: netlink: Duplicate or invalid key (type 0). [ 564.424521][T21171] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 564.450471][T21172] validate_nla: 2 callbacks suppressed [ 564.450488][T21172] netlink: 'syz.0.5224': attribute type 1 has an invalid length. [ 564.530023][T21172] 8021q: adding VLAN 0 to HW filter on device bond7 [ 564.539150][T21180] netlink: 'syz.3.5228': attribute type 10 has an invalid length. [ 564.547132][ T3558] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 564.547174][ T3558] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 564.562599][T21180] __nla_validate_parse: 13 callbacks suppressed [ 564.562618][T21180] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5228'. [ 564.578281][T21180] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 564.643924][T21185] openvswitch: netlink: Invalid MD length 60718 for MD type 0 [ 564.653387][T21185] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 564.735605][ T3558] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 564.823429][T21199] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5237'. [ 564.848060][T21199] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5237'. [ 564.862482][T21199] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5237'. [ 564.935186][T21202] syzkaller1: entered promiscuous mode [ 564.959046][T21202] syzkaller1: entered allmulticast mode [ 565.012573][T21202] pim6reg1: entered promiscuous mode [ 565.023479][T21202] pim6reg1: entered allmulticast mode [ 565.038451][T21212] netlink: 'syz.4.5243': attribute type 10 has an invalid length. [ 565.046884][T21212] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5243'. [ 565.097393][T21212] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 565.104850][T21212] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 565.168662][T21218] netlink: 'syz.0.5246': attribute type 10 has an invalid length. [ 565.288091][T21223] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5248'. [ 565.523433][T21241] x_tables: duplicate underflow at hook 2 [ 565.531217][T21241] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5254'. [ 565.725828][T21250] netlink: 'syz.0.5258': attribute type 10 has an invalid length. [ 565.733878][T21250] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5258'. [ 565.761182][T21250] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 565.787180][T21250] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 566.003109][T21262] : entered promiscuous mode [ 566.205782][T21283] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5267'. [ 566.439777][T21305] netlink: 100 bytes leftover after parsing attributes in process `syz.4.5275'. [ 566.478604][T21310] sctp: [Deprecated]: syz.2.5277 (pid 21310) Use of int in maxseg socket option. [ 566.478604][T21310] Use struct sctp_assoc_value instead [ 566.533882][T21311] tipc: Enabled bearer , priority 0 [ 566.541502][T21311] syzkaller0: entered promiscuous mode [ 566.547136][T21311] syzkaller0: entered allmulticast mode [ 566.559589][T21308] tipc: Resetting bearer [ 566.641510][T21308] tipc: Disabling bearer [ 566.798016][T21334] 8021q: VLANs not supported on ip6_vti0 [ 566.828250][T21332] netlink: 'syz.0.5283': attribute type 10 has an invalid length. [ 566.855016][T21332] syz_tun: entered promiscuous mode [ 566.871656][T21339] FAULT_INJECTION: forcing a failure. [ 566.871656][T21339] name failslab, interval 1, probability 0, space 0, times 0 [ 566.895871][T21339] CPU: 1 UID: 0 PID: 21339 Comm: syz.1.5285 Not tainted syzkaller #0 PREEMPT(full) [ 566.895899][T21339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 566.895910][T21339] Call Trace: [ 566.895917][T21339] [ 566.895926][T21339] dump_stack_lvl+0x189/0x250 [ 566.895954][T21339] ? __pfx____ratelimit+0x10/0x10 [ 566.895978][T21339] ? __pfx_dump_stack_lvl+0x10/0x10 [ 566.896000][T21339] ? __pfx__printk+0x10/0x10 [ 566.896025][T21339] ? __pfx___might_resched+0x10/0x10 [ 566.896050][T21339] should_fail_ex+0x414/0x560 [ 566.896079][T21339] should_failslab+0xa8/0x100 [ 566.896105][T21339] kmem_cache_alloc_noprof+0x74/0x6e0 [ 566.896129][T21339] ? ovs_flow_alloc+0x24/0x1f0 [ 566.896153][T21339] ovs_flow_alloc+0x24/0x1f0 [ 566.896176][T21339] ovs_flow_cmd_new+0x1ee/0xd80 [ 566.896198][T21339] ? netlink_deliver_tap+0x19c/0x1b0 [ 566.896215][T21339] ? __sock_sendmsg+0x21c/0x270 [ 566.896244][T21339] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 566.896321][T21339] ? rcu_is_watching+0x15/0xb0 [ 566.896346][T21339] ? __nla_parse+0x40/0x60 [ 566.896369][T21339] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 566.896400][T21339] genl_family_rcv_msg_doit+0x215/0x300 [ 566.896430][T21339] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 566.896466][T21339] ? bpf_lsm_capable+0x9/0x20 [ 566.896486][T21339] ? security_capable+0x7e/0x2e0 [ 566.896516][T21339] genl_rcv_msg+0x60e/0x790 [ 566.896545][T21339] ? __pfx_genl_rcv_msg+0x10/0x10 [ 566.896566][T21339] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 566.896594][T21339] ? __asan_memcpy+0x40/0x70 [ 566.896616][T21339] ? __pfx_ref_tracker_free+0x10/0x10 [ 566.896642][T21339] netlink_rcv_skb+0x208/0x470 [ 566.896658][T21339] ? __lock_acquire+0xab9/0xd20 [ 566.896677][T21339] ? __pfx_genl_rcv_msg+0x10/0x10 [ 566.896700][T21339] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 566.896738][T21339] ? down_read+0x1ad/0x2e0 [ 566.896759][T21339] genl_rcv+0x28/0x40 [ 566.896778][T21339] netlink_unicast+0x82f/0x9e0 [ 566.896812][T21339] ? __pfx_netlink_unicast+0x10/0x10 [ 566.896838][T21339] ? netlink_sendmsg+0x642/0xb30 [ 566.896854][T21339] ? skb_put+0x11b/0x210 [ 566.896876][T21339] netlink_sendmsg+0x805/0xb30 [ 566.896904][T21339] ? __pfx_netlink_sendmsg+0x10/0x10 [ 566.896925][T21339] ? aa_sock_msg_perm+0xf1/0x1d0 [ 566.896953][T21339] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 566.896969][T21339] ? __pfx_netlink_sendmsg+0x10/0x10 [ 566.896988][T21339] __sock_sendmsg+0x21c/0x270 [ 566.897014][T21339] ____sys_sendmsg+0x505/0x830 [ 566.897040][T21339] ? __pfx_____sys_sendmsg+0x10/0x10 [ 566.897069][T21339] ? import_iovec+0x74/0xa0 [ 566.897094][T21339] ___sys_sendmsg+0x21f/0x2a0 [ 566.897122][T21339] ? __pfx____sys_sendmsg+0x10/0x10 [ 566.897178][T21339] ? __fget_files+0x2a/0x420 [ 566.897194][T21339] ? __fget_files+0x3a0/0x420 [ 566.897220][T21339] __x64_sys_sendmsg+0x19b/0x260 [ 566.897241][T21339] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 566.897264][T21339] ? __pfx_ksys_write+0x10/0x10 [ 566.897289][T21339] ? do_syscall_64+0xbe/0xfa0 [ 566.897316][T21339] do_syscall_64+0xfa/0xfa0 [ 566.897337][T21339] ? lockdep_hardirqs_on+0x9c/0x150 [ 566.897358][T21339] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 566.897376][T21339] ? clear_bhb_loop+0x60/0xb0 [ 566.897395][T21339] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 566.897407][T21339] RIP: 0033:0x7f5b3f78f749 [ 566.897421][T21339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 566.897435][T21339] RSP: 002b:00007f5b40670038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 566.897454][T21339] RAX: ffffffffffffffda RBX: 00007f5b3f9e5fa0 RCX: 00007f5b3f78f749 [ 566.897465][T21339] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 566.897475][T21339] RBP: 00007f5b40670090 R08: 0000000000000000 R09: 0000000000000000 [ 566.897486][T21339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 566.897495][T21339] R13: 00007f5b3f9e6038 R14: 00007f5b3f9e5fa0 R15: 00007fff8a2b2d18 [ 566.897535][T21339] [ 566.917085][T21332] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 567.768307][T21391] FAULT_INJECTION: forcing a failure. [ 567.768307][T21391] name failslab, interval 1, probability 0, space 0, times 0 [ 567.793518][T21388] netlink: 'syz.3.5299': attribute type 10 has an invalid length. [ 567.802290][T21391] CPU: 0 UID: 0 PID: 21391 Comm: syz.0.5297 Not tainted syzkaller #0 PREEMPT(full) [ 567.802317][T21391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 567.802328][T21391] Call Trace: [ 567.802335][T21391] [ 567.802343][T21391] dump_stack_lvl+0x189/0x250 [ 567.802371][T21391] ? __pfx____ratelimit+0x10/0x10 [ 567.802394][T21391] ? __pfx_dump_stack_lvl+0x10/0x10 [ 567.802417][T21391] ? __pfx__printk+0x10/0x10 [ 567.802442][T21391] ? __pfx___might_resched+0x10/0x10 [ 567.802466][T21391] should_fail_ex+0x414/0x560 [ 567.802496][T21391] should_failslab+0xa8/0x100 [ 567.802517][T21391] kmem_cache_alloc_node_noprof+0x77/0x710 [ 567.802542][T21391] ? ovs_flow_alloc+0x103/0x1f0 [ 567.802559][T21391] ? ovs_flow_alloc+0x24/0x1f0 [ 567.802582][T21391] ovs_flow_alloc+0x103/0x1f0 [ 567.802604][T21391] ovs_flow_cmd_new+0x1ee/0xd80 [ 567.802626][T21391] ? netlink_deliver_tap+0x19c/0x1b0 [ 567.802643][T21391] ? __sock_sendmsg+0x21c/0x270 [ 567.802671][T21391] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 567.802746][T21391] ? rcu_is_watching+0x15/0xb0 [ 567.802769][T21391] ? __nla_parse+0x40/0x60 [ 567.802798][T21391] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 567.802826][T21391] genl_family_rcv_msg_doit+0x215/0x300 [ 567.802855][T21391] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 567.802889][T21391] ? bpf_lsm_capable+0x9/0x20 [ 567.802908][T21391] ? security_capable+0x7e/0x2e0 [ 567.802937][T21391] genl_rcv_msg+0x60e/0x790 [ 567.802963][T21391] ? __pfx_genl_rcv_msg+0x10/0x10 [ 567.802983][T21391] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 567.803006][T21391] ? __asan_memcpy+0x40/0x70 [ 567.803028][T21391] ? __pfx_ref_tracker_free+0x10/0x10 [ 567.803052][T21391] netlink_rcv_skb+0x208/0x470 [ 567.803067][T21391] ? __lock_acquire+0xab9/0xd20 [ 567.803085][T21391] ? __pfx_genl_rcv_msg+0x10/0x10 [ 567.803107][T21391] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 567.803144][T21391] ? down_read+0x1ad/0x2e0 [ 567.803163][T21391] genl_rcv+0x28/0x40 [ 567.803182][T21391] netlink_unicast+0x82f/0x9e0 [ 567.803215][T21391] ? __pfx_netlink_unicast+0x10/0x10 [ 567.803239][T21391] ? netlink_sendmsg+0x642/0xb30 [ 567.803254][T21391] ? skb_put+0x11b/0x210 [ 567.803275][T21391] netlink_sendmsg+0x805/0xb30 [ 567.803303][T21391] ? __pfx_netlink_sendmsg+0x10/0x10 [ 567.803324][T21391] ? aa_sock_msg_perm+0xf1/0x1d0 [ 567.803350][T21391] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 567.803365][T21391] ? __pfx_netlink_sendmsg+0x10/0x10 [ 567.803383][T21391] __sock_sendmsg+0x21c/0x270 [ 567.803408][T21391] ____sys_sendmsg+0x505/0x830 [ 567.803434][T21391] ? __pfx_____sys_sendmsg+0x10/0x10 [ 567.803462][T21391] ? import_iovec+0x74/0xa0 [ 567.803486][T21391] ___sys_sendmsg+0x21f/0x2a0 [ 567.803508][T21391] ? __pfx____sys_sendmsg+0x10/0x10 [ 567.803559][T21391] ? __fget_files+0x2a/0x420 [ 567.803574][T21391] ? __fget_files+0x3a0/0x420 [ 567.803598][T21391] __x64_sys_sendmsg+0x19b/0x260 [ 567.803616][T21391] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 567.803642][T21391] ? __pfx_ksys_write+0x10/0x10 [ 567.803668][T21391] ? do_syscall_64+0xbe/0xfa0 [ 567.803692][T21391] do_syscall_64+0xfa/0xfa0 [ 567.803712][T21391] ? lockdep_hardirqs_on+0x9c/0x150 [ 567.803734][T21391] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 567.803749][T21391] ? clear_bhb_loop+0x60/0xb0 [ 567.803769][T21391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 567.803792][T21391] RIP: 0033:0x7f1b4118f749 [ 567.803809][T21391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 567.803824][T21391] RSP: 002b:00007f1b4204a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 567.803844][T21391] RAX: ffffffffffffffda RBX: 00007f1b413e5fa0 RCX: 00007f1b4118f749 [ 567.803858][T21391] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 567.803870][T21391] RBP: 00007f1b4204a090 R08: 0000000000000000 R09: 0000000000000000 [ 567.803881][T21391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 567.803892][T21391] R13: 00007f1b413e6038 R14: 00007f1b413e5fa0 R15: 00007ffe81288808 [ 567.803925][T21391] [ 567.810853][T21388] syz_tun: entered promiscuous mode [ 568.007468][T21402] netlink: 'syz.0.5303': attribute type 1 has an invalid length. [ 568.017595][T21388] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 568.400786][T21421] syzkaller1: entered promiscuous mode [ 568.436226][T21421] syzkaller1: entered allmulticast mode [ 568.466719][T21421] syzkaller1: left promiscuous mode [ 568.471972][T21421] syzkaller1: left allmulticast mode [ 568.588907][T21444] FAULT_INJECTION: forcing a failure. [ 568.588907][T21444] name failslab, interval 1, probability 0, space 0, times 0 [ 568.627579][T21444] CPU: 0 UID: 0 PID: 21444 Comm: syz.3.5313 Not tainted syzkaller #0 PREEMPT(full) [ 568.627607][T21444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 568.627617][T21444] Call Trace: [ 568.627625][T21444] [ 568.627634][T21444] dump_stack_lvl+0x189/0x250 [ 568.627666][T21444] ? __pfx____ratelimit+0x10/0x10 [ 568.627689][T21444] ? __pfx_dump_stack_lvl+0x10/0x10 [ 568.627711][T21444] ? __pfx__printk+0x10/0x10 [ 568.627732][T21444] ? __pfx___might_resched+0x10/0x10 [ 568.627751][T21444] ? fs_reclaim_acquire+0x7d/0x100 [ 568.627774][T21444] should_fail_ex+0x414/0x560 [ 568.627804][T21444] should_failslab+0xa8/0x100 [ 568.627824][T21444] __kmalloc_cache_noprof+0x6f/0x6f0 [ 568.627848][T21444] ? ovs_flow_cmd_new+0x294/0xd80 [ 568.627875][T21444] ovs_flow_cmd_new+0x294/0xd80 [ 568.627907][T21444] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 568.627983][T21444] ? rcu_is_watching+0x15/0xb0 [ 568.628006][T21444] ? __nla_parse+0x40/0x60 [ 568.628029][T21444] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 568.628060][T21444] genl_family_rcv_msg_doit+0x215/0x300 [ 568.628090][T21444] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 568.628125][T21444] ? bpf_lsm_capable+0x9/0x20 [ 568.628145][T21444] ? security_capable+0x7e/0x2e0 [ 568.628174][T21444] genl_rcv_msg+0x60e/0x790 [ 568.628207][T21444] ? __pfx_genl_rcv_msg+0x10/0x10 [ 568.628226][T21444] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 568.628264][T21444] netlink_rcv_skb+0x208/0x470 [ 568.628279][T21444] ? __lock_acquire+0xab9/0xd20 [ 568.628298][T21444] ? __pfx_genl_rcv_msg+0x10/0x10 [ 568.628320][T21444] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 568.628357][T21444] ? down_read+0x1ad/0x2e0 [ 568.628378][T21444] genl_rcv+0x28/0x40 [ 568.628396][T21444] netlink_unicast+0x82f/0x9e0 [ 568.628430][T21444] ? __pfx_netlink_unicast+0x10/0x10 [ 568.628455][T21444] ? netlink_sendmsg+0x642/0xb30 [ 568.628471][T21444] ? skb_put+0x11b/0x210 [ 568.628492][T21444] netlink_sendmsg+0x805/0xb30 [ 568.628520][T21444] ? __pfx_netlink_sendmsg+0x10/0x10 [ 568.628542][T21444] ? aa_sock_msg_perm+0xf1/0x1d0 [ 568.628567][T21444] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 568.628584][T21444] ? __pfx_netlink_sendmsg+0x10/0x10 [ 568.628603][T21444] __sock_sendmsg+0x21c/0x270 [ 568.628630][T21444] ____sys_sendmsg+0x505/0x830 [ 568.628661][T21444] ? __pfx_____sys_sendmsg+0x10/0x10 [ 568.628690][T21444] ? import_iovec+0x74/0xa0 [ 568.628723][T21444] ___sys_sendmsg+0x21f/0x2a0 [ 568.628745][T21444] ? __pfx____sys_sendmsg+0x10/0x10 [ 568.628802][T21444] ? __fget_files+0x2a/0x420 [ 568.628818][T21444] ? __fget_files+0x3a0/0x420 [ 568.628846][T21444] __x64_sys_sendmsg+0x19b/0x260 [ 568.628868][T21444] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 568.628894][T21444] ? __pfx_ksys_write+0x10/0x10 [ 568.628920][T21444] ? do_syscall_64+0xbe/0xfa0 [ 568.628947][T21444] do_syscall_64+0xfa/0xfa0 [ 568.628969][T21444] ? lockdep_hardirqs_on+0x9c/0x150 [ 568.628991][T21444] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 568.629008][T21444] ? clear_bhb_loop+0x60/0xb0 [ 568.629030][T21444] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 568.629047][T21444] RIP: 0033:0x7fbc24d8f749 [ 568.629064][T21444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 568.629080][T21444] RSP: 002b:00007fbc25c9f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 568.629099][T21444] RAX: ffffffffffffffda RBX: 00007fbc24fe5fa0 RCX: 00007fbc24d8f749 [ 568.629112][T21444] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 568.629124][T21444] RBP: 00007fbc25c9f090 R08: 0000000000000000 R09: 0000000000000000 [ 568.629135][T21444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 568.629146][T21444] R13: 00007fbc24fe6038 R14: 00007fbc24fe5fa0 R15: 00007fff577d9da8 [ 568.629178][T21444] [ 569.121229][T21448] netlink: 'syz.1.5317': attribute type 10 has an invalid length. [ 569.123882][T21452] netlink: 'syz.0.5315': attribute type 1 has an invalid length. [ 569.254004][T21452] 8021q: adding VLAN 0 to HW filter on device bond9 [ 569.343983][T21452] veth5: entered promiscuous mode [ 569.374664][T21452] bond9: (slave veth5): Enslaving as a backup interface with a down link [ 569.564509][T21489] FAULT_INJECTION: forcing a failure. [ 569.564509][T21489] name failslab, interval 1, probability 0, space 0, times 0 [ 569.595977][ T13] net_ratelimit: 56 callbacks suppressed [ 569.595998][ T13] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 569.626504][ T13] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 569.634037][T21489] CPU: 1 UID: 0 PID: 21489 Comm: syz.1.5327 Not tainted syzkaller #0 PREEMPT(full) [ 569.634061][T21489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 569.634070][T21489] Call Trace: [ 569.634077][T21489] [ 569.634084][T21489] dump_stack_lvl+0x189/0x250 [ 569.634110][T21489] ? __pfx____ratelimit+0x10/0x10 [ 569.634131][T21489] ? __pfx_dump_stack_lvl+0x10/0x10 [ 569.634152][T21489] ? __pfx__printk+0x10/0x10 [ 569.634171][T21489] ? __pfx___might_resched+0x10/0x10 [ 569.634188][T21489] ? fs_reclaim_acquire+0x7d/0x100 [ 569.634210][T21489] should_fail_ex+0x414/0x560 [ 569.634238][T21489] should_failslab+0xa8/0x100 [ 569.634258][T21489] __kmalloc_cache_noprof+0x6f/0x6f0 [ 569.634280][T21489] ? ovs_flow_cmd_new+0x294/0xd80 [ 569.634309][T21489] ovs_flow_cmd_new+0x294/0xd80 [ 569.634330][T21489] ? netlink_deliver_tap+0x19c/0x1b0 [ 569.634355][T21489] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 569.634421][T21489] ? rcu_is_watching+0x15/0xb0 [ 569.634445][T21489] ? __nla_parse+0x40/0x60 [ 569.634464][T21489] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 569.634493][T21489] genl_family_rcv_msg_doit+0x215/0x300 [ 569.634522][T21489] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 569.634556][T21489] ? bpf_lsm_capable+0x9/0x20 [ 569.634576][T21489] ? security_capable+0x7e/0x2e0 [ 569.634612][T21489] genl_rcv_msg+0x60e/0x790 [ 569.634640][T21489] ? __pfx_genl_rcv_msg+0x10/0x10 [ 569.634660][T21489] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 569.634682][T21489] ? __asan_memcpy+0x40/0x70 [ 569.634701][T21489] ? __pfx_ref_tracker_free+0x10/0x10 [ 569.634724][T21489] netlink_rcv_skb+0x208/0x470 [ 569.634738][T21489] ? __lock_acquire+0xab9/0xd20 [ 569.634755][T21489] ? __pfx_genl_rcv_msg+0x10/0x10 [ 569.634777][T21489] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 569.634813][T21489] ? down_read+0x1ad/0x2e0 [ 569.634832][T21489] genl_rcv+0x28/0x40 [ 569.634851][T21489] netlink_unicast+0x82f/0x9e0 [ 569.634883][T21489] ? __pfx_netlink_unicast+0x10/0x10 [ 569.634908][T21489] ? netlink_sendmsg+0x642/0xb30 [ 569.634923][T21489] ? skb_put+0x11b/0x210 [ 569.634945][T21489] netlink_sendmsg+0x805/0xb30 [ 569.634972][T21489] ? __pfx_netlink_sendmsg+0x10/0x10 [ 569.634993][T21489] ? aa_sock_msg_perm+0xf1/0x1d0 [ 569.635019][T21489] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 569.635036][T21489] ? __pfx_netlink_sendmsg+0x10/0x10 [ 569.635053][T21489] __sock_sendmsg+0x21c/0x270 [ 569.635077][T21489] ____sys_sendmsg+0x505/0x830 [ 569.635100][T21489] ? __pfx_____sys_sendmsg+0x10/0x10 [ 569.635128][T21489] ? import_iovec+0x74/0xa0 [ 569.635150][T21489] ___sys_sendmsg+0x21f/0x2a0 [ 569.635168][T21489] ? __pfx____sys_sendmsg+0x10/0x10 [ 569.635221][T21489] ? __fget_files+0x2a/0x420 [ 569.635238][T21489] ? __fget_files+0x3a0/0x420 [ 569.635265][T21489] __x64_sys_sendmsg+0x19b/0x260 [ 569.635286][T21489] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 569.635314][T21489] ? __pfx_ksys_write+0x10/0x10 [ 569.635340][T21489] ? do_syscall_64+0xbe/0xfa0 [ 569.635366][T21489] do_syscall_64+0xfa/0xfa0 [ 569.635388][T21489] ? lockdep_hardirqs_on+0x9c/0x150 [ 569.635410][T21489] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.635428][T21489] ? clear_bhb_loop+0x60/0xb0 [ 569.635449][T21489] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.635466][T21489] RIP: 0033:0x7f5b3f78f749 [ 569.635482][T21489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 569.635499][T21489] RSP: 002b:00007f5b40670038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 569.635516][T21489] RAX: ffffffffffffffda RBX: 00007f5b3f9e5fa0 RCX: 00007f5b3f78f749 [ 569.635528][T21489] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 569.635538][T21489] RBP: 00007f5b40670090 R08: 0000000000000000 R09: 0000000000000000 [ 569.635547][T21489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 569.635557][T21489] R13: 00007f5b3f9e6038 R14: 00007f5b3f9e5fa0 R15: 00007fff8a2b2d18 [ 569.635592][T21489] [ 570.020400][T14417] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 570.058098][ T36] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 570.093749][T21495] __nla_validate_parse: 12 callbacks suppressed [ 570.093770][T21495] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5331'. [ 570.100815][T21496] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5329'. [ 570.153269][T21500] netlink: 'syz.0.5331': attribute type 10 has an invalid length. [ 570.162317][ T36] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 570.236123][T14417] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 570.253986][T21501] syzkaller0: entered promiscuous mode [ 570.259669][T21501] syzkaller0: entered allmulticast mode [ 570.292257][T21509] netlink: 'syz.3.5336': attribute type 1 has an invalid length. [ 570.346710][ T36] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 570.357595][T21509] 8021q: adding VLAN 0 to HW filter on device bond13 [ 570.398882][T21509] veth9: entered promiscuous mode [ 570.407791][T21509] bond13: (slave veth9): Enslaving as a backup interface with a down link [ 570.478189][ T13] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 570.521303][ T13] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 570.539095][T21522] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5340'. [ 570.564717][T21522] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5340'. [ 570.596584][T14417] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 570.620899][T21527] netlink: 52 bytes leftover after parsing attributes in process `syz.4.5343'. [ 570.684373][T21529] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5344'. [ 570.703348][T21534] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5340'. [ 570.830542][T21539] syz.4.5346 uses old SIOCAX25GETINFO [ 570.863066][T21541] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5347'. [ 570.885616][T21541] netlink: 'syz.1.5347': attribute type 10 has an invalid length. [ 571.338761][T21573] netlink: 64 bytes leftover after parsing attributes in process `syz.0.5360'. [ 571.357094][T21573] sctp: [Deprecated]: syz.0.5360 (pid 21573) Use of int in maxseg socket option. [ 571.357094][T21573] Use struct sctp_assoc_value instead [ 571.375831][T21577] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5361'. [ 571.398477][T21577] netlink: 'syz.1.5361': attribute type 10 has an invalid length. [ 571.483659][T21583] xt_l2tp: v2 doesn't support IP mode [ 571.495094][T21583] netlink: 'syz.1.5364': attribute type 1 has an invalid length. [ 571.736029][T21606] netlink: 'syz.0.5372': attribute type 1 has an invalid length. [ 571.762178][T21601] netlink: 'syz.2.5371': attribute type 11 has an invalid length. [ 571.816136][T21609] netlink: 'syz.2.5371': attribute type 11 has an invalid length. [ 571.833356][T21612] netlink: 'syz.1.5374': attribute type 10 has an invalid length. [ 571.864682][T21606] 8021q: adding VLAN 0 to HW filter on device bond10 [ 571.910358][T21606] veth7: entered promiscuous mode [ 571.923675][T21606] bond10: (slave veth7): Enslaving as a backup interface with a down link [ 571.948111][T21615] tipc: Enabled bearer , priority 13 [ 571.970395][T21621] sctp: [Deprecated]: syz.1.5378 (pid 21621) Use of struct sctp_assoc_value in delayed_ack socket option. [ 571.970395][T21621] Use struct sctp_sack_info instead [ 572.083475][T21629] tipc: Enabling of bearer rejected, failed to enable media [ 572.114766][ T24] IPVS: starting estimator thread 0... [ 572.216829][T21635] IPVS: using max 31 ests per chain, 74400 per kthread [ 572.571786][T21663] sch_tbf: burst 512 is lower than device syzkaller0 mtu (1500) ! [ 572.974144][T21685] bridge11: entered allmulticast mode [ 573.069210][T21083] tipc: Node number set to 446301104 [ 573.282671][T21703] netlink: 'syz.0.5404': attribute type 11 has an invalid length. [ 573.411568][T21708] xt_ipcomp: unknown flags 1D [ 573.840934][T21732] netlink: 'syz.2.5410': attribute type 29 has an invalid length. [ 573.919437][T21737] bridge0: port 1(batadv1) entered blocking state [ 573.930491][T21737] bridge0: port 1(batadv1) entered disabled state [ 573.938010][T21737] batadv1: entered allmulticast mode [ 573.946783][T21737] batadv1: entered promiscuous mode [ 574.040371][T21743] bond16: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0) [ 574.076735][T21743] bond16 (unregistering): Released all slaves [ 574.299677][T21766] xt_addrtype: ipv6 does not support BROADCAST matching [ 574.415693][T14417] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 574.424985][T14417] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 574.605687][T14411] net_ratelimit: 72 callbacks suppressed [ 574.605706][T14411] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 574.649801][T21777] wlan0 speed is unknown, defaulting to 1000 [ 574.715597][T21787] netlink: 'syz.4.5430': attribute type 29 has an invalid length. [ 574.791501][T21789] netlink: 'syz.4.5430': attribute type 29 has an invalid length. [ 574.915968][T14411] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 574.965772][T14411] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 575.097228][T14417] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 575.104689][T14417] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 575.160318][T21810] 8021q: adding VLAN 0 to HW filter on device bond16 [ 575.179405][T21821] __nla_validate_parse: 18 callbacks suppressed [ 575.179425][T21821] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5439'. [ 575.253429][T21824] unsupported nlmsg_type 40 [ 575.286111][T21810] veth9: entered promiscuous mode [ 575.333570][T21810] bond16: (slave veth9): Enslaving as a backup interface with a down link [ 575.467871][ T43] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 575.505289][T21835] validate_nla: 1 callbacks suppressed [ 575.505307][T21835] netlink: 'syz.0.5443': attribute type 10 has an invalid length. [ 575.520693][T21832] netlink: 'syz.3.5442': attribute type 3 has an invalid length. [ 575.521756][T21835] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5443'. [ 575.531584][ T43] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 575.548973][T21837] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5444'. [ 575.559094][T21835] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 575.578167][T21837] openvswitch: netlink: Port -1 exceeds max allowable 65535 [ 575.584434][T21840] xt_hashlimit: max too large, truncated to 1048576 [ 575.586383][ T43] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 575.633209][T21840] sctp: [Deprecated]: syz.2.5445 (pid 21840) Use of struct sctp_assoc_value in delayed_ack socket option. [ 575.633209][T21840] Use struct sctp_sack_info instead [ 575.697850][T21840] tipc: Enabling of bearer rejected, media not registered [ 575.714618][T21840] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5445'. [ 576.154661][T21878] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5458'. [ 576.186590][T21878] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5458'. [ 576.216841][T21879] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5457'. [ 576.318627][T21890] netlink: 76 bytes leftover after parsing attributes in process `syz.1.5459'. [ 576.635944][T21904] --map-set only usable from mangle table [ 576.691211][T21910] tipc: Enabled bearer , priority 0 [ 576.712491][T21910] syzkaller0: entered promiscuous mode [ 576.730563][T21910] syzkaller0: entered allmulticast mode [ 576.790696][T21910] tipc: Resetting bearer [ 576.821722][T21908] tipc: Resetting bearer [ 576.862571][T21908] tipc: Disabling bearer [ 576.881933][T21922] netlink: 11562 bytes leftover after parsing attributes in process `syz.2.5474'. [ 577.008660][T21932] tipc: Enabled bearer , priority 0 [ 577.025967][T21935] netlink: 'syz.0.5478': attribute type 18 has an invalid length. [ 577.074803][T21938] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5479'. [ 577.099453][T21932] syzkaller0: entered promiscuous mode [ 577.105014][T21932] syzkaller0: entered allmulticast mode [ 577.125941][T21932] tipc: Resetting bearer [ 577.266736][T21932] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 577.290742][T21932] bond0 (unregistering): (slave syz_tun): Releasing backup interface [ 577.314378][T21932] bond0 (unregistering): Released all slaves [ 577.338751][T21959] netlink: 'syz.2.5483': attribute type 10 has an invalid length. [ 577.461926][T21930] tipc: Resetting bearer [ 577.525413][T21930] tipc: Disabling bearer [ 577.827191][T21988] batadv1: left allmulticast mode [ 577.832836][T21988] batadv1: left promiscuous mode [ 577.838545][T21988] bridge0: port 1(batadv1) entered disabled state [ 578.185860][T22011] syzkaller1: entered promiscuous mode [ 578.191378][T22011] syzkaller1: entered allmulticast mode [ 578.528999][T22035] netlink: 'syz.2.5514': attribute type 29 has an invalid length. [ 578.548700][T22035] netlink: 'syz.2.5514': attribute type 29 has an invalid length. [ 578.550694][T22038] IPVS: set_ctl: invalid protocol: 12 224.0.0.2:20004 [ 578.600842][T22043] netlink: 'syz.3.5517': attribute type 142 has an invalid length. [ 578.731488][T22052] netlink: 'syz.2.5519': attribute type 3 has an invalid length. [ 578.814223][T22056] tap0: tun_chr_ioctl cmd 2148553947 [ 578.848724][T22056] tap0: tun_chr_ioctl cmd 1074812118 [ 578.981894][T22069] netlink: 'syz.2.5528': attribute type 15 has an invalid length. [ 579.033700][T22074] netlink: 'syz.1.5530': attribute type 10 has an invalid length. [ 579.045434][T22074] bridge0: port 1(team0) entered blocking state [ 579.054617][T22074] bridge0: port 1(team0) entered disabled state [ 579.061559][T22074] team0: entered allmulticast mode [ 579.071061][T22074] team0: entered promiscuous mode [ 579.090480][T22075] syzkaller0: entered promiscuous mode [ 579.130954][T22075] syzkaller0: entered allmulticast mode [ 579.305166][T22107] block nbd3: Unsupported socket: should be TCP or UNIX. [ 579.616275][T22097] net_ratelimit: 62 callbacks suppressed [ 579.616296][T22097] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 579.781810][T22145] openvswitch: netlink: nsh attribute has 65532 unknown bytes. [ 579.787182][T22102] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 579.792436][T22145] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 579.825859][T22139] 8021q: adding VLAN 0 to HW filter on device bond14 [ 579.903973][T22139] veth11: entered promiscuous mode [ 579.922342][T22139] bond14: (slave veth11): Enslaving as a backup interface with a down link [ 579.963873][T22097] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 580.085655][T22098] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 580.095665][T22102] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 580.270098][T22102] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 580.295671][T22102] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 580.344850][T22181] openvswitch: netlink: nsh attribute has 65532 unknown bytes. [ 580.359624][T22182] xt_l2tp: v2 sid > 0xffff: 1114112 [ 580.397604][T22179] __nla_validate_parse: 18 callbacks suppressed [ 580.397624][T22179] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.5558'. [ 580.580790][T22169] infiniband yyz!: set down [ 580.585409][T22169] infiniband yyz!: added team_slave_0 [ 580.611035][T22193] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5563'. [ 580.678222][T22169] RDS/IB: yyz!: added [ 580.682408][T22169] smc: adding ib device yyz! with port count 1 [ 580.690631][T22169] smc: ib device yyz! port 1 has no pnetid [ 580.840264][T22208] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5566'. [ 580.905444][T22210] veth0: entered promiscuous mode [ 580.948354][T22209] veth0: left promiscuous mode [ 581.234232][T22226] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.5572'. [ 581.493873][T22235] tipc: Enabled bearer , priority 0 [ 581.510833][T22235] syzkaller0: entered promiscuous mode [ 581.524200][T22235] syzkaller0: entered allmulticast mode [ 581.551496][T22235] tipc: Resetting bearer [ 581.578839][T22234] tipc: Resetting bearer [ 581.651996][T22234] tipc: Disabling bearer [ 581.803136][T22247] syzkaller0: entered promiscuous mode [ 581.809392][T22247] syzkaller0: entered allmulticast mode [ 582.089668][T22255] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5585'. [ 582.230270][T22265] validate_nla: 4 callbacks suppressed [ 582.230288][T22265] netlink: 'syz.1.5589': attribute type 10 has an invalid length. [ 582.383118][T22272] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5592'. [ 582.545919][T22277] tipc: Enabled bearer , priority 0 [ 582.560524][T22277] tipc: Resetting bearer [ 582.603651][T22276] tipc: Disabling bearer [ 582.847401][T22303] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 583.035095][T22316] netlink: 'syz.1.5608': attribute type 29 has an invalid length. [ 583.050327][T22316] netlink: 'syz.1.5608': attribute type 29 has an invalid length. [ 583.154530][T22330] netlink: 'syz.3.5613': attribute type 1 has an invalid length. [ 583.184766][T22335] netlink: 100 bytes leftover after parsing attributes in process `syz.0.5614'. [ 583.215999][T22330] 8021q: adding VLAN 0 to HW filter on device bond15 [ 583.228443][T22335] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5614'. [ 583.240093][T22330] veth13: entered promiscuous mode [ 583.241114][T22335] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5614'. [ 583.256650][T22330] bond15: (slave veth13): Enslaving as a backup interface with a down link [ 583.276095][T22335] bridge0: port 1(vlan2) entered blocking state [ 583.282735][T22335] bridge0: port 1(vlan2) entered disabled state [ 583.289707][T22335] vlan2: entered allmulticast mode [ 583.295193][T22335] bridge0: entered allmulticast mode [ 583.309583][T22335] vlan2: left allmulticast mode [ 583.314559][T22335] bridge0: left allmulticast mode [ 583.387594][T22339] netlink: 68 bytes leftover after parsing attributes in process `syz.2.5615'. [ 583.483051][T22354] ipt_ECN: cannot use operation on non-tcp rule [ 583.606617][T22358] tap0: tun_chr_ioctl cmd 1074025678 [ 583.611953][T22358] tap0: group set to 0 [ 583.699753][T22368] netlink: 'syz.1.5628': attribute type 1 has an invalid length. [ 583.760018][T22368] 8021q: adding VLAN 0 to HW filter on device bond7 [ 583.816334][T22368] veth15: entered promiscuous mode [ 583.831759][T22368] bond7: (slave veth15): Enslaving as a backup interface with a down link [ 584.201693][T22409] macvlan0: entered promiscuous mode [ 584.212967][T22409] macvlan0: entered allmulticast mode [ 584.219444][T22409] bond0: (slave macvlan0): Error -98 calling set_mac_address [ 584.241966][T22402] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 584.252159][T22402] syzkaller0: entered promiscuous mode [ 584.258978][T22414] netlink: 'syz.0.5641': attribute type 1 has an invalid length. [ 584.276944][T22402] syzkaller0: entered allmulticast mode [ 584.441080][T22427] netlink: 'syz.2.5645': attribute type 1 has an invalid length. [ 585.880539][T22415] bond11: (slave veth9): Enslaving as an active interface with a down link [ 585.892794][T22414] bond11: entered promiscuous mode [ 585.898286][T22414] 8021q: adding VLAN 0 to HW filter on device bond11 [ 585.905711][T22096] net_ratelimit: 72 callbacks suppressed [ 585.905729][T22096] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 585.935345][T22427] workqueue: Failed to create a rescuer kthread for wq "bond17": -EINTR [ 585.938470][T22102] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 585.966567][T22432] syzkaller0: entered promiscuous mode [ 585.988697][T22432] syzkaller0: entered allmulticast mode [ 586.040343][ T30] audit: type=1107 audit(1763556017.630:5): pid=22451 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='=í®K j' [ 586.272119][T22462] netlink: del zone limit has 4 unknown bytes [ 586.383595][T22472] __nla_validate_parse: 5 callbacks suppressed [ 586.383613][T22472] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5655'. [ 587.803288][T22467] macvlan2: entered promiscuous mode [ 587.808846][T22467] macvlan2: entered allmulticast mode [ 587.814544][T22467] bond0: (slave macvlan2): Error -98 calling set_mac_address [ 587.838392][T22100] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 587.876155][T22100] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 587.962497][T22494] netlink: 'syz.3.5661': attribute type 2 has an invalid length. [ 587.970458][T22090] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 587.993323][T22494] netlink: 'syz.3.5661': attribute type 2 has an invalid length. [ 587.993826][T22491] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 588.001297][T22100] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 588.021443][T21083] IPVS: starting estimator thread 0... [ 588.086973][T22100] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 588.115778][T22502] IPVS: using max 33 ests per chain, 79200 per kthread [ 588.156416][T22100] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 588.218035][T22511] netlink: 'syz.3.5661': attribute type 13 has an invalid length. [ 588.227235][T22090] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 588.309661][T22511] gretap0: left allmulticast mode [ 588.325921][T22511] sit0: left promiscuous mode [ 588.331427][T22511] syz_tun: left promiscuous mode [ 588.360792][T22511] net veth1_virt_wifi virt_wifi0: left promiscuous mode [ 588.368178][T22511] net veth1_virt_wifi virt_wifi0: left allmulticast mode [ 588.390606][T22511] veth3: left promiscuous mode [ 588.395903][T22511] geneve2: left promiscuous mode [ 588.400977][T22511] geneve2: left allmulticast mode [ 588.406613][T22511] bond2: left promiscuous mode [ 588.411500][T22511] bond2: left allmulticast mode [ 588.417470][T22511] gtp0: left promiscuous mode [ 588.422666][T22511] gtp0: left allmulticast mode [ 588.428662][T22511] veth5: left promiscuous mode [ 588.435314][T22511] gtp1: left promiscuous mode [ 588.440526][T22511] gtp1: left allmulticast mode [ 588.448050][T22511] bond10: left promiscuous mode [ 588.452907][T22511] bond10: left allmulticast mode [ 588.459402][T22511] team1: left promiscuous mode [ 588.464170][T22511] team1: left allmulticast mode [ 588.471776][T22511] veth9: left promiscuous mode [ 588.478749][T22511] veth11: left promiscuous mode [ 588.486764][T22511] veth13: left promiscuous mode [ 588.500304][T22526] dvmrp6: entered allmulticast mode [ 588.510996][T22529] : entered promiscuous mode [ 588.523400][T22530] pim6reg: entered allmulticast mode [ 588.535736][T22531] pim6reg: left allmulticast mode [ 588.608749][T22533] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5670'. [ 588.664171][T22535] netlink: 180 bytes leftover after parsing attributes in process `syz.0.5669'. [ 588.858242][T22554] tipc: Enabled bearer , priority 0 [ 588.900110][T22554] tipc: Disabling bearer [ 588.932260][T22557] netlink: 'syz.4.5676': attribute type 3 has an invalid length. [ 589.000310][T22560] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5675'. [ 589.014449][T22563] netdevsim netdevsim1 ÿÿÿÿÿÿ: renamed from netdevsim0 [ 589.024747][T22566] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5675'. [ 589.269637][T22583] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5686'. [ 589.344274][ T51] block nbd3: Receive control failed (result -107) [ 589.413470][T22598] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5685'. [ 589.547993][T22613] netlink: 'syz.2.5691': attribute type 1 has an invalid length. [ 589.557400][T22612] netlink: 'syz.4.5690': attribute type 4 has an invalid length. [ 589.576197][T22586] netlink: 48 bytes leftover after parsing attributes in process `syz.0.5685'. [ 589.598454][T22612] netlink: 'syz.4.5690': attribute type 4 has an invalid length. [ 589.644674][T22613] 8021q: adding VLAN 0 to HW filter on device bond17 [ 589.725813][T22612] can: request_module (can-proto-0) failed. [ 589.727792][T22625] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.5694'. [ 589.793757][T22633] netlink: 'syz.0.5697': attribute type 2 has an invalid length. [ 589.813771][T22633] netlink: 84 bytes leftover after parsing attributes in process `syz.0.5697'. [ 589.956971][T22644] bridge0: port 2(bridge_slave_1) entered disabled state [ 589.964399][T22644] bridge0: port 1(bridge_slave_0) entered disabled state [ 590.014154][T22644] bridge0: entered allmulticast mode [ 590.094867][T22644] bridge_slave_1: left allmulticast mode [ 590.102799][T22644] bridge_slave_1: left promiscuous mode [ 590.108784][T22651] netlink: 'syz.1.5703': attribute type 1 has an invalid length. [ 590.119708][T22644] bridge0: port 2(bridge_slave_1) entered disabled state [ 590.129437][T22644] bridge_slave_0: left allmulticast mode [ 590.135226][T22644] bridge_slave_0: left promiscuous mode [ 590.141335][T22644] bridge0: port 1(bridge_slave_0) entered disabled state [ 590.263310][T22652] bond8: (slave bridge10): making interface the new active one [ 590.272128][T22652] bond8: (slave bridge10): Enslaving as an active interface with an up link [ 590.417206][T22662] sctp: [Deprecated]: syz.2.5705 (pid 22662) Use of int in max_burst socket option. [ 590.417206][T22662] Use struct sctp_assoc_value instead [ 590.739200][T22687] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING [ 590.766400][T22690] netlink: 'syz.2.5715': attribute type 6 has an invalid length. [ 590.950070][T22097] net_ratelimit: 44 callbacks suppressed [ 590.950091][T22097] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 591.008501][T22097] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 591.108252][T22102] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 591.130175][T22102] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 591.252210][T22726] bond12: option all_slaves_active: invalid value (222) [ 591.317107][T22726] bond12 (unregistering): Released all slaves [ 591.382982][T22099] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 591.405184][T22745] __nla_validate_parse: 10 callbacks suppressed [ 591.405202][T22745] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5728'. [ 591.430583][T22732] xt_hashlimit: size too large, truncated to 1048576 [ 591.458025][T22747] netlink: 224 bytes leftover after parsing attributes in process `syz.3.5730'. [ 591.526724][T22102] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 591.545656][T22102] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 591.619059][T22752] xt_CT: You must specify a L4 protocol and not use inversions on it [ 591.637625][T22099] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 591.675701][T22099] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 591.778057][T22099] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 591.844213][T22767] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5738'. [ 591.867417][T22767] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5738'. [ 592.051763][T22784] x_tables: ip_tables: icmp match: only valid for protocol 1 [ 592.273590][T22792] veth17: entered allmulticast mode [ 592.503091][T22810] x_tables: duplicate underflow at hook 2 [ 592.612105][T22826] netlink: 64 bytes leftover after parsing attributes in process `syz.3.5757'. [ 592.665913][T22826] netlink: 64 bytes leftover after parsing attributes in process `syz.3.5757'. [ 592.675976][T22826] netlink: 64 bytes leftover after parsing attributes in process `syz.3.5757'. [ 592.687445][T22826] netlink: 64 bytes leftover after parsing attributes in process `syz.3.5757'. [ 592.701607][T22826] netlink: 64 bytes leftover after parsing attributes in process `syz.3.5757'. [ 592.711927][T22826] netlink: 64 bytes leftover after parsing attributes in process `syz.3.5757'. [ 592.813177][T22835] tipc: New replicast peer: 255.255.255.255 [ 592.829915][T22835] tipc: Enabled bearer , priority 8 [ 593.112993][T22855] IPVS: Unknown mcast interface: dvmrp0 [ 593.137177][T22859] SET target dimension over the limit! [ 593.203781][T22861] syzkaller0: entered promiscuous mode [ 593.222523][T22861] syzkaller0: entered allmulticast mode [ 593.945625][T21084] tipc: Node number set to 2396265151 [ 594.092590][T22931] sctp: [Deprecated]: syz.1.5787 (pid 22931) Use of int in max_burst socket option deprecated. [ 594.092590][T22931] Use struct sctp_assoc_value instead [ 594.212611][T22908] syz.3.5782: vmalloc error: size 100663296, failed to allocated page array size 196608, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 594.325616][T22908] CPU: 1 UID: 0 PID: 22908 Comm: syz.3.5782 Not tainted syzkaller #0 PREEMPT(full) [ 594.325643][T22908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 594.325654][T22908] Call Trace: [ 594.325662][T22908] [ 594.325671][T22908] dump_stack_lvl+0x189/0x250 [ 594.325701][T22908] ? __pfx_dump_stack_lvl+0x10/0x10 [ 594.325723][T22908] ? __pfx__printk+0x10/0x10 [ 594.325741][T22908] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 594.325764][T22908] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 594.325788][T22908] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 594.325813][T22908] warn_alloc+0x214/0x310 [ 594.325844][T22908] ? __pfx_warn_alloc+0x10/0x10 [ 594.325878][T22908] ? __get_vm_area_node+0x28f/0x300 [ 594.325901][T22908] ? bpf_uprobe_multi_link_attach+0x54b/0xee0 [ 594.325924][T22908] __vmalloc_node_range_noprof+0x690/0x12d0 [ 594.325977][T22908] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 594.326000][T22908] ? bpf_uprobe_multi_link_attach+0x54b/0xee0 [ 594.326022][T22908] ? rcu_is_watching+0x15/0xb0 [ 594.326052][T22908] ? bpf_uprobe_multi_link_attach+0x54b/0xee0 [ 594.326071][T22908] __kvmalloc_node_noprof+0x674/0x910 [ 594.326096][T22908] ? bpf_uprobe_multi_link_attach+0x54b/0xee0 [ 594.326113][T22908] ? __kmalloc_cache_noprof+0x3d5/0x6f0 [ 594.326135][T22908] ? kfree+0x19a/0x6d0 [ 594.326153][T22908] ? bpf_uprobe_multi_link_attach+0x527/0xee0 [ 594.326178][T22908] bpf_uprobe_multi_link_attach+0x54b/0xee0 [ 594.326213][T22908] ? __pfx_bpf_uprobe_multi_link_attach+0x10/0x10 [ 594.326230][T22908] ? __fget_files+0x2a/0x420 [ 594.326250][T22908] ? __fget_files+0x2a/0x420 [ 594.326267][T22908] ? __fget_files+0x2a/0x420 [ 594.326286][T22908] ? bpf_prog_attach_check_attach_type+0x453/0x540 [ 594.326311][T22908] link_create+0x673/0x850 [ 594.326336][T22908] __sys_bpf+0x6be/0x860 [ 594.326355][T22908] ? __pfx___sys_bpf+0x10/0x10 [ 594.326393][T22908] ? rcu_is_watching+0x15/0xb0 [ 594.326421][T22908] __x64_sys_bpf+0x7c/0x90 [ 594.326446][T22908] do_syscall_64+0xfa/0xfa0 [ 594.326469][T22908] ? lockdep_hardirqs_on+0x9c/0x150 [ 594.326491][T22908] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 594.326509][T22908] ? clear_bhb_loop+0x60/0xb0 [ 594.326530][T22908] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 594.326548][T22908] RIP: 0033:0x7fbc24d8f749 [ 594.326565][T22908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 594.326580][T22908] RSP: 002b:00007fbc25c7e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 594.326600][T22908] RAX: ffffffffffffffda RBX: 00007fbc24fe6090 RCX: 00007fbc24d8f749 [ 594.326614][T22908] RDX: 0000000000000040 RSI: 0000200000000180 RDI: 000000000000001c [ 594.326625][T22908] RBP: 00007fbc24e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 594.326637][T22908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 594.326648][T22908] R13: 00007fbc24fe6128 R14: 00007fbc24fe6090 R15: 00007fff577d9da8 [ 594.326679][T22908] [ 594.326699][T22908] Mem-Info: [ 594.667520][T22925] wlan0 speed is unknown, defaulting to 1000 [ 594.706243][T22908] active_anon:3892 inactive_anon:0 isolated_anon:0 [ 594.706243][T22908] active_file:3720 inactive_file:40098 isolated_file:0 [ 594.706243][T22908] unevictable:768 dirty:42 writeback:0 [ 594.706243][T22908] slab_reclaimable:12388 slab_unreclaimable:201389 [ 594.706243][T22908] mapped:30420 shmem:1361 pagetables:1006 [ 594.706243][T22908] sec_pagetables:0 bounce:0 [ 594.706243][T22908] kernel_misc_reclaimable:0 [ 594.706243][T22908] free:1221784 free_pcp:15929 free_cma:0 [ 594.852095][T22908] Node 0 active_anon:15672kB inactive_anon:0kB active_file:14880kB inactive_file:160192kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:121880kB dirty:168kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14000kB pagetables:3712kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 594.895995][T22952] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains [ 594.922620][T22908] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:128kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 594.975846][T22908] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 595.072038][T22908] lowmem_reserve[]: 0 2505 2505 2505 2505 [ 595.094070][T22908] Node 0 DMA32 free:987088kB boost:0kB min:34308kB low:42884kB high:51460kB reserved_highatomic:0KB free_highatomic:0KB active_anon:15676kB inactive_anon:0kB active_file:14880kB inactive_file:160192kB unevictable:1536kB writepending:168kB zspages:0kB present:3129332kB managed:2565156kB mlocked:0kB bounce:0kB free_pcp:40884kB local_pcp:25376kB free_cma:0kB [ 595.231680][T22908] lowmem_reserve[]: 0 0 0 0 0 [ 595.238218][T22908] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 595.272248][T22908] lowmem_reserve[]: 0 0 0 0 0 [ 595.295986][T22908] Node 1 Normal free:3884364kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:21124kB local_pcp:8352kB free_cma:0kB [ 595.389667][T22908] lowmem_reserve[]: 0 0 0 0 0 [ 595.394443][T22908] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 595.408271][T22908] Node 0 DMA32: 990*4kB (UM) 609*8kB (UM) 275*16kB (UM) 1201*32kB (UME) 1031*64kB (UM) 346*128kB (UM) 137*256kB (UM) 107*512kB (UM) 62*1024kB (UME) 12*2048kB (UM) 160*4096kB (M) = 995216kB [ 595.465329][T22908] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 595.480576][T22974] validate_nla: 70 callbacks suppressed [ 595.480592][T22974] netlink: 'syz.0.5798': attribute type 30 has an invalid length. [ 595.506380][T22908] Node 1 Normal: 191*4kB (UE) 44*8kB (UME) 39*16kB (UME) 108*32kB (UME) 28*64kB (UME) 8*128kB (UME) 4*256kB (UM) 3*512kB (UM) 3*1024kB (UME) 2*2048kB (UE) 944*4096kB (M) = 3884364kB [ 595.525213][T22908] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 595.534873][T22908] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 595.544656][T22908] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 595.580833][T22908] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 595.590263][T22908] 45193 total pagecache pages [ 595.612543][T22908] 0 pages in swap cache [ 595.616882][T22908] Free swap = 124996kB [ 595.621044][T22908] Total swap = 124996kB [ 595.625343][T22908] 2097051 pages RAM [ 595.633599][T22908] 0 pages HighMem/MovableOnly [ 595.638603][T22908] 424120 pages reserved [ 595.642788][T22908] 0 pages cma reserved [ 595.738228][T22991] netlink: 'syz.0.5802': attribute type 10 has an invalid length. [ 596.050774][T22096] net_ratelimit: 61 callbacks suppressed [ 596.050793][T22096] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 596.095896][T22096] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 596.186620][T22099] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 596.235635][T22099] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 596.259331][T23011] batadv_slave_1: entered allmulticast mode [ 596.296913][T23011] batadv_slave_1: left allmulticast mode [ 596.317716][T22099] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 596.346519][T22099] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 596.435609][T22102] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 596.465657][T22099] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 596.546138][T22099] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 596.564190][T23020] __nla_validate_parse: 72 callbacks suppressed [ 596.564212][T23020] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5810'. [ 596.575749][T22096] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 596.646424][T23040] netlink: 'syz.1.5815': attribute type 2 has an invalid length. [ 596.654445][T23040] netlink: 'syz.1.5815': attribute type 1 has an invalid length. [ 596.696682][T23042] netlink: 'syz.4.5816': attribute type 10 has an invalid length. [ 596.704924][T23042] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5816'. [ 597.002884][T23069] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5820'. [ 597.226582][T23086] netlink: 'syz.3.5830': attribute type 10 has an invalid length. [ 597.237487][T23086] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5830'. [ 597.249379][T23086] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 597.256725][T23086] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 597.575392][T23101] netlink: 'syz.3.5836': attribute type 11 has an invalid length. [ 597.821849][T23118] netlink: 'syz.3.5841': attribute type 10 has an invalid length. [ 597.831136][T23116] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5840'. [ 597.833301][T23118] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5841'. [ 597.861923][T23120] sctp: [Deprecated]: syz.2.5842 (pid 23120) Use of int in max_burst socket option. [ 597.861923][T23120] Use struct sctp_assoc_value instead [ 598.026373][T23128] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5847'. [ 598.151923][T23137] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5851'. [ 598.342507][T23152] netlink: 'syz.2.5855': attribute type 10 has an invalid length. [ 598.356109][T23152] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5855'. [ 598.424479][T23153] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.5854'. [ 598.452199][T23162] xt_CT: You must specify a L4 protocol and not use inversions on it [ 598.762825][T23186] netlink: 'syz.4.5869': attribute type 10 has an invalid length. [ 598.814900][T23184] netlink: 'syz.2.5868': attribute type 6 has an invalid length. [ 598.844967][T23184] syzkaller1: entered promiscuous mode [ 598.851267][T23184] syzkaller1: entered allmulticast mode [ 600.165248][T23271] xt_l2tp: v2 doesn't support IP mode [ 600.417905][ T30] audit: type=1107 audit(1763556032.010:6): pid=23282 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='Ù‹5ž÷Œ•%èÍUýAÊÃËÙ ë0ä™l…t¿Ý•/Öÿ Ž6òŠ¨Šç›' [ 600.983414][T23323] validate_nla: 1 callbacks suppressed [ 600.983431][T23323] netlink: 'syz.0.5918': attribute type 10 has an invalid length. [ 601.039979][T23329] FAULT_INJECTION: forcing a failure. [ 601.039979][T23329] name failslab, interval 1, probability 0, space 0, times 0 [ 601.057192][T23329] CPU: 0 UID: 0 PID: 23329 Comm: syz.2.5919 Not tainted syzkaller #0 PREEMPT(full) [ 601.057219][T23329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 601.057230][T23329] Call Trace: [ 601.057237][T23329] [ 601.057256][T23329] dump_stack_lvl+0x189/0x250 [ 601.057284][T23329] ? __pfx____ratelimit+0x10/0x10 [ 601.057307][T23329] ? __pfx_dump_stack_lvl+0x10/0x10 [ 601.057329][T23329] ? __pfx__printk+0x10/0x10 [ 601.057352][T23329] ? __pfx___might_resched+0x10/0x10 [ 601.057370][T23329] ? fs_reclaim_acquire+0x7d/0x100 [ 601.057391][T23329] should_fail_ex+0x414/0x560 [ 601.057420][T23329] should_failslab+0xa8/0x100 [ 601.057440][T23329] kmem_cache_alloc_node_noprof+0x77/0x710 [ 601.057464][T23329] ? __alloc_skb+0x112/0x2d0 [ 601.057479][T23329] ? netlink_autobind+0xdb/0x300 [ 601.057500][T23329] __alloc_skb+0x112/0x2d0 [ 601.057519][T23329] netlink_sendmsg+0x5c6/0xb30 [ 601.057545][T23329] ? __pfx_netlink_sendmsg+0x10/0x10 [ 601.057565][T23329] ? aa_sock_msg_perm+0xf1/0x1d0 [ 601.057589][T23329] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 601.057607][T23329] ? __pfx_netlink_sendmsg+0x10/0x10 [ 601.057625][T23329] __sock_sendmsg+0x21c/0x270 [ 601.057651][T23329] ____sys_sendmsg+0x505/0x830 [ 601.057675][T23329] ? __pfx_____sys_sendmsg+0x10/0x10 [ 601.057703][T23329] ? import_iovec+0x74/0xa0 [ 601.057728][T23329] ___sys_sendmsg+0x21f/0x2a0 [ 601.057749][T23329] ? __pfx____sys_sendmsg+0x10/0x10 [ 601.057801][T23329] ? __fget_files+0x2a/0x420 [ 601.057817][T23329] ? __fget_files+0x3a0/0x420 [ 601.057844][T23329] __x64_sys_sendmsg+0x19b/0x260 [ 601.057866][T23329] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 601.057894][T23329] ? __pfx_ksys_write+0x10/0x10 [ 601.057917][T23329] ? do_syscall_64+0xbe/0xfa0 [ 601.057944][T23329] do_syscall_64+0xfa/0xfa0 [ 601.057964][T23329] ? lockdep_hardirqs_on+0x9c/0x150 [ 601.057984][T23329] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.058000][T23329] ? clear_bhb_loop+0x60/0xb0 [ 601.058021][T23329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.058037][T23329] RIP: 0033:0x7f4091b8f749 [ 601.058053][T23329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 601.058067][T23329] RSP: 002b:00007f4092b08038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 601.058085][T23329] RAX: ffffffffffffffda RBX: 00007f4091de5fa0 RCX: 00007f4091b8f749 [ 601.058098][T23329] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003 [ 601.058109][T23329] RBP: 00007f4092b08090 R08: 0000000000000000 R09: 0000000000000000 [ 601.058120][T23329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 601.058130][T23329] R13: 00007f4091de6038 R14: 00007f4091de5fa0 R15: 00007ffe9e0d6798 [ 601.058159][T23329] [ 601.362973][T23332] net veth1_virt_wifi virt_wifi0: left promiscuous mode [ 601.370397][T23332] net veth1_virt_wifi virt_wifi0: left allmulticast mode [ 601.409104][T23332] gtp1: left promiscuous mode [ 601.424968][T23332] veth9: left promiscuous mode [ 601.448706][T22102] net_ratelimit: 88 callbacks suppressed [ 601.448727][T22102] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 601.475800][T22102] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 601.501570][T23344] netlink: 'syz.2.5923': attribute type 23 has an invalid length. [ 601.585705][T22100] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 601.616310][T22100] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 601.641235][T23358] netlink: 'syz.0.5928': attribute type 1 has an invalid length. [ 601.786650][T23367] __nla_validate_parse: 8 callbacks suppressed [ 601.786666][T23367] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5932'. [ 601.790947][T22102] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 601.840241][T23367] netlink: 'syz.4.5932': attribute type 1 has an invalid length. [ 601.850053][T23371] netlink: 104 bytes leftover after parsing attributes in process `syz.1.5933'. [ 601.872177][T23371] netlink: 264 bytes leftover after parsing attributes in process `syz.1.5933'. [ 601.875713][T22090] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 601.936742][T22102] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 602.016715][T23378] netlink: 'syz.3.5934': attribute type 10 has an invalid length. [ 602.024574][T23378] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5934'. [ 602.036387][T22100] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 602.045669][T22090] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 602.065306][T23378] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 602.139428][T23382] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5938'. [ 602.212443][T23393] netlink: 72 bytes leftover after parsing attributes in process `syz.3.5942'. [ 602.329684][T23393] bond16 (unregistering): Released all slaves [ 602.451879][T23406] !yz!: rxe_newlink: already configured on team_slave_0 [ 602.651466][T23423] netlink: 'syz.0.5952': attribute type 10 has an invalid length. [ 602.659774][T23423] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5952'. [ 602.829358][T23433] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5957'. [ 602.904025][T23438] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5955'. [ 603.112277][T23447] netlink: 'syz.3.5962': attribute type 3 has an invalid length. [ 603.132117][T23449] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 603.231539][T23452] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5963'. [ 603.255658][T23452] netlink: 'syz.3.5963': attribute type 7 has an invalid length. [ 603.263485][T23452] netlink: 'syz.3.5963': attribute type 8 has an invalid length. [ 603.338964][T23456] netlink: 'syz.4.5964': attribute type 10 has an invalid length. [ 603.365845][T23456] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 603.373095][T23456] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 603.458238][T23467] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 603.471633][T23467] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 603.488732][T23467] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 603.499934][T23467] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 603.508302][T23467] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 603.539718][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 603.561327][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 603.568977][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 603.577644][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 603.585375][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 603.769951][T23485] IPVS: set_ctl: invalid protocol: 59 172.20.20.22:20004 [ 603.915809][T23462] wlan0 speed is unknown, defaulting to 1000 [ 604.610859][T23521] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 605.072084][T23565] FAULT_INJECTION: forcing a failure. [ 605.072084][T23565] name failslab, interval 1, probability 0, space 0, times 0 [ 605.095664][T23565] CPU: 0 UID: 0 PID: 23565 Comm: syz.3.6003 Not tainted syzkaller #0 PREEMPT(full) [ 605.095687][T23565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 605.095697][T23565] Call Trace: [ 605.095705][T23565] [ 605.095713][T23565] dump_stack_lvl+0x189/0x250 [ 605.095740][T23565] ? __pfx____ratelimit+0x10/0x10 [ 605.095761][T23565] ? __pfx_dump_stack_lvl+0x10/0x10 [ 605.095782][T23565] ? __pfx__printk+0x10/0x10 [ 605.095803][T23565] ? __pfx___might_resched+0x10/0x10 [ 605.095826][T23565] should_fail_ex+0x414/0x560 [ 605.095852][T23565] should_failslab+0xa8/0x100 [ 605.095871][T23565] kmem_cache_alloc_node_noprof+0x77/0x710 [ 605.095892][T23565] ? ovs_flow_alloc+0x103/0x1f0 [ 605.095908][T23565] ? ovs_flow_alloc+0x24/0x1f0 [ 605.095928][T23565] ovs_flow_alloc+0x103/0x1f0 [ 605.095948][T23565] ovs_flow_cmd_new+0x1ee/0xd80 [ 605.095977][T23565] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 605.096040][T23565] ? rcu_is_watching+0x15/0xb0 [ 605.096064][T23565] ? __nla_parse+0x40/0x60 [ 605.096086][T23565] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 605.096113][T23565] genl_family_rcv_msg_doit+0x215/0x300 [ 605.096146][T23565] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 605.096177][T23565] ? bpf_lsm_capable+0x9/0x20 [ 605.096196][T23565] ? security_capable+0x7e/0x2e0 [ 605.096225][T23565] genl_rcv_msg+0x60e/0x790 [ 605.096250][T23565] ? __pfx_genl_rcv_msg+0x10/0x10 [ 605.096269][T23565] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 605.096304][T23565] netlink_rcv_skb+0x208/0x470 [ 605.096319][T23565] ? __lock_acquire+0xab9/0xd20 [ 605.096334][T23565] ? __pfx_genl_rcv_msg+0x10/0x10 [ 605.096354][T23565] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 605.096384][T23565] ? down_read+0x1ad/0x2e0 [ 605.096400][T23565] genl_rcv+0x28/0x40 [ 605.096417][T23565] netlink_unicast+0x82f/0x9e0 [ 605.096448][T23565] ? __pfx_netlink_unicast+0x10/0x10 [ 605.096473][T23565] ? netlink_sendmsg+0x642/0xb30 [ 605.096487][T23565] ? skb_put+0x11b/0x210 [ 605.096507][T23565] netlink_sendmsg+0x805/0xb30 [ 605.096533][T23565] ? __pfx_netlink_sendmsg+0x10/0x10 [ 605.096554][T23565] ? aa_sock_msg_perm+0xf1/0x1d0 [ 605.096580][T23565] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 605.096596][T23565] ? __pfx_netlink_sendmsg+0x10/0x10 [ 605.096613][T23565] __sock_sendmsg+0x21c/0x270 [ 605.096638][T23565] ____sys_sendmsg+0x505/0x830 [ 605.096663][T23565] ? __pfx_____sys_sendmsg+0x10/0x10 [ 605.096691][T23565] ? import_iovec+0x74/0xa0 [ 605.096715][T23565] ___sys_sendmsg+0x21f/0x2a0 [ 605.096736][T23565] ? __pfx____sys_sendmsg+0x10/0x10 [ 605.096787][T23565] ? __fget_files+0x2a/0x420 [ 605.096803][T23565] ? __fget_files+0x3a0/0x420 [ 605.096828][T23565] __x64_sys_sendmsg+0x19b/0x260 [ 605.096849][T23565] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 605.096877][T23565] ? __pfx_ksys_write+0x10/0x10 [ 605.096903][T23565] ? do_syscall_64+0xbe/0xfa0 [ 605.096928][T23565] do_syscall_64+0xfa/0xfa0 [ 605.096949][T23565] ? lockdep_hardirqs_on+0x9c/0x150 [ 605.096970][T23565] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 605.096987][T23565] ? clear_bhb_loop+0x60/0xb0 [ 605.097009][T23565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 605.097025][T23565] RIP: 0033:0x7fbc24d8f749 [ 605.097041][T23565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 605.097056][T23565] RSP: 002b:00007fbc25c9f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 605.097076][T23565] RAX: ffffffffffffffda RBX: 00007fbc24fe5fa0 RCX: 00007fbc24d8f749 [ 605.097088][T23565] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003 [ 605.097100][T23565] RBP: 00007fbc25c9f090 R08: 0000000000000000 R09: 0000000000000000 [ 605.097111][T23565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 605.097121][T23565] R13: 00007fbc24fe6038 R14: 00007fbc24fe5fa0 R15: 00007fff577d9da8 [ 605.097159][T23565] [ 605.572835][T23462] chnl_net:caif_netlink_parms(): no params data found [ 605.648864][T23467] Bluetooth: hci2: command tx timeout [ 605.752436][T23586] nbd: must specify a device to reconfigure [ 605.898505][T23462] bridge0: port 1(bridge_slave_0) entered blocking state [ 605.908552][T23462] bridge0: port 1(bridge_slave_0) entered disabled state [ 605.919605][T23462] bridge_slave_0: entered allmulticast mode [ 605.947692][T23462] bridge_slave_0: entered promiscuous mode [ 606.008573][T23598] veth0: entered promiscuous mode [ 606.014113][T23462] bridge0: port 2(bridge_slave_1) entered blocking state [ 606.021631][T23462] bridge0: port 2(bridge_slave_1) entered disabled state [ 606.029776][T23462] bridge_slave_1: entered allmulticast mode [ 606.037390][T23462] bridge_slave_1: entered promiscuous mode [ 606.057177][T23591] veth0: left promiscuous mode [ 606.166836][T23462] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 606.197215][T23462] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 606.278208][T23462] team0: Port device team_slave_0 added [ 606.297658][T23613] sch_tbf: burst 512 is lower than device syzkaller0 mtu (1514) ! [ 606.318823][T23462] team0: Port device team_slave_1 added [ 606.363112][T23613] tipc: Enabled bearer , priority 0 [ 606.445253][T23462] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 606.464988][T23462] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 606.470950][T23627] validate_nla: 6 callbacks suppressed [ 606.470969][T23627] netlink: 'syz.0.6020': attribute type 1 has an invalid length. [ 606.509076][T23462] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 606.523529][T23613] syzkaller0: entered promiscuous mode [ 606.529392][T23613] syzkaller0: entered allmulticast mode [ 606.537008][T23613] tipc: Resetting bearer [ 606.573120][T23627] 8021q: adding VLAN 0 to HW filter on device bond13 [ 606.581059][T23629] bond13: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms [ 606.593296][T23462] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 606.610411][T23462] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 606.636664][T23462] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 606.650858][T23612] tipc: Resetting bearer [ 606.686281][T23612] tipc: Disabling bearer [ 606.901716][T23462] hsr_slave_0: entered promiscuous mode [ 606.916792][T23462] hsr_slave_1: entered promiscuous mode [ 606.946487][T23462] debugfs: 'hsr0' already exists in 'hsr' [ 606.952269][T23462] Cannot create hsr debugfs directory [ 607.143046][T23664] netlink: 'syz.3.6027': attribute type 1 has an invalid length. [ 607.166949][T23664] __nla_validate_parse: 13 callbacks suppressed [ 607.166970][T23664] netlink: 224 bytes leftover after parsing attributes in process `syz.3.6027'. [ 607.185750][T22090] net_ratelimit: 50 callbacks suppressed [ 607.185768][T22090] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 607.235640][T22100] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 607.346061][T23673] netlink: 'syz.0.6031': attribute type 1 has an invalid length. [ 607.427122][T22102] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 607.530848][T23686] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6032'. [ 607.591942][T23673] 8021q: adding VLAN 0 to HW filter on device bond14 [ 607.613627][T23681] bond14: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms [ 607.738486][T23467] Bluetooth: hci2: command tx timeout [ 607.746477][T23693] tipc: Enabling of bearer rejected, failed to enable media [ 607.902751][T23462] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 607.925709][T23462] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 607.964768][T23699] veth1_macvtap: left promiscuous mode [ 607.971179][T23699] macsec0: entered promiscuous mode [ 607.977662][T23699] macsec0: entered allmulticast mode [ 607.990312][T23702] veth1_macvtap: entered promiscuous mode [ 607.997542][T23702] veth1_macvtap: entered allmulticast mode [ 608.004864][T23702] macsec0: left promiscuous mode [ 608.010249][T23702] macsec0: left allmulticast mode [ 608.015385][T23702] veth1_macvtap: left allmulticast mode [ 608.101825][T23462] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 608.124468][T23462] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 608.202942][T22097] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 608.221269][T23715] netlink: 'syz.0.6038': attribute type 10 has an invalid length. [ 608.272471][T23462] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 608.283587][T23462] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 608.305728][T22102] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 608.325685][T22090] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 608.385690][T23462] batman_adv: batadv0: Removing interface: ÿÿÿÿÿÿ [ 608.396689][T23462] netdevsim netdevsim1 ÿÿÿÿÿÿ (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 608.407676][T23462] netdevsim netdevsim1 ÿÿÿÿÿÿ (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 608.412686][T23733] netlink: 'syz.0.6044': attribute type 1 has an invalid length. [ 608.459225][T23733] 8021q: adding VLAN 0 to HW filter on device bond15 [ 608.467252][T23729] veth1: entered promiscuous mode [ 608.500042][T23733] bond15: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms [ 608.515725][T22097] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 608.525660][T22097] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 608.627736][T22102] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 608.716525][T22097] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 608.748294][T23756] tipc: Enabling of bearer rejected, failed to enable media [ 608.812968][T23462] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 608.824816][T23462] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 608.839303][T23462] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 608.863794][T23759] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6051'. [ 608.865068][T23462] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 608.880368][T23759] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6051'. [ 608.978835][T23462] 8021q: adding VLAN 0 to HW filter on device bond0 [ 609.023942][T23462] 8021q: adding VLAN 0 to HW filter on device team0 [ 609.051945][T22102] bridge0: port 1(bridge_slave_0) entered blocking state [ 609.059178][T22102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 609.093353][T23726] veth1: left promiscuous mode [ 609.118236][T22099] bridge0: port 2(bridge_slave_1) entered blocking state [ 609.125502][T22099] bridge0: port 2(bridge_slave_1) entered forwarding state [ 609.193453][T23462] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 609.203676][T23781] netlink: 'syz.3.6055': attribute type 10 has an invalid length. [ 609.213899][T23462] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 609.528036][T23462] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 609.620916][T23806] netlink: 'syz.0.6062': attribute type 10 has an invalid length. [ 609.634363][T23462] veth0_vlan: entered promiscuous mode [ 609.644992][T23806] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6062'. [ 609.656861][T23462] veth1_vlan: entered promiscuous mode [ 609.714555][T23462] veth0_macvtap: entered promiscuous mode [ 609.745144][T23462] veth1_macvtap: entered promiscuous mode [ 609.772548][T23462] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 609.800624][T23814] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6065'. [ 609.811389][T23467] Bluetooth: hci2: command tx timeout [ 609.841209][T23462] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 609.861392][T22102] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 609.869934][T23819] FAULT_INJECTION: forcing a failure. [ 609.869934][T23819] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 609.883756][T23819] CPU: 1 UID: 0 PID: 23819 Comm: syz.3.6067 Not tainted syzkaller #0 PREEMPT(full) [ 609.883782][T23819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 609.883793][T23819] Call Trace: [ 609.883800][T23819] [ 609.883809][T23819] dump_stack_lvl+0x189/0x250 [ 609.883836][T23819] ? __pfx____ratelimit+0x10/0x10 [ 609.883859][T23819] ? __pfx_dump_stack_lvl+0x10/0x10 [ 609.883881][T23819] ? __pfx__printk+0x10/0x10 [ 609.883910][T23819] should_fail_ex+0x414/0x560 [ 609.883938][T23819] _copy_to_user+0x31/0xb0 [ 609.883961][T23819] simple_read_from_buffer+0xe1/0x170 [ 609.883988][T23819] proc_fail_nth_read+0x1b3/0x220 [ 609.884012][T23819] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 609.884033][T23819] ? rw_verify_area+0x2a6/0x4d0 [ 609.884054][T23819] ? __lock_acquire+0xab9/0xd20 [ 609.884068][T23819] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 609.884091][T23819] vfs_read+0x200/0xa30 [ 609.884112][T23819] ? fdget_pos+0x247/0x320 [ 609.884133][T23819] ? __pfx___mutex_lock+0x10/0x10 [ 609.884157][T23819] ? __pfx_vfs_read+0x10/0x10 [ 609.884178][T23819] ? __fget_files+0x2a/0x420 [ 609.884198][T23819] ? __fget_files+0x3a0/0x420 [ 609.884213][T23819] ? __fget_files+0x2a/0x420 [ 609.884239][T23819] ksys_read+0x145/0x250 [ 609.884261][T23819] ? __pfx_ksys_read+0x10/0x10 [ 609.884285][T23819] ? do_syscall_64+0xbe/0xfa0 [ 609.884311][T23819] do_syscall_64+0xfa/0xfa0 [ 609.884331][T23819] ? lockdep_hardirqs_on+0x9c/0x150 [ 609.884363][T23819] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 609.884380][T23819] ? clear_bhb_loop+0x60/0xb0 [ 609.884402][T23819] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 609.884418][T23819] RIP: 0033:0x7fbc24d8e15c [ 609.884434][T23819] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 609.884449][T23819] RSP: 002b:00007fbc25c9f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 609.884468][T23819] RAX: ffffffffffffffda RBX: 00007fbc24fe5fa0 RCX: 00007fbc24d8e15c [ 609.884481][T23819] RDX: 000000000000000f RSI: 00007fbc25c9f0a0 RDI: 0000000000000004 [ 609.884492][T23819] RBP: 00007fbc25c9f090 R08: 0000000000000000 R09: 0000000000000000 [ 609.884503][T23819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 609.884514][T23819] R13: 00007fbc24fe6038 R14: 00007fbc24fe5fa0 R15: 00007fff577d9da8 [ 609.884546][T23819] [ 610.123100][ T3558] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.133135][ T3558] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.141914][ T3558] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.366955][T23836] netlink: 'syz.4.6072': attribute type 1 has an invalid length. [ 610.431544][T22096] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 610.448521][T22096] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 610.524803][T23836] 8021q: adding VLAN 0 to HW filter on device bond12 [ 610.542195][T23846] netlink: 'syz.0.6074': attribute type 29 has an invalid length. [ 610.565965][T22100] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 610.588922][T22100] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 610.620024][T23841] veth13: entered promiscuous mode [ 610.625413][T23850] netlink: 500 bytes leftover after parsing attributes in process `syz.0.6074'. [ 610.647355][T23841] bond12: (slave veth13): Enslaving as a backup interface with a down link [ 610.665745][T23846] netlink: 'syz.0.6074': attribute type 29 has an invalid length. [ 611.158404][T23882] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.6083'. [ 611.493383][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 611.517602][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 611.526262][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 611.533710][T14666] bond0: (slave syz_tun): Releasing backup interface [ 611.534984][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 611.548736][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 611.590942][T23891] veth15: entered promiscuous mode [ 611.600039][T23891] bond16: (slave veth15): Enslaving as a backup interface with a down link [ 611.613680][T23901] 8021q: adding VLAN 0 to HW filter on device bond16 [ 611.880930][T23909] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6094'. [ 611.890515][ T51] Bluetooth: hci2: command tx timeout [ 611.922870][T23897] wlan0 speed is unknown, defaulting to 1000 [ 612.114838][T23919] vlan2: entered promiscuous mode [ 612.125947][T23919] bridge0: entered promiscuous mode [ 612.347989][T23929] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6101'. [ 612.365330][T23926] validate_nla: 1 callbacks suppressed [ 612.365348][T23926] netlink: 'syz.0.6100': attribute type 72 has an invalid length. [ 612.466754][T22102] net_ratelimit: 42 callbacks suppressed [ 612.466773][T22102] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 612.482221][T23932] netlink: 'syz.4.6102': attribute type 1 has an invalid length. [ 612.535833][T22096] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 612.887243][T23945] 8021q: adding VLAN 0 to HW filter on device bond13 [ 612.932675][T23948] veth15: entered promiscuous mode [ 612.944335][T23948] bond13: (slave veth15): Enslaving as a backup interface with a down link [ 612.953564][T22100] netdevsim netdevsim0 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 612.962240][T22100] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 256 - 0 [ 613.026571][T22100] netdevsim netdevsim0 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 613.034964][T22100] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 256 - 0 [ 613.060191][T22102] netdevsim netdevsim0 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 613.072911][T22102] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 256 - 0 [ 613.136847][T22102] netdevsim netdevsim0 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 613.145244][T22102] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 256 - 0 [ 613.225725][T23966] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6113'. [ 613.261675][T23963] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.6112'. [ 613.271500][ T3558] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 613.295625][T22090] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 613.330109][T23897] chnl_net:caif_netlink_parms(): no params data found [ 613.358096][T23972] netlink: 68 bytes leftover after parsing attributes in process `syz.4.6115'. [ 613.446588][T23972] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6115'. [ 613.553017][T23897] bridge0: port 1(bridge_slave_0) entered blocking state [ 613.560842][T23897] bridge0: port 1(bridge_slave_0) entered disabled state [ 613.567995][ T51] Bluetooth: hci1: command tx timeout [ 613.574312][T23897] bridge_slave_0: entered allmulticast mode [ 613.582847][T23897] bridge_slave_0: entered promiscuous mode [ 613.606774][T23897] bridge0: port 2(bridge_slave_1) entered blocking state [ 613.614785][T23897] bridge0: port 2(bridge_slave_1) entered disabled state [ 613.622769][T23897] bridge_slave_1: entered allmulticast mode [ 613.630810][T23897] bridge_slave_1: entered promiscuous mode [ 613.729883][T23988] gtp3: entered promiscuous mode [ 613.735003][T23988] gtp3: entered allmulticast mode [ 613.748029][T23897] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 613.930822][T23996] netlink: 'syz.0.6123': attribute type 4 has an invalid length. [ 613.983845][T23997] netlink: 'syz.0.6123': attribute type 4 has an invalid length. [ 615.243915][T23897] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 615.336125][T23897] team0: Port device team_slave_0 added [ 615.358421][ T3558] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 615.390302][T24005] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.6124'. [ 615.397964][T23897] team0: Port device team_slave_1 added [ 615.408072][ T3558] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 615.511803][T23897] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 615.522292][T23897] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 615.555026][T24011] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6128'. [ 615.574947][T24011] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 615.575975][T23897] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 615.600799][T23897] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 615.609690][T23897] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 615.650257][ T51] Bluetooth: hci1: command tx timeout [ 615.680999][T23897] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 615.706986][ T3558] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 615.888114][T22098] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 615.960275][T24027] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6130'. [ 616.088667][T23897] hsr_slave_0: entered promiscuous mode [ 616.101337][T23897] hsr_slave_1: entered promiscuous mode [ 616.122628][T23897] debugfs: 'hsr0' already exists in 'hsr' [ 616.144985][T23897] Cannot create hsr debugfs directory [ 616.671118][T24065] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.6138'. [ 616.900959][T23897] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 616.912921][T23897] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 616.945863][T22099] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 617.062433][T24089] netlink: 244 bytes leftover after parsing attributes in process `syz.0.6147'. [ 617.087754][T23897] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 617.115605][T23897] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 617.274096][T23897] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 617.285899][T23897] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 617.377257][T24108] __nla_validate_parse: 1 callbacks suppressed [ 617.377274][T24108] netlink: 232 bytes leftover after parsing attributes in process `syz.1.6153'. [ 617.729064][ T51] Bluetooth: hci1: command tx timeout [ 618.810115][T22090] net_ratelimit: 7 callbacks suppressed [ 618.810136][T22090] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 618.870313][T23897] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 618.881075][T23897] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 618.906167][T22099] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 618.925057][T24109] workqueue: Failed to create a rescuer kthread for wq "bond16": -EINTR [ 618.951363][T22099] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 619.025697][T22097] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 619.146274][ T3558] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 619.155840][T24120] can: request_module (can-proto-3) failed. [ 619.155920][T24121] can: request_module (can-proto-3) failed. [ 619.205702][ T3558] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 619.222979][T24135] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 619.274033][T23897] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 619.285153][T23897] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 619.344298][T23897] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 619.371947][T23897] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 619.460331][T24154] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6166'. [ 619.503860][T24160] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 619.521661][T24160] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6167'. [ 619.546376][T22099] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 619.554435][T24165] netlink: 'syz.3.6168': attribute type 1 has an invalid length. [ 619.700716][T23897] 8021q: adding VLAN 0 to HW filter on device bond0 [ 619.717377][T22097] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 619.770721][T23897] 8021q: adding VLAN 0 to HW filter on device team0 [ 619.795150][T22090] bridge0: port 1(bridge_slave_0) entered blocking state [ 619.802364][T22090] bridge0: port 1(bridge_slave_0) entered forwarding state [ 619.815229][T24172] netlink: 'syz.0.6172': attribute type 1 has an invalid length. [ 619.817312][T22090] bridge0: port 2(bridge_slave_1) entered blocking state [ 619.825571][ T51] Bluetooth: hci1: command tx timeout [ 619.830144][T22090] bridge0: port 2(bridge_slave_1) entered forwarding state [ 619.890304][T24172] 8021q: adding VLAN 0 to HW filter on device bond16 [ 619.898392][T24174] netlink: 'syz.4.6174': attribute type 29 has an invalid length. [ 619.906641][T24179] netlink: 'syz.4.6174': attribute type 29 has an invalid length. [ 619.918956][T24174] netlink: 500 bytes leftover after parsing attributes in process `syz.4.6174'. [ 619.919788][T24178] bond16: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms [ 619.936960][T24172] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6172'. [ 619.955722][T22102] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 620.125395][T23897] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 620.168021][T23897] veth0_vlan: entered promiscuous mode [ 620.181946][T23897] veth1_vlan: entered promiscuous mode [ 620.216475][T23897] veth0_macvtap: entered promiscuous mode [ 620.226373][T23897] veth1_macvtap: entered promiscuous mode [ 620.243308][T23897] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 620.258807][T23897] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 620.273379][T22097] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 620.282684][T22097] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 620.292762][T22097] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 620.301768][T22097] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 620.360412][T22099] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 620.370562][T22099] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 620.391544][T22097] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 620.400327][T22097] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 623.825747][T22102] net_ratelimit: 67 callbacks suppressed [ 623.825769][T22102] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 623.845736][T22102] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 623.945669][T22102] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 623.956118][T22102] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 624.055620][ T3558] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 624.065638][T22102] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 624.165647][T22102] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 624.185712][T22102] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 624.275622][ T3558] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 624.295901][ T3558] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 624.368736][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 628.895726][T22097] net_ratelimit: 82 callbacks suppressed [ 628.895748][T22097] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 628.926149][T22102] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 629.015723][T22097] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 629.035964][T22099] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 629.125724][T22097] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 629.145860][T22097] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 629.235695][T22102] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 629.255911][T22099] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 629.345713][T22102] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 629.366001][T22099] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 633.977406][T22097] net_ratelimit: 82 callbacks suppressed [ 633.977427][T22097] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 633.995760][T22097] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 634.095685][ T3558] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 634.105670][ T3558] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 634.205748][T22097] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 634.215682][T22097] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 634.315750][T22097] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 634.325854][T22097] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 634.425743][T22102] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 634.435742][T22099] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 639.065643][T22102] net_ratelimit: 82 callbacks suppressed [ 639.065665][T22102] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 639.095794][T22097] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 639.186039][T22102] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 639.205769][T22102] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 639.295734][T22102] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 639.325735][T22099] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 639.406399][T22102] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 639.435664][T22102] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 639.515746][T22102] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 639.545647][T22097] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 644.160164][T24193] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6176'. [ 644.165880][T22102] net_ratelimit: 82 callbacks suppressed [ 644.165900][T22102] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 644.216155][T22102] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 644.242932][T24199] netlink: 160 bytes leftover after parsing attributes in process `syz.4.6179'. [ 644.316491][T22102] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 644.365780][T22102] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 644.458433][T22100] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 644.505584][T22100] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 644.590025][T24211] netlink: 'syz.2.6183': attribute type 1 has an invalid length. [ 644.600346][T13780] bond0: (slave syz_tun): Releasing backup interface [ 644.605563][T24211] netlink: 'syz.2.6183': attribute type 4 has an invalid length. [ 644.614893][T24211] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.6183'. [ 644.655656][ T3558] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 644.686881][T23467] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 644.699785][T23467] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 644.708662][T23467] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 644.716850][T23467] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 644.724541][T23467] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 644.766913][ T3558] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 644.805744][ T3558] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 644.830452][T24219] netlink: 'syz.1.6185': attribute type 29 has an invalid length. [ 644.841098][T24219] netlink: 'syz.1.6185': attribute type 29 has an invalid length. [ 644.864491][T24219] netlink: 500 bytes leftover after parsing attributes in process `syz.1.6185'. [ 644.875874][T22099] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 645.001301][T24214] wlan0 speed is unknown, defaulting to 1000 [ 645.014221][T24223] netlink: 'syz.1.6187': attribute type 1 has an invalid length. [ 645.077514][T24223] 8021q: adding VLAN 0 to HW filter on device bond1 [ 645.116121][T24230] bond1: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms [ 645.163342][T24223] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6187'. [ 645.632460][T24214] chnl_net:caif_netlink_parms(): no params data found [ 645.672944][T24262] netlink: 'syz.2.6198': attribute type 1 has an invalid length. [ 645.680953][T24260] netlink: 'syz.4.6197': attribute type 29 has an invalid length. [ 645.722173][T24260] netlink: 'syz.4.6197': attribute type 29 has an invalid length. [ 645.732599][T24260] netlink: 500 bytes leftover after parsing attributes in process `syz.4.6197'. [ 645.750511][T24262] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6198'. [ 645.911194][T24214] bridge0: port 1(bridge_slave_0) entered blocking state [ 645.924186][T24214] bridge0: port 1(bridge_slave_0) entered disabled state [ 645.932678][T24214] bridge_slave_0: entered allmulticast mode [ 645.941668][T24214] bridge_slave_0: entered promiscuous mode [ 645.955261][T24275] team0: Device ipvlan1 failed to register rx_handler [ 645.969282][T24279] netlink: 60 bytes leftover after parsing attributes in process `syz.1.6202'. [ 645.983824][T24279] netlink: 48 bytes leftover after parsing attributes in process `syz.1.6202'. [ 646.001268][T24214] bridge0: port 2(bridge_slave_1) entered blocking state [ 646.018925][T24214] bridge0: port 2(bridge_slave_1) entered disabled state [ 646.033934][T24214] bridge_slave_1: entered allmulticast mode [ 646.047853][T24214] bridge_slave_1: entered promiscuous mode [ 646.188730][T24214] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 646.205257][T24299] netlink: 'syz.4.6208': attribute type 1 has an invalid length. [ 646.210121][T24214] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 646.276803][T24302] xt_ecn: cannot match TCP bits for non-tcp packets [ 646.310758][T24303] netlink: 'syz.1.6209': attribute type 29 has an invalid length. [ 646.328362][T24299] macvlan2: entered promiscuous mode [ 646.333776][T24299] macvlan2: entered allmulticast mode [ 646.341001][T24299] bond14: entered promiscuous mode [ 646.349155][T24299] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 646.360456][T24302] ipt_REJECT: TCP_RESET invalid for non-tcp [ 646.371568][T24299] bond14: left promiscuous mode [ 646.379276][T24309] netlink: 500 bytes leftover after parsing attributes in process `syz.1.6209'. [ 646.416195][T24214] team0: Port device team_slave_0 added [ 646.509498][T24311] 8021q: adding VLAN 0 to HW filter on device bond2 [ 646.521050][T24214] team0: Port device team_slave_1 added [ 646.545903][T24311] bond2: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms [ 646.613309][T24214] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 646.624933][T24214] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 646.659109][T24214] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 646.665678][T24321] IPVS: set_ctl: invalid protocol: 58 255.255.255.255:20000 [ 646.672379][T24214] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 646.690568][T24214] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 646.718053][T24214] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 646.752598][T24318] 8021q: adding VLAN 0 to HW filter on device bond15 [ 646.765731][T23467] Bluetooth: hci4: command tx timeout [ 647.013871][T24214] hsr_slave_0: entered promiscuous mode [ 647.031924][T24214] hsr_slave_1: entered promiscuous mode [ 647.056563][T24214] debugfs: 'hsr0' already exists in 'hsr' [ 647.068577][T24214] Cannot create hsr debugfs directory [ 647.713478][T24382] FAULT_INJECTION: forcing a failure. [ 647.713478][T24382] name failslab, interval 1, probability 0, space 0, times 0 [ 647.727536][T24382] CPU: 1 UID: 0 PID: 24382 Comm: syz.1.6234 Not tainted syzkaller #0 PREEMPT(full) [ 647.727586][T24382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 647.727610][T24382] Call Trace: [ 647.727618][T24382] [ 647.727627][T24382] dump_stack_lvl+0x189/0x250 [ 647.727655][T24382] ? __pfx____ratelimit+0x10/0x10 [ 647.727678][T24382] ? __pfx_dump_stack_lvl+0x10/0x10 [ 647.727701][T24382] ? __pfx__printk+0x10/0x10 [ 647.727725][T24382] ? __pfx___might_resched+0x10/0x10 [ 647.727750][T24382] should_fail_ex+0x414/0x560 [ 647.727780][T24382] should_failslab+0xa8/0x100 [ 647.727799][T24382] __kmalloc_noprof+0xcb/0x7f0 [ 647.727821][T24382] ? kfree+0x4d/0x6d0 [ 647.727839][T24382] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 647.727871][T24382] tomoyo_realpath_from_path+0xe3/0x5d0 [ 647.727898][T24382] ? tomoyo_domain+0xd9/0x130 [ 647.727920][T24382] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 647.727942][T24382] tomoyo_path_number_perm+0x1e8/0x5a0 [ 647.727967][T24382] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 647.728025][T24382] ? __fget_files+0x2a/0x420 [ 647.728047][T24382] ? __fget_files+0x3a0/0x420 [ 647.728062][T24382] ? __fget_files+0x2a/0x420 [ 647.728083][T24382] security_file_ioctl+0xcb/0x2d0 [ 647.728106][T24382] __se_sys_ioctl+0x47/0x170 [ 647.728131][T24382] do_syscall_64+0xfa/0xfa0 [ 647.728153][T24382] ? lockdep_hardirqs_on+0x9c/0x150 [ 647.728176][T24382] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 647.728193][T24382] ? clear_bhb_loop+0x60/0xb0 [ 647.728215][T24382] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 647.728232][T24382] RIP: 0033:0x7fdd4d18f749 [ 647.728249][T24382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 647.728264][T24382] RSP: 002b:00007fdd4dfb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 647.728283][T24382] RAX: ffffffffffffffda RBX: 00007fdd4d3e5fa0 RCX: 00007fdd4d18f749 [ 647.728296][T24382] RDX: 0000200000000000 RSI: 000000000000890b RDI: 0000000000000003 [ 647.728308][T24382] RBP: 00007fdd4dfb4090 R08: 0000000000000000 R09: 0000000000000000 [ 647.728320][T24382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 647.728331][T24382] R13: 00007fdd4d3e6038 R14: 00007fdd4d3e5fa0 R15: 00007ffd037b1488 [ 647.728362][T24382] [ 647.728382][T24382] ERROR: Out of memory at tomoyo_realpath_from_path. [ 648.431184][T24415] lo: entered promiscuous mode [ 648.507219][T24214] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 648.567501][T24214] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 648.592706][T24214] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 648.627431][T24214] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 648.846966][T23467] Bluetooth: hci4: command tx timeout [ 648.889712][T24214] 8021q: adding VLAN 0 to HW filter on device bond0 [ 648.947070][T24214] 8021q: adding VLAN 0 to HW filter on device team0 [ 648.967673][T22100] bridge0: port 1(bridge_slave_0) entered blocking state [ 648.974830][T22100] bridge0: port 1(bridge_slave_0) entered forwarding state [ 649.102196][T22100] bridge0: port 2(bridge_slave_1) entered blocking state [ 649.109396][T22100] bridge0: port 2(bridge_slave_1) entered forwarding state [ 649.186673][T24469] __nla_validate_parse: 13 callbacks suppressed [ 649.186693][T24469] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6256'. [ 649.235648][T22098] net_ratelimit: 28 callbacks suppressed [ 649.235669][T22098] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 649.327314][T22098] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 649.353226][T24214] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 649.425702][T22097] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 649.467037][ T3558] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 649.536129][T22100] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 649.578977][T22100] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 649.605303][T24487] validate_nla: 13 callbacks suppressed [ 649.605321][T24487] netlink: 'syz.4.6261': attribute type 12 has an invalid length. [ 649.666644][T22100] bond2: (slave ip6gretap1): failed to get link speed/duplex [ 649.674884][T24489] syzkaller0: entered promiscuous mode [ 649.682804][T24489] syzkaller0: entered allmulticast mode [ 649.726770][T22098] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 649.834511][T24214] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 649.844292][T24498] FAULT_INJECTION: forcing a failure. [ 649.844292][T24498] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 649.868867][T24498] CPU: 0 UID: 0 PID: 24498 Comm: syz.4.6265 Not tainted syzkaller #0 PREEMPT(full) [ 649.868894][T24498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 649.868904][T24498] Call Trace: [ 649.868911][T24498] [ 649.868920][T24498] dump_stack_lvl+0x189/0x250 [ 649.868948][T24498] ? __pfx____ratelimit+0x10/0x10 [ 649.868970][T24498] ? __pfx_dump_stack_lvl+0x10/0x10 [ 649.868991][T24498] ? __pfx__printk+0x10/0x10 [ 649.869010][T24498] ? __might_fault+0xb0/0x130 [ 649.869043][T24498] should_fail_ex+0x414/0x560 [ 649.869071][T24498] _copy_from_user+0x2d/0xb0 [ 649.869092][T24498] inet6_ioctl+0x180/0x280 [ 649.869120][T24498] ? __pfx_inet6_ioctl+0x10/0x10 [ 649.869146][T24498] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 649.869173][T24498] sock_do_ioctl+0xdc/0x300 [ 649.869197][T24498] ? __pfx_sock_do_ioctl+0x10/0x10 [ 649.869233][T24498] sock_ioctl+0x576/0x790 [ 649.869255][T24498] ? __pfx_sock_ioctl+0x10/0x10 [ 649.869278][T24498] ? __fget_files+0x3a0/0x420 [ 649.869294][T24498] ? __fget_files+0x2a/0x420 [ 649.869314][T24498] ? bpf_lsm_file_ioctl+0x9/0x20 [ 649.869332][T24498] ? __pfx_sock_ioctl+0x10/0x10 [ 649.869351][T24498] __se_sys_ioctl+0xfc/0x170 [ 649.869375][T24498] do_syscall_64+0xfa/0xfa0 [ 649.869396][T24498] ? lockdep_hardirqs_on+0x9c/0x150 [ 649.869419][T24498] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 649.869434][T24498] ? clear_bhb_loop+0x60/0xb0 [ 649.869454][T24498] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 649.869471][T24498] RIP: 0033:0x7f94ee98f749 [ 649.869486][T24498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 649.869501][T24498] RSP: 002b:00007f94ef8b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 649.869521][T24498] RAX: ffffffffffffffda RBX: 00007f94eebe5fa0 RCX: 00007f94ee98f749 [ 649.869533][T24498] RDX: 0000200000000000 RSI: 000000000000890b RDI: 0000000000000003 [ 649.869544][T24498] RBP: 00007f94ef8b2090 R08: 0000000000000000 R09: 0000000000000000 [ 649.869555][T24498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 649.869566][T24498] R13: 00007f94eebe6038 R14: 00007f94eebe5fa0 R15: 00007ffffae1b488 [ 649.869597][T24498] [ 649.903375][T24214] veth0_vlan: entered promiscuous mode [ 650.184511][T24499] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6266'. [ 650.221902][T24514] xt_CT: You must specify a L4 protocol and not use inversions on it [ 650.223284][T24500] syzkaller0: entered promiscuous mode [ 650.234531][T24515] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 650.242208][T24500] syzkaller0: entered allmulticast mode [ 650.930692][T23467] Bluetooth: hci4: command tx timeout [ 651.361065][T24541] netlink: 'syz.1.6277': attribute type 1 has an invalid length. [ 651.962965][T24541] 8021q: adding VLAN 0 to HW filter on device bond3 [ 651.970227][T24542] bond3: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms [ 651.996636][T22100] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 652.004845][T24214] veth1_vlan: entered promiscuous mode [ 652.148446][T24214] veth0_macvtap: entered promiscuous mode [ 652.178165][T24214] veth1_macvtap: entered promiscuous mode [ 652.228026][T24558] netlink: 'syz.0.6282': attribute type 1 has an invalid length. [ 652.292362][T24214] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 652.304776][T24214] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 652.373546][T22100] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 652.399708][T22100] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 652.427595][T22100] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 652.445556][T22100] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 652.514135][T24576] netlink: 'syz.2.6287': attribute type 1 has an invalid length. [ 652.623305][T24576] 8021q: adding VLAN 0 to HW filter on device bond1 [ 652.646939][T22100] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 652.654783][T22100] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 652.670667][T24583] bond1: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms [ 652.702322][T24576] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 652.764963][T24588] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6290'. [ 652.782057][T22097] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 652.801392][T24588] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 652.815142][T22097] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 652.827469][T24588] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 652.858802][T24597] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6294'. [ 653.008044][T24602] netlink: 'syz.3.6178': attribute type 1 has an invalid length. [ 653.016841][T23467] Bluetooth: hci4: command tx timeout [ 653.073744][T24602] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6178'. [ 653.133324][T24602] gre0: entered promiscuous mode [ 653.140624][T24602] gre0: entered allmulticast mode [ 653.199857][T24606] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6297'. [ 653.577225][T24625] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6305'. [ 654.010695][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 654.022633][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 654.031439][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 654.040761][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 654.049370][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 654.256193][T22097] net_ratelimit: 70 callbacks suppressed [ 654.256214][T22097] bond1: (slave ip6gretap1): link status up, enabling it in 0 ms [ 654.306159][T22098] bond1: (slave ip6gretap1): link status up, enabling it in 0 ms [ 654.329322][T22098] bond1: (slave ip6gretap1): link status up, enabling it in 0 ms [ 654.361353][T22098] bond1: (slave ip6gretap1): link status up, enabling it in 0 ms [ 654.389996][T22098] bond1: (slave ip6gretap1): link status up, enabling it in 0 ms [ 654.431145][T22100] bond1: (slave ip6gretap1): link status up, enabling it in 0 ms [ 654.461364][T22100] bond1: (slave ip6gretap1): link status up, enabling it in 0 ms [ 654.488316][T22090] bond1: (slave ip6gretap1): link status up, enabling it in 0 ms [ 654.522090][T22098] bond1: (slave ip6gretap1): link status up, enabling it in 0 ms [ 654.545762][T22098] bond1: (slave ip6gretap1): link status up, enabling it in 0 ms [ 654.571991][T24665] netlink: 412 bytes leftover after parsing attributes in process `syz.4.6318'. [ 655.713000][T15124] bond0: (slave syz_tun): Releasing backup interface [ 655.745514][T24650] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6311'. [ 655.828544][T24667] netlink: 'syz.1.6319': attribute type 13 has an invalid length. [ 655.957404][T24679] netlink: 64 bytes leftover after parsing attributes in process `syz.4.6323'. [ 656.057177][T24682] netlink: 44 bytes leftover after parsing attributes in process `syz.4.6323'. [ 656.127613][T23467] Bluetooth: hci0: command tx timeout [ 656.220511][T24686] netlink: 'syz.2.6324': attribute type 10 has an invalid length. [ 656.231583][T24686] netlink: 21 bytes leftover after parsing attributes in process `syz.2.6324'. [ 656.263155][T24679] team0: No ports can be present during mode change [ 656.288968][T24681] vlan2: entered allmulticast mode [ 656.305777][T24646] wlan0 speed is unknown, defaulting to 1000 [ 656.315191][T24686] net veth1_virt_wifi virt_wifi0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 656.328470][T24686] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 656.337023][T24686] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 656.359171][T24688] tipc: Started in network mode [ 656.364602][T24688] tipc: Node identity 561a2d97ac09, cluster identity 4711 [ 656.372908][T24688] tipc: Enabled bearer , priority 0 [ 656.390182][T24687] tipc: Disabling bearer [ 656.413278][T24690] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6326'. [ 656.738339][T24706] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6331'. [ 656.750266][T24694] nbd: must specify an index to disconnect [ 656.759954][T24694] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6328'. [ 656.908618][T24716] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6333'. [ 657.092185][T24727] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6334'. [ 657.308797][T24646] chnl_net:caif_netlink_parms(): no params data found [ 657.479614][T24740] syzkaller0: entered promiscuous mode [ 657.485138][T24740] syzkaller0: entered allmulticast mode [ 657.581384][T24753] netlink: 'syz.2.6345': attribute type 10 has an invalid length. [ 657.587345][T24646] bridge0: port 1(bridge_slave_0) entered blocking state [ 657.596708][T24646] bridge0: port 1(bridge_slave_0) entered disabled state [ 657.603965][T24646] bridge_slave_0: entered allmulticast mode [ 657.612784][T24646] bridge_slave_0: entered promiscuous mode [ 657.622414][T24646] bridge0: port 2(bridge_slave_1) entered blocking state [ 657.630577][T24646] bridge0: port 2(bridge_slave_1) entered disabled state [ 657.638084][T24646] bridge_slave_1: entered allmulticast mode [ 657.647345][T24646] bridge_slave_1: entered promiscuous mode [ 657.661835][T24753] team0: Device veth1_macvtap failed to register rx_handler [ 657.816600][T24646] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 657.833614][T24646] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 657.844719][T24753] netlink: 'syz.2.6345': attribute type 9 has an invalid length. [ 657.877484][T24764] xt_ecn: cannot match TCP bits for non-tcp packets [ 657.932291][T24764] veth0: entered promiscuous mode [ 657.954823][T24646] team0: Port device team_slave_0 added [ 657.991322][T24646] team0: Port device team_slave_1 added [ 658.023380][T24764] veth0: left promiscuous mode [ 658.033195][T24772] netlink: 'syz.3.6353': attribute type 4 has an invalid length. [ 658.057707][T24646] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 658.072392][T24646] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 658.099928][T24646] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 658.120096][T24646] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 658.127689][T24646] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 658.153892][ T856] Oops: general protection fault, probably for non-canonical address 0xdffffc000000004c: 0000 [#1] SMP KASAN PTI [ 658.153914][ T856] KASAN: null-ptr-deref in range [0x0000000000000260-0x0000000000000267] [ 658.153935][ T856] CPU: 1 UID: 0 PID: 856 Comm: kworker/1:2 Not tainted syzkaller #0 PREEMPT(full) [ 658.153954][ T856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 658.166901][T24646] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 658.174213][ T856] Workqueue: events l2cap_info_timeout [ 658.209453][ T856] RIP: 0010:kasan_byte_accessible+0x12/0x30 [ 658.215352][ T856] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 e9 d0 94 23 09 cc 66 66 66 66 66 66 2e [ 658.234945][ T856] RSP: 0018:ffffc90003c57788 EFLAGS: 00010202 [ 658.241003][ T856] RAX: dffffc0000000000 RBX: ffffffff891f0a58 RCX: 60cdb062140a2800 [ 658.248962][ T856] RDX: 0000000000000000 RSI: ffffffff891f0a58 RDI: 000000000000004c [ 658.256917][ T856] RBP: ffffffff8a500995 R08: 0000000000000001 R09: 0000000000000000 [ 658.264877][ T856] R10: dffffc0000000000 R11: ffffffff8a500950 R12: 0000000000000000 [ 658.272836][ T856] R13: 0000000000000260 R14: 0000000000000260 R15: 0000000000000001 [ 658.280816][ T856] FS: 0000000000000000(0000) GS:ffff88812623b000(0000) knlGS:0000000000000000 [ 658.289729][ T856] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 658.296301][ T856] CR2: 000000110c2e2093 CR3: 000000000dd38000 CR4: 00000000003526f0 [ 658.304265][ T856] Call Trace: [ 658.307531][ T856] [ 658.310448][ T856] __kasan_check_byte+0x12/0x40 [ 658.315300][ T856] lock_acquire+0x8d/0x360 [ 658.319701][ T856] ? lockdep_hardirqs_on+0x9c/0x150 [ 658.324891][ T856] ? __cancel_work+0x254/0x2e0 [ 658.329642][ T856] lock_sock_nested+0x48/0x100 [ 658.334394][ T856] ? l2cap_sock_ready_cb+0x45/0x140 [ 658.339581][ T856] l2cap_sock_ready_cb+0x45/0x140 [ 658.344592][ T856] l2cap_conn_start+0x76d/0xe50 [ 658.349437][ T856] ? __pfx_l2cap_conn_start+0x10/0x10 [ 658.354801][ T856] ? __lock_acquire+0xab9/0xd20 [ 658.359635][ T856] ? __pfx___mutex_lock+0x10/0x10 [ 658.364653][ T856] ? process_scheduled_works+0x9ef/0x17b0 [ 658.370364][ T856] l2cap_info_timeout+0x68/0xa0 [ 658.375207][ T856] ? process_scheduled_works+0x9ef/0x17b0 [ 658.380915][ T856] process_scheduled_works+0xae1/0x17b0 [ 658.386457][ T856] ? __pfx_process_scheduled_works+0x10/0x10 [ 658.392433][ T856] worker_thread+0x8a0/0xda0 [ 658.397027][ T856] kthread+0x711/0x8a0 [ 658.401084][ T856] ? __pfx_worker_thread+0x10/0x10 [ 658.406180][ T856] ? __pfx_kthread+0x10/0x10 [ 658.410758][ T856] ? _raw_spin_unlock_irq+0x23/0x50 [ 658.415946][ T856] ? lockdep_hardirqs_on+0x9c/0x150 [ 658.421133][ T856] ? __pfx_kthread+0x10/0x10 [ 658.425721][ T856] ret_from_fork+0x4bc/0x870 [ 658.430297][ T856] ? __pfx_ret_from_fork+0x10/0x10 [ 658.435393][ T856] ? __switch_to_asm+0x39/0x70 [ 658.440139][ T856] ? __switch_to_asm+0x33/0x70 [ 658.444884][ T856] ? __pfx_kthread+0x10/0x10 [ 658.449467][ T856] ret_from_fork_asm+0x1a/0x30 [ 658.454227][ T856] [ 658.457246][ T856] Modules linked in: [ 658.462472][ T856] ---[ end trace 0000000000000000 ]--- [ 658.475953][T23467] Bluetooth: hci0: command tx timeout [ 658.477225][ T856] RIP: 0010:kasan_byte_accessible+0x12/0x30 [ 658.499667][T24646] hsr_slave_0: entered promiscuous mode [ 658.506841][T24646] hsr_slave_1: entered promiscuous mode [ 658.513067][T24646] debugfs: 'hsr0' already exists in 'hsr' [ 658.514160][ T856] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 e9 d0 94 23 09 cc 66 66 66 66 66 66 2e [ 658.519500][T24646] Cannot create hsr debugfs directory [ 658.561484][ T856] RSP: 0018:ffffc90003c57788 EFLAGS: 00010202 [ 658.568347][ T856] RAX: dffffc0000000000 RBX: ffffffff891f0a58 RCX: 60cdb062140a2800 [ 658.583234][ T856] RDX: 0000000000000000 RSI: ffffffff891f0a58 RDI: 000000000000004c [ 658.591500][ T856] RBP: ffffffff8a500995 R08: 0000000000000001 R09: 0000000000000000 [ 658.599644][ T856] R10: dffffc0000000000 R11: ffffffff8a500950 R12: 0000000000000000 [ 658.612970][ T856] R13: 0000000000000260 R14: 0000000000000260 R15: 0000000000000001 [ 658.621274][ T856] FS: 0000000000000000(0000) GS:ffff88812623b000(0000) knlGS:0000000000000000 [ 658.630474][ T856] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 658.637248][ T856] CR2: 00007fd8585b0eb8 CR3: 0000000077c12000 CR4: 00000000003526f0 [ 658.645261][ T856] Kernel panic - not syncing: Fatal exception [ 658.651686][ T856] Kernel Offset: disabled [ 658.656000][ T856] Rebooting in 86400 seconds..