last executing test programs: 3.103551475s ago: executing program 3 (id=11727): r0 = socket$inet(0x2, 0x3, 0x8d) setsockopt$inet_msfilter(r0, 0x0, 0x8, &(0x7f00000000c0)=ANY=[@ANYRESDEC], 0x1) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000200)={0x0, @local, @local}, &(0x7f0000000140)=0xc) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @loopback}, 0x40, r1}) r3 = socket(0xa, 0x1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)}, 0x0) ioctl(r2, 0x8916, &(0x7f0000000000)) ioctl(r3, 0x8936, &(0x7f0000000000)) 2.995737272s ago: executing program 3 (id=11729): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x34, r2, 0x1, 0x70bd26, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa5}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}]}, 0x34}}, 0x20) r4 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}, 0x2}}, 0x2e) getsockopt(r4, 0x111, 0x6, 0x0, &(0x7f0000000080)) 2.924340464s ago: executing program 0 (id=11730): sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000000)={0x4c, 0x0, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'pim6reg0\x00'}, @mon_options=[@NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "31329eae551326051c0ecba1df0ef9cc9415b343831f26fe"}]]}, 0x4c}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x32752275d7d1e3ca, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000050000008500000006"], 0x0, 0x349, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'macvlan0\x00', @random="bdbd67c12945"}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], 0x0}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd"], 0xfdef) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000100001000000000000dfff000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000004000038008000140000000002c0003801400010067656e65766530000000000000000000140001006c6f0000000000000000000000000000080002"], 0xb4}}, 0x0) 2.886255797s ago: executing program 1 (id=11731): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) r1 = socket(0x2a, 0x2, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xfffa, 0x2}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x86dd}, @TCA_FLOWER_KEY_IP_PROTO={0x5, 0x9, 0x3a}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040000}, 0x24000000) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.884351191s ago: executing program 4 (id=11732): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) epoll_create1(0x0) socket(0x10, 0x80002, 0x2) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) close(0x4) sendmmsg(r0, &(0x7f0000000340), 0x222874f4405e5c0, 0x40840) 2.718526989s ago: executing program 4 (id=11733): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000001400)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x2c, 0xd, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) close(r0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) recvfrom(r1, 0x0, 0x0, 0x40002062, 0x0, 0x0) 2.717374481s ago: executing program 1 (id=11734): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x8881, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) write$tun(r0, &(0x7f00000022c0)={@void, @val={0x2, 0x4, 0xea, 0x6, 0x8, 0x1}, @ipv4=@gre={{0x5, 0x4, 0x0, 0x2c, 0xea, 0x67, 0x0, 0xb, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x1a}, @initdev={0xac, 0x1e, 0x1, 0x0}}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x0, 0x3}, {0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x800, [0x2]}, {0x1}, {0x8, 0x88be, 0x2, {{0x1, 0x1, 0x4, 0x3, 0x1, 0x0, 0x6, 0x1c}, 0x1, {0x1}}}, {0x8, 0x22eb, 0x2, {{0x0, 0x2, 0x6, 0x1, 0x1, 0x2, 0x1, 0x6}, 0x2, {0x401, 0x7fff, 0x1, 0x0, 0x1, 0x0, 0x3, 0x1}}}, {0x8, 0x6558, 0x2, "cd1d5112e586302464e0a0901e1d1aa5be2b5708285aed5af6d46cddfda801ede94f0e5630df0e71750de39236563e01761d50ff75a54c3769cef2ddae286f2d347041ecd12abecc809aad9cd843f635efcd976b0c975bd3b9080e33f3780bab750ad3ad275e1e150097efe1126c36414e30613594da2f32571ccd15206326f9f3e93212ae4688a876c1d137e40f02ef"}}}}, 0xf4) 2.630719249s ago: executing program 0 (id=11735): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x34, r3, 0x1, 0x70bd26, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa5}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}]}, 0x34}}, 0x20) r5 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r5, &(0x7f00000005c0)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @remote}, 0x4}}, 0x2e) 2.617853882s ago: executing program 4 (id=11736): bind$tipc(0xffffffffffffffff, &(0x7f0000000340)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}, 0x4}}, 0x10) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x44040) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a000000140000006c07010033d484"], 0x340a) 1.36748793s ago: executing program 0 (id=11737): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9feb010018000000000000000000000000edffff"], &(0x7f0000000100)=""/141, 0x1a, 0x8d, 0x1, 0x7}, 0x28) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYRES8, @ANYRES32, @ANYBLOB="0000000000000000400012800c0001"], 0x68}}, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000380)={'syzkaller1\x00', @link_local}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x2}}) write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72) 1.300236885s ago: executing program 3 (id=11738): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000200)=0x8, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty, 0xffffffff}, 0x1c) listen(r1, 0x4) 1.198141122s ago: executing program 3 (id=11740): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00'}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r2, &(0x7f0000000240), &(0x7f0000000140)=@tcp6=r0}, 0x20) sendmmsg$inet6(r0, &(0x7f0000002440)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000600)="e2", 0x1}], 0x1}}], 0x1, 0x10) sendto$inet6(r0, &(0x7f0000000000)="18f9", 0xc3ff, 0x4, 0x0, 0x0) close(0x3) 1.114347934s ago: executing program 3 (id=11742): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xf8}], 0x1}, 0x1f00) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x59, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) 983.92489ms ago: executing program 2 (id=11743): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) write(r1, &(0x7f0000000000)="ea", 0x1) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000100)={0x3}, 0x10) sendto$inet6(r1, &(0x7f0000000200)='x', 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000040)={0x0, 0x2}, 0x8) close(r1) 910.924202ms ago: executing program 2 (id=11744): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r0, &(0x7f0000000a40)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f00000003c0)=0x6, 0xdc) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_CONNECT(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000a80)={0x3c, r1, 0x1, 0x70bd2b, 0x0, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x3ebc94020f3354a6}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xffff}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2000000}, 0x20000090) 759.714637ms ago: executing program 1 (id=11745): r0 = socket(0x1e, 0x2, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000480), 0x4) sendmsg$tipc(r0, &(0x7f0000000200)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x8}}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000580)="0087", 0x2}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000070c0)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000a40)=""/188, 0xbc}], 0x1, &(0x7f0000000500)=""/87, 0x57}}], 0x1, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, 0xffffffffffffffff, 0x4}, 0x38) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0) close(r1) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$SIOCSIFHWADDR(r1, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="000500000020"}) 637.853662ms ago: executing program 2 (id=11746): r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000003c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225c380fac12f8205d182f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05bea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d96ee1b84bb64b14aebc6b5194c55dd6890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b07838a3ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0ed9829dec16ab67a4f59a504e09f55ab82bbd405087a17a229a149c53ee9145500db213cb36489a10957739e481a756e65bde579bbbfb404213f661eeaaffacbcfbfd60b1a715c366da2b37ac7e9e3033f8ec04db1c2412e02ccd0617d9fb646c4897750d068c936c3558a94b05d7c65c0d458c0d70d0aa864bc1e324d3f69b1b4061627da875a4b5c2668ab0990623fe6f3b54cd1c79da4baf256f88750c18486330589473e267fa44e220cf40db662b570c2a2fbba9a34a3dd7bbd8368fe506daa62b45797d4b397905a69e58eb436c08cc78963197adb1b16ad83a1a9b4"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000180)={0x0, 0x0}, 0x0) r4 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000)=r3, 0x4) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r4, r2, 0x4, r2}, 0x10) 614.44147ms ago: executing program 4 (id=11747): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010026bd70000400000005000000080009000200000008000c000300000008000b00000000000600010007"], 0x40}}, 0x20) r4 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r4, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}, 0x2}}, 0x26) ioctl$PPPIOCSFLAGS(r4, 0x40047459, 0x0) 520.781275ms ago: executing program 4 (id=11748): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="7800000010000304000000000000000000007400", @ANYRES32=0x0, @ANYBLOB="00000000600000005800128008000100677470004c00028008000100", @ANYRES32=r1], 0x78}}, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) r3 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f00000002c0)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x0, 0x14}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1b, 0x2c, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x12}}, {0x4e24, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0x3, 0x3}}}}, 0x3a) 464.412994ms ago: executing program 1 (id=11749): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) ioctl$TUNGETFILTER(r0, 0x801054db, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0xfa068fc268af028d, 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$inet(r1, 0x0, 0x0, 0x24000840, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x89, &(0x7f0000000340)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}, {"82ebda855245fe0be9f4b9b1cb000226a26d3212b299f2559358e7d3250baab7780c7202b5338a85b38957d350cbaa9fd6ba263e3c484853cd0ba1929fad160f05173f39ab44cebdcdc568cc1c31139106e327"}}}}}}, 0x0) 463.536973ms ago: executing program 2 (id=11750): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x16}, 0x90) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udp(0x2, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) socket$rds(0x15, 0x5, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000040), 0x2, 0x0) write$cgroup_netprio_ifpriomap(r1, &(0x7f0000000080)=ANY=[@ANYRES16=r1], 0xa) 386.031109ms ago: executing program 0 (id=11751): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x604ab000) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000180)={&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4064, 0xfe0, 0x0, 0x0}, &(0x7f0000000000)=0x40) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffcdf, 0x1, 0x0}, &(0x7f00000000c0)=0x40) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) 340.217243ms ago: executing program 2 (id=11752): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000040c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000001e0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c000180060001"], 0x70}, 0x1, 0x0, 0x0, 0x4451099e661a63b1}, 0x0) 339.137502ms ago: executing program 1 (id=11753): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x39b3) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b685b431c70ea948259c4c869b4fc8db714e4b94bdae214fa68a051d4dca7d2647bec1fc89398d2b9000f224891060017c4700de60beac671e8e8f00cb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c59005cff414ed55b0d18a9d446935fb332bb593ee341ab59016f81860324b800c00000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4ac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1b3aa408a0000000000002248950b000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000ac0)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='&'], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r2, &(0x7f00000047c0), &(0x7f0000004880)=@udp=r0}, 0x20) close(r2) recvmmsg(r0, &(0x7f0000005b80)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/163, 0xa3}], 0x1}, 0x6}], 0x1, 0x21, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f0000000280)=0x1, 0x4) 203.083931ms ago: executing program 0 (id=11754): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x48, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, 'X.'}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x48, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 143.400987ms ago: executing program 3 (id=11755): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=@newtfilter={0x84, 0x2c, 0xd27, 0x70bd26, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0x2, 0x4}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x6, 0x1000, 0x20000000, 0xfffffffc, 0x7ff}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x4811}, 0x40884) sendmsg$nl_route_sched(r0, &(0x7f0000000700)={0x0, 0x1e5, &(0x7f00000006c0)={&(0x7f0000000440)=@deltaction={0x28, 0x32, 0x101, 0x0, 0x0, {}, [@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}]}]}, 0x28}}, 0x0) 91.327721ms ago: executing program 1 (id=11756): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1) sendmmsg$alg(r1, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x810}], 0x1, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001bc0)=ANY=[], 0x11a0}, 0x1, 0x0, 0x0, 0x8040}, 0x8080) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1) 75.819295ms ago: executing program 4 (id=11757): socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440), 0x10) listen(r0, 0x709) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) close(0x4) 13.891146ms ago: executing program 0 (id=11758): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x4000000) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000020c0)={&(0x7f00000000c0)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd22, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0xc, 0xf}, {}, {0xffe0, 0x2}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x8848}, 0x80) socket$alg(0x26, 0x5, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdafd, {0x0, 0x0, 0x0, r3, {0xffe0, 0xc}, {0x0, 0xfff1}, {0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000811}, 0x4041810) 0s ago: executing program 2 (id=11759): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r4, r3, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) recvmsg$unix(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000006c0)=""/179, 0x22fe0}], 0x1}, 0x0) sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x0) kernel console output (not intermixed with test programs): te type 3 has an invalid length. [ 371.228472][T20594] netlink: 132 bytes leftover after parsing attributes in process `syz.4.7007'. [ 371.343291][T20601] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7011'. [ 371.552146][T20612] netlink: 16215 bytes leftover after parsing attributes in process `syz.4.7017'. [ 371.923520][T20633] netem: change failed [ 372.040582][T20637] wg1 speed is unknown, defaulting to 1000 [ 372.073155][T20641] netlink: 168 bytes leftover after parsing attributes in process `syz.1.7030'. [ 372.101466][T20647] netlink: 'syz.0.7032': attribute type 1 has an invalid length. [ 372.124680][T20647] netlink: 'syz.0.7032': attribute type 2 has an invalid length. [ 372.143077][T20647] netlink: 'syz.0.7032': attribute type 1 has an invalid length. [ 372.151738][T20647] netlink: 'syz.0.7032': attribute type 3 has an invalid length. [ 372.218360][T20647] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7032'. [ 372.401127][T20656] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7037'. [ 372.771596][T20673] sctp: [Deprecated]: syz.4.7044 (pid 20673) Use of struct sctp_assoc_value in delayed_ack socket option. [ 372.771596][T20673] Use struct sctp_sack_info instead [ 372.793489][T20675] veth0: entered promiscuous mode [ 372.801457][T20675] veth0: left promiscuous mode [ 373.045635][T20686] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7051'. [ 373.753648][T20733] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7071'. [ 373.810111][T20733] ipvlan2: entered allmulticast mode [ 373.821366][T20733] syz_tun: entered allmulticast mode [ 374.134362][T20752] veth0: entered promiscuous mode [ 374.144861][T20751] veth0: left promiscuous mode [ 374.417164][T20773] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.7090'. [ 374.521528][T20777] netlink: 'syz.3.7094': attribute type 1 has an invalid length. [ 374.553871][T20777] netlink: 96 bytes leftover after parsing attributes in process `syz.3.7094'. [ 374.569087][T20777] netlink: 1 bytes leftover after parsing attributes in process `syz.3.7094'. [ 374.579320][T20777] netlink: 'syz.3.7094': attribute type 1 has an invalid length. [ 374.587110][T20777] netlink: 'syz.3.7094': attribute type 8 has an invalid length. [ 375.309506][T20827] IPv6: NLM_F_CREATE should be specified when creating new route [ 375.388641][T20834] netlink: 'syz.0.7121': attribute type 1 has an invalid length. [ 375.418390][T20834] netlink: 'syz.0.7121': attribute type 7 has an invalid length. [ 375.426198][T20834] netlink: 'syz.0.7121': attribute type 8 has an invalid length. [ 375.695602][T20853] netlink: 'syz.2.7130': attribute type 33 has an invalid length. [ 375.807697][T20853] bond4: option broadcast_neighbor: mode dependency failed, not supported in mode balance-rr(0) [ 375.845323][T20853] bond4 (unregistering): Released all slaves [ 376.642328][T20914] __nla_validate_parse: 4 callbacks suppressed [ 376.642354][T20914] netlink: 36 bytes leftover after parsing attributes in process `syz.0.7157'. [ 377.143591][T20945] netlink: 'syz.3.7172': attribute type 21 has an invalid length. [ 377.196065][T20945] netlink: 128 bytes leftover after parsing attributes in process `syz.3.7172'. [ 377.223555][T20945] netlink: 'syz.3.7172': attribute type 4 has an invalid length. [ 377.259844][T20954] netlink: 'syz.3.7172': attribute type 21 has an invalid length. [ 377.278033][T20945] netlink: 'syz.3.7172': attribute type 5 has an invalid length. [ 377.308381][T20954] netlink: 128 bytes leftover after parsing attributes in process `syz.3.7172'. [ 377.328671][T20945] netlink: 3 bytes leftover after parsing attributes in process `syz.3.7172'. [ 377.353956][T20954] netlink: 'syz.3.7172': attribute type 4 has an invalid length. [ 377.367443][T20954] netlink: 'syz.3.7172': attribute type 5 has an invalid length. [ 377.395583][T20954] netlink: 3 bytes leftover after parsing attributes in process `syz.3.7172'. [ 377.577924][T20969] netlink: 52 bytes leftover after parsing attributes in process `syz.1.7183'. [ 377.959756][T20998] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7197'. [ 377.999750][T20998] bridge_slave_1: left promiscuous mode [ 378.021047][T20998] bridge0: port 2(bridge_slave_1) entered disabled state [ 378.042780][T20998] bridge_slave_0: left allmulticast mode [ 378.055376][T20998] bridge_slave_0: left promiscuous mode [ 378.062835][T20998] bridge0: port 1(bridge_slave_0) entered disabled state [ 378.369107][T21022] netlink: 64 bytes leftover after parsing attributes in process `syz.4.7207'. [ 378.516296][T21032] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7213'. [ 378.766645][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.773279][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.894482][T21056] netlink: 104 bytes leftover after parsing attributes in process `syz.4.7224'. [ 379.034349][T21062] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 379.058876][T21062] syzkaller1: linktype set to 823 [ 382.327970][T21268] validate_nla: 4 callbacks suppressed [ 382.327992][T21268] netlink: 'syz.4.7327': attribute type 10 has an invalid length. [ 382.448799][T21268] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 382.578447][T21284] __nla_validate_parse: 9 callbacks suppressed [ 382.578470][T21284] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7333'. [ 382.604342][T21285] netlink: 'syz.4.7335': attribute type 12 has an invalid length. [ 382.629149][T21285] netlink: 'syz.4.7335': attribute type 29 has an invalid length. [ 382.639479][T21284] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7333'. [ 382.650078][T21285] netlink: 148 bytes leftover after parsing attributes in process `syz.4.7335'. [ 382.708443][T21285] netlink: 59 bytes leftover after parsing attributes in process `syz.4.7335'. [ 382.947073][T21304] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7344'. [ 382.960398][T21305] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7342'. [ 383.001603][T21305] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7342'. [ 384.083650][T21376] netlink: 64 bytes leftover after parsing attributes in process `syz.4.7374'. [ 384.504714][T21403] bond4: entered promiscuous mode [ 385.780624][T21470] bond5 (unregistering): Released all slaves [ 385.819053][T21471] netem: incorrect gi model size [ 385.824489][T21471] netem: change failed [ 386.316710][T21506] netem: change failed [ 386.637409][T21526] netlink: 112 bytes leftover after parsing attributes in process `syz.2.7444'. [ 386.851080][T21542] netdevsim netdevsim0 netdevsim0: IPsec offload requires 128 bit authentication [ 387.132968][T21561] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7461'. [ 387.428107][T21578] tipc: New replicast peer: 255.255.255.255 [ 387.443668][T21578] tipc: Enabled bearer , priority 10 [ 387.454133][T21578] tipc: Disabling bearer [ 387.939048][T21609] bridge0: port 3(syz_tun) entered blocking state [ 387.960103][T21609] bridge0: port 3(syz_tun) entered disabled state [ 387.977353][T21609] syz_tun: entered allmulticast mode [ 388.001545][T21609] syz_tun: entered promiscuous mode [ 388.594564][T21653] netlink: 'syz.4.7504': attribute type 3 has an invalid length. [ 388.629448][T21654] tap0: tun_chr_ioctl cmd 1074025672 [ 388.634831][T21654] tap0: ignored: set checksum disabled [ 388.831770][T21664] IPVS: persistence engine module ip_vs_pe_À not found [ 389.502011][T21719] __nla_validate_parse: 1 callbacks suppressed [ 389.502032][T21719] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7531'. [ 389.644422][T21725] netlink: 'syz.1.7534': attribute type 83 has an invalid length. [ 390.382731][T21764] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7552'. [ 390.532751][T21772] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7556'. [ 390.559148][T21772] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7556'. [ 390.589389][T21774] netlink: 'syz.2.7557': attribute type 83 has an invalid length. [ 390.834020][T21792] netlink: 'syz.0.7565': attribute type 1 has an invalid length. [ 390.863978][T21792] netlink: 'syz.0.7565': attribute type 2 has an invalid length. [ 390.882881][T21792] netlink: 'syz.0.7565': attribute type 1 has an invalid length. [ 391.685482][T21849] netlink: 'syz.1.7589': attribute type 5 has an invalid length. [ 391.708454][T21851] netem: change failed [ 391.776360][T21855] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7592'. [ 392.682261][T21909] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7618'. [ 392.775831][T21909] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7618'. [ 392.788941][T21909] netlink: 2 bytes leftover after parsing attributes in process `syz.1.7618'. [ 392.808951][T21909] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7618'. [ 392.829281][T21909] netlink: 2 bytes leftover after parsing attributes in process `syz.1.7618'. [ 393.240048][T21942] netlink: 'syz.3.7632': attribute type 1 has an invalid length. [ 394.115554][T21990] netlink: 'syz.3.7653': attribute type 83 has an invalid length. [ 394.334072][T21994] 8021q: adding VLAN 0 to HW filter on device macsec2 [ 394.734364][T22019] __nla_validate_parse: 5 callbacks suppressed [ 394.734390][T22019] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7665'. [ 395.204387][T22044] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7676'. [ 395.229054][T22044] 8021q: VLANs not supported on wlan0 [ 395.548003][T22053] veth0_to_team: entered allmulticast mode [ 396.834646][ T5962] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 396.928764][ T5962] CPU: 0 UID: 0 PID: 5962 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 396.928797][ T5962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 396.928821][ T5962] Call Trace: [ 396.928830][ T5962] [ 396.928840][ T5962] dump_stack_lvl+0xe8/0x150 [ 396.928878][ T5962] dump_header+0xd3/0x4c0 [ 396.928909][ T5962] oom_kill_process+0x3ab/0x970 [ 396.928940][ T5962] out_of_memory+0x106c/0x1410 [ 396.928964][ T5962] ? percpu_ref_put+0x19/0x180 [ 396.928995][ T5962] ? __pfx___mutex_lock+0x10/0x10 [ 396.929043][ T5962] ? __pfx_out_of_memory+0x10/0x10 [ 396.929066][ T5962] ? do_raw_spin_unlock+0xf5/0x210 [ 396.929101][ T5962] try_charge_memcg+0xc53/0x1560 [ 396.929148][ T5962] ? __pfx_try_charge_memcg+0x10/0x10 [ 396.929189][ T5962] ? mem_cgroup_swapin_charge_folio+0x36/0x4d0 [ 396.929224][ T5962] ? mem_cgroup_swapin_charge_folio+0x36/0x4d0 [ 396.929256][ T5962] mem_cgroup_swapin_charge_folio+0x2e3/0x4d0 [ 396.929288][ T5962] __swap_cache_prepare_and_add+0xe8/0x760 [ 396.929331][ T5962] ? page_rmappable_folio+0x9a/0x170 [ 396.929370][ T5962] swap_cache_alloc_folio+0xf1/0x240 [ 396.929410][ T5962] swap_cluster_readahead+0x369/0x690 [ 396.929440][ T5962] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 396.929478][ T5962] ? get_vma_policy+0x27b/0x3c0 [ 396.929511][ T5962] swapin_readahead+0x196/0xc50 [ 396.929546][ T5962] ? __pfx_swapin_readahead+0x10/0x10 [ 396.929571][ T5962] ? swap_table_get+0x1e/0x260 [ 396.929602][ T5962] ? swap_table_get+0x1e/0x260 [ 396.929632][ T5962] ? swap_table_get+0x1e/0x260 [ 396.929665][ T5962] ? swap_table_get+0x216/0x260 [ 396.929700][ T5962] ? swap_cache_get_folio+0x513/0x520 [ 396.929741][ T5962] do_swap_page+0x56f/0x5a20 [ 396.929800][ T5962] ? do_swap_page+0x127/0x5a20 [ 396.929831][ T5962] ? __pfx_do_swap_page+0x10/0x10 [ 396.929861][ T5962] ? __pte_offset_map+0x1ae/0x240 [ 396.929886][ T5962] ? pte_offset_map_rw_nolock+0xea/0x160 [ 396.929912][ T5962] handle_mm_fault+0x12d2/0x3310 [ 396.929962][ T5962] ? handle_mm_fault+0xee/0x3310 [ 396.930007][ T5962] ? __pfx_handle_mm_fault+0x10/0x10 [ 396.930046][ T5962] ? lock_vma_under_rcu+0x45a/0x500 [ 396.930103][ T5962] do_user_addr_fault+0xa73/0x1340 [ 396.930142][ T5962] ? rcu_is_watching+0x15/0xb0 [ 396.930175][ T5962] ? trace_page_fault_user+0x84/0x210 [ 396.930208][ T5962] exc_page_fault+0x6a/0xc0 [ 396.930241][ T5962] asm_exc_page_fault+0x26/0x30 [ 396.930268][ T5962] RIP: 0033:0x7f935495d04e [ 396.930290][ T5962] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 396.930310][ T5962] RSP: 002b:00007ffeffb79af8 EFLAGS: 00010246 [ 396.930331][ T5962] RAX: 0000000000000000 RBX: 00005555584d9500 RCX: 00007f935495d04e [ 396.930347][ T5962] RDX: 00007ffeffb79b50 RSI: 0000000000000000 RDI: 0000000000000000 [ 396.930361][ T5962] RBP: 00007ffeffb79bbc R08: 0000000000000000 R09: 0000000000000000 [ 396.930374][ T5962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000001388 [ 396.930387][ T5962] R13: 00000000000927c0 R14: 0000000000060b0c R15: 00007ffeffb79c10 [ 396.930423][ T5962] [ 396.930433][ T5962] memory: usage 307200kB, limit 307200kB, failcnt 412 [ 397.318821][ T5962] memory+swap: usage 307388kB, limit 9007199254740988kB, failcnt 0 [ 397.327575][ T5962] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 397.389278][ T5962] Memory cgroup stats for /syz4: [ 397.389582][ T5962] cache 0 [ 397.428201][ T5962] rss 0 [ 397.454469][ T5962] rss_huge 0 [ 397.457752][ T5962] shmem 0 [ 397.500085][ T5962] mapped_file 0 [ 397.503637][ T5962] dirty 0 [ 397.506612][ T5962] writeback 0 [ 397.600548][ T5962] workingset_refault_anon 0 [ 397.605231][ T5962] workingset_refault_file 0 [ 397.649830][ T5962] swap 192512 [ 397.653201][ T5962] swapcached 192512 [ 397.709789][ T5962] pgpgin 73208 [ 397.735952][ T5962] pgpgout 73208 [ 397.761709][ T5962] pgfault 181575 [ 397.765365][ T5962] pgmajfault 2 [ 397.801208][ T5962] inactive_anon 0 [ 397.812923][ T5962] active_anon 0 [ 397.835124][ T5962] inactive_file 0 [ 397.862798][ T5962] active_file 0 [ 397.889350][ T5962] unevictable 0 [ 397.915658][ T5962] hierarchical_memory_limit 314572800 [ 397.941685][ T5962] hierarchical_memsw_limit 9223372036854771712 [ 397.957010][ T5962] total_cache 0 [ 397.969627][ T5962] total_rss 0 [ 397.979776][ T5962] total_rss_huge 0 [ 397.991463][ T5962] total_shmem 0 [ 398.004597][ T5962] total_mapped_file 0 [ 398.016704][ T5962] total_dirty 0 [ 398.027043][ T5962] total_writeback 0 [ 398.044393][ T5962] total_workingset_refault_anon 0 [ 398.054223][ T5962] total_workingset_refault_file 0 [ 398.066962][ T5962] total_swap 192512 [ 398.075580][ T5962] total_swapcached 192512 [ 398.093714][ T5962] total_pgpgin 73208 [ 398.104442][ T5962] total_pgpgout 73208 [ 398.115210][ T5962] total_pgfault 181575 [ 398.128395][ T5962] total_pgmajfault 2 [ 398.142430][ T5962] total_inactive_anon 0 [ 398.164866][ T5962] total_active_anon 0 [ 398.188896][ T5962] total_inactive_file 0 [ 398.201206][ T5962] total_active_file 0 [ 398.214167][ T5962] total_unevictable 0 [ 398.228334][ T5962] anon_cost 0 [ 398.249037][ T5962] file_cost 0 [ 398.252486][ T5962] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.7673,pid=22035,uid=0 [ 398.287803][ T5962] Memory cgroup out of memory: OOM victim 22035 (syz.4.7673) is already exiting. Skip killing the task [ 398.760081][T22161] netlink: 'syz.4.7729': attribute type 2 has an invalid length. [ 399.843804][T22210] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7750'. [ 400.150501][T22227] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7757'. [ 400.630253][T22253] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7770'. [ 400.649027][T22253] netlink: 184 bytes leftover after parsing attributes in process `syz.2.7770'. [ 400.985086][T22272] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7780'. [ 401.413583][T22299] sch_tbf: peakrate 5 is lower than or equals to rate 16783679728848008391 ! [ 401.634843][T22313] netlink: 'syz.0.7797': attribute type 4 has an invalid length. [ 401.672585][T22313] netlink: 17 bytes leftover after parsing attributes in process `syz.0.7797'. [ 401.683995][T22319] netlink: 14601 bytes leftover after parsing attributes in process `syz.0.7797'. [ 401.713245][T22316] sctp: [Deprecated]: syz.1.7799 (pid 22316) Use of int in max_burst socket option deprecated. [ 401.713245][T22316] Use struct sctp_assoc_value instead [ 402.076509][T22341] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7810'. [ 402.085810][T22341] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7810'. [ 402.226214][T22347] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7813'. [ 403.772212][T22420] syz.4.7847: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 403.813541][T22420] CPU: 0 UID: 0 PID: 22420 Comm: syz.4.7847 Not tainted syzkaller #0 PREEMPT(full) [ 403.813575][T22420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 403.813590][T22420] Call Trace: [ 403.813598][T22420] [ 403.813609][T22420] dump_stack_lvl+0xe8/0x150 [ 403.813647][T22420] warn_alloc+0x249/0x340 [ 403.813677][T22420] ? stack_trace_save+0xa9/0x100 [ 403.813705][T22420] ? __pfx_warn_alloc+0x10/0x10 [ 403.813739][T22420] ? kasan_save_track+0x4f/0x80 [ 403.813764][T22420] ? kasan_save_track+0x3e/0x80 [ 403.813786][T22420] ? __kasan_kmalloc+0x93/0xb0 [ 403.813810][T22420] ? __kmalloc_cache_noprof+0x31c/0x660 [ 403.813834][T22420] ? xskq_create+0x56/0x170 [ 403.813860][T22420] ? xsk_setsockopt+0x54c/0x990 [ 403.813884][T22420] ? do_sock_setsockopt+0x17c/0x1b0 [ 403.813912][T22420] ? __x64_sys_setsockopt+0x13d/0x1b0 [ 403.813939][T22420] ? do_syscall_64+0x14d/0xf80 [ 403.813975][T22420] __vmalloc_node_range_noprof+0x132/0x1730 [ 403.814036][T22420] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 403.814070][T22420] ? __kasan_kmalloc+0x93/0xb0 [ 403.814102][T22420] vmalloc_user_noprof+0xad/0xe0 [ 403.814128][T22420] ? xskq_create+0xbf/0x170 [ 403.814157][T22420] xskq_create+0xbf/0x170 [ 403.814189][T22420] xsk_init_queue+0x8a/0xe0 [ 403.814219][T22420] xsk_setsockopt+0x54c/0x990 [ 403.814250][T22420] ? __pfx_xsk_setsockopt+0x10/0x10 [ 403.814277][T22420] ? __pfx_aa_sk_perm+0x10/0x10 [ 403.814315][T22420] ? aa_sock_opt_perm+0xff/0x1a0 [ 403.814340][T22420] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 403.814367][T22420] ? __pfx_xsk_setsockopt+0x10/0x10 [ 403.814394][T22420] do_sock_setsockopt+0x17c/0x1b0 [ 403.814428][T22420] __x64_sys_setsockopt+0x13d/0x1b0 [ 403.814464][T22420] do_syscall_64+0x14d/0xf80 [ 403.814505][T22420] ? trace_irq_disable+0x3b/0x150 [ 403.814523][T22420] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.814546][T22420] ? clear_bhb_loop+0x40/0x90 [ 403.814578][T22420] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.814599][T22420] RIP: 0033:0x7f935499c819 [ 403.814620][T22420] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 403.814640][T22420] RSP: 002b:00007f935587a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 403.814662][T22420] RAX: ffffffffffffffda RBX: 00007f9354c15fa0 RCX: 00007f935499c819 [ 403.814678][T22420] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 403.814692][T22420] RBP: 00007f9354a32c91 R08: 0000000000000004 R09: 0000000000000000 [ 403.814705][T22420] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 403.814724][T22420] R13: 00007f9354c16038 R14: 00007f9354c15fa0 R15: 00007ffeffb79818 [ 403.814758][T22420] [ 403.814767][T22420] Mem-Info: [ 404.130885][T22420] active_anon:12549 inactive_anon:13 isolated_anon:0 [ 404.130885][T22420] active_file:2962 inactive_file:40496 isolated_file:0 [ 404.130885][T22420] unevictable:768 dirty:204 writeback:0 [ 404.130885][T22420] slab_reclaimable:12094 slab_unreclaimable:99713 [ 404.130885][T22420] mapped:29182 shmem:8470 pagetables:1208 [ 404.130885][T22420] sec_pagetables:0 bounce:0 [ 404.130885][T22420] kernel_misc_reclaimable:0 [ 404.130885][T22420] free:1315805 free_pcp:15199 free_cma:0 [ 404.194185][T22420] Node 0 active_anon:46296kB inactive_anon:52kB active_file:11848kB inactive_file:161776kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:116728kB dirty:812kB writeback:0kB shmem:28444kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12348kB pagetables:4596kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 404.230220][T22420] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:208kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 404.261166][T22420] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 404.293425][T22420] lowmem_reserve[]: 0 2492 2493 2493 2493 [ 404.299451][T22420] Node 0 DMA32 free:1297316kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44796kB inactive_anon:52kB active_file:11848kB inactive_file:161776kB unevictable:1536kB writepending:812kB zspages:0kB present:3129332kB managed:2552564kB mlocked:0kB bounce:0kB free_pcp:65504kB local_pcp:25580kB free_cma:0kB [ 404.335735][T22420] lowmem_reserve[]: 0 0 0 0 0 [ 404.341845][T22420] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:872kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 404.408594][T22420] lowmem_reserve[]: 0 0 0 0 0 [ 404.413507][T22420] Node 1 Normal free:3950844kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:208kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 404.531619][T22420] lowmem_reserve[]: 0 0 0 0 0 [ 404.536544][T22420] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 404.553795][T22420] Node 0 DMA32: 5556*4kB (UME) 3448*8kB (UME) 1768*16kB (UM) 414*32kB (UME) 172*64kB (UME) 328*128kB (UM) 390*256kB (UME) 289*512kB (U) 208*1024kB (UE) 88*2048kB (UE) 125*4096kB (UM) = 1297360kB [ 404.580773][T22420] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 404.668651][T22420] Node 1 Normal: 7*4kB (U) 8*8kB (UM) 12*16kB (UM) 9*32kB (UM) 11*64kB (UM) 6*128kB (UM) 5*256kB (UM) 4*512kB (UM) 3*1024kB (UM) 3*2048kB (U) 961*4096kB (M) = 3950844kB [ 404.705477][T22420] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 404.715791][T22420] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 404.779037][T22420] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 404.807025][T22420] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 404.836945][T22420] 45749 total pagecache pages [ 404.852858][T22420] 0 pages in swap cache [ 404.857099][T22420] Free swap = 124996kB [ 404.873080][T22420] Total swap = 124996kB [ 404.877318][T22420] 2097051 pages RAM [ 404.884163][T22420] 0 pages HighMem/MovableOnly [ 404.902891][T22420] 427077 pages reserved [ 404.918535][T22420] 0 pages cma reserved [ 405.233649][T22456] __nla_validate_parse: 3 callbacks suppressed [ 405.233671][T22456] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7865'. [ 405.275872][T22456] netlink: 2 bytes leftover after parsing attributes in process `syz.0.7865'. [ 406.277114][T22505] netlink: 232 bytes leftover after parsing attributes in process `syz.4.7887'. [ 406.444424][T22511] netlink: 11562 bytes leftover after parsing attributes in process `syz.4.7890'. [ 406.559834][T22514] netlink: 272 bytes leftover after parsing attributes in process `syz.0.7891'. [ 406.620718][T22517] ip6gre0: Master is either lo or non-ether device [ 407.121920][T22547] netlink: 'syz.1.7908': attribute type 10 has an invalid length. [ 407.178045][T22554] skbuff: bad partial csum: csum=65535/0 headroom=64 headlen=65537 [ 407.298955][T22560] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7914'. [ 407.743213][T22591] netlink: 'syz.0.7927': attribute type 1 has an invalid length. [ 407.751526][T22591] netlink: 'syz.0.7927': attribute type 3 has an invalid length. [ 407.760324][T22591] netlink: 'syz.0.7927': attribute type 7 has an invalid length. [ 407.770561][T22591] netlink: 'syz.0.7927': attribute type 8 has an invalid length. [ 407.779355][T22591] netlink: 184 bytes leftover after parsing attributes in process `syz.0.7927'. [ 407.790243][T22591] NCSI netlink: No device for ifindex 131092 [ 408.277970][T22618] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7945'. [ 408.320781][T22623] netlink: 'syz.4.7943': attribute type 4 has an invalid length. [ 408.963990][T22668] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7963'. [ 409.315502][T22690] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7975'. [ 409.920655][T22726] netlink: 'syz.1.7992': attribute type 1 has an invalid length. [ 410.259702][T22750] __nla_validate_parse: 3 callbacks suppressed [ 410.259724][T22750] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8004'. [ 410.300832][T22750] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8004'. [ 410.320095][T22753] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8005'. [ 410.940883][T22785] netlink: 88 bytes leftover after parsing attributes in process `syz.3.8020'. [ 411.064488][T22789] netlink: 16 bytes leftover after parsing attributes in process `syz.2.8023'. [ 411.084341][T22789] netlink: 6 bytes leftover after parsing attributes in process `syz.2.8023'. [ 411.459889][T22814] team0: Cannot enslave team device to itself [ 411.713977][T22828] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8041'. [ 411.740283][T22828] netlink: 'syz.3.8041': attribute type 1 has an invalid length. [ 411.748089][T22828] netlink: 'syz.3.8041': attribute type 2 has an invalid length. [ 411.985031][T22846] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8049'. [ 412.670171][T22882] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8067'. [ 412.694261][T22882] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8067'. [ 413.284048][T22920] ip6erspan0: entered allmulticast mode [ 414.643008][T23000] erspan0: entered promiscuous mode [ 414.661154][T23005] netlink: 'syz.2.8119': attribute type 1 has an invalid length. [ 414.694336][T23005] netlink: 'syz.2.8119': attribute type 2 has an invalid length. [ 415.044751][T23033] tipc: Started in network mode [ 415.050156][T23033] tipc: Node identity ac14140f, cluster identity 4711 [ 415.057478][T23033] tipc: New replicast peer: 172.20.20.187 [ 415.063850][T23033] tipc: Enabled bearer , priority 10 [ 415.352569][T23054] __nla_validate_parse: 5 callbacks suppressed [ 415.352592][T23054] netlink: 48 bytes leftover after parsing attributes in process `syz.3.8143'. [ 415.413925][T23056] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8144'. [ 415.485400][T23059] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8143'. [ 415.623831][ T30] audit: type=1804 audit(1776168278.899:6): pid=23063 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.8147" name="/newroot/1650/cgroup.controllers" dev="tmpfs" ino=8294 res=1 errno=0 [ 415.718829][ T30] audit: type=1800 audit(1776168278.919:7): pid=23063 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.8147" name="cgroup.controllers" dev="tmpfs" ino=8294 res=0 errno=0 [ 415.926975][T23079] veth0: entered promiscuous mode [ 415.947389][T23078] veth0: left promiscuous mode [ 416.029140][T23083] netlink: 4768 bytes leftover after parsing attributes in process `syz.4.8157'. [ 416.082815][T23083] netlink: 4768 bytes leftover after parsing attributes in process `syz.4.8157'. [ 416.181094][ T9] tipc: Node number set to 2886997007 [ 416.186883][T23085] nbd1: detected capacity change from 0 to 127 [ 416.217058][ T5965] block nbd1: Receive control failed (result -32) [ 416.239886][T23096] block nbd1: Send control failed (result -32) [ 416.246709][T23096] block nbd1: Request send failed, requeueing [ 416.263023][ T5157] block nbd1: Dead connection, failed to find a fallback [ 416.272203][ T5157] block nbd1: shutting down sockets [ 416.277801][ T5157] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 416.288892][ T5157] Buffer I/O error on dev nbd1, logical block 0, async page read [ 416.296918][T23096] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 416.313156][T23096] Buffer I/O error on dev nbd1, logical block 1, async page read [ 416.321222][T23096] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 416.331518][T23096] Buffer I/O error on dev nbd1, logical block 2, async page read [ 416.339456][T23096] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 416.349049][T23096] Buffer I/O error on dev nbd1, logical block 3, async page read [ 416.356892][T23096] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 416.367963][T23096] Buffer I/O error on dev nbd1, logical block 0, async page read [ 416.375954][T23096] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 416.386081][T23096] Buffer I/O error on dev nbd1, logical block 1, async page read [ 416.396254][T23096] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 416.406047][T23096] Buffer I/O error on dev nbd1, logical block 2, async page read [ 416.421857][T23096] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 416.431480][T23096] Buffer I/O error on dev nbd1, logical block 3, async page read [ 416.444066][T23096] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 416.454332][T23096] Buffer I/O error on dev nbd1, logical block 0, async page read [ 416.462370][T23096] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 416.495891][T23096] Buffer I/O error on dev nbd1, logical block 1, async page read [ 416.512643][T23096] ldm_validate_partition_table(): Disk read failed. [ 416.549108][T23096] Dev nbd1: unable to read RDB block 0 [ 416.555334][T23096] nbd1: unable to read partition table [ 416.597943][T23108] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8165'. [ 416.611626][T23096] ldm_validate_partition_table(): Disk read failed. [ 416.627981][T23096] Dev nbd1: unable to read RDB block 0 [ 416.658979][T23096] nbd1: unable to read partition table [ 416.834647][T23121] netlink: 190972 bytes leftover after parsing attributes in process `syz.2.8172'. [ 417.317965][T23151] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8188'. [ 417.542977][T23166] netlink: 24 bytes leftover after parsing attributes in process `syz.0.8195'. [ 418.060570][T23201] netlink: 108 bytes leftover after parsing attributes in process `syz.3.8210'. [ 418.182491][T23209] netlink: 'syz.1.8216': attribute type 1 has an invalid length. [ 418.207247][T23209] netlink: 'syz.1.8216': attribute type 7 has an invalid length. [ 418.219212][T23209] netlink: 'syz.1.8216': attribute type 8 has an invalid length. [ 418.227157][T23209] NCSI netlink: No device for ifindex 65584 [ 418.455469][T23225] sctp: [Deprecated]: syz.1.8224 (pid 23225) Use of struct sctp_assoc_value in delayed_ack socket option. [ 418.455469][T23225] Use struct sctp_sack_info instead [ 418.670758][T23239] netlink: 'syz.0.8230': attribute type 6 has an invalid length. [ 418.961916][T23256] netlink: 'syz.0.8239': attribute type 1 has an invalid length. [ 418.975721][T23256] netlink: 'syz.0.8239': attribute type 2 has an invalid length. [ 418.985948][T23256] netlink: 'syz.0.8239': attribute type 1 has an invalid length. [ 418.995908][T23256] netlink: 'syz.0.8239': attribute type 3 has an invalid length. [ 419.406456][T23281] veth0: entered promiscuous mode [ 419.433183][T23281] veth0: left promiscuous mode [ 419.469629][T23289] : renamed from bond0 (while UP) [ 419.711673][T23302] tap0: tun_chr_ioctl cmd 1074025676 [ 419.728203][T23302] tap0: owner set to 0 [ 420.028147][T23326] vcan0: tx address claim with dest, not broadcast [ 420.539719][T23359] __nla_validate_parse: 6 callbacks suppressed [ 420.539742][T23359] netlink: 88 bytes leftover after parsing attributes in process `syz.1.8284'. [ 421.284125][T23410] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8311'. [ 421.325162][T23413] netlink: 'syz.1.8312': attribute type 25 has an invalid length. [ 422.307197][T23458] netlink: 236 bytes leftover after parsing attributes in process `syz.0.8334'. [ 422.317215][T23458] netlink: 236 bytes leftover after parsing attributes in process `syz.0.8334'. [ 422.471788][T23468] netlink: 'syz.0.8339': attribute type 5 has an invalid length. [ 422.730413][T23487] netlink: 64 bytes leftover after parsing attributes in process `syz.1.8345'. [ 422.761966][T23489] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8347'. [ 422.800080][T23489] bond0: entered promiscuous mode [ 422.808976][T23489] bond_slave_0: entered promiscuous mode [ 422.814974][T23489] bond_slave_1: entered promiscuous mode [ 422.841215][T23489] bridge_slave_1: entered promiscuous mode [ 422.861090][T23489] bond0: left promiscuous mode [ 422.865951][T23489] bond_slave_0: left promiscuous mode [ 422.898787][T23489] bond_slave_1: left promiscuous mode [ 422.904719][T23489] bridge_slave_1: left promiscuous mode [ 424.055521][T23567] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8382'. [ 424.804983][T23619] netlink: 'syz.2.8406': attribute type 2 has an invalid length. [ 425.323385][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 425.586943][T23663] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8426'. [ 425.740030][T23673] netlink: 168 bytes leftover after parsing attributes in process `syz.2.8432'. [ 425.897187][T23677] wg1 speed is unknown, defaulting to 1000 [ 425.908150][T23685] erspan0: entered promiscuous mode [ 425.916715][T23685] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8437'. [ 426.072706][T23691] netlink: 'syz.1.8440': attribute type 2 has an invalid length. [ 426.081291][T23691] netlink: 'syz.1.8440': attribute type 2 has an invalid length. [ 426.278773][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 426.359827][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 426.410038][T23677] dvmrp8: entered allmulticast mode [ 426.725809][ T974] dvmrp8 (unregistering): left allmulticast mode [ 427.404305][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 427.824409][T23768] syzkaller1: entered promiscuous mode [ 427.839799][T23768] syzkaller1: entered allmulticast mode [ 428.034738][T23781] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 428.044468][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 428.055700][ T5965] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 428.064090][ T5965] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 428.073492][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 428.082439][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 428.124521][T23783] xt_hashlimit: size too large, truncated to 1048576 [ 428.313652][T23793] netlink: 'syz.4.8482': attribute type 1 has an invalid length. [ 428.352103][T23793] netlink: 88 bytes leftover after parsing attributes in process `syz.4.8482'. [ 428.391523][T23793] netlink: 1 bytes leftover after parsing attributes in process `syz.4.8482'. [ 428.427162][T23793] netlink: 'syz.4.8482': attribute type 1 has an invalid length. [ 428.451825][T23793] netlink: 634 bytes leftover after parsing attributes in process `syz.4.8482'. [ 428.573269][ T24] IPVS: starting estimator thread 0... [ 428.678556][T23806] IPVS: using max 30 ests per chain, 72000 per kthread [ 429.028742][T23835] netlink: 'syz.3.8499': attribute type 2 has an invalid length. [ 429.118537][T23838] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 429.130310][T23838] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 429.139957][T23838] gretap1: entered promiscuous mode [ 429.145301][T23838] gretap1: entered allmulticast mode [ 429.161280][T23846] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8502'. [ 429.649386][T23870] syzkaller1: entered promiscuous mode [ 429.660213][T23870] syzkaller1: entered allmulticast mode [ 429.685078][T23874] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.8516'. [ 429.879343][T23884] netlink: 'syz.3.8519': attribute type 17 has an invalid length. [ 429.887957][T23884] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8519'. [ 429.897566][T23884] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8519'. [ 429.935842][T23884] gretap0: entered promiscuous mode [ 429.990519][T23884] gretap0: left promiscuous mode [ 430.325340][T23904] block nbd2: server does not support multiple connections per device. [ 430.339628][T23904] block nbd2: shutting down sockets [ 431.141134][T23961] netlink: 'syz.4.8554': attribute type 2 has an invalid length. [ 431.159120][T23964] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8556'. [ 431.575931][T23991] netlink: 'syz.4.8568': attribute type 1 has an invalid length. [ 431.584612][T23989] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8567'. [ 432.096430][T24021] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8582'. [ 432.117335][T24021] gtp0: entered promiscuous mode [ 432.124724][T24021] gtp0: entered allmulticast mode [ 432.182659][T24025] syzkaller1: entered promiscuous mode [ 432.345752][T24035] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.8586'. [ 432.656178][T24050] sctp: [Deprecated]: syz.4.8591 (pid 24050) Use of struct sctp_assoc_value in delayed_ack socket option. [ 432.656178][T24050] Use struct sctp_sack_info instead [ 433.986858][T24119] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 40 [ 434.254036][T24136] siw: device registration error -23 [ 434.551256][T24155] netlink: 104 bytes leftover after parsing attributes in process `syz.1.8633'. [ 434.635126][T24160] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8635'. [ 435.099569][T24180] netlink: 20 bytes leftover after parsing attributes in process `syz.4.8645'. [ 435.229479][T24188] geneve3: entered promiscuous mode [ 435.241153][ T77] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 57960 - 0 [ 435.279902][ T77] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 57960 - 0 [ 435.317643][ T77] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 57960 - 0 [ 435.347501][ T77] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 57960 - 0 [ 435.509399][T24203] netlink: 'syz.1.8656': attribute type 1 has an invalid length. [ 435.520149][T24203] netlink: 136 bytes leftover after parsing attributes in process `syz.1.8656'. [ 435.530214][T24203] netlink: 'syz.1.8656': attribute type 1 has an invalid length. [ 435.537987][T24203] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8656'. [ 435.864980][T24222] Bluetooth: hci1: expected 19 bytes, got 2 bytes [ 435.990238][T24224] syzkaller1: entered promiscuous mode [ 435.995793][T24224] syzkaller1: entered allmulticast mode [ 436.690346][T24266] netlink: 'syz.3.8683': attribute type 39 has an invalid length. [ 437.680491][T24324] syzkaller1: entered promiscuous mode [ 437.688173][T24324] syzkaller1: entered allmulticast mode [ 438.282248][T24362] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8728'. [ 438.299354][T24362] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8728'. [ 438.387564][T24367] netlink: 'syz.3.8731': attribute type 1 has an invalid length. [ 438.453915][T24372] syzkaller1: entered promiscuous mode [ 438.468966][T24372] syzkaller1: entered allmulticast mode [ 438.494775][T24376] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8733'. [ 439.120127][T24413] netlink: 36 bytes leftover after parsing attributes in process `syz.2.8748'. [ 439.245324][T24419] netlink: 24 bytes leftover after parsing attributes in process `syz.0.8751'. [ 439.279500][T24419] bond0: ARP target 8.4.0.0 is already present [ 439.285870][T24419] bond0: option arp_ip_target: invalid value (1032) [ 439.490409][T24431] syzkaller1: entered promiscuous mode [ 439.491351][T24435] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8759'. [ 439.495946][T24431] syzkaller1: entered allmulticast mode [ 440.205646][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.212141][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.230797][T24463] gre0: entered allmulticast mode [ 440.431346][T24473] netlink: 68 bytes leftover after parsing attributes in process `syz.1.8775'. [ 440.459612][T24473] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8775'. [ 441.081613][T24514] net_ratelimit: 8 callbacks suppressed [ 441.081634][T24514] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 442.282256][T24578] netlink: 207952 bytes leftover after parsing attributes in process `syz.3.8822'. [ 442.841903][T24599] netlink: 'syz.0.8833': attribute type 10 has an invalid length. [ 442.855148][T24599] bridge_slave_1: left allmulticast mode [ 442.878771][T24599] bridge_slave_1: entered promiscuous mode [ 442.886326][T24599] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 443.274121][T24623] syzkaller1: entered promiscuous mode [ 443.295530][T24623] syzkaller1: entered allmulticast mode [ 443.356861][ T30] audit: type=1800 audit(1776168306.629:8): pid=24625 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.8847" name="memory.events" dev="tmpfs" ino=8823 res=0 errno=0 [ 443.497830][T24636] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8851'. [ 443.509633][T24636] netlink: 'syz.0.8851': attribute type 7 has an invalid length. [ 443.517654][T24636] netlink: 'syz.0.8851': attribute type 8 has an invalid length. [ 443.538706][T24636] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8851'. [ 443.803998][T24654] sctp: [Deprecated]: syz.1.8858 (pid 24654) Use of struct sctp_assoc_value in delayed_ack socket option. [ 443.803998][T24654] Use struct sctp_sack_info instead [ 444.083773][T24672] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.8868'. [ 444.234034][T24684] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8871'. [ 444.427262][T24695] sctp: [Deprecated]: syz.3.8875 (pid 24695) Use of int in max_burst socket option deprecated. [ 444.427262][T24695] Use struct sctp_assoc_value instead [ 444.524484][T24702] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8880'. [ 444.546915][T24702] netlink: 'syz.2.8880': attribute type 1 has an invalid length. [ 444.558992][T24702] netlink: 'syz.2.8880': attribute type 2 has an invalid length. [ 445.517731][T24723] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 445.745980][T24738] syzkaller1: entered promiscuous mode [ 445.768504][T24738] syzkaller1: entered allmulticast mode [ 445.787252][T24741] syzkaller1: entered promiscuous mode [ 445.805364][T24741] syzkaller1: entered allmulticast mode [ 446.477090][T24783] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8919'. [ 446.503293][T24781] netlink: 'syz.1.8917': attribute type 63 has an invalid length. [ 446.529974][T24781] netlink: 'syz.1.8917': attribute type 63 has an invalid length. [ 447.135219][T24826] netlink: 156 bytes leftover after parsing attributes in process `syz.3.8938'. [ 447.429373][T24848] macvlan0: entered promiscuous mode [ 447.544901][T24853] af_packet: tpacket_rcv: packet too big, clamped from 39 to 4294967272. macoff=96 [ 447.669796][T24860] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8955'. [ 448.474806][T24901] syzkaller1: entered promiscuous mode [ 448.480647][T24901] syzkaller1: entered allmulticast mode [ 448.742199][T24912] netlink: 27 bytes leftover after parsing attributes in process `syz.2.8978'. [ 448.991251][T24929] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8986'. [ 449.002183][T24929] block nbd0: Unsupported socket: should be TCP or UNIX. [ 449.159688][T24937] batadv_slave_1: entered promiscuous mode [ 449.187517][T24936] batadv_slave_1: left promiscuous mode [ 450.051586][T24991] netlink: 24 bytes leftover after parsing attributes in process `syz.2.9015'. [ 450.338704][T25012] netlink: 36 bytes leftover after parsing attributes in process `syz.0.9021'. [ 451.032718][T25056] macvlan0: entered promiscuous mode [ 451.111805][T25061] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.9046'. [ 451.409347][T25074] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9051'. [ 451.996641][T25116] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9071'. [ 452.557459][T25144] syzkaller1: entered promiscuous mode [ 452.563160][T25144] syzkaller1: entered allmulticast mode [ 452.828487][T25158] veth0: entered promiscuous mode [ 452.837796][T25157] veth0: left promiscuous mode [ 452.926626][T25164] netlink: 207952 bytes leftover after parsing attributes in process `syz.0.9094'. [ 453.216989][T25183] netlink: 24 bytes leftover after parsing attributes in process `syz.4.9102'. [ 453.263634][T25185] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 453.442781][T25198] netlink: 'syz.0.9109': attribute type 1 has an invalid length. [ 453.454104][T25198] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9109'. [ 453.790193][T25215] __nla_validate_parse: 1 callbacks suppressed [ 453.790217][T25215] netlink: 20 bytes leftover after parsing attributes in process `syz.2.9117'. [ 453.810010][T25215] nbd: device at index 64 is going down [ 453.913515][T25222] syzkaller1: entered promiscuous mode [ 453.922238][T25222] syzkaller1: entered allmulticast mode [ 453.938895][T25224] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9119'. [ 453.975236][T25048] udevd[25048]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 453.988049][T25224] netlink: 24 bytes leftover after parsing attributes in process `syz.4.9119'. [ 454.009537][T25224] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9119'. [ 454.019010][T25224] netlink: 24 bytes leftover after parsing attributes in process `syz.4.9119'. [ 454.044563][T24863] udevd[24863]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 454.265793][T25233] vcan0: tx drop: invalid sa for name 0x0000000000000003 [ 454.759939][T25262] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9137'. [ 454.819290][T25265] netlink: 212336 bytes leftover after parsing attributes in process `syz.4.9139'. [ 455.729665][ T5142] Bluetooth: hci2: command 0x0406 tx timeout [ 455.735821][ T5965] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 455.976433][T25327] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.9162'. [ 456.136648][T25338] netlink: 'syz.1.9168': attribute type 4 has an invalid length. [ 456.350512][T25349] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 456.568182][T25362] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9176'. [ 456.614315][T25364] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9176'. [ 457.198476][T25393] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 457.798417][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 458.025328][T25439] syzkaller1: entered promiscuous mode [ 458.039094][T25439] syzkaller1: entered allmulticast mode [ 458.487425][T25463] block nbd4: NBD_DISCONNECT [ 458.492819][T25461] 8021q: adding VLAN 0 to HW filter on device bond0 [ 458.528449][T25461] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 458.838531][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 458.855511][T25483] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 458.910020][T25483] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 458.921335][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 459.040958][T25493] netdevsim netdevsim0: Direct firmware load for r1 failed with error -2 [ 459.067945][T25493] netdevsim netdevsim0: Falling back to sysfs fallback for: r1 [ 459.100289][T25495] __nla_validate_parse: 6 callbacks suppressed [ 459.100313][T25495] netlink: 28 bytes leftover after parsing attributes in process `syz.1.9232'. [ 459.116166][T25495] netlink: 'syz.1.9232': attribute type 7 has an invalid length. [ 459.125003][T25495] netlink: 'syz.1.9232': attribute type 8 has an invalid length. [ 459.133458][T25495] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9232'. [ 459.821146][T25523] syzkaller1: entered promiscuous mode [ 459.827963][T25523] syzkaller1: entered allmulticast mode [ 459.879147][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 460.577031][T25559] netlink: 'syz.0.9260': attribute type 1 has an invalid length. [ 460.586375][T25559] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9260'. [ 460.918388][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 461.958575][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 461.982359][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 462.562696][T25675] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9316'. [ 463.408818][T25718] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9336'. [ 463.497096][T25722] netlink: 16 bytes leftover after parsing attributes in process `syz.2.9338'. [ 463.835184][T25738] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.9346'. [ 463.997991][T25744] syzkaller1: entered promiscuous mode [ 464.018989][T25744] syzkaller1: entered allmulticast mode [ 464.028935][T25746] nbd: socks must be embedded in a SOCK_ITEM attr [ 464.484262][T25774] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9363'. [ 464.886694][T25799] syzkaller1: entered promiscuous mode [ 464.897271][T25799] syzkaller1: entered allmulticast mode [ 465.249100][T25817] netlink: 27 bytes leftover after parsing attributes in process `syz.0.9382'. [ 465.584043][T25837] syzkaller1: entered promiscuous mode [ 465.591262][T25837] syzkaller1: entered allmulticast mode [ 466.339440][T25878] netlink: 36 bytes leftover after parsing attributes in process `syz.0.9410'. [ 466.360749][T25883] netlink: 'syz.4.9413': attribute type 11 has an invalid length. [ 466.454622][T25889] netlink: 16215 bytes leftover after parsing attributes in process `syz.2.9416'. [ 466.535447][T25894] netlink: 'syz.4.9418': attribute type 10 has an invalid length. [ 466.553231][T25894] bridge0: port 2(bridge_slave_1) entered disabled state [ 466.585692][T25894] bridge_slave_1: left allmulticast mode [ 466.598645][T25894] bridge_slave_1: left promiscuous mode [ 466.616659][T25896] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 466.628624][T25894] bridge0: port 2(bridge_slave_1) entered disabled state [ 466.673755][T25894] : (slave bridge_slave_1): Enslaving as an active interface with an up link [ 466.772830][T25902] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9422'. [ 467.138153][T25922] netlink: 212324 bytes leftover after parsing attributes in process `syz.1.9432'. [ 467.527922][T25951] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.9447'. [ 467.617134][T25954] netlink: 56 bytes leftover after parsing attributes in process `syz.3.9449'. [ 468.673870][T26004] netlink: 7 bytes leftover after parsing attributes in process `syz.1.9471'. [ 468.870596][T26019] netlink: 212348 bytes leftover after parsing attributes in process `syz.3.9477'. [ 468.882426][T26019] netlink: ct family unspecified [ 470.001694][T26081] __nla_validate_parse: 2 callbacks suppressed [ 470.001717][T26081] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9508'. [ 470.342737][ T24] wg1 speed is unknown, defaulting to 1000 [ 471.250912][T26152] netlink: 36 bytes leftover after parsing attributes in process `syz.4.9538'. [ 471.324340][T26154] xt_hashlimit: size too large, truncated to 1048576 [ 471.835782][T26185] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9551'. [ 471.993529][T26192] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9557'. [ 472.004051][T26192] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9557'. [ 472.170825][T26205] syzkaller1: entered promiscuous mode [ 472.176946][T26205] syzkaller1: entered allmulticast mode [ 472.447489][T26217] netlink: 256 bytes leftover after parsing attributes in process `syz.0.9565'. [ 472.470852][T26217] netlink: 256 bytes leftover after parsing attributes in process `syz.0.9565'. [ 472.478912][T26224] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 473.061294][T26260] netlink: 27 bytes leftover after parsing attributes in process `syz.3.9586'. [ 473.078453][ T5142] Bluetooth: hci4: command 0x0406 tx timeout [ 473.147706][T26262] netlink: 207952 bytes leftover after parsing attributes in process `syz.3.9588'. [ 473.607681][T26292] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9601'. [ 473.894131][T26297] macvtap1: entered promiscuous mode [ 473.904479][T26297] macvtap1: entered allmulticast mode [ 473.917003][T26297] veth1_vlan: entered allmulticast mode [ 473.945546][T26302] macvtap2: entered promiscuous mode [ 473.952784][T26302] macvtap2: entered allmulticast mode [ 474.899508][T26358] netlink: 'syz.3.9627': attribute type 11 has an invalid length. [ 475.047458][T26367] __nla_validate_parse: 3 callbacks suppressed [ 475.047481][T26367] netlink: 84 bytes leftover after parsing attributes in process `syz.4.9628'. [ 475.178375][T26372] netlink: 212348 bytes leftover after parsing attributes in process `syz.4.9633'. [ 475.275609][T26378] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.9636'. [ 475.344980][T26382] netlink: 43 bytes leftover after parsing attributes in process `syz.2.9638'. [ 475.608121][T26398] netlink: 'syz.1.9645': attribute type 17 has an invalid length. [ 475.628590][T26398] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9645'. [ 475.658396][T26398] netlink: 28 bytes leftover after parsing attributes in process `syz.1.9645'. [ 475.978522][T26416] netem: change failed [ 476.271087][T26434] syzkaller1: entered promiscuous mode [ 476.282378][T26434] syzkaller1: entered allmulticast mode [ 476.297682][T26436] veth0: entered promiscuous mode [ 476.319800][T26435] veth0: left promiscuous mode [ 476.626087][T26455] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.9670'. [ 476.659465][T26457] syzkaller1: entered promiscuous mode [ 476.665015][T26457] syzkaller1: entered allmulticast mode [ 476.719128][T26461] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 324 [ 476.817286][T26469] macvtap1: entered promiscuous mode [ 476.834306][T26469] macvtap1: entered allmulticast mode [ 476.860849][T26469] veth1_vlan: entered allmulticast mode [ 476.905864][T26469] macvtap2: entered promiscuous mode [ 476.911391][T26469] macvtap2: entered allmulticast mode [ 477.352416][T26502] netlink: 'syz.4.9692': attribute type 4 has an invalid length. [ 477.923388][T26535] netlink: 104 bytes leftover after parsing attributes in process `syz.4.9707'. [ 477.965477][T26538] netlink: 67 bytes leftover after parsing attributes in process `syz.1.9708'. [ 478.061559][T26544] netlink: 64 bytes leftover after parsing attributes in process `syz.1.9712'. [ 479.290042][T26622] block nbd2: Unsupported socket: should be TCP or UNIX. [ 479.896270][T26662] pim6reg1: entered promiscuous mode [ 479.908478][T26662] pim6reg1: entered allmulticast mode [ 480.814414][T26723] __nla_validate_parse: 3 callbacks suppressed [ 480.814437][T26723] netlink: 60 bytes leftover after parsing attributes in process `syz.0.9792'. [ 480.831662][T26723] netlink: 60 bytes leftover after parsing attributes in process `syz.0.9792'. [ 480.842358][T26723] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9792'. [ 481.267813][T26746] netlink: 16 bytes leftover after parsing attributes in process `syz.3.9802'. [ 481.292422][T26750] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9803'. [ 481.329536][T26748] netem: change failed [ 482.435538][T26822] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.9834'. [ 482.523491][T26826] netlink: 'syz.2.9836': attribute type 11 has an invalid length. [ 482.531664][T26826] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9836'. [ 482.554766][T26826] netlink: 'syz.2.9836': attribute type 11 has an invalid length. [ 482.573676][T26826] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9836'. [ 482.786640][T26842] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9842'. [ 482.809336][T26842] chnl_net:caif_netlink_parms(): no params data found [ 482.840201][T26844] netlink: 16215 bytes leftover after parsing attributes in process `syz.0.9841'. [ 483.083517][T26856] netlink: 'syz.4.9848': attribute type 7 has an invalid length. [ 483.112993][T26856] erspan0: entered promiscuous mode [ 483.120811][T26856] gretap0: entered promiscuous mode [ 483.282090][T26864] vlan5: entered allmulticast mode [ 483.352916][T26864] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 483.372423][T26864] bond_slave_0: left allmulticast mode [ 483.380576][T26864] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 483.393046][T26864] bond_slave_1: left allmulticast mode [ 483.404725][T26864] bond0 (unregistering): Released all slaves [ 483.415749][T26874] netlink: 'syz.0.9856': attribute type 1 has an invalid length. [ 483.488626][T26874] bond3: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 483.529724][T26874] bond3: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode [ 483.581177][T26874] bond3: (slave ip6gre1): making interface the new active one [ 483.607050][T26874] bond3: (slave ip6gre1): Enslaving as an active interface with an up link [ 483.817190][T26895] netlink: 'syz.0.9865': attribute type 20 has an invalid length. [ 483.851710][ T77] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 483.861063][ T77] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 483.870562][T26895] netlink: 'syz.0.9865': attribute type 20 has an invalid length. [ 483.879488][ T77] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 483.889433][ T77] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 484.105578][T26906] netlink: 'syz.3.9871': attribute type 11 has an invalid length. [ 484.351463][T26921] netlink: 'syz.3.9879': attribute type 7 has an invalid length. [ 484.658953][T26938] netlink: 'syz.3.9887': attribute type 8 has an invalid length. [ 484.703202][T26938] bond0: entered promiscuous mode [ 484.714706][T26942] netlink: 'syz.0.9888': attribute type 7 has an invalid length. [ 484.723782][T26938] gretap0: entered promiscuous mode [ 484.737869][T26938] bond0: left promiscuous mode [ 484.744354][T26942] netlink: 'syz.0.9888': attribute type 8 has an invalid length. [ 484.752326][T26938] gretap0: left promiscuous mode [ 484.840390][T26946] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 484.931177][ T30] audit: type=1800 audit(1776168348.209:9): pid=26949 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.9893" name=4996AE17DFFC2E43C8174B54B620636894AAACF28FF62616363C70A440AEC4014CAF28C0ADC04308 dev="tmpfs" ino=9748 res=0 errno=0 [ 486.085199][T27025] __nla_validate_parse: 14 callbacks suppressed [ 486.085223][T27025] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9924'. [ 486.357258][T27039] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9929'. [ 486.384325][T27034] 8021q: adding VLAN 0 to HW filter on device bond5 [ 486.449634][T27046] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.9932'. [ 486.587198][T27053] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.9935'. [ 486.597905][T27053] netlink: Unknown conntrack attr (0) [ 487.098362][T27068] bond0: (slave ip6gre2): The slave device specified does not support setting the MAC address [ 487.125202][T27068] bond0: (slave ip6gre2): Setting fail_over_mac to active for active-backup mode [ 487.158923][T27068] bond0: (slave ip6gre2): making interface the new active one [ 487.173414][T27068] bond0: (slave ip6gre2): Enslaving as an active interface with an up link [ 487.210325][T27075] 8021q: adding VLAN 0 to HW filter on device bond6 [ 487.259244][T27076] bond6: (slave geneve4): making interface the new active one [ 487.270705][T27076] bond6: (slave geneve4): Enslaving as an active interface with an up link [ 487.784450][T27103] validate_nla: 3 callbacks suppressed [ 487.784472][T27103] netlink: 'syz.2.9952': attribute type 20 has an invalid length. [ 487.812684][T27103] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9952'. [ 487.852814][T10155] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 487.852859][T27103] netlink: 'syz.2.9952': attribute type 20 has an invalid length. [ 487.875273][T10155] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 487.900096][T10155] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 487.910373][T27103] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9952'. [ 487.919456][T10155] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 489.529805][T27167] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.9972'. [ 489.633475][T27171] netlink: 'syz.2.9974': attribute type 12 has an invalid length. [ 489.962911][T27180] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.9978'. [ 490.252525][T27187] netlink: 'syz.0.9981': attribute type 1 has an invalid length. [ 490.790434][T27202] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 491.569141][T27234] netlink: 16 bytes leftover after parsing attributes in process `syz.3.10003'. [ 491.680720][T27236] netlink: 207952 bytes leftover after parsing attributes in process `syz.4.10004'. [ 492.005039][T27250] netlink: 20 bytes leftover after parsing attributes in process `syz.1.10010'. [ 492.184847][T27260] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 492.191515][T27260] syzkaller1: Linktype set failed because interface is up [ 492.576030][T27280] bond0: (slave bridge_slave_1): Releasing backup interface [ 492.597801][T27280] bridge_slave_1: left promiscuous mode [ 492.649180][T27280] bond0: (slave bond_slave_0): Releasing backup interface [ 492.678533][T27280] bond_slave_0: left promiscuous mode [ 492.706764][T27280] bond0: (slave bond_slave_1): Releasing backup interface [ 492.722330][T27280] bond_slave_1: left promiscuous mode [ 492.740110][T27280] team0: Port device team_slave_0 removed [ 492.754576][T27280] team0: Port device team_slave_1 removed [ 492.769638][T27280] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 492.787337][T27280] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 492.819589][T27280] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 492.855738][T27280] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 492.908995][T27280] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 492.970255][T27285] team0: Mode changed to "random" [ 493.186848][T27312] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 493.467087][T27332] netlink: 12 bytes leftover after parsing attributes in process `syz.4.10045'. [ 493.525048][T27332] 8021q: adding VLAN 0 to HW filter on device bond2 [ 493.534520][T27338] netlink: 'syz.3.10047': attribute type 15 has an invalid length. [ 493.544290][T27338] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10047'. [ 493.565500][T10155] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 2816 - 0 [ 493.574749][T27338] netlink: 'syz.3.10047': attribute type 15 has an invalid length. [ 493.582993][T10155] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 2816 - 0 [ 493.593297][T27338] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10047'. [ 493.603705][T10155] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 2816 - 0 [ 493.612602][T10155] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 2816 - 0 [ 494.121802][T27371] gretap2: entered promiscuous mode [ 494.132399][T27371] batman_adv: batadv0: Adding interface: gretap2 [ 494.141191][T27371] batman_adv: batadv0: The MTU of interface gretap2 is too small (1462) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1500. [ 494.163737][T27371] batman_adv: batadv0: Not using interface gretap2 (retrying later): interface not active [ 494.618394][T27395] nbd3: detected capacity change from 0 to 63 [ 494.628360][T27400] block nbd3: NBD_DISCONNECT [ 494.637161][T27400] block nbd3: Disconnected due to user request. [ 494.646086][T27393] blk_print_req_error: 138 callbacks suppressed [ 494.646108][T27393] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 494.663468][T27400] block nbd3: shutting down sockets [ 494.673082][T27393] buffer_io_error: 138 callbacks suppressed [ 494.673103][T27393] Buffer I/O error on dev nbd3, logical block 0, async page read [ 494.688787][T27393] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 494.716053][T27393] Buffer I/O error on dev nbd3, logical block 1, async page read [ 494.739201][ T5157] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 2 prio class 2 [ 494.749920][ T5157] Buffer I/O error on dev nbd3, logical block 2, async page read [ 494.757727][ T5157] Buffer I/O error on dev nbd3, logical block 3, async page read [ 494.771812][T27393] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 494.781542][T27393] Buffer I/O error on dev nbd3, logical block 0, async page read [ 494.789696][T27393] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 494.800821][T27393] Buffer I/O error on dev nbd3, logical block 1, async page read [ 494.809230][T27393] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 494.821350][T27393] Buffer I/O error on dev nbd3, logical block 2, async page read [ 494.829724][T27393] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 494.841628][T27393] Buffer I/O error on dev nbd3, logical block 3, async page read [ 494.849840][T27393] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 494.859910][T27393] Buffer I/O error on dev nbd3, logical block 0, async page read [ 494.867880][T27393] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 494.877816][T27393] Buffer I/O error on dev nbd3, logical block 1, async page read [ 494.886095][T27393] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 494.896996][T27393] ldm_validate_partition_table(): Disk read failed. [ 494.904319][T27393] Dev nbd3: unable to read RDB block 0 [ 494.910753][T27393] nbd3: unable to read partition table [ 494.924356][T27393] ldm_validate_partition_table(): Disk read failed. [ 494.931858][T27393] Dev nbd3: unable to read RDB block 0 [ 494.939103][T27393] nbd3: unable to read partition table [ 495.371461][T27425] netlink: 'syz.1.10086': attribute type 9 has an invalid length. [ 495.379881][T27425] netlink: 'syz.1.10086': attribute type 11 has an invalid length. [ 495.391783][T27425] netlink: 'syz.1.10086': attribute type 12 has an invalid length. [ 495.401924][T27425] netlink: 210020 bytes leftover after parsing attributes in process `syz.1.10086'. [ 495.413112][T27429] block nbd0: Unsupported socket: should be TCP or UNIX. [ 495.440629][T27428] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 495.459499][T27425] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10086'. [ 495.541470][T27428] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 495.674936][T27428] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 495.711993][T27435] wg1 speed is unknown, defaulting to 1000 [ 495.746033][T27428] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 496.215062][T27453] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10096'. [ 496.267373][T10157] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 496.319856][T10157] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 496.364416][T27456] syzkaller1: entered promiscuous mode [ 496.390156][T27456] syzkaller1: entered allmulticast mode [ 496.401915][T10155] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 496.503495][T27459] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10098'. [ 496.517197][T10155] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 496.633594][T27463] bond4: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 496.665080][T27463] bond4: (slave lo): Enslaving as an active interface with an up link [ 496.706524][T27463] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 496.994498][T27483] netlink: 'syz.3.10109': attribute type 1 has an invalid length. [ 497.004033][T27483] netlink: 224 bytes leftover after parsing attributes in process `syz.3.10109'. [ 497.014277][T27481] netlink: 'syz.4.10106': attribute type 25 has an invalid length. [ 497.041316][T27481] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10106'. [ 497.114180][T27481] netlink: 'syz.4.10106': attribute type 25 has an invalid length. [ 497.131919][T10151] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 497.148172][T10151] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 497.154257][T27481] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10106'. [ 497.169325][T27486] bond7: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 497.182642][T27494] netlink: 'syz.0.10112': attribute type 7 has an invalid length. [ 497.193179][T27486] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 497.211670][T10151] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 497.234598][T10151] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 497.243379][T27494] netlink: 'syz.0.10112': attribute type 7 has an invalid length. [ 497.572259][ T5965] block nbd3: Receive control failed (result -107) [ 497.599724][T27516] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10122'. [ 497.638891][T27508] nbd3: detected capacity change from 0 to 127 [ 497.650077][T27393] block nbd3: Dead connection, failed to find a fallback [ 497.667687][T27393] block nbd3: shutting down sockets [ 497.674556][T27393] ldm_validate_partition_table(): Disk read failed. [ 497.682316][T27393] Dev nbd3: unable to read RDB block 0 [ 497.689515][T27393] nbd3: unable to read partition table [ 497.701597][T27393] ldm_validate_partition_table(): Disk read failed. [ 497.710326][T27393] Dev nbd3: unable to read RDB block 0 [ 497.716857][T27393] nbd3: unable to read partition table [ 497.798892][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 497.809430][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 497.844907][T27518] "syz.3.10123" (27518) uses obsolete ecb(arc4) skcipher [ 498.361635][T27552] nbd4: detected capacity change from 0 to 63 [ 498.378707][T27557] block nbd4: NBD_DISCONNECT [ 498.383566][T27557] block nbd4: Disconnected due to user request. [ 498.410015][T27557] block nbd4: shutting down sockets [ 498.416301][T27393] ldm_validate_partition_table(): Disk read failed. [ 498.449270][T27393] Dev nbd4: unable to read RDB block 0 [ 498.464363][T27393] nbd4: unable to read partition table [ 498.475495][T27393] ldm_validate_partition_table(): Disk read failed. [ 498.484100][T27393] Dev nbd4: unable to read RDB block 0 [ 498.492044][T27393] nbd4: unable to read partition table [ 498.535193][T27563] netlink: 240 bytes leftover after parsing attributes in process `syz.2.10141'. [ 498.726211][T27576] netlink: 28 bytes leftover after parsing attributes in process `syz.2.10148'. [ 498.737219][T27576] netlink: 28 bytes leftover after parsing attributes in process `syz.2.10148'. [ 498.813414][T27582] mac80211_hwsim hwsim13 syzkaller0: entered allmulticast mode [ 498.823720][T27580] mac80211_hwsim hwsim13 syzkaller0: left allmulticast mode [ 499.122950][T27596] netlink: 28 bytes leftover after parsing attributes in process `syz.1.10157'. [ 499.279440][T27607] netlink: 16 bytes leftover after parsing attributes in process `syz.0.10162'. [ 499.493988][ C0] vcan0: j1939_tp_rxtimer: 0xffff888033379c00: rx timeout, send abort [ 499.995199][ C0] vcan0: j1939_tp_rxtimer: 0xffff888033378400: rx timeout, send abort [ 500.003955][ C0] vcan0: j1939_tp_rxtimer: 0xffff888033379c00: abort rx timeout. Force session deactivation [ 500.358740][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 500.367271][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 500.376451][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 500.507169][ C0] vcan0: j1939_tp_rxtimer: 0xffff888033378400: abort rx timeout. Force session deactivation [ 501.638617][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 501.655020][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.661876][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.083603][T27668] veth0_macvtap: left allmulticast mode [ 502.492188][T27696] trusted_key: syz.2.10192 sent an empty control message without MSG_MORE. [ 502.726402][T27702] netlink: 212328 bytes leftover after parsing attributes in process `syz.2.10196'. [ 502.757230][T27702] netlink: Unknown conntrack attr (type=2304, max=9) [ 502.918573][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 503.038414][T27717] netlink: 140 bytes leftover after parsing attributes in process `syz.2.10201'. [ 503.429837][T27723] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10204'. [ 503.452101][T27723] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10204'. [ 503.529205][T27723] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10204'. [ 503.539473][T27723] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10204'. [ 503.941915][T27744] "syz.1.10209" (27744) uses obsolete ecb(arc4) skcipher [ 504.165570][T27749] erspan0: left promiscuous mode [ 504.175255][T27749] macvlan0: left promiscuous mode [ 504.189667][T27749] gretap1: left promiscuous mode [ 504.207223][T27749] sit1: left promiscuous mode [ 504.373051][T27751] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 504.491857][T27755] netlink: 1363 bytes leftover after parsing attributes in process `syz.1.10215'. [ 504.824604][T27769] vcan0: tx drop: invalid da for name 0x0000000000000008 [ 505.011024][T27779] netlink: 'syz.2.10225': attribute type 1 has an invalid length. [ 505.051692][T27779] netlink: 96 bytes leftover after parsing attributes in process `syz.2.10225'. [ 505.062199][T27779] netlink: 1 bytes leftover after parsing attributes in process `syz.2.10225'. [ 505.210364][T27790] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10230'. [ 505.244528][T27791] syzkaller1: entered promiscuous mode [ 505.264926][T27791] syzkaller1: entered allmulticast mode [ 505.349037][T10151] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 505.369643][T10151] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 505.407078][T10151] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 505.438902][T10151] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 505.478714][T10151] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 505.632706][T27804] bond3: entered allmulticast mode [ 507.240422][T27848] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 507.254872][T27848] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 507.392150][T27877] netlink: 'syz.0.10267': attribute type 9 has an invalid length. [ 507.401078][T27877] netlink: 'syz.0.10267': attribute type 11 has an invalid length. [ 507.409966][T27877] netlink: 'syz.0.10267': attribute type 12 has an invalid length. [ 507.996605][T27860] tipc: Resetting bearer [ 508.348624][T27860] veth1_vlan: left allmulticast mode [ 508.567135][ T77] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 2816 - 0 [ 508.581667][ T77] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.591471][ T77] netdevsim netdevsim3 netdevsim0: unset [1, 1] type 2 family 0 port 57960 - 0 [ 508.600980][ T77] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 2816 - 0 [ 508.615760][ T77] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.625104][ T77] netdevsim netdevsim3 netdevsim1: unset [1, 1] type 2 family 0 port 57960 - 0 [ 508.698631][ T77] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 2816 - 0 [ 508.720743][ T77] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.737516][ T77] netdevsim netdevsim3 netdevsim2: unset [1, 1] type 2 family 0 port 57960 - 0 [ 508.747254][ T77] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 2816 - 0 [ 508.788341][ T77] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.797282][ T77] netdevsim netdevsim3 netdevsim3: unset [1, 1] type 2 family 0 port 57960 - 0 [ 508.882664][T27913] bond4: option mode: unable to set because the bond device has slaves [ 508.911340][T27913] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 508.936984][T27916] __nla_validate_parse: 9 callbacks suppressed [ 508.937006][T27916] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10282'. [ 508.979127][T27918] netlink: 'syz.2.10284': attribute type 4 has an invalid length. [ 509.027740][T27918] netlink: 'syz.2.10284': attribute type 4 has an invalid length. [ 509.238136][T27933] netlink: 'syz.4.10290': attribute type 21 has an invalid length. [ 509.248794][T27933] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10290'. [ 509.274458][T27933] netlink: 'syz.4.10290': attribute type 21 has an invalid length. [ 509.288797][T27933] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10290'. [ 509.301590][T27935] IPv6: sit2: Disabled Multicast RS [ 509.490502][T27946] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.10297'. [ 509.659187][T27954] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10303'. [ 509.696192][T27954] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10303'. [ 509.708864][T27957] ip6tnl3: entered promiscuous mode [ 509.863858][T27970] pim6reg1: entered promiscuous mode [ 509.881748][T27970] pim6reg1: entered allmulticast mode [ 510.125898][T27984] veth0_to_team: left allmulticast mode [ 510.261347][T27994] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.10318'. [ 510.298556][T27992] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10317'. [ 510.702708][T28019] netlink: 12 bytes leftover after parsing attributes in process `syz.3.10330'. [ 511.354863][T28059] syzkaller1: entered promiscuous mode [ 511.360618][T28059] syzkaller1: entered allmulticast mode [ 511.489448][T28066] netlink: 'syz.1.10351': attribute type 1 has an invalid length. [ 511.534777][T28069] netlink: 'syz.2.10353': attribute type 1 has an invalid length. [ 511.595072][T28069] 8021q: adding VLAN 0 to HW filter on device bond8 [ 511.612275][T28071] netlink: 'syz.0.10354': attribute type 13 has an invalid length. [ 511.626319][T28069] netlink: 20 bytes leftover after parsing attributes in process `syz.2.10353'. [ 511.654343][T28071] netlink: 'syz.0.10354': attribute type 13 has an invalid length. [ 511.765932][T28080] netlink: 'syz.0.10358': attribute type 5 has an invalid length. [ 511.776145][T28080] netlink: 'syz.0.10358': attribute type 5 has an invalid length. [ 511.786946][T28078] netlink: 'syz.2.10357': attribute type 9 has an invalid length. [ 511.813252][T28078] netlink: 'syz.2.10357': attribute type 11 has an invalid length. [ 511.825268][T28078] netlink: 'syz.2.10357': attribute type 12 has an invalid length. [ 512.053351][T28093] ip6tnl4: entered promiscuous mode [ 512.791207][T28144] atomic_op ffff88807b544198 conn xmit_atomic 0000000000000000 [ 512.873628][T28148] syzkaller1: entered promiscuous mode [ 512.879687][T28148] syzkaller1: entered allmulticast mode [ 512.985506][T28152] bond7: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 513.004749][T28152] bond7: (slave lo): Enslaving as an active interface with an up link [ 513.013520][T28152] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 513.517664][T28181] netlink: 'syz.3.10404': attribute type 1 has an invalid length. [ 513.924139][T28209] veth0: entered promiscuous mode [ 514.125992][T28218] __nla_validate_parse: 20 callbacks suppressed [ 514.126015][T28218] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10419'. [ 514.574341][T28241] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.10429'. [ 514.592122][T28242] netlink: 20 bytes leftover after parsing attributes in process `syz.2.10427'. [ 514.835564][T28259] netlink: 16 bytes leftover after parsing attributes in process `syz.3.10435'. [ 515.874468][T28304] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10456'. [ 516.196155][T28315] netlink: 212344 bytes leftover after parsing attributes in process `syz.4.10462'. [ 516.395371][T28330] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 516.416998][T28331] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10470'. [ 516.537709][T28336] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.10471'. [ 516.787530][T28346] "syz.1.10476" (28346) uses obsolete ecb(arc4) skcipher [ 517.507178][T28365] netlink: 28 bytes leftover after parsing attributes in process `syz.4.10485'. [ 517.543096][T28365] netlink: 28 bytes leftover after parsing attributes in process `syz.4.10485'. [ 518.071144][T28400] syzkaller1: entered promiscuous mode [ 518.098561][T28400] syzkaller1: entered allmulticast mode [ 518.327079][T28410] hsr_slave_0 (unregistering): left promiscuous mode [ 518.500980][T28427] validate_nla: 6 callbacks suppressed [ 518.501009][T28427] netlink: 'syz.1.10510': attribute type 1 has an invalid length. [ 518.894649][T28452] veth1_vlan (unregistering): left allmulticast mode [ 519.982170][T28510] netlink: 'syz.3.10539': attribute type 7 has an invalid length. [ 520.008870][T28510] netlink: 'syz.3.10539': attribute type 7 has an invalid length. [ 520.140088][T28516] __nla_validate_parse: 3 callbacks suppressed [ 520.140110][T28516] netlink: 24 bytes leftover after parsing attributes in process `syz.0.10543'. [ 520.780509][T28553] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10560'. [ 520.804475][T28553] netlink: 'syz.0.10560': attribute type 18 has an invalid length. [ 520.815435][T28553] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10560'. [ 520.826834][T28553] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10560'. [ 520.838052][T28553] netlink: 'syz.0.10560': attribute type 18 has an invalid length. [ 520.873155][T28553] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10560'. [ 521.195933][T28569] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10568'. [ 521.223133][T28569] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10568'. [ 521.240662][T28571] netlink: 207952 bytes leftover after parsing attributes in process `syz.4.10569'. [ 521.283022][T28574] netlink: 'syz.0.10570': attribute type 22 has an invalid length. [ 521.321944][T28574] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10570'. [ 521.344568][T28574] netlink: 'syz.0.10570': attribute type 22 has an invalid length. [ 521.382651][T28574] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10570'. [ 521.678346][T28596] netlink: Conntrack attr has 4 unknown bytes [ 521.763654][T28600] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 522.029899][T28617] netlink: 'syz.4.10589': attribute type 3 has an invalid length. [ 522.047453][T28617] netlink: 'syz.4.10589': attribute type 3 has an invalid length. [ 522.281992][T28630] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 522.293676][T28630] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 522.302371][T28630] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 522.310088][T28630] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 522.737796][T28651] netlink: 'syz.1.10603': attribute type 9 has an invalid length. [ 523.689574][T28707] syzkaller1: entered promiscuous mode [ 523.695444][T28707] syzkaller1: entered allmulticast mode [ 524.369643][T28747] xt_hashlimit: size too large, truncated to 1048576 [ 524.501444][T28759] validate_nla: 5 callbacks suppressed [ 524.501465][T28759] netlink: 'syz.0.10646': attribute type 14 has an invalid length. [ 524.583101][T28759] netlink: 'syz.0.10646': attribute type 14 has an invalid length. [ 524.709244][T28768] netlink: 'syz.3.10649': attribute type 1 has an invalid length. [ 524.758942][T28768] netlink: 'syz.3.10649': attribute type 1 has an invalid length. [ 525.104775][T28769] ref_ctr_offset mismatch. inode: 0xa0 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x6 [ 525.322620][T28789] netlink: 'syz.2.10657': attribute type 9 has an invalid length. [ 525.354205][T28789] netlink: 'syz.2.10657': attribute type 11 has an invalid length. [ 525.382991][T28789] netlink: 'syz.2.10657': attribute type 12 has an invalid length. [ 525.411769][T28789] __nla_validate_parse: 20 callbacks suppressed [ 525.411791][T28789] netlink: 210020 bytes leftover after parsing attributes in process `syz.2.10657'. [ 525.458497][T28789] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10657'. [ 525.511391][T28800] netlink: 52 bytes leftover after parsing attributes in process `syz.4.10659'. [ 525.572975][T28799] netlink: 24 bytes leftover after parsing attributes in process `syz.3.10661'. [ 525.584677][T28802] netlink: 'syz.0.10662': attribute type 1 has an invalid length. [ 525.620359][T28802] 8021q: adding VLAN 0 to HW filter on device bond4 [ 525.680273][T28802] bond4: (slave geneve2): making interface the new active one [ 525.690842][T28802] bond4: (slave geneve2): Enslaving as an active interface with an up link [ 525.699658][T10151] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 525.756533][T10151] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 525.812848][T10151] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 525.852214][T10151] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 525.954568][T28820] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10667'. [ 525.965552][T28820] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10667'. [ 526.204379][T28836] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10673'. [ 526.327076][T28841] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10674'. [ 526.337325][T28841] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10674'. [ 527.111875][T28878] netlink: 'syz.3.10690': attribute type 12 has an invalid length. [ 527.131579][T28879] bond5: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 527.165846][T28878] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10690'. [ 527.192038][T28879] bond5: (slave lo): Enslaving as an active interface with an up link [ 527.212379][T28879] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 527.240023][T28878] netlink: 'syz.3.10690': attribute type 12 has an invalid length. [ 529.743593][T28976] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 529.753260][T28976] syzkaller1: Refused to change device type [ 530.380945][T29008] netlink: Conntrack attr has 3 unknown bytes [ 530.513523][T29016] __nla_validate_parse: 11 callbacks suppressed [ 530.513544][T29016] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10745'. [ 530.529573][T29016] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10745'. [ 530.539639][T29016] validate_nla: 2 callbacks suppressed [ 530.539657][T29016] netlink: 'syz.1.10745': attribute type 15 has an invalid length. [ 530.563669][T29016] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10745'. [ 530.563689][T27114] netdevsim netdevsim1 netdevsim0: set [0, 1] type 1 family 0 port 256 - 0 [ 530.591994][T29016] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10745'. [ 530.603274][T27114] netdevsim netdevsim1 netdevsim1: set [0, 1] type 1 family 0 port 256 - 0 [ 530.605368][T29016] netlink: 'syz.1.10745': attribute type 15 has an invalid length. [ 530.631485][T27114] netdevsim netdevsim1 netdevsim2: set [0, 1] type 1 family 0 port 256 - 0 [ 530.649794][T27114] netdevsim netdevsim1 netdevsim3: set [0, 1] type 1 family 0 port 256 - 0 [ 530.758408][T29026] netlink: 'syz.4.10749': attribute type 19 has an invalid length. [ 530.766591][T29026] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10749'. [ 530.776724][T29026] netlink: 'syz.4.10749': attribute type 19 has an invalid length. [ 530.789165][T29026] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10749'. [ 530.922277][T29035] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10752'. [ 530.936618][T29035] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10752'. [ 531.216598][T29051] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10760'. [ 531.249336][T29051] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10760'. [ 531.586250][T29074] netlink: 'syz.3.10772': attribute type 51 has an invalid length. [ 532.336310][T29114] vcan0: tx address claim with different name [ 532.673519][T29130] 8021q: adding VLAN 0 to HW filter on device bond6 [ 533.531003][T29186] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 533.569476][T29186] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0 [ 533.696413][T29186] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 533.712863][T29186] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0 [ 533.733597][T29196] veth1_to_bond: entered allmulticast mode [ 533.743484][T29196] veth1_to_bond: left allmulticast mode [ 533.843477][T29186] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 533.863334][T29186] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0 [ 533.972491][T29186] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 533.989571][T29186] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0 [ 534.156007][T10151] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 534.166449][T10151] netdevsim netdevsim1 eth0: set [0, 1] type 1 family 0 port 256 - 0 [ 534.227284][T10151] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 534.248853][T10151] netdevsim netdevsim1 eth1: set [0, 1] type 1 family 0 port 256 - 0 [ 534.300627][T10151] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 534.334376][T10151] netdevsim netdevsim1 eth2: set [0, 1] type 1 family 0 port 256 - 0 [ 534.443082][ T77] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 534.478405][ T77] netdevsim netdevsim1 eth3: set [0, 1] type 1 family 0 port 256 - 0 [ 535.056534][T29243] syzkaller1: entered promiscuous mode [ 535.065634][T29243] syzkaller1: entered allmulticast mode [ 535.399851][T29263] wg1 speed is unknown, defaulting to 1000 [ 535.812570][T29277] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0 [ 536.678569][T29299] syzkaller1: entered promiscuous mode [ 536.684121][T29299] syzkaller1: entered allmulticast mode [ 537.062137][T29318] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 537.087789][T29319] syzkaller1: entered promiscuous mode [ 537.094810][T29319] syzkaller1: entered allmulticast mode [ 537.405507][T29329] __nla_validate_parse: 11 callbacks suppressed [ 537.405531][T29329] netlink: 212344 bytes leftover after parsing attributes in process `syz.4.10875'. [ 537.516583][T29333] bridge0: port 1(bridge_slave_0) entered disabled state [ 537.543309][T29335] netlink: 'syz.4.10877': attribute type 16 has an invalid length. [ 537.567039][T29335] netlink: 'syz.4.10877': attribute type 17 has an invalid length. [ 537.671900][T29335] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 538.062436][T29350] netlink: 28 bytes leftover after parsing attributes in process `syz.3.10883'. [ 538.087876][T29350] netlink: 28 bytes leftover after parsing attributes in process `syz.3.10883'. [ 538.733390][T29381] netlink: 16 bytes leftover after parsing attributes in process `syz.4.10891'. [ 538.989766][T29395] netlink: 'syz.3.10898': attribute type 1 has an invalid length. [ 539.013536][T29395] netlink: 'syz.3.10898': attribute type 1 has an invalid length. [ 539.616682][T29429] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10911'. [ 539.716862][T29434] netlink: 'syz.3.10913': attribute type 15 has an invalid length. [ 540.240538][T29463] mac80211_hwsim hwsim13 syzkaller0: entered allmulticast mode [ 540.589962][T29483] netlink: 'syz.0.10937': attribute type 1 has an invalid length. [ 540.737848][T29486] bond7: (slave gretap1): making interface the new active one [ 540.766933][T29486] bond7: (slave gretap1): Enslaving as an active interface with an up link [ 540.783722][T29493] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10941'. [ 541.049795][T29506] syzkaller1: entered promiscuous mode [ 541.055579][T29506] syzkaller1: entered allmulticast mode [ 541.192035][T29516] netlink: 'syz.1.10950': attribute type 1 has an invalid length. [ 541.296393][T29516] 8021q: adding VLAN 0 to HW filter on device bond2 [ 541.385778][T29520] bond2: (slave gretap2): making interface the new active one [ 541.427344][T29520] bond2: (slave gretap2): Enslaving as an active interface with an up link [ 541.768597][T29541] wg1 speed is unknown, defaulting to 1000 [ 541.789179][T29545] netlink: 184 bytes leftover after parsing attributes in process `syz.0.10958'. [ 542.235216][T29565] ip6gre2: entered promiscuous mode [ 542.240975][T29565] ip6gre2: entered allmulticast mode [ 542.255356][T29565] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 542.665513][T29587] bond4: option lacp_rate: mode dependency failed, not supported in mode active-backup(1) [ 542.698926][T29587] bond4 (unregistering): Released all slaves [ 542.707743][T29592] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10979'. [ 542.748885][T29585] syzkaller1: entered promiscuous mode [ 542.758530][T29585] syzkaller1: entered allmulticast mode [ 542.916154][T29601] netlink: 'syz.2.10983': attribute type 11 has an invalid length. [ 542.932519][T29601] netlink: 'syz.2.10983': attribute type 4 has an invalid length. [ 542.950090][T29601] netlink: 'syz.2.10983': attribute type 5 has an invalid length. [ 542.963162][T29602] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10982'. [ 542.976447][T29601] netlink: 'syz.2.10983': attribute type 6 has an invalid length. [ 542.986033][T29601] netlink: 199748 bytes leftover after parsing attributes in process `syz.2.10983'. [ 543.044797][T10151] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 543.058876][T29602] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10982'. [ 543.067962][T10151] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 543.099962][T10151] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 543.128918][T10151] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 543.402986][T29615] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 543.417887][T29621] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 543.486224][T29631] netlink: 'syz.3.10993': attribute type 1 has an invalid length. [ 543.685685][T10149] netdevsim netdevsim4 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 543.694743][T10149] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 543.703781][T10149] netdevsim netdevsim4 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 543.715426][T10149] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 543.740877][T29634] bond6: (slave gretap1): making interface the new active one [ 543.750884][T29634] bond6: (slave gretap1): Enslaving as an active interface with an up link [ 543.784183][T10149] netdevsim netdevsim4 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 543.810834][T10149] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 543.978956][T10149] netdevsim netdevsim4 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 543.987384][T10149] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 544.417799][T29671] bridge0: entered allmulticast mode [ 545.128915][T29715] netlink: 'syz.3.11025': attribute type 1 has an invalid length. [ 545.136855][T29715] netlink: 'syz.3.11025': attribute type 4 has an invalid length. [ 545.145339][T29715] netlink: 9422 bytes leftover after parsing attributes in process `syz.3.11025'. [ 545.439692][T29686] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 545.457340][T29730] netlink: 'syz.3.11031': attribute type 10 has an invalid length. [ 545.466045][T29730] netlink: 16154 bytes leftover after parsing attributes in process `syz.3.11031'. [ 545.781974][T29748] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11039'. [ 545.798870][T29748] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11039'. [ 545.871065][T29755] netlink: 240 bytes leftover after parsing attributes in process `syz.4.11038'. [ 546.349296][T29780] netlink: 'syz.3.11054': attribute type 4 has an invalid length. [ 546.360612][T29780] netlink: 'syz.3.11054': attribute type 4 has an invalid length. [ 546.614298][T29795] netlink: 20 bytes leftover after parsing attributes in process `syz.2.11059'. [ 546.627790][T29795] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 546.635128][T29795] IPv6: NLM_F_CREATE should be set when creating new route [ 546.822062][T29805] netlink: 'syz.1.11065': attribute type 7 has an invalid length. [ 547.393865][T29837] vcan0: tx drop: invalid sa for name 0x0000000000000002 [ 547.616798][T29853] gretap0: entered promiscuous mode [ 548.207433][T29838] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 548.640950][T29877] __nla_validate_parse: 5 callbacks suppressed [ 548.640975][T29877] netlink: 212348 bytes leftover after parsing attributes in process `syz.3.11094'. [ 548.760579][T29882] netlink: 24 bytes leftover after parsing attributes in process `syz.0.11097'. [ 548.790392][T29882] netlink: 24 bytes leftover after parsing attributes in process `syz.0.11097'. [ 548.823604][T29884] syzkaller1: entered promiscuous mode [ 548.861180][T29884] syzkaller1: entered allmulticast mode [ 549.134839][T29900] erspan0: entered promiscuous mode [ 549.148319][T29900] erspan0: entered allmulticast mode [ 549.393714][T29911] syzkaller0: entered promiscuous mode [ 549.399414][T29911] syzkaller0: entered allmulticast mode [ 549.593841][T29926] netlink: 156 bytes leftover after parsing attributes in process `syz.3.11114'. [ 551.162144][T29945] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.11120'. [ 551.225997][T29947] netlink: 12 bytes leftover after parsing attributes in process `syz.4.11121'. [ 551.260307][T29947] netlink: 12 bytes leftover after parsing attributes in process `syz.4.11121'. [ 551.300242][T29950] syzkaller1: entered promiscuous mode [ 551.316738][T29950] syzkaller1: entered allmulticast mode [ 551.485203][T29959] validate_nla: 1 callbacks suppressed [ 551.485226][T29959] netlink: 'syz.3.11127': attribute type 1 has an invalid length. [ 551.579404][T29963] mac80211_hwsim hwsim13 syzkaller0: Caught tx_queue_len zero misconfig [ 551.662652][T29965] bond7: (slave bridge4): making interface the new active one [ 551.681739][T29965] bond7: (slave bridge4): Enslaving as an active interface with an up link [ 552.038957][T29991] netlink: 92 bytes leftover after parsing attributes in process `syz.3.11140'. [ 552.097536][T29995] netlink: 16 bytes leftover after parsing attributes in process `syz.2.11141'. [ 552.139066][T29997] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11142'. [ 553.356603][T30043] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 553.629526][T30057] netlink: 'syz.2.11168': attribute type 1 has an invalid length. [ 553.684010][T30057] bond9: (slave geneve5): making interface the new active one [ 553.693931][T30057] bond9: (slave geneve5): Enslaving as an active interface with an up link [ 553.703691][T10149] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 553.731174][T10149] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 553.755619][T10149] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 553.776853][T10149] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 554.118590][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 554.805862][T30122] netlink: 'syz.0.11194': attribute type 1 has an invalid length. [ 555.036610][T30127] bond8: (slave gretap2): making interface the new active one [ 555.049243][T30127] bond8: (slave gretap2): Enslaving as an active interface with an up link [ 555.110535][T30135] netlink: 'syz.3.11198': attribute type 21 has an invalid length. [ 555.119010][T30135] netlink: 'syz.3.11198': attribute type 22 has an invalid length. [ 555.127037][T30135] netlink: 'syz.3.11198': attribute type 23 has an invalid length. [ 555.137421][T30135] netlink: 'syz.3.11198': attribute type 25 has an invalid length. [ 555.145897][T30135] __nla_validate_parse: 1 callbacks suppressed [ 555.145917][T30135] netlink: 96 bytes leftover after parsing attributes in process `syz.3.11198'. [ 555.386977][T30146] GUP no longer grows the stack in syz.2.11204 (30146): 200000003000-20000000a000 (200000001000) [ 555.398987][T30146] CPU: 1 UID: 0 PID: 30146 Comm: syz.2.11204 Not tainted syzkaller #0 PREEMPT(full) [ 555.399019][T30146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 555.399034][T30146] Call Trace: [ 555.399042][T30146] [ 555.399053][T30146] dump_stack_lvl+0xe8/0x150 [ 555.399092][T30146] __get_user_pages+0x2453/0x29d0 [ 555.399129][T30146] ? __lock_acquire+0x6b5/0x2cf0 [ 555.399182][T30146] ? __gup_longterm_locked+0xc4e/0x1630 [ 555.399218][T30146] ? down_read_killable+0x1bb/0x340 [ 555.399248][T30146] __gup_longterm_locked+0xdcf/0x1630 [ 555.399313][T30146] gup_fast_fallback+0x1d82/0x22e0 [ 555.399387][T30146] ? __pfx_gup_fast_fallback+0x10/0x10 [ 555.399424][T30146] ? is_valid_gup_args+0x11f/0x200 [ 555.399461][T30146] ? get_user_pages_fast+0x4d/0xb0 [ 555.399499][T30146] __iov_iter_get_pages_alloc+0x3b6/0xb10 [ 555.399535][T30146] ? __pfx_pipe_clear_nowait+0x10/0x10 [ 555.399565][T30146] iov_iter_get_pages2+0x5e/0xa0 [ 555.399595][T30146] __se_sys_vmsplice+0x7b3/0x1490 [ 555.399641][T30146] ? __pfx___se_sys_vmsplice+0x10/0x10 [ 555.399695][T30146] ? __pfx_futex_wake+0x10/0x10 [ 555.399739][T30146] ? lockdep_hardirqs_on+0x7a/0x110 [ 555.399840][T30146] do_syscall_64+0x14d/0xf80 [ 555.399872][T30146] ? trace_irq_disable+0x3b/0x150 [ 555.399891][T30146] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 555.399914][T30146] ? clear_bhb_loop+0x40/0x90 [ 555.399943][T30146] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 555.399966][T30146] RIP: 0033:0x7f81a119c819 [ 555.399987][T30146] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 555.400008][T30146] RSP: 002b:00007f81a2087028 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 555.400032][T30146] RAX: ffffffffffffffda RBX: 00007f81a1415fa0 RCX: 00007f81a119c819 [ 555.400049][T30146] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000005 [ 555.400063][T30146] RBP: 00007f81a1232c91 R08: 0000000000000000 R09: 0000000000000000 [ 555.400077][T30146] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 555.400090][T30146] R13: 00007f81a1416038 R14: 00007f81a1415fa0 R15: 00007ffd0e06d678 [ 555.400128][T30146] [ 555.825913][T30167] tipc: Failed to remove unknown binding: 66,1,1/10136234:288088453/288088455 [ 555.836380][T30167] tipc: Failed to remove unknown binding: 66,1,1/10136234:288088453/288088455 [ 556.117266][T30175] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.11214'. [ 556.821030][T30199] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 557.043293][T30213] sock: sock_set_timeout: `syz.4.11231' (pid 30213) tries to set negative timeout [ 558.067486][T30232] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.11240'. [ 559.005253][T30279] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11261'. [ 559.020509][T30279] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11261'. [ 559.032939][T30279] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11261'. [ 559.035220][T30281] netlink: 212344 bytes leftover after parsing attributes in process `syz.3.11262'. [ 559.044605][T30279] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11261'. [ 559.225204][T30240] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 559.334964][T30291] mac80211_hwsim hwsim13 syzkaller0: left allmulticast mode [ 559.380766][T30297] netlink: 24 bytes leftover after parsing attributes in process `syz.1.11270'. [ 560.754547][T30339] netlink: 40 bytes leftover after parsing attributes in process `syz.1.11288'. [ 560.826175][T30341] sctp: [Deprecated]: syz.2.11289 (pid 30341) Use of int in maxseg socket option. [ 560.826175][T30341] Use struct sctp_assoc_value instead [ 560.845236][T30343] netlink: 'syz.0.11290': attribute type 1 has an invalid length. [ 560.960226][T30343] bond9: (slave geneve3): making interface the new active one [ 560.991334][T30343] bond9: (slave geneve3): Enslaving as an active interface with an up link [ 561.035449][T10149] netdevsim netdevsim0 netdevsim0: set [1, 2] type 2 family 0 port 20000 - 0 [ 561.048364][T10149] netdevsim netdevsim0 netdevsim1: set [1, 2] type 2 family 0 port 20000 - 0 [ 561.101647][T10149] netdevsim netdevsim0 netdevsim2: set [1, 2] type 2 family 0 port 20000 - 0 [ 561.118286][T10149] netdevsim netdevsim0 netdevsim3: set [1, 2] type 2 family 0 port 20000 - 0 [ 561.264516][T30358] RDS: rds_bind could not find a transport for 2001::, load rds_tcp or rds_rdma? [ 561.267561][T30363] syzkaller1: entered promiscuous mode [ 561.325496][T30363] syzkaller1: entered allmulticast mode [ 561.883417][T30386] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11307'. [ 562.040748][T30392] netlink: 64 bytes leftover after parsing attributes in process `syz.4.11311'. [ 562.229845][T30403] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.11315'. [ 562.251163][T30403] netlink: Conntrack attr type has unexpected length (type=2, length=0, expected=2) [ 562.306751][T30408] netlink: 24 bytes leftover after parsing attributes in process `syz.0.11318'. [ 563.066073][T30455] wg1 speed is unknown, defaulting to 1000 [ 563.086229][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.093338][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.402024][T30471] netlink: 20 bytes leftover after parsing attributes in process `syz.0.11344'. [ 563.462371][T30473] netlink: 12 bytes leftover after parsing attributes in process `syz.1.11345'. [ 563.686334][T30484] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11349'. [ 563.737619][T30488] netlink: 'syz.4.11351': attribute type 26 has an invalid length. [ 563.749128][T30488] netlink: 4 bytes leftover after parsing attributes in process `syz.4.11351'. [ 563.758682][T30488] netlink: 'syz.4.11351': attribute type 26 has an invalid length. [ 563.772610][T30488] netlink: 4 bytes leftover after parsing attributes in process `syz.4.11351'. [ 565.069375][T30549] netlink: 'syz.1.11373': attribute type 2 has an invalid length. [ 565.453589][T30563] netlink: 'syz.3.11378': attribute type 1 has an invalid length. [ 565.467249][T30559] A link change request failed with some changes committed already. Interface eth0 may have been left with an inconsistent configuration, please check. [ 565.563057][T10157] nci: nci_data_exchange_complete: no rx callback, dropping rx data... [ 565.573088][T30573] bond8: (slave ip6gre3): The slave device specified does not support setting the MAC address [ 565.588390][T30573] bond8: (slave ip6gre3): Setting fail_over_mac to active for active-backup mode [ 565.623188][T30573] bond8: (slave ip6gre3): making interface the new active one [ 565.633375][T30573] bond8: (slave ip6gre3): Enslaving as an active interface with an up link [ 566.279351][T30565] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 567.286894][T30628] __nla_validate_parse: 3 callbacks suppressed [ 567.286919][T30628] netlink: 12 bytes leftover after parsing attributes in process `syz.4.11402'. [ 567.501193][T30639] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11408'. [ 567.669840][T30646] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11410'. [ 567.719106][T30650] netlink: 12 bytes leftover after parsing attributes in process `syz.1.11411'. [ 567.859965][T30653] netlink: 'syz.3.11413': attribute type 1 has an invalid length. [ 567.949058][T30653] bond9: entered promiscuous mode [ 567.954623][T30653] 8021q: adding VLAN 0 to HW filter on device bond9 [ 567.969711][T30659] bond9: (slave ipvlan3): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 567.982874][T30659] bond9: (slave ipvlan3): The slave device specified does not support setting the MAC address [ 567.996377][T30659] bond9: (slave ipvlan3): Setting fail_over_mac to active for active-backup mode [ 568.562878][T30676] netlink: 24 bytes leftover after parsing attributes in process `syz.3.11422'. [ 569.224962][T30688] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11426'. [ 569.287693][T30690] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11426'. [ 569.478756][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 570.381749][T30699] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11428'. [ 570.488125][T30701] syzkaller0: entered promiscuous mode [ 570.495060][T30701] syzkaller0: entered allmulticast mode [ 570.547574][T30708] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11431'. [ 570.597234][T30712] netlink: 'syz.2.11432': attribute type 4 has an invalid length. [ 570.604433][T30711] netlink: 28 bytes leftover after parsing attributes in process `syz.0.11433'. [ 572.398453][T30731] __nla_validate_parse: 1 callbacks suppressed [ 572.398476][T30731] netlink: 24 bytes leftover after parsing attributes in process `syz.3.11438'. [ 572.536907][T30744] netlink: 48 bytes leftover after parsing attributes in process `syz.1.11443'. [ 572.616508][T30738] netlink: 36 bytes leftover after parsing attributes in process `syz.1.11443'. [ 572.755651][T30748] netlink: 156 bytes leftover after parsing attributes in process `syz.0.11444'. [ 572.772233][T30748] netlink: 20 bytes leftover after parsing attributes in process `syz.0.11444'. [ 572.870283][T30759] netlink: 11562 bytes leftover after parsing attributes in process `syz.0.11449'. [ 572.974861][T30762] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11450'. [ 573.096901][T30772] netlink: 'syz.0.11454': attribute type 3 has an invalid length. [ 573.552837][T30794] netlink: 212344 bytes leftover after parsing attributes in process `syz.2.11465'. [ 573.605813][T30796] netlink: 24 bytes leftover after parsing attributes in process `syz.1.11466'. [ 573.800950][T30800] ieee802154 phy0 wpan0: encryption failed: -22 [ 573.872725][T30807] wg1 speed is unknown, defaulting to 1000 [ 574.718093][T30842] wg1 speed is unknown, defaulting to 1000 [ 575.118468][T30855] netlink: 'syz.1.11488': attribute type 1 has an invalid length. [ 575.230114][T30855] 8021q: adding VLAN 0 to HW filter on device bond3 [ 575.848908][T30859] bond3: (slave veth9): Enslaving as an active interface with a down link [ 575.907101][T30865] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 575.914725][T30865] bond3: (slave batadv0): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open [ 576.112867][T30866] wg1 speed is unknown, defaulting to 1000 [ 576.133062][T30875] tipc: Failed to remove unknown binding: 66,1,1/10136234:2287636500/2287636502 [ 576.354105][T30880] netlink: 'syz.4.11497': attribute type 1 has an invalid length. [ 576.364801][T30882] netlink: 24 bytes leftover after parsing attributes in process `syz.1.11496'. [ 576.413643][T30880] bond4: entered promiscuous mode [ 576.420553][T30880] 8021q: adding VLAN 0 to HW filter on device bond4 [ 576.464308][T30880] bond4: (slave bridge5): making interface the new active one [ 576.473363][T30880] bridge5: entered promiscuous mode [ 576.492925][T30880] bridge5: left promiscuous mode [ 576.750175][T30894] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 576.759433][T30894] team0: Failed to send port change of device batadv0 via netlink (err -105) [ 576.769326][T30894] team0: Failed to send options change via netlink (err -105) [ 576.777231][T30894] team0: Port device batadv0 added [ 576.961741][T30873] tipc: Failed to remove unknown binding: 66,1,1/10136234:2287636500/2287636502 [ 576.973017][T30873] tipc: Failed to remove unknown binding: 66,1,1/10136234:2287636500/2287636502 [ 577.589639][T30922] __nla_validate_parse: 3 callbacks suppressed [ 577.589692][T30922] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11513'. [ 577.612545][T30922] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11513'. [ 577.626263][T30924] netlink: 24 bytes leftover after parsing attributes in process `syz.2.11512'. [ 577.927042][T30941] netlink: 24 bytes leftover after parsing attributes in process `syz.2.11519'. [ 578.053356][T30949] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.11520'. [ 578.093650][T30953] netlink: 'syz.2.11524': attribute type 1 has an invalid length. [ 578.154202][T30956] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11525'. [ 578.185571][T30953] 8021q: adding VLAN 0 to HW filter on device bond10 [ 578.213309][T30957] bond10: (slave geneve6): making interface the new active one [ 578.224801][T30957] bond10: (slave geneve6): Enslaving as an active interface with an up link [ 578.413196][T30969] netlink: 24 bytes leftover after parsing attributes in process `syz.2.11530'. [ 578.702047][T30977] syzkaller1: entered promiscuous mode [ 578.708028][T30977] syzkaller1: entered allmulticast mode [ 578.788036][T30981] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11536'. [ 578.817526][T30981] netlink: 92 bytes leftover after parsing attributes in process `syz.3.11536'. [ 578.897262][T30983] netlink: 16 bytes leftover after parsing attributes in process `syz.3.11538'. [ 579.508395][T30886] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 579.676584][T31013] netlink: 'syz.1.11549': attribute type 1 has an invalid length. [ 579.789073][T31013] bond4: entered promiscuous mode [ 579.794174][T31013] bond4: entered allmulticast mode [ 579.810889][T31013] 8021q: adding VLAN 0 to HW filter on device bond4 [ 579.829646][T31017] macvlan3: entered promiscuous mode [ 579.835100][T31017] macvlan3: entered allmulticast mode [ 579.880933][T31017] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 580.319396][T31045] sctp: [Deprecated]: syz.1.11561 (pid 31045) Use of int in maxseg socket option. [ 580.319396][T31045] Use struct sctp_assoc_value instead [ 580.372562][T31047] syzkaller1: entered promiscuous mode [ 580.378108][T31047] syzkaller1: entered allmulticast mode [ 581.502881][T31092] netlink: 'syz.0.11577': attribute type 1 has an invalid length. [ 581.511590][T31092] netlink: 'syz.0.11577': attribute type 4 has an invalid length. [ 582.348121][T31117] netlink: 'syz.1.11587': attribute type 30 has an invalid length. [ 583.195511][T31137] __nla_validate_parse: 4 callbacks suppressed [ 583.195527][T31137] netlink: 12 bytes leftover after parsing attributes in process `syz.1.11595'. [ 583.343211][T31051] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 583.754355][T31158] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11605'. [ 583.858811][T31164] netlink: 'syz.0.11606': attribute type 1 has an invalid length. [ 584.119596][T31164] 8021q: adding VLAN 0 to HW filter on device bond10 [ 584.145197][T31165] bond10: (slave veth0_to_bond): Enslaving as an active interface with a down link [ 584.234091][T31166] bond10: entered promiscuous mode [ 584.245867][T31166] bond10: entered allmulticast mode [ 584.267094][T31177] tipc: Enabled bearer , priority 0 [ 584.294557][T31177] mac80211_hwsim hwsim13 syzkaller0: entered promiscuous mode [ 584.318627][T31177] mac80211_hwsim hwsim13 syzkaller0: entered allmulticast mode [ 584.887360][T31201] wg1 speed is unknown, defaulting to 1000 [ 585.247635][T31214] tipc: Enabling of bearer rejected, already enabled [ 585.266398][T31213] mac80211_hwsim hwsim13 +: renamed from syzkaller0 [ 585.288028][T31213] tipc: Disabling bearer [ 585.304649][T31211] wg1 speed is unknown, defaulting to 1000 [ 585.671087][T31231] netlink: 144 bytes leftover after parsing attributes in process `syz.3.11632'. [ 585.885381][T31243] netlink: 16 bytes leftover after parsing attributes in process `syz.1.11635'. [ 585.906335][T31243] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11635'. [ 585.931366][T31243] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11635'. [ 586.377427][T31272] skbuff: bad partial csum: csum=65535/2 headroom=4 headlen=65543 [ 586.829043][T31290] netlink: 'syz.2.11653': attribute type 1 has an invalid length. [ 586.921399][T31290] bond11: (slave vxcan1): The slave device specified does not support setting the MAC address [ 586.932244][T31290] bond11: (slave vxcan1): Setting fail_over_mac to active for active-backup mode [ 586.945585][T31290] bond11: (slave vxcan1): making interface the new active one [ 586.954153][T31290] bond11: (slave vxcan1): Enslaving as an active interface with an up link [ 587.074651][T31303] netlink: 16 bytes leftover after parsing attributes in process `syz.0.11657'. [ 587.074651][T31290] bond11: (slave vxcan3): The slave device specified does not support setting the MAC address [ 587.107080][T31290] bond11: (slave vxcan3): Enslaving as a backup interface with an up link [ 587.298721][T31313] bond_slave_1: entered promiscuous mode [ 587.305385][T31313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 587.401896][T31320] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11666'. [ 587.490706][T31327] netlink: 12 bytes leftover after parsing attributes in process `syz.0.11668'. [ 587.641934][T31333] tipc: Can't bind to reserved service type 1 [ 588.218097][T31337] bond10: entered promiscuous mode [ 588.251397][T31348] bond7: (slave lo): Releasing backup interface [ 588.267323][T31348] bond7: (slave lo): last VLAN challenged slave left bond - VLAN blocking is removed [ 588.281861][T31348] syz_tun: left allmulticast mode [ 588.286982][T31348] syz_tun: left promiscuous mode [ 588.292974][T31348] bridge0: port 3(syz_tun) entered disabled state [ 588.346990][T31348] veth0_to_bridge: left allmulticast mode [ 588.374008][T31348] veth0_to_bridge: left promiscuous mode [ 588.418852][T31348] bridge0: port 2(veth0_to_bridge) entered disabled state [ 588.482147][T31348] bridge_slave_0: left allmulticast mode [ 588.488784][T31348] bridge0: port 1(bridge_slave_0) entered disabled state [ 588.554166][T31348] bond0: (slave bridge_slave_1): Releasing backup interface [ 588.586346][T31348] bond0: (slave bond_slave_0): Releasing backup interface [ 588.662716][T31348] bond0: (slave bond_slave_1): Releasing backup interface [ 588.707298][T31348] team0: Port device team_slave_0 removed [ 588.735266][T31348] team0: Port device team_slave_1 removed [ 588.767966][T31348] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 588.803748][T31352] team0: No ports can be present during mode change [ 588.840348][ T6053] syz1: Port: 1 Link DOWN [ 589.031096][T31373] : entered promiscuous mode [ 589.950277][T31396] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11694'. [ 591.027413][T31430] xt_hashlimit: size too large, truncated to 1048576 [ 591.540624][T31447] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 591.968094][T31469] netlink: 'syz.3.11719': attribute type 30 has an invalid length. [ 591.977631][T31469] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11719'. [ 592.121733][T31450] lec:lec_atm_close: lec0: Shut down! [ 592.195346][T31481] netlink: 28 bytes leftover after parsing attributes in process `syz.3.11723'. [ 592.360585][T31486] wg1 speed is unknown, defaulting to 1000 [ 592.566600][T31491] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11726'. [ 592.732930][T31496] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11728'. [ 593.144239][T31509] syzkaller0: entered promiscuous mode [ 593.149985][T31509] syzkaller0: entered allmulticast mode [ 594.279421][T31440] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 594.908968][T31541] nbd4: detected capacity change from 0 to 127 [ 594.927263][ T5965] block nbd4: Receive control failed (result -104) [ 594.934895][T31444] block nbd4: Send control failed (result -32) [ 594.946673][T31444] block nbd4: Request send failed, requeueing [ 594.954208][ T11] block nbd4: Dead connection, failed to find a fallback [ 594.962135][ T11] block nbd4: shutting down sockets [ 594.967381][ T11] blk_print_req_error: 430 callbacks suppressed [ 594.967399][ T11] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 594.984122][ T11] buffer_io_error: 434 callbacks suppressed [ 594.984139][ T11] Buffer I/O error on dev nbd4, logical block 3, async page read [ 595.148447][T31548] netlink: 12 bytes leftover after parsing attributes in process `syz.4.11747'. [ 595.329420][T31556] netlink: 64 bytes leftover after parsing attributes in process `syz.4.11748'. [ 595.379294][T31556] syzkaller1: entered promiscuous mode [ 595.384849][T31556] syzkaller1: entered allmulticast mode [ 595.517555][T31566] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11752'. [ 595.555855][T31566] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11752'. [ 595.752637][T31581] ================================================================== [ 595.760822][T31581] BUG: KASAN: slab-out-of-bounds in af_alg_pull_tsgl+0x1c6/0x740 [ 595.768613][T31581] Read of size 8 at addr ffff8880317298a0 by task syz.1.11756/31581 [ 595.776630][T31581] [ 595.778990][T31581] CPU: 1 UID: 0 PID: 31581 Comm: syz.1.11756 Not tainted syzkaller #0 PREEMPT(full) [ 595.779018][T31581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 595.779032][T31581] Call Trace: [ 595.779040][T31581] [ 595.779050][T31581] dump_stack_lvl+0xe8/0x150 [ 595.779084][T31581] print_report+0xba/0x230 [ 595.779110][T31581] ? af_alg_pull_tsgl+0x1c6/0x740 [ 595.779144][T31581] kasan_report+0x117/0x150 [ 595.779174][T31581] ? af_alg_pull_tsgl+0x1c6/0x740 [ 595.779213][T31581] af_alg_pull_tsgl+0x1c6/0x740 [ 595.779257][T31581] skcipher_recvmsg+0x5df/0x1140 [ 595.779293][T31581] ? __pfx_skcipher_recvmsg+0x10/0x10 [ 595.779317][T31581] ? aa_sock_msg_perm+0xf1/0x1b0 [ 595.779361][T31581] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 595.779386][T31581] ? security_socket_recvmsg+0x7e/0x2c0 [ 595.779412][T31581] ? __pfx_skcipher_recvmsg+0x10/0x10 [ 595.779444][T31581] sock_recvmsg+0x172/0x1b0 [ 595.779470][T31581] __sys_recvfrom+0x240/0x3c0 [ 595.779501][T31581] ? __pfx___sys_recvfrom+0x10/0x10 [ 595.779544][T31581] ? exc_page_fault+0x6a/0xc0 [ 595.779577][T31581] ? do_user_addr_fault+0xc6f/0x1340 [ 595.779609][T31581] __x64_sys_recvfrom+0xde/0x100 [ 595.779638][T31581] do_syscall_64+0x14d/0xf80 [ 595.779668][T31581] ? trace_irq_disable+0x3b/0x150 [ 595.779687][T31581] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 595.779709][T31581] ? clear_bhb_loop+0x40/0x90 [ 595.779733][T31581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 595.779755][T31581] RIP: 0033:0x7f114e75d04e [ 595.779775][T31581] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 595.779795][T31581] RSP: 002b:00007f114f598e88 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 595.779818][T31581] RAX: ffffffffffffffda RBX: 00007f114f59a6c0 RCX: 00007f114e75d04e [ 595.779835][T31581] RDX: 0000000000001000 RSI: 00007f114f599000 RDI: 0000000000000004 [ 595.779850][T31581] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 595.779863][T31581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 595.779876][T31581] R13: 00007f114f598f58 R14: 00007f114f599000 R15: 0000000000000000 [ 595.779904][T31581] [ 595.779911][T31581] [ 595.999022][T31581] Allocated by task 31581: [ 596.003473][T31581] kasan_save_track+0x3e/0x80 [ 596.008197][T31581] __kasan_kmalloc+0x93/0xb0 [ 596.012827][T31581] __kmalloc_noprof+0x35c/0x760 [ 596.017713][T31581] sock_kmalloc+0xd6/0x160 [ 596.022258][T31581] skcipher_recvmsg+0x54d/0x1140 [ 596.027231][T31581] sock_recvmsg+0x172/0x1b0 [ 596.031756][T31581] __sys_recvfrom+0x240/0x3c0 [ 596.036461][T31581] __x64_sys_recvfrom+0xde/0x100 [ 596.041442][T31581] do_syscall_64+0x14d/0xf80 [ 596.046070][T31581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.051986][T31581] [ 596.054335][T31581] The buggy address belongs to the object at ffff888031729880 [ 596.054335][T31581] which belongs to the cache kmalloc-32 of size 32 [ 596.068327][T31581] The buggy address is located 0 bytes to the right of [ 596.068327][T31581] allocated 32-byte region [ffff888031729880, ffff8880317298a0) [ 596.082764][T31581] [ 596.085130][T31581] The buggy address belongs to the physical page: [ 596.091568][T31581] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x31729 [ 596.100367][T31581] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 596.107503][T31581] page_type: f5(slab) [ 596.111503][T31581] raw: 00fff00000000000 ffff88813fea7780 dead000000000100 dead000000000122 [ 596.120102][T31581] raw: 0000000000000000 0000000800400040 00000000f5000000 0000000000000000 [ 596.128702][T31581] page dumped because: kasan: bad access detected [ 596.135137][T31581] page_owner tracks the page as allocated [ 596.140863][T31581] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2908, tgid 2908 (kworker/u8:7), ts 21427933400, free_ts 21419851122 [ 596.160516][T31581] post_alloc_hook+0x231/0x280 [ 596.165322][T31581] get_page_from_freelist+0x24dc/0x2580 [ 596.170933][T31581] __alloc_frozen_pages_noprof+0x18d/0x380 [ 596.176789][T31581] allocate_slab+0x77/0x660 [ 596.181335][T31581] refill_objects+0x331/0x3c0 [ 596.186070][T31581] __pcs_replace_empty_main+0x2e6/0x730 [ 596.191667][T31581] __kmalloc_cache_noprof+0x392/0x660 [ 596.197076][T31581] kmem_cache_free+0x15b/0x630 [ 596.201868][T31581] release_task+0xfeb/0x16f0 [ 596.206496][T31581] do_exit+0x1674/0x23c0 [ 596.210778][T31581] call_usermodehelper_exec_async+0x357/0x360 [ 596.216888][T31581] ret_from_fork+0x51e/0xb90 [ 596.221535][T31581] ret_from_fork_asm+0x1a/0x30 [ 596.226359][T31581] page last free pid 10 tgid 10 stack trace: [ 596.232359][T31581] __free_frozen_pages+0xc2b/0xdb0 [ 596.237503][T31581] vfree+0x25a/0x400 [ 596.241419][T31581] delayed_vfree_work+0x55/0x80 [ 596.246296][T31581] process_scheduled_works+0xb6e/0x18c0 [ 596.251879][T31581] worker_thread+0xa53/0xfc0 [ 596.256497][T31581] kthread+0x388/0x470 [ 596.260607][T31581] ret_from_fork+0x51e/0xb90 [ 596.265230][T31581] ret_from_fork_asm+0x1a/0x30 [ 596.270029][T31581] [ 596.272369][T31581] Memory state around the buggy address: [ 596.278024][T31581] ffff888031729780: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 596.286129][T31581] ffff888031729800: fa fb fb fb fc fc fc fc 00 00 00 00 fc fc fc fc [ 596.294219][T31581] >ffff888031729880: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc [ 596.302415][T31581] ^ [ 596.307577][T31581] ffff888031729900: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc [ 596.315661][T31581] ffff888031729980: fa fb fb fb fc fc fc fc 00 00 00 00 fc fc fc fc [ 596.323771][T31581] ================================================================== [ 596.360945][T31581] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 596.368240][T31581] CPU: 0 UID: 0 PID: 31581 Comm: syz.1.11756 Not tainted syzkaller #0 PREEMPT(full) [ 596.377740][T31581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 596.387968][T31581] Call Trace: [ 596.391287][T31581] [ 596.394283][T31581] vpanic+0x56c/0xa60 [ 596.398378][T31581] ? __pfx_vpanic+0x10/0x10 [ 596.402934][T31581] ? __pfx___schedule+0x10/0x10 [ 596.407956][T31581] panic+0xc5/0xd0 [ 596.411747][T31581] ? __pfx_panic+0x10/0x10 [ 596.416219][T31581] ? preempt_schedule_common+0x82/0xd0 [ 596.421734][T31581] ? af_alg_pull_tsgl+0x1c6/0x740 [ 596.426817][T31581] check_panic_on_warn+0x89/0xb0 [ 596.431804][T31581] ? af_alg_pull_tsgl+0x1c6/0x740 [ 596.436895][T31581] end_report+0x73/0x180 [ 596.441193][T31581] ? af_alg_pull_tsgl+0x1c6/0x740 [ 596.446363][T31581] kasan_report+0x128/0x150 [ 596.450920][T31581] ? af_alg_pull_tsgl+0x1c6/0x740 [ 596.456004][T31581] af_alg_pull_tsgl+0x1c6/0x740 [ 596.460925][T31581] skcipher_recvmsg+0x5df/0x1140 [ 596.465915][T31581] ? __pfx_skcipher_recvmsg+0x10/0x10 [ 596.471332][T31581] ? aa_sock_msg_perm+0xf1/0x1b0 [ 596.476330][T31581] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 596.481657][T31581] ? security_socket_recvmsg+0x7e/0x2c0 [ 596.487255][T31581] ? __pfx_skcipher_recvmsg+0x10/0x10 [ 596.492678][T31581] sock_recvmsg+0x172/0x1b0 [ 596.497227][T31581] __sys_recvfrom+0x240/0x3c0 [ 596.501962][T31581] ? __pfx___sys_recvfrom+0x10/0x10 [ 596.507217][T31581] ? exc_page_fault+0x6a/0xc0 [ 596.511966][T31581] ? do_user_addr_fault+0xc6f/0x1340 [ 596.517309][T31581] __x64_sys_recvfrom+0xde/0x100 [ 596.522294][T31581] do_syscall_64+0x14d/0xf80 [ 596.526928][T31581] ? trace_irq_disable+0x3b/0x150 [ 596.531979][T31581] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.538095][T31581] ? clear_bhb_loop+0x40/0x90 [ 596.542795][T31581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.548713][T31581] RIP: 0033:0x7f114e75d04e [ 596.553146][T31581] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 596.572858][T31581] RSP: 002b:00007f114f598e88 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 596.581306][T31581] RAX: ffffffffffffffda RBX: 00007f114f59a6c0 RCX: 00007f114e75d04e [ 596.589303][T31581] RDX: 0000000000001000 RSI: 00007f114f599000 RDI: 0000000000000004 [ 596.597291][T31581] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 596.605287][T31581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 596.613277][T31581] R13: 00007f114f598f58 R14: 00007f114f599000 R15: 0000000000000000 [ 596.621281][T31581] [ 596.624493][T31581] Kernel Offset: disabled [ 596.628822][T31581] Rebooting in 86400 seconds..