last executing test programs: 4.075547089s ago: executing program 0 (id=5078): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) (async) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f00000000c0)=@abs={0x1, 0x0, 0x4e24}, 0x6e) (async) listen(r1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) connect$unix(r2, &(0x7f0000000000)=@abs={0x1, 0x0, 0x4e24}, 0x6e) (async) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xe, 0x10, &(0x7f0000000740)=@framed={{}, [@snprintf={{0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x8, 0xfe00}, {0x7, 0x0, 0x8}, {}, {0x5}, {0x7, 0x0, 0x0, 0x0}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x1a}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 3.937503495s ago: executing program 0 (id=5081): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000640)=@nat={'nat\x00', 0x670, 0x5, 0x378, 0x168, 0x210, 0xffffffff, 0x210, 0x168, 0x2e0, 0x2e0, 0xffffffff, 0x2e0, 0x2e0, 0x5, 0x0, {[{{@ip={@rand_addr=0x64010104, @local, 0xff0000ff, 0xffffff00, 'veth1_to_bridge\x00', 'geneve1\x00', {}, {0xff}, 0x16}, 0x0, 0x70, 0xb8, 0x48}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x6, @ipv4=@local, @ipv4=@remote, @gre_key=0xb, @port=0x4e23}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x1, 0x7, "db64985cd5f8f89e2d39bd1e973011c78ee53c45d0234524d46e18d7c613"}}}, {{@ip={@multicast2, @broadcast, 0xff, 0x0, 'syz_tun\x00', 'batadv_slave_1\x00', {0xff}}, 0x0, 0x70, 0xa8, 0x0, {0xf203}}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x2, @loopback, @empty, @icmp_id=0x68, @icmp_id=0x68}}}}, {{@uncond, 0x0, 0x98, 0xd0, 0x0, {}, [@common=@icmp={{0x28}, {0x4, "1542", 0x1}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x11, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @icmp_id, @icmp_id=0x800}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) 3.814646604s ago: executing program 0 (id=5084): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00'}, 0x10) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1], 0x4c}, 0x1, 0x0, 0x0, 0x8004}, 0x4040000) 3.675613914s ago: executing program 0 (id=5089): sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000080}, 0x4000080) r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendto$inet(r0, &(0x7f0000001040)="8932ed209b230927", 0x8, 0x6000c804, 0x0, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000100)=0x14, 0x80c00) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @notrack={{0xc}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x68}}, 0x0) socket$netlink(0x10, 0x3, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000001c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000100)={@link_local, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0x800001c, @multicast1}, {0x0, 0x17c1, 0x8}}}}}, 0x0) close(r3) socket(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @broadcast}) write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x2a) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad", 0x1) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001c00010029bd7000ffdbdf2507000000", @ANYRES32=r5, @ANYBLOB="90007f0a0a0002000180"], 0x30}, 0x1, 0x0, 0x0, 0x2bfdd7b83b402990}, 0x14) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r6, &(0x7f0000000000)=ANY=[], 0x3261e) r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_HARDIF(r6, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0x5c, r7, 0x8, 0x70bd26, 0x25dfdbfd, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x7}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xa}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10048804}, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000580)={&(0x7f0000000480)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x6, [@decl_tag={0x8, 0x0, 0x0, 0x11, 0x1, 0x8}, @fwd={0xc}]}, {0x0, [0x30, 0x5f, 0x0, 0x2e]}}, &(0x7f00000004c0)=""/158, 0x3a, 0x9e, 0x1, 0x1}, 0x28) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) 1.148427142s ago: executing program 2 (id=5106): ioctl$sock_SIOCDELDLCI(0xffffffffffffffff, 0x8981, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd000012c00f000000000060fc03000f982c00fea000000000000000000000000000aaff0200000000000000000000000000013a00000000000000020090780000d93f640000000f081120ff020000000000000000000000000001fe8000000000000000000000000000125d02000000000000070f55b5d747d5ce5853e308cdbcf10ddd0000000000000016e3000000000000c20400000000040100c204000000400710000000040204c806000000000000000002f6471c193e445fffa682333b6ea5d9758e49d1f56a2cacf058c91036aa2a98b0af004e6f5acbbab33a8a5a9112f348b1a0089ddf5d100402cf846849a5c61cd7554140293b1191985ab08825ff716bc3ec7c318469d1e246d1c2b6f9ac2da9fa05bbc052fd2c1e07394a280e009667ed6f989d69942944973c6d558feda3d1c3358d50dff7bdd2c1fb8021ade354c814396f3fc7c17209d79e6c4952e91a6ec461a7cc945887c3bce662f5449d7b817758d7db37c9b2d74a1e7f0e05c28fce1ed8803f1e214667d299c1bd9653c497bea87774d74ebc16b76bee5c7e6ba19f460cafc8a531b56ea9d086e7f82153806b9840ec4fa711abb32a8728e81b51406040e0c274c260aa9b0b468d88f95b045258ddd448a48b987951e70d75bba7371694f1fb2b1957b4954fb807f86d7c7781697c2304a26e879a066a81d9b4f9ad82632a90632f737b44dc95d5b56a4acfdca287e039c5ebe808b5d585eda8c1543dbc5bf1b6bfc52c5ff2a947bce2327ccfeccfc2ba9df17ea126da5c4bbb54018d4f8277939acd67cd26ce4173968cfb747b74d61eb69503dea36f616de641ed0755b2e37f14dc9a8d86bab92acdfcbb93bed1d4344f2fd9c539d5fda77cbae2bedb79e05fc03e64e253b03bd8ac170e54ee380314727c60a3bc1d689b989710dd0f9a418f90637db3aae7034a9b83e8c843ba835c6a500ae43e840688d0801a882ffb94b7a77bd2314217aac52d296d169395c0b3dc7339a389354e1e4ff0746e6b2e3fc0149a36e75eafc20d51812e984faeecb52ad9b89288bacf21c152290ff2f6781dc761a3e50d88a8b4da3e65782fa959d583c718cf64d09d330c381ae123bea01e7d25eb8f8be911f3928237e3878e505be36bb6852903dff1e77be22ccf3b3e1c8658a5b92c816c6f3f0306a196ec62d5a39ecf36528f18e639b26351b6bc9d1230482e5d8e2c9561de5204d98487364c50f7236c503db3665876f6c04f7f23d1606d36120f62e3fd3de4a7525678e3748905d5a14fa840297c7dda43e13e18fad1453d5c24ddcb4bef61ab494d4f620201993b1b20f339ec6409474a6f104edbe42e0df14633c9a40352f773600b335e6a7ec6f0b0511c6d55fb484696d3b3e2fa4346d26446cba1e2e7ae1de5df058e7c2b52a1d6bb2d2daff1c73a4718541d6b9882891870b3f17442bdc250de45202f7314cd6c3670c3061b9ea658f21e1c362d622316f158968f118a72bef80745a9159f3c77985ecd9bca98ccd482b96ab39701053e30fb4d6d5efc4ba8f33fe18b0df2ab24ad5b2169ed8569cc264f91481fe3accc27448231088f05d996f562fd1950e43313193d23338fc134753ef5127d57161597f99598d546e290123ac1c3df0f5ded6cad9f523e71f7d5ce0b7d41f0d2fc6f911bd6b578f156b7b85dcf90d423e1cb854bb18ddc6801fc30ce76df9c27c1d5d91e06e9209d061b43449d0abdf346c644db465ee610d3ed406af49c4e6119a1ec2ac9846350367f99e7255e5be602f0cce16439f3c5beb7276f96f2f9dffc88da05c8b197b90bf4ca75be6d767dc10d1ff883728fcaecbde596ed9b01a456e417fb9ded7431323b19a6fa8f6fd0ec596410a887037ff6a0feb81ce0dffdfdec39a5b04ec962e87bc038e4436b2a8ac00e51bca0976eef42211107422ff30034cc62355fcf65b51325fcd25861ee487c695b51ba4be9b3c47ab47388e9a8dcce4507acbf5b16164f85d12161c8038019f589e0117a02161dcf2fc01968983bde59dceda258e008e337a3af1c1127258b8877558918caa71355ca8d17be32b10d61e72a0391b6ed88327d1f6d030877fe893f777de0e0ec863f15a50b40d003a9a941182a0639674bd0b4f4f9716fb1c2e115a6465fa731759793b86a9bb70ae0bb18d0c5e53c120d192a71302d15fff0c2c76ad1f9e1281c42a659ed7b67c4f4d7c3fcd56a022bf8f043006c61f254a80184519935bbc805eefba13ed54234322506f28f362065d6a68c35473280d4b8196754a11604a901cfdea47dc6f442fa73ffc6fe5e59bece8741407a57fd5f36a5906951fe75bea732413200bb85053ad500ea6245bea8abccbf5e8927261f752c12a2765827ea9908f084b862ce41b11443f73f0ec6aa095db1bbce0b14bce8397b45da28c2ac2f33c8ecce00bdf34cd00aa95d181ea33e08b7c8a768a365c4279e2a5d9352eb62c628909cc4191e0ff81fd84cc4c371ffc000d8841a9ebe70574993579cfd0e35574ef6e4cc6edf42deb8cb1e38b55fead366238d8d7d83902c6da5ad2ee63843db90090d57eeebd90ec9b08a6ffffd6c60e0b017e0c22d08cf1e22e2e63df06b62e5e0cfcd7b9441d2ca09b4e96c3b61ed1459fc24d83301148940e554f4d78c453c7e2f262f09aebee218ec5a22f874768e4c1afa870262f2f67155c94b17a36475dd421eaee27632427ede8330b1d74d2cd1a2d0a7de694a7d87ede13b5ea664e89f3d872512581adc606cd841a2abd2ed34efe3ec8e4f03d1e38fadfd08cb1b65f4eac10c48894b6fda1440ddd5d22b06214dbd483a5da821c4f447cce31df27c40b14f4471abccd35e6673aaa17133e78a589f45331399d930534edae0402e811a411d557c184c44ebec37a4e146d8076a070cf1f967ba3341e4e8e0c8b4b4617ee2bf3e8ae478567137641b6f6bc1fafd0d15cfed74198646906b5b853c8206ebf1e7e46bd74ae848281c4d89c02057de523e7e3e75567811685c1be1d2f5a57ff5b32fb8ef19e44f25226701f1b6b66cac452620cb7529b411cd833e3b1ad07bc781be7cda26eeccdb57f44308e765e13f357356e3fb83dcb4994b369fd3ee6aa6e405da03703c0dbd0e47110533992fd2be5bde2cbf6f7e777082427189766afbe426e6014ec9d041e96bcc900d5bdf4be72142ed1ab4c1d88afe8408145e06ddd3c2820f5d928309b3ef77afdd500568d76eb99ebd6f4ab78d5e43aa61b8a0ec27e1f6475691183e19f9e43ef1e94f2656da3eb693921f13aee4d4140fc4d56ac5ff3ec97163915a028c1ed16c7d08e6862503b18283b30489507e35945197c22733dee593f1d20a53dc5a463d5b8a058fa555c220de3fe5252a83e10f163babc01ec11c2e2197491ebb06b43919320c7237c0e55cbf927e0b5aaadd81c0c4c49a30ff2f9426b32311cbf09e1bcbe75c89aec74cf848d1b2194760a6edc734aebac9b429ae0438c620d4ad23b42deb8f7f1806ee8db02261b1e6d35742b1c85602c8099c0ed85cd89969f7b9ffd5906483e788d9f8c01e998c000f3005ea9efef9ca977530999344093bd6d234e500d784b22ccc8de58065451196dc977d8e8c8deac7d47b1ddc23f82f09159796a883d8b530fa193a20c53c22c5ffa3e5d411329f6489266ea75ff184b7ff1b301293b3ff5de6eb3658d826e6aa114eac2e572bf7d0d085e1e927af2bc1b21d1eaa37075a4778bec44521e5341c89c7589ca85b0cbda1060bca778906705be8791e479cb9867b4f6f06802ae76fba15b8fbf14bfd1b393bcef6f7997ac66bd87fcdda9387a519b5dbb61f7f970772a406bdce40f48511344070ed00a20880fdcc19732df83f0ba1bf6c94e201a7a2c833239ebf380720d3ddd644c8b3d78a0eae5d0d7d22937fc5c3e9295cd7a412897b9c1123ffc1aec8c49c768ed008"], 0xfce) 1.07524082s ago: executing program 4 (id=5108): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f00000017c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x19}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) sendmsg$IEEE802154_ADD_IFACE(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000480)={0x14, r1, 0x1}, 0x14}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r3}, 0x8) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000001200000000000000000850000008a0000003e1523770700000095ff7efb5c7f097f91ca0f68d2ed80f9e65ed93b6eb1bcf0e5dc8317a4eae37f4f934dff2c086a97872ef732f9ad9ae9f02ebccc90b2aea2a3025b8c0936cbdb926e6e11b8abaaf9adce9c5fea695255f3688c071ed884a6b9119f7a41e9d1198c4f4a682eed4aedf0aa70cf90ca76af2c6391d0cb237f6517409ecfdd016dadeac3eaa06092658428cfa4c3111336638db5240806a8e96b48aeb2bc1f41ec09023c178b2dcead87237d2f198e4cccf6387e140caecd6dd90966109f73067d251f10e0cd08b436513736f6f9aae4312dd7b488c3ec25d41b7f", @ANYRES32=r3], &(0x7f0000000200)='GPL\x00'}, 0xfffffffffffffcae) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r4, 0x1f2f, 0x22, 0x0, &(0x7f0000000440)="9f44947021919559684010a408002d7a5d4153f0226dcacf36a548ab01b5cb16afce", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="540000000206030000000000000000000000000005000100070000000900020073797a30000000000c0007800800130000000000050005000200000005000400000000000d000300686173683a6e657400000000f3dfd470c506818e0a13f4218ecdc5caff487a97748e208e571922f0e3f8b964efca5a654890a1218bfdb8325599954a2a3fd6dab1141743fbc9d807473bebb87b7af068a24d4039228e3f2bbdc32ee0d2f7ed0a915d1d7efa902997d5afbf1a72d0005e91"], 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 1.074253996s ago: executing program 0 (id=5109): socket$nl_route(0x10, 0x3, 0x0) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24008010}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000013000000850000008600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x8, @loopback}, 0x1c) listen(r1, 0x5) accept4(r1, 0x0, 0x0, 0x80800) socket$inet6_tcp(0xa, 0x1, 0x0) 987.984885ms ago: executing program 3 (id=5110): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f00000000c0)={0x0, 0x8, 0x1, '2'}, 0x9) sendto$inet6(r0, &(0x7f0000000400)="cd", 0x1, 0x8010, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback, 0xfffffffe}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f00000006c0)={0x0, 0x8}, 0x8) 922.289113ms ago: executing program 4 (id=5112): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f00000000c0)={'wg1\x00', 0x0}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0}, &(0x7f0000000140)=0xc) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000001ac0)={{{@in=@initdev, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@private1}, 0x0, @in6=@initdev}}, &(0x7f0000000300)=0xe8) r5 = getpid() sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000540)=ANY=[@ANYBLOB="df2506018880bd9c7459a2511405892b6db6553e0dcfba0188b606feb0131bca03323642d21a301552596fd0459381a2d3bad54b1190259bfbcc8fd4c8e9a484d90a069d62644a4616d23b23620b058cb2b50759ca850fbd13782376985fc1c0d496b20145d248cf839cfa9048671e18b6ac556065168356a24ffaa022e235dcdf85dfbfd22c81f2a6defdcba168de7c6a18a562f4e430a87380eaf1cf31f0345f5f32a9b5dc7499193428710844953734c3d00030df598cb789788fbb52f13e9965648b5645b6e7eb0c551d44ca1e5ff483839b28ccf81cfbe5d5d20f35723992f2b92043e3052fac6604e2b07ffd9e0400358014005500ff0100000000000000000000000000010000040019002ebd0f14d1068b996c70a70f4a3530a79eb43b8713e6d0dea9753b94f114bb16e168bcd8dd042860170fbbe91a45cc"], 0x11c}, {&(0x7f0000000780)=ANY=[@ANYBLOB="041300003d00200028bd7000fedbdf25e28ba89df3bbba3caf036f84270c919cf0280294af5da8b7e1d74be3b0b15d0183cd36962c3b9f16137c9579d61e73bd0db0f4a0f00f382f0ba9e304a281ff65b925849ffa9fa1e3c230213f0872e177020a92efef873a44918f9778caf0c78be0fb3dfcd6da068d2356bad3746c2800bcda6491c3d0f72f8fd82b992b5441889c8dd365634a23efa505e664630741b8b37c2f66f2d8420728ddb5e028da3deeff3e12b556e14762e50b49d76c5abec170c889df0a4f05629416349dac696f8628c7f714006d800800f200070000000800a200020000001400a40000000010000000000000ffff7f00000108004100", @ANYRES32=r4, @ANYBLOB="8a01e680f198b5f1a514c48fb044da51a900dfca25b64268a700513d65a7753cd4b1cab5aa3bf66c30b88a1ac6c4e27ce715646adc3605597667f49a9c047ca6cee5ab804cb9ea522a04bcb57c934903da0201adac61476df2bfd74049b2e20097e901a356bb069a1e8fc7e71c40428c217786a8b15999b740d2c945935d93f2e350f323435dca623154b53c390bcbbaf06a26a4fe7824831a7b164af7cb4bf70500480000000000c4b72c87cdb4f1abca910598305d09b042cee138079b989bbe91dd0db99ea5a581ee6388f67365893ebe496df0579a29b75c3b0659f13fb30aeee76811ee64cde025db927a8b45a89482e0a58ff116ff2061a11aa1e07dcbfa04ca49a7e1e1f80ff48698576aacd299ccc95a50bc34bab55a227e7db9381a1088dba9c32c1e605a67a865f6321b33280f41d2557e6c0f17f91a3adebc3b4db3d74b4e627e299c1b41ac88580166a799368c9b0606118af6a29dbc9976799ca3dce2cab148b9bc6da19df65cea5d4eb107f08e21ba8e2b0a75973893dd49cf69410f84251ed2de8def00000f88b0a633cc76cbcfb768cf705313f2a6af764b0cd494fb80feb22ad86f2646a7a20b0ffd230f38122baa05c9d4dccf61abb9e0d51f5d47c3f725c3806a81a4e496fd38cb7b0f6d2f60f8b37a00816bebd2d57d0b9dc109afdf2433cf8b7494c988c0ddc0685cd6438006822f08110b8fcdbeba2ba40a19e83c6d56dd6a8fd936ce2c77352b1fec56673e94fafef9eb1e68e305b74eb5e6e8d410b0094fefbebd16366b2a205190241e2f6d1754a218117590d1de6d3ed622d72b3df029c5322b88e66ab514beba390dd9627afe162b364a7a66ecb007f1551c58df244177cad90883580786f9837218dc93628da2e76977cbd30b09cff396e7ab9d9209453d6a06458c2af4037e5edaa9e46f8f5c433d8b1bfaaa0ece78787c18af3c6313eb33ef61584ca3bd959fd7bab8c5f6feee2ec3e24d9c1e9b95e1c38444bc0aa6a514f4094cd3b96f506b0654f026b1be36e01da1c9f3bce636112dd81c37947c97b6e39e2175794a5a588e95a3b5104bb23cd1432c397d4b218e7008d33721b4dc9c9565ef1835554de7c97574f175054e6b14dce516dad0a1dabaef3407608737aa68d5d35c51776c4324db6aa14902f9aca47f47598eee32b5ffb1a9f95dfc369bf11b1fc3f46c5f37c3f1cc1e6ef4c037f5d28d4b970dcdafc0a631cc26d1aff700a4cb23216abc4b779bd6985d5b8852b5b2468525e653eb1b7ed2c67dc0cbf6ab4a21517718e7ecb0218a5ace57f815b654a80a53901fbf0b6202e5d536f579ca262201bb98c51b1538b126b5ffb7c715ba13a005602b363ccd16a22245b0f51e5204072a4aa50b79fb172205d910e624782e6ba697fd406523b948ac39cdbe91c4d5966987b5ed79fc49704a8722462c2faaf50a75cb590bb96d12db57f25447e0415049b55d4c3975d2a813f0158856753b0f757d19440c8cf5de731aeae4684da76125470001d26d6a3589cc730a7fe6e1701d5b274c6758abf515decc816d8240afb56532b3bc82e0b20b698c0459ac47c4ce0d549ba51acf36ad482b8f636d07b96b836334ed54a030c611f017db055c1ad80753915b27a525871b189f8920dc67d7b60b721a8896276896d240877c288e904e3bbe17ed12b41f008281fb200abcc90eca2c996ddc00fb006c3ff33113d208aceee274f55cf29d7fd9bf4b6ec1999a89d24313d030a4450aae27c0f15d0dd71ee08cb7168e21674344162cb1a3226f24f5d7ea4a9348a4ef7759da8b6ee365e20031062939ac8335ba12a8857b4eb29f14a314c37e6411ca85b637957d5fecde9720d17d32dc4fb8040a91a348f47fc6e82099fdb2a79da9fa0786324064475c592ddaefa5feb1208256a9a15c5abb78b3b6e10b0dbc40c71a9ec599bcbdfbd7f3a2bb90b90167e705216949c47c1a1bf51e11190c443cfcb3406b4983e28a0c5d1e24225c01b7febb59edaf62ae92454b776dc5c8ee2881c7bd1fd0796a55096b0b23c382f3239f31c45ba7401dfbef85feb0e30b80a9e0387853896ca1c996be8bd2cb3a02d2abf86de4bf54343cc4f8657d4a8eba4e26d28e7192f3e780ee74eec1e597ad6410015972e143d526be0a90ae42715c785f58fa6ad4bcf7b38fe3013aec30697e9a694280fd8d297c2bfd166ab84feeac3afcd0cdbb2681aeded651712b66a1a9c1bfa4083b9da8a991ea101ce99f37b65f9e2983bf0fee8c7c064e4453455fe16b678ccc5bc8aaecfc49d32a235fef86d467ae85539666d086d2bf6f4f1de813331c627f06ea057358232d188d38ccf17d6f5c97a55839f9336002aa06f87f5e26e11c8d12aaa9298a0e308c8e57e5cd2a083b3fce208009b992b2d018bbdeccf50235405f802fd087bc288d03768d5cb0a38b70a26c0e2b508b2b187f1ab9c9d56f9be55b42d8252dcbabdf73fb0013c2c3d47241d92d3c9056548c236f16d566c55baf4ef9ca9d8b608f76580c0044375189d69a70d423617d227ec0f6905dfae1531b759185057ebb7d6e16ed2c6aebda5d7393cf95d66a0d710cc6abed6e85fa483e8e55c00a8121e921a1cfacab57e98096664874c68a1ea227aa0a077afa76cbda26e27e128254f099d79bea4f58c442183a3f2d8cec2e4ffc63d0e32441e60f3401a24906e42ae683eeb32fb399ea53f7fc66d6e40b78f4aa4a6a8785f68701ffe09ad7ffe253faff5dae9628592e674ece76f20583b7e81f318d09054f81b1dc9c29dbf9bd6f74bdddd5fba6e793c7cefc1d7b06c42a78b84705dd7562d20dd4341f8629206e9c4524c456b67c15dae5693dcce5834cf0ce3b74b3fecf1bb083d5ef6b738707c31a551198979d24e42c29b94ed409968452f94b309f75fbac3016b76bc3a95f2d068a41a071957334dd87175b1bc4098e49a819bfd76258be1cc7c80c59cfd08bbb9a80f91340146cda3275d5ae7f70e3cfb84f34bcacb15b62da3b6e32d11bcce498078267d3f5e19f961d950df6838eddc9401a84b89a453fa564bb598a0398084b517c1d2111b4cb5a825127dd359b11e98f5cf0723ef38e94a41068cf1b95dd4a8120e7241f0ac00fce26540631974d45bc8f0190e5fac3177863ef4f56e20c7f2114dd6dfe06057202f962cb7cdec3dbc6e82fc24912ceb90291d32af14206f014f65ae4be69b32c6d19ba8a2219a33da3237d9799a3ed90136757f3b4d97e252041de070a5b7fa355f824053ad7dcd534de8d9ad26444ac5889d690312487c986a8e043006c4f9d24e2bc4ed478ad20440a75e031588f1f603c89e670e80144a92d829a37cbfff5f5049cb0235dae2bb05660d99cc4bad3fc13610f0ee73bdcb8936b0d3588f6d2ae5fcfaff3998ddb29647d48271056301b2313c974f1a5caf5aa065e150ed90f3a3a2666fc0f5fb339bf02186a5042201b8cd349c7573ce1963ab4daf3d559d6086a9a8671433fe851fc1a5deff930a38de1a8a8f6ca6fe92f0be8c6d2fe340245054f1d9f5345dc624655c47d3207a8bc09de8cb2ffcc760a79821a15400e348fe79c4c1f9c8c707899ece2e6be494d046dfb0d84227651d4cc7dabfee771648219ea0fdcd30a0c2f26905fb9e7f8a97f4fb6947af7b5b1d1dac52162a16161275f4d0009e96c8ca6fb0ab351d4a16f234e032aeb199c7277fa878bba17c2cdec45c0d5d63e2476f8a7fc9e4bbaa0ee60688ca4743db2c0c448f384bdc8ed7322d01cf89361e0870c580867ba669ead3e72082fddf924ce7b9afaf07c04986d8b37e71c58bd9abe89cd0d5f1d31d6a11b940af6f2b8a9e0ac4c0017844482b8f6ca0b432c96108b1552e6663555af95453b3bb55356db476ab8cf0f3e8e904e389bd82b37d494b004b4c4820b11a399be9e9052b5a79f975980686678488c8af9e3e61327c4e95cd3fbecc00da4d4b345f7b6b7e1fde70e905fbd0ceca6cd187458732ca5d26733e0d55c63a6c2ffe9c7716841f1e8532b210c938f66bf59fba3e11a32723ed37b9a019d0e33305a64f2fb8a3e430fda808301e0c91c05010f88ddd926448f574095f591202ea7a7d534433974ae556444b7d6af07f9ca5df6e7856ec67c5012e79e52e2c5e9017546fcf8614d1c1b2a6630ed9c09d40a03c390fac1dca78b1a68d9f17a2c490c23f9aa141e5705590243ec0b67442a1d27cba6b8442d53a1e45a360c259ddb3e177ecc57d9192a6873c91e81601cee2b285df415ea2f4fe03105abe701f62095bfab714c644c1ddc9e8a5a0b12d991e520ded3e4058c61155ad8575c98d2b6bb68a816cd2cad6b64a57f9688d5df95677bdd1ddf7d28fa21e5380babbdad061d4a5bfa1c016af714bc973fc99c2e61dbc444ef168f079436c5b57276d110c16e671604816ecd313fb5ddf41d1bb34e4265e94b8e47a9dbd07f521a70e3c6886653057c83eb5e48bae02b0c12a090089f0b2aee1f521548b962936b483668eef274dd459d19e8be3102e4c1637345664b639ca64af96a3788a8d1613aa0eede757927129425acf644fd9262607c35430bda103e6beaf49529d0faebe8a9b2ffcb0c8834325db86b0662a8a22a91e366c9b13a4fe84f6c7b0af07f2227e81b828cd967cffc44c82873aead9fa6d77efab9034be35869bc0ab79b2857686a300b67863c72dddbf8450bf5062458731c1638745f72221059447befbbd27dee0a3545fcc0185995d17ed6684ff1dabbfc3c966c83f6d247383e8bc4c14b034ba840057482e37f6945af33ce1f35dadd49594ef861f9eb9595911b9b88d8e0de285723f5abe0024629a6c2df0fb2d87cd06d557fc75eefb09131b0eec101687547530789d29b576044fe9be583a0ffd89c2748ed17be60d08c2791ac9ce55f72a776c0af559830893d7a11092bd24104bdf3df840105ebba693c4d859287f481abddeae00e5478df994afa6e87d19af0a37d5cc2f30da2f9d9097eed00fb85ef7be4db0fae32b1366c88a570206dbe30bd2586506a6291d9ec5343dc889f1ad2208b1eb2ae6001b06e160cfb8734bead944d32322df5b70b2f9929652c134af54f5a2db740b64b3c3ac2b7450e3c3299dc365ea3f0d60388e4b1afdb1437f3d1db91fc42ddcf5b1f6515dc151fcc5edcdd8d61e34767e80bca5a090c257bcdac9305c1f60f2e269900fa379a3210adc0748fd200138a5e2a414a8bfbeaba6f8582eeb7b17ae35f5aa7a6ed472d8a9d97d722174c78e92b5ff57bc45057fa710f990a8f5ef2982d2e01ccdc6ea1b90012c1eadcaafbe4dfd9640df964239bb6088c2446e50185f04a02241c7991a52885894be914cf2da68e2752ad8dd9d00703de96f13a0891278bb70b0b62af646fcb56c64877b6f82c1b6ef43076d25b0ead0f329fad62fe873dd03050d53ee81c50152c652ff1194af64698e606e670de71ac6059ba665f52707636fbd20856a42d5b180c67072806b8b745b3376736254d1c6910c573ed1bcbb158605d7bba0f71cc95954725363917291cb1056c88368ee844139e552543e050d65010307defeac2cc792068313f7fdd7ce9f26cb0ffb8f5b98c93196c202fa918b2dbedc5756cc2195a3aa74c2b9898336aae9230d646d7dc969a2ff752700e2949e38631d7bb68e803f158dd2ec3bf1c68644782972969e4e0878afe2b088027ec0916fc188775e2a40d44f035817bb312de7bfa1b6fd891d4bcb0268eeb8cc337312ed8a8a32b268309f86861b3b249b7a8470ed7174117759e0fe6816a957ffe5c491460cca0eeb7a0b24eb9f1791eb5e35d336ac72d000d738369f8e44040066ed7816082ef08224dc809592c79f423fccd8e461f123628bb9ab85f72405db6d4a52566e273a3b97b2704c7071ff434e8fc958d30fceb4743a826e6a72e351739392b35cbdc1a7740930c31727a7a3b7c247b733f45f084b9d7b46d794295c1f82f9f4adbef535c7c691cf504e159f3c612e09751febe5b3809026c90ad75488a7af00db3d338bfde0118031dca18356e5f54dd6bc02adf121f7e762fbdf7b79a75f4420bb93ce5f311e9296c530c22d7c386829a762c931ef1a34bdd2869fa40691991f291f0dd4ca5db85836651138f2b9fe842aeba8575a2259663808eb85962482198011dc17182efc0e6788fe422f7001cecf1e7d4b826a399bc159697478885b9f3121714dca12af72036eecddf3fdf843e18e1432adeef9511378557d3613d599de65baedeb4c7d3cd6771d3882fb3d2761512501c7aae4297386fca73d118e5a35c611a385cf31c2c3f153cfea9179de12b35d5dea0e67da7a8764c44d3c9a9ce5851588be2dd6c25bff5cd282e54ed6644ff85e8a65d42b66e81225163e69305806e431a95ad5f7ab513b17ff5f8e7d6150445f954f41b2966ec4f3e9f373a4b48435efe54aba7ea234a74ad38c545d0ff603219d28405e70f9c39f244b3d1663a6b1d3be31093178c70405f69ce288a0c44f84b94acaf349ac0025b0400230004001000000000"], 0x1304}, {&(0x7f0000000340)={0x158, 0x28, 0x800, 0x70bd26, 0x25dfdbff, "", [@generic="659bea3b9340a3485aef2e9ee238549bb45cf9bec53532694d65cd1d9c90807364ccb3036b339fbcb5ed5227a73bdf13a369d49ea255d75d6d4684147f09998cea4e839de7f913f79ccc731ad219e9bb05810df243414fad8275c9724e95376009fe7a40d4318c079b912bb2040f524d4f2dd6aea755ea49cbc598b4e1487c5b106f286a2135b773ce2f974de15f8f838fbbf322fcb1d841e96d9f19c295509c8c22c23a1b5536fb2b78ccfaf0338b", @typed={0xd, 0x3c, 0x0, 0x0, @str='![}]\\)&!\x00'}, @typed={0x8, 0xf1, 0x0, 0x0, @pid=r5}, @generic="5c82a0aaffbe62b3e7bcf4394d7d6968df2bd4968782623379a089b27bd5f7fd4b9ba02a316aeb118c612aa423d7124891e703d155b875cd7cae851c", @generic="87c51eb97c715b3985daa704efb5524d35dbad602ff22ab84675c99a750e4b3a25c3f30348b16d2d79628d7d0b4a7cf3a0", @typed={0x11, 0x1a, 0x0, 0x0, @str=':)\v.{\\!}&],{\x00'}]}, 0x158}], 0x3}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@acquire={0x204, 0x17, 0x1, 0x70bd25, 0x25dfdbff, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x4d4, 0xff}, @in6=@mcast1, {@in6=@remote, @in6=@local, 0x4e24, 0x100, 0x4e24, 0x0, 0x0, 0x20, 0x20, 0x2f, r1, r2}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x9, 0x4e24, 0x1, 0x0, 0xa0, 0x0, 0x21, 0x0, r4}, {0x7fffffffffffffff, 0x10001, 0xca, 0x4, 0x3, 0x72, 0x2, 0x80000001}, {0xffffffffffffffff, 0x563f, 0xa45, 0xfffffffffffffffc}, 0x1, 0x6e6bb7, 0x0, 0x1}, 0x200, 0xf, 0x7fffffff, 0x3}, [@proto={0x5, 0x19, 0x32}, @replay_val={0x10, 0xa, {0x70bd2b, 0x70bd2d, 0xfffffffc}}, @tmpl={0xc4, 0x5, [{{@in6=@empty, 0x4d4, 0x32}, 0x2, @in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x3504, 0x0, 0x3, 0x1, 0x1, 0x5, 0x353}, {{@in=@multicast2, 0x4d6, 0xff}, 0x2, @in6=@remote, 0x3504, 0x1, 0x2, 0xdb, 0x0, 0x1, 0x7}, {{@in6=@mcast1, 0x4d4, 0x3c}, 0x2, @in=@multicast2, 0x3506, 0x0, 0x2, 0x80, 0x5, 0xfffffffe, 0x9}]}]}, 0x204}}, 0x0) 891.238596ms ago: executing program 1 (id=5113): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000040)={0x33, 0x1, '\x00', [@calipso={0x7, 0x8, {0x3, 0x0, 0x8, 0xefa}}, @padn={0x1, 0x2, [0x0, 0x0]}]}, 0x18) (async) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x400c050}, 0x0) (async, rerun: 64) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) (rerun: 64) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@newlink={0x68, 0x10, 0xffffff1f, 0xfffffffc, 0x80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x14, 0x7, @private0}, @IFLA_GRE_LOCAL={0x14, 0x6, @mcast1}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x68}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000) 870.506435ms ago: executing program 4 (id=5114): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010002000000000000000000000a20000000000a0500000000000000000001000000f5ff7caf73797a30000000004c000000090a010400000000000000000100000008000a4000000003"], 0x94}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 745.472843ms ago: executing program 3 (id=5115): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1, 0x0, 0x6, 0x3}, [@tmpl={0x44, 0x5, [{{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x0, 0x3c}, 0x2, @in6=@loopback, 0x6, 0x4, 0x3}]}]}, 0xfc}}, 0x0) r1 = socket$kcm(0xa, 0x922000000003, 0x11) sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f0000000500)=@l2tp6={0xa, 0x700, 0x3, @loopback, 0x1, 0xfffffffe}, 0x80, 0x0}, 0x0) 745.296062ms ago: executing program 2 (id=5116): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) socket$tipc(0x1e, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x24, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0x8, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x4}]}]}, 0x24}}, 0x0) 745.140659ms ago: executing program 1 (id=5117): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$qrtr(0x2a, 0x2, 0x0) ioctl$sock_inet_SIOCSIFDSTADDR(r2, 0x8918, 0x0) sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x20, r1, 0x6a98047402e98331, 0x0, 0x0, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}]}]}, 0x20}}, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_buf(r3, 0x29, 0x3d, 0x0, &(0x7f00000001c0)) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a200000001a0a03000000000000000000010000000900010073797a300000000048000000160a01020000000000000000010000000900010073797a30000000000900020073797a3000000000140003"], 0xec}, 0x1, 0x0, 0x0, 0x40055}, 0x4000) 694.85077ms ago: executing program 4 (id=5118): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000040)="18", 0x1}], 0x1}}], 0x1, 0x0) shutdown(r0, 0x1) setsockopt(r0, 0x84, 0x82, &(0x7f00000002c0)="1a00000002000000", 0x8) r1 = socket(0x2a, 0x2, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=@newtfilter={0x44c, 0x2c, 0xd27, 0xffffffff, 0xfffffffc, {0x0, 0x0, 0x0, r2, {0x4, 0xc}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_matchall={{0xd}, {0x418, 0x2, [@TCA_MATCHALL_ACT={0x3fc, 0x2, [@m_vlan={0x90, 0x1a, 0x0, 0x0, {{0x9}, {0x50, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x1d7}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x8100}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x3}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x4e5}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x88a8}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x8100}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x7f, 0x3, 0x0, 0x3, 0x8}, 0x1}}]}, {0x18, 0x6, "c39681542640bbdb768122897dca5376bb751ac3"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_gact={0x158, 0x20, 0x0, 0x0, {{0x9}, {0x70, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x5, 0x5, 0x2, 0x1, 0x8}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x19e, 0x1}}, @TCA_GACT_PARMS={0x18, 0x2, {0x23, 0x0, 0x8, 0x4, 0x6}}, @TCA_GACT_PARMS={0x18, 0x2, {0x10000, 0xc72, 0x3, 0x397, 0x52}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x7fb, 0xffffffffffffffff}}, @TCA_GACT_PROB={0xc, 0x3, {0x2, 0x2071, 0x3}}]}, {0xc0, 0x6, "660234c228714fcfff94c95c6f146feaed2fbdff29c19ab700c009b0ea18e42efaee0694e9511fc5eaae37cd9db71f75d1e9042a951777105a4f72b344faac19d86bfdb32d0883703901a0b15b72848b71d9df446bf3e28603c253933073229173e058a8311eea1cc4a328aff359edab69539e294089f6379526130a9d3954f2f49e595855053b6dec501bdf5d800646d8f1ab9b53ee8d46e1a41f169fb7a44307fae04ad4846a75cc7976abb82aeb696b9259f1324facd3a9175d52"}, {0xc}, {0xc, 0x8, {0x3, 0x7}}}}, @m_skbmod={0x128, 0xf, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_SKBMOD_ETYPE={0x6, 0x5, 0xf25}]}, {0xf4, 0x6, "8405e9131abbab5f69953e54617d2557f986d8c66913a7ab4760e73fcd0f5f7f3c8641a69fe46cbf18ecd3054fdee2539f6ab6ee21d5c9d55df23cc626563d1f3c0512415f3f33701edc26ee1320158cac372ba95c3430c09728ad18195445e17803485ffb67ac9255a69ec828596761bfc1dd1d785102898bbfc2d1bc471415ce70c958940412ca9622111f14ac7c5f7546d0193cb1c2500198be6a7bf1efc800dee25db820ef92f52c50988e82d53403604cd5775b99f2868f5907989234fa9c8a9f89cb26278c07a54bfe19eb1a71ac475962c6379bf5830de993fa41d32ab171b6453467aff14a7b43e5251c1b00"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_tunnel_key={0xe8, 0x5, 0x0, 0x0, {{0xf}, {0x2c, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @empty}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x1}, @TCA_TUNNEL_KEY_NO_CSUM={0x5, 0xa, 0x1}, @TCA_TUNNEL_KEY_NO_CSUM={0x5}]}, {0x8f, 0x6, "d412d6289ca3848ec7131dd1203f4e47ee2c6a65e41bd87c56a80620e92f3298c9330d3335494a751b70b12c84fd7937d2376cea04478438d99a3db9fa411d51e1035a34b66e3c1aad83f9f3f1e75257ccd4dc8f44f3c42329314ad49a20e6eafaa700e0d0e3ebe2d7baec2cac15bdf998e2fc8a65372bda824ea6f2eb8a00d7f78cdae706850d0eeb23f0"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0xffe0, 0x8}}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x3}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0xa, 0x2}}]}}]}, 0x44c}, 0x1, 0x0, 0x0, 0x85}, 0x2003c145) r3 = socket$netlink(0x10, 0x3, 0x0) socket$unix(0x1, 0x0, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) 657.76569ms ago: executing program 1 (id=5119): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000002b40), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000040)={&(0x7f00000007c0)={0x110, r1, 0x100, 0x70bd2d, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0xc, 0x8f, 0x7}, {0xc, 0x90, 0x9}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x2}, {0xc, 0x90, 0x9}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x108000000}, {0xc, 0x90, 0x400}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0xffffffff}, {0xc, 0x90, 0x101}}]}, 0x110}, 0x1, 0x0, 0x0, 0x20000080}, 0x4000080) r2 = accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000100), 0x80c00) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$netlink(0x10, 0x3, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x25, 0xa, 0x0, 0x0, 0x900, 0x61, 0x11, 0x70}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80) bind$alg(0xffffffffffffffff, &(0x7f0000000440)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6", 0x3) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000001c00010029bd7000ffdbdf2507000000", @ANYRES32=r5, @ANYBLOB="90007f0a0a0002000180c2"], 0x30}, 0x1, 0x0, 0x0, 0x2bfdd7b83b402990}, 0x14) r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$cgroup_subtree(r6, 0x0, 0x3261e) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x13, r6, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, 0x0, 0x44084) getsockopt$SO_COOKIE(r2, 0x1, 0x39, &(0x7f0000000140), 0x0) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r0, 0x0, 0x24008004) 569.90071ms ago: executing program 3 (id=5120): write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000002c0), 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00'}) socket(0x2, 0x80805, 0x0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00', 0x0}) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000540)={@empty, @rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, r3}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=@ipv6_delroute={0x1c, 0x19, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc8}}, 0x1c}}, 0x0) 569.628722ms ago: executing program 1 (id=5121): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) r0 = socket$kcm(0x10, 0x400000002, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x7, 0x2, 0x1}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040001}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xfff0, 0xe}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x24, 0x2c, 0xd27, 0x30bd29, 0x21dfdbfc, {0x0, 0x0, 0x0, r5, {0x10, 0xf}, {}, {0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x24000014}, 0x200c4004) sendmsg$inet(r0, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000140)="600000002e000d190a762d7f089e", 0xfca2}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}], 0x2}, 0x0) 551.563652ms ago: executing program 2 (id=5122): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=ANY=[@ANYBLOB], 0x7c}}, 0x2000c450) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xe}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) syz_emit_ethernet(0x7e, &(0x7f00000001c0)=ANY=[@ANYBLOB="0180c2000001bbbbbbbbbbbb86dd6a00000000481100fe8000000000000000000000000000aafe8000000000000000000000000000aa4e1d4e20004890"], 0x0) 550.426034ms ago: executing program 4 (id=5123): syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$team(0x0, 0xffffffffffffffff) socket$unix(0x1, 0x5, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb005}, 0x4) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000400)={'macvtap0\x00'}) sendto$packet(r1, &(0x7f0000000180)="0b031407e0ff640f020047540f68a13bb1000e00080008004803", 0x1a, 0x0, 0x0, 0x0) socket(0x10, 0x803, 0x0) 467.535693ms ago: executing program 3 (id=5124): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r0) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01400000000000000000067400062c00070073797352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a733000080002000000e6ff06000700263a3a0914000600626f6e64300000000000000000002100080003"], 0x78}, 0x1, 0xffffffff00000003}, 0x0) 443.88896ms ago: executing program 2 (id=5125): close(0x3) 411.921313ms ago: executing program 1 (id=5126): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010600000000000000210905000024000480130001"], 0x38}}, 0x0) 341.735421ms ago: executing program 4 (id=5127): syz_80211_join_ibss(&(0x7f00000009c0)='wlan1\x00', &(0x7f0000000a00)=@default_ibss_ssid, 0x6, 0x0) (fail_nth: 6) 326.878256ms ago: executing program 3 (id=5128): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010002000000000000000000000a20000000000a0500000000000000000001000000f5ff7caf73797a30000000004c000000090a010400000000000000000100000008000a4000000003"], 0x94}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 296.979433ms ago: executing program 2 (id=5129): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001240)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d19f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097"], &(0x7f0000000340)='syzkaller\x00'}, 0x94) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000300)={0x0, 0x8000}, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000140)="b9ff03076804268cb89e14f088a847e0ffff2000000000000000ac141416e0885a049a179424", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x48) 69.765736ms ago: executing program 1 (id=5130): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SWAP(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x34, 0x6, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x48044}, 0x840) (fail_nth: 4) 22.829333ms ago: executing program 0 (id=5131): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000002b40), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000040)={&(0x7f00000007c0)={0x110, r1, 0x100, 0x70bd2d, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0xc, 0x8f, 0x7}, {0xc, 0x90, 0x9}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x2}, {0xc, 0x90, 0x9}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x108000000}, {0xc, 0x90, 0x400}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0xffffffff}, {0xc, 0x90, 0x101}}]}, 0x110}, 0x1, 0x0, 0x0, 0x20000080}, 0x4000080) r2 = accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000100), 0x80c00) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$netlink(0x10, 0x3, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x25, 0xa, 0x0, 0x0, 0x900, 0x61, 0x11, 0x70}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80) bind$alg(0xffffffffffffffff, &(0x7f0000000440)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6", 0x3) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001c00010029bd7000ffdbdf2507000000", @ANYRES32=r5, @ANYBLOB="90007f0a0a0002000180c2"], 0x30}, 0x1, 0x0, 0x0, 0x2bfdd7b83b402990}, 0x14) (fail_nth: 4) r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$cgroup_subtree(r6, 0x0, 0x3261e) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x13, r6, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, 0x0, 0x44084) getsockopt$SO_COOKIE(r2, 0x1, 0x39, &(0x7f0000000140), 0x0) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r0, 0x0, 0x24008004) 515.49µs ago: executing program 3 (id=5132): r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000000dc0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000001880)=@raw={'raw\x00', 0x3c1, 0x3, 0x12c0, 0x1100, 0x18c, 0x203, 0x1100, 0x19030000, 0x11f0, 0x2e0, 0x2e0, 0x11f0, 0x2e0, 0x7fffffe, 0x0, {[{{@ipv6={@loopback, @mcast1, [0x0, 0x0, 0xff, 0xff], [0x7fffffff, 0xff000000, 0xff000000, 0xff000000], 'bond_slave_1\x00', 'bond0\x00', {}, {}, 0x84, 0x7, 0x2, 0x55}, 0x300, 0x10d8, 0x1100, 0x0, {0x1000000}, [@common=@unspec=@cgroup1={{0x1030}, {0x1, 0x1, 0x1, 0x11, './cgroup.cpu/syz1\x00', 0xfffffffc, {0x3}}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x5, 0x1, 0x1, 'syz0\x00', {0x7}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1320) ioctl$int_in(r0, 0x5421, &(0x7f0000000040)=0x3) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_CT_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 0s ago: executing program 2 (id=5133): bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100), r0) sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x34, r1, 0x1, 0x400a00, 0x25dfdbf9, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @initdev={0xac, 0x1e, 0x1, 0x0}}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @remote}, @NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x400c080}, 0x4004000) r2 = socket(0x40000000015, 0x5, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r2, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='+\r', 0x100000}], 0x1}, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) r3 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) bind$ax25(r3, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40800) kernel console output (not intermixed with test programs): /0x10 [ 323.570627][T16420] ? __pfx___might_resched+0x10/0x10 [ 323.570653][T16420] should_fail_ex+0x414/0x560 [ 323.570691][T16420] should_failslab+0xa8/0x100 [ 323.570723][T16420] __kmalloc_noprof+0xcb/0x800 [ 323.570746][T16420] ? __netlink_deliver_tap+0x5ad/0x850 [ 323.570764][T16420] ? tipc_nl_compat_doit+0x19b/0x5f0 [ 323.570782][T16420] ? netlink_unicast+0x7fa/0x9e0 [ 323.570808][T16420] ? netlink_sendmsg+0x805/0xb30 [ 323.570826][T16420] ? __sock_sendmsg+0x21c/0x270 [ 323.570852][T16420] tipc_nl_compat_doit+0x19b/0x5f0 [ 323.570880][T16420] ? __pfx_tipc_nl_compat_doit+0x10/0x10 [ 323.570908][T16420] ? apparmor_capable+0x137/0x1a0 [ 323.570936][T16420] ? bpf_lsm_capable+0x9/0x20 [ 323.570956][T16420] ? security_capable+0x7e/0x2e0 [ 323.571012][T16420] tipc_nl_compat_recv+0x83c/0xbe0 [ 323.571037][T16420] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 323.571054][T16420] ? __mutex_trylock_common+0x153/0x260 [ 323.571083][T16420] ? __pfx___mutex_trylock_common+0x10/0x10 [ 323.571107][T16420] ? __pfx_tipc_nl_node_reset_link_stats+0x10/0x10 [ 323.571133][T16420] ? __pfx_tipc_nl_compat_link_reset_stats+0x10/0x10 [ 323.571162][T16420] ? trace_contention_end+0x39/0x100 [ 323.571198][T16420] genl_family_rcv_msg_doit+0x215/0x300 [ 323.571234][T16420] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 323.571288][T16420] genl_rcv_msg+0x60e/0x790 [ 323.571323][T16420] ? __pfx_genl_rcv_msg+0x10/0x10 [ 323.571348][T16420] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 323.571386][T16420] netlink_rcv_skb+0x208/0x470 [ 323.571407][T16420] ? __pfx_genl_rcv_msg+0x10/0x10 [ 323.571435][T16420] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 323.571477][T16420] ? down_read+0x274/0x2e0 [ 323.571504][T16420] ? genl_rcv+0xd/0x40 [ 323.571531][T16420] genl_rcv+0x28/0x40 [ 323.571554][T16420] netlink_unicast+0x82f/0x9e0 [ 323.571595][T16420] ? __pfx_netlink_unicast+0x10/0x10 [ 323.571628][T16420] ? netlink_sendmsg+0x642/0xb30 [ 323.571646][T16420] ? skb_put+0x11b/0x210 [ 323.571686][T16420] netlink_sendmsg+0x805/0xb30 [ 323.571719][T16420] ? __pfx_netlink_sendmsg+0x10/0x10 [ 323.571744][T16420] ? aa_sock_msg_perm+0xf1/0x1b0 [ 323.571766][T16420] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 323.571794][T16420] ? __pfx_netlink_sendmsg+0x10/0x10 [ 323.571816][T16420] __sock_sendmsg+0x21c/0x270 [ 323.571844][T16420] ____sys_sendmsg+0x505/0x820 [ 323.571882][T16420] ? __pfx_____sys_sendmsg+0x10/0x10 [ 323.571925][T16420] ? import_iovec+0x74/0xa0 [ 323.571959][T16420] ___sys_sendmsg+0x21f/0x2a0 [ 323.571999][T16420] ? __pfx____sys_sendmsg+0x10/0x10 [ 323.572039][T16420] ? rcu_read_lock_any_held+0xb3/0x120 [ 323.572097][T16420] ? __fget_files+0x2a/0x420 [ 323.572114][T16420] ? __fget_files+0x3a0/0x420 [ 323.572146][T16420] __x64_sys_sendmsg+0x19b/0x260 [ 323.572180][T16420] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 323.572223][T16420] ? __pfx_ksys_write+0x10/0x10 [ 323.572254][T16420] ? do_syscall_64+0xbe/0xf80 [ 323.572285][T16420] do_syscall_64+0xfa/0xf80 [ 323.572313][T16420] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.572333][T16420] ? clear_bhb_loop+0x60/0xb0 [ 323.572359][T16420] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.572379][T16420] RIP: 0033:0x7ff598b8f749 [ 323.572398][T16420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 323.572416][T16420] RSP: 002b:00007ff599ad0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 323.572438][T16420] RAX: ffffffffffffffda RBX: 00007ff598de5fa0 RCX: 00007ff598b8f749 [ 323.572453][T16420] RDX: 0000000000000800 RSI: 0000200000000140 RDI: 0000000000000003 [ 323.572466][T16420] RBP: 00007ff599ad0090 R08: 0000000000000000 R09: 0000000000000000 [ 323.572479][T16420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 323.572491][T16420] R13: 00007ff598de6038 R14: 00007ff598de5fa0 R15: 00007ffeb14102f8 [ 323.572527][T16420] [ 324.070669][T16424] netlink: 'syz.3.3536': attribute type 22 has an invalid length. [ 324.374087][T16437] tipc: Enabled bearer , priority 0 [ 324.400203][T16443] netlink: 'syz.3.3543': attribute type 4 has an invalid length. [ 324.414415][T16443] netlink: 'syz.3.3543': attribute type 1 has an invalid length. [ 324.426353][T16437] syzkaller0: entered allmulticast mode [ 324.456936][T16443] __nla_validate_parse: 11 callbacks suppressed [ 324.456959][T16443] netlink: 228 bytes leftover after parsing attributes in process `syz.3.3543'. [ 324.515682][T16437] tipc: Resetting bearer [ 324.533746][T16436] tipc: Resetting bearer [ 324.586167][T16436] tipc: Disabling bearer [ 324.595125][T16453] netlink: 'syz.4.3549': attribute type 13 has an invalid length. [ 324.720358][T16461] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3552'. [ 324.749169][T16462] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3551'. [ 325.130747][T16484] netlink: 'syz.2.3560': attribute type 3 has an invalid length. [ 325.300440][T16487] bond5: entered promiscuous mode [ 325.340841][T16487] bond5: entered allmulticast mode [ 325.357178][T16487] 8021q: adding VLAN 0 to HW filter on device bond5 [ 325.378766][T16501] netlink: 25 bytes leftover after parsing attributes in process `syz.0.3564'. [ 325.408538][T16502] netlink: 25 bytes leftover after parsing attributes in process `syz.0.3564'. [ 325.435201][T16503] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3563'. [ 325.436753][T16501] lo: left allmulticast mode [ 325.473725][T16503] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3563'. [ 325.473779][T16510] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3563'. [ 325.535407][T16510] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3563'. [ 325.701726][T16523] IPv6: Can't replace route, no match found [ 325.787387][T16527] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3572'. [ 326.017234][T16548] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 326.414485][T16571] Illegal XDP return value 2586999129 on prog (id 407) dev N/A, expect packet loss! [ 326.549530][T16582] netlink: 'syz.2.3592': attribute type 22 has an invalid length. [ 326.730656][T16598] siw: device registration error -23 [ 326.739120][T16600] netlink: 'syz.4.3597': attribute type 21 has an invalid length. [ 326.749227][T16601] FAULT_INJECTION: forcing a failure. [ 326.749227][T16601] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 326.779586][T16601] CPU: 1 UID: 0 PID: 16601 Comm: syz.0.3598 Not tainted syzkaller #0 PREEMPT(full) [ 326.779615][T16601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 326.779627][T16601] Call Trace: [ 326.779636][T16601] [ 326.779645][T16601] dump_stack_lvl+0x189/0x250 [ 326.779672][T16601] ? __pfx____ratelimit+0x10/0x10 [ 326.779698][T16601] ? __pfx_dump_stack_lvl+0x10/0x10 [ 326.779720][T16601] ? __pfx__printk+0x10/0x10 [ 326.779762][T16601] should_fail_ex+0x414/0x560 [ 326.779792][T16601] _copy_to_user+0x31/0xb0 [ 326.779823][T16601] simple_read_from_buffer+0xe1/0x170 [ 326.779861][T16601] proc_fail_nth_read+0x1b3/0x220 [ 326.779893][T16601] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 326.779923][T16601] ? rw_verify_area+0x2a6/0x4d0 [ 326.779948][T16601] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 326.779977][T16601] vfs_read+0x200/0xa30 [ 326.780001][T16601] ? fdget_pos+0x247/0x320 [ 326.780025][T16601] ? __pfx___mutex_lock+0x10/0x10 [ 326.780052][T16601] ? __pfx_vfs_read+0x10/0x10 [ 326.780079][T16601] ? __fget_files+0x2a/0x420 [ 326.780100][T16601] ? __fget_files+0x3a0/0x420 [ 326.780116][T16601] ? __fget_files+0x2a/0x420 [ 326.780143][T16601] ksys_read+0x145/0x250 [ 326.780166][T16601] ? __pfx_ksys_read+0x10/0x10 [ 326.780194][T16601] ? do_syscall_64+0xbe/0xf80 [ 326.780223][T16601] do_syscall_64+0xfa/0xf80 [ 326.780259][T16601] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.780278][T16601] ? clear_bhb_loop+0x60/0xb0 [ 326.780302][T16601] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.780321][T16601] RIP: 0033:0x7fc4ba98e15c [ 326.780338][T16601] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 326.780355][T16601] RSP: 002b:00007fc4bb771030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 326.780374][T16601] RAX: ffffffffffffffda RBX: 00007fc4babe5fa0 RCX: 00007fc4ba98e15c [ 326.780387][T16601] RDX: 000000000000000f RSI: 00007fc4bb7710a0 RDI: 0000000000000004 [ 326.780397][T16601] RBP: 00007fc4bb771090 R08: 0000000000000000 R09: 0000000000000000 [ 326.780407][T16601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 326.780417][T16601] R13: 00007fc4babe6038 R14: 00007fc4babe5fa0 R15: 00007ffffbc73bd8 [ 326.780451][T16601] [ 327.369668][T16625] validate_nla: 1 callbacks suppressed [ 327.369692][T16625] netlink: 'syz.2.3605': attribute type 22 has an invalid length. [ 327.735268][ T5156] Bluetooth: hci1: command 0x0406 tx timeout [ 327.978649][T16659] netlink: 'syz.4.3618': attribute type 1 has an invalid length. [ 328.053658][T16666] netlink: 'syz.2.3619': attribute type 22 has an invalid length. [ 328.372131][T16685] netlink: 'syz.1.3625': attribute type 1 has an invalid length. [ 328.400987][T16685] netlink: 'syz.1.3625': attribute type 4 has an invalid length. [ 328.452083][T16692] syzkaller1: entered promiscuous mode [ 328.488944][T16692] syzkaller1: entered allmulticast mode [ 328.860210][T16714] netlink: 'syz.2.3632': attribute type 6 has an invalid length. [ 329.692061][T16769] __nla_validate_parse: 18 callbacks suppressed [ 329.692083][T16769] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3643'. [ 329.814229][ T5156] Bluetooth: hci1: command 0x0406 tx timeout [ 352.148006][ T5156] Bluetooth: hci4: link tx timeout [ 352.153165][ T5156] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 354.224302][ T5156] Bluetooth: hci4: command 0x0406 tx timeout [ 358.399439][T16897] SET target dimension over the limit! [ 358.409093][T16898] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3646'. [ 358.586631][T16911] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3650'. [ 358.660360][ T9289] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 358.681849][ T9289] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 358.694586][ T9289] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 358.711037][ T9289] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 358.727409][T16917] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3652'. [ 358.861572][T16926] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3654'. [ 359.447769][T16950] netlink: 256 bytes leftover after parsing attributes in process `syz.2.3666'. [ 359.457408][T16950] unsupported nlmsg_type 40 [ 359.809810][T16976] netlink: 'syz.0.3675': attribute type 4 has an invalid length. [ 359.832103][T16980] netlink: 'syz.4.3677': attribute type 22 has an invalid length. [ 359.860670][T16976] netlink: 'syz.0.3675': attribute type 1 has an invalid length. [ 359.894401][T16976] netlink: 228 bytes leftover after parsing attributes in process `syz.0.3675'. [ 359.927990][T16983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3678'. [ 359.970226][T16983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3678'. [ 360.024863][T16987] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3680'. [ 360.060260][T16987] netlink: 'syz.4.3680': attribute type 32 has an invalid length. [ 360.076715][T16987] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3680'. [ 360.121527][T16987] bond6: option coupled_control: invalid value (52) [ 360.133262][T16987] bond6 (unregistering): Released all slaves [ 360.420305][T17004] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 361.487762][T17060] 8021q: adding VLAN 0 to HW filter on device bond4 [ 362.330009][T17124] netlink: 'syz.3.3733': attribute type 21 has an invalid length. [ 362.338463][T17124] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 362.345786][T17124] IPv6: NLM_F_CREATE should be set when creating new route [ 362.353136][T17124] IPv6: NLM_F_CREATE should be set when creating new route [ 362.360449][T17124] IPv6: NLM_F_CREATE should be set when creating new route [ 362.427323][T17130] netlink: 'syz.3.3733': attribute type 1 has an invalid length. [ 362.451004][T17130] netlink: 'syz.3.3733': attribute type 1 has an invalid length. [ 362.712017][T17145] netlink: 'syz.3.3738': attribute type 1 has an invalid length. [ 362.752880][T17145] 8021q: adding VLAN 0 to HW filter on device bond6 [ 362.771794][T17145] bond6: entered allmulticast mode [ 362.902284][T17154] veth1_macvtap: left promiscuous mode [ 363.127083][T17165] netlink: 'syz.2.3745': attribute type 21 has an invalid length. [ 363.164474][T17165] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 363.188588][T17170] netlink: 'syz.4.3747': attribute type 4 has an invalid length. [ 363.539954][T17187] IPv6: sit1: Disabled Multicast RS [ 363.673620][T17196] __nla_validate_parse: 19 callbacks suppressed [ 363.673640][T17196] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3756'. [ 363.819244][T17198] bond5: ARP target 1.0.0.0 is already present [ 363.828909][T17198] bond5: option arp_ip_target: invalid value (1) [ 363.842700][T17198] bond5 (unregistering): Released all slaves [ 363.862210][T17213] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3760'. [ 363.889091][T17217] IPv6: NLM_F_CREATE should be specified when creating new route [ 363.904555][T17217] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 363.911821][T17217] IPv6: NLM_F_CREATE should be set when creating new route [ 363.919549][T17217] IPv6: NLM_F_CREATE should be set when creating new route [ 363.926869][T17217] IPv6: NLM_F_CREATE should be set when creating new route [ 364.035361][T17226] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 364.065296][T17217] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3761'. [ 364.065789][T17227] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 364.126156][T17230] netlink: 17 bytes leftover after parsing attributes in process `syz.4.3764'. [ 364.163592][T17230] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3764'. [ 364.189774][T17230] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3764'. [ 364.222776][T17230] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3764'. [ 364.264876][T17237] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3765'. [ 364.415592][T17240] nbd1: detected capacity change from 0 to 63 [ 364.426808][T17248] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 364.465032][T17248] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 364.528976][T17253] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 364.544951][T17252] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3771'. [ 364.642746][T17257] netlink: 200 bytes leftover after parsing attributes in process `syz.0.3772'. [ 365.001914][ T52] block nbd1: Receive control failed (result -104) [ 365.274648][T17289] syzkaller0: entered promiscuous mode [ 365.280963][T17289] syzkaller0: entered allmulticast mode [ 367.286623][T17361] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 367.319308][T17361] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 367.363288][T17361] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 367.604519][T17374] syzkaller0: entered promiscuous mode [ 367.610214][T17374] syzkaller0: entered allmulticast mode [ 368.699470][T17406] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 369.059924][T17411] __nla_validate_parse: 6 callbacks suppressed [ 369.059943][T17411] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3815'. [ 369.076935][T17411] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3815'. [ 369.170022][T17397] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3812'. [ 369.287645][T17413] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3816'. [ 369.374933][T17418] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3817'. [ 369.408612][T17420] veth11: entered allmulticast mode [ 369.443357][T17420] ip6gre1: entered allmulticast mode [ 369.457322][T17415] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 369.590357][T17432] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3826'. [ 369.692494][T17439] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 369.723202][T17439] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 369.755747][T17439] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 369.815718][T17442] syzkaller0: entered promiscuous mode [ 369.821416][T17442] syzkaller0: entered allmulticast mode [ 369.846776][T17446] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3827'. [ 369.861746][T17446] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3827'. [ 370.101391][T17463] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3833'. [ 370.277409][T17472] netlink: 344 bytes leftover after parsing attributes in process `syz.3.3835'. [ 371.541640][T17484] validate_nla: 9 callbacks suppressed [ 371.541662][T17484] netlink: 'syz.1.3839': attribute type 22 has an invalid length. [ 371.618022][T17490] netlink: 'syz.0.3842': attribute type 2 has an invalid length. [ 371.899741][T17490] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 371.917459][T17490] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.929866][T17490] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 372.021978][T17490] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 372.032643][T17490] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 372.043832][T17490] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 372.202774][T17490] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 372.213670][T17490] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 372.225136][T17490] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 372.325762][T17490] bond0: (slave netdevsim0): Releasing backup interface [ 372.344890][T17490] netdevsim netdevsim0 netdevsim0 (unregistering): left promiscuous mode [ 372.367998][T17490] netdevsim netdevsim0 netdevsim0 (unregistering): left allmulticast mode [ 372.385081][T17490] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 372.396448][T17490] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 372.408113][T17490] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 372.600678][ T9311] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 372.628254][ T9311] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 372.648511][ T9311] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 372.708248][ T9311] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 372.718331][ T9311] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 372.729982][ T9311] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 372.758936][ T9311] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 372.768810][ T9311] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 372.777834][ T9311] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 372.818338][T17545] bridge2: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 372.899001][ T9311] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 372.912719][ T9311] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 372.931666][ T9311] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 373.071205][T17560] xt_TCPMSS: Only works on TCP SYN packets [ 373.194894][T17564] syzkaller1: entered promiscuous mode [ 373.200438][T17564] syzkaller1: entered allmulticast mode [ 373.532518][T17588] openvswitch: netlink: IP tunnel dst address not specified [ 373.548492][T17588] tipc: Enabling of bearer rejected, failed to enable media [ 373.668688][T17594] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0' [ 373.887525][T17606] syzkaller0: entered promiscuous mode [ 373.899442][T17606] syzkaller0: entered allmulticast mode [ 373.988404][T17614] netlink: 'syz.1.3881': attribute type 4 has an invalid length. [ 374.004244][T17614] netlink: 'syz.1.3881': attribute type 1 has an invalid length. [ 374.044567][T17617] xt_hashlimit: size too large, truncated to 1048576 [ 374.161309][T17625] gre0: entered promiscuous mode [ 374.319155][T17632] __nla_validate_parse: 16 callbacks suppressed [ 374.319177][T17632] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3886'. [ 374.346970][T17632] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3886'. [ 374.356536][T17632] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3886'. [ 374.359169][T17636] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3888'. [ 374.368791][T17632] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3886'. [ 374.385394][T17635] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3887'. [ 374.551705][T17644] netlink: 'syz.2.3892': attribute type 22 has an invalid length. [ 374.653177][T17651] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 374.814411][T17662] netlink: 'syz.1.3899': attribute type 1 has an invalid length. [ 374.911207][T17662] 8021q: adding VLAN 0 to HW filter on device bond5 [ 374.933801][T17670] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3900'. [ 375.145189][T17682] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3904'. [ 375.271339][T17683] syzkaller0: entered promiscuous mode [ 375.277017][T17683] syzkaller0: entered allmulticast mode [ 375.446748][T17694] netlink: 'syz.1.3909': attribute type 22 has an invalid length. [ 375.585277][T17702] netlink: 'syz.1.3912': attribute type 1 has an invalid length. [ 376.613340][T17696] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3910'. [ 376.622836][T17697] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3910'. [ 376.625197][T17699] netlink: 'syz.3.3911': attribute type 30 has an invalid length. [ 376.655809][T17699] netlink: 'syz.3.3911': attribute type 30 has an invalid length. [ 377.062613][T17735] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 377.404058][T17760] bond0: (slave rose0): Enslaving as an active interface with an up link [ 377.822361][T17789] syzkaller1: entered promiscuous mode [ 377.830068][T17789] syzkaller1: entered allmulticast mode [ 377.960251][T17799] netlink: 'syz.2.3945': attribute type 22 has an invalid length. [ 378.078166][T17798] bond7 (unregistering): Released all slaves [ 378.257490][T17820] IPVS: set_ctl: invalid protocol: 117 172.20.20.170:20000 [ 378.320031][T17822] bond0: (slave macvlan3): Error -98 calling set_mac_address [ 378.378588][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.573788][T17836] netlink: 'syz.4.3959': attribute type 3 has an invalid length. [ 378.628502][T17830] syzkaller1: entered promiscuous mode [ 378.663149][T17830] syzkaller1: entered allmulticast mode [ 378.782641][T17852] xt_l2tp: v2 sid > 0xffff: 1114112 [ 378.816903][T17845] bond7: option mode: invalid value (133) [ 378.838843][T17845] bond7 (unregistering): Released all slaves [ 378.873716][T17848] batman_adv: batadv0: Adding interface: dummy0 [ 378.880515][T17848] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 378.911374][T17848] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 379.142172][T17864] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 379.331792][T17877] __nla_validate_parse: 12 callbacks suppressed [ 379.331812][T17877] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3971'. [ 379.401715][T17883] netlink: 'syz.1.3973': attribute type 2 has an invalid length. [ 379.410444][T17883] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3973'. [ 379.432876][T17883] netlink: 'syz.1.3973': attribute type 2 has an invalid length. [ 379.441642][T17883] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3973'. [ 379.487344][T17883] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 379.783531][T17899] IPVS: stopping master sync thread 12448 ... [ 379.903108][T17904] bond0: (slave macvlan4): Opening slave failed [ 379.950738][T17906] bond6: option mode: invalid value (133) [ 379.959033][T17906] bond6 (unregistering): Released all slaves [ 380.420668][T17937] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3994'. [ 380.517793][T17943] bond4: option packets_per_slave: mode dependency failed, not supported in mode active-backup(1) [ 381.203771][T17943] bond4 (unregistering): Released all slaves [ 381.296235][T17950] bond6: option mode: invalid value (133) [ 381.311774][T17950] bond6 (unregistering): Released all slaves [ 381.423294][ T9313] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 381.454538][ T9313] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 381.488049][T17964] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4001'. [ 381.568990][ T9313] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 381.614832][ T9313] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 381.692468][T17975] netlink: 'syz.4.4005': attribute type 5 has an invalid length. [ 381.710927][T17976] netlink: 'syz.0.4006': attribute type 2 has an invalid length. [ 381.776112][T17981] netlink: 256 bytes leftover after parsing attributes in process `syz.3.4008'. [ 381.807245][T17981] netlink: 'syz.3.4008': attribute type 9 has an invalid length. [ 381.871109][T17987] netlink: 184 bytes leftover after parsing attributes in process `syz.1.4010'. [ 382.025058][T17999] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4015'. [ 382.056990][T17994] bond6: option mode: invalid value (133) [ 382.057037][T17999] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4015'. [ 382.075252][T17994] bond6 (unregistering): Released all slaves [ 382.309336][T18018] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4020'. [ 382.471282][T18028] netlink: 'syz.4.4021': attribute type 1 has an invalid length. [ 382.518178][T18028] 8021q: adding VLAN 0 to HW filter on device bond6 [ 382.639390][T18028] 8021q: adding VLAN 0 to HW filter on device bond6 [ 382.646866][T18028] bond6: (slave vxcan3): The slave device specified does not support setting the MAC address [ 382.659309][T18028] bond6: (slave vxcan3): Error -95 calling set_mac_address [ 382.746178][T18037] veth13: entered promiscuous mode [ 382.768287][T18037] bond6: (slave veth13): Enslaving as an active interface with a down link [ 382.820800][T18040] vlan6: entered allmulticast mode [ 382.840225][T18040] bond6: entered allmulticast mode [ 382.920118][T18051] tipc: Enabled bearer , priority 0 [ 382.935421][T18051] syzkaller0: entered promiscuous mode [ 382.944380][T18051] syzkaller0: entered allmulticast mode [ 383.002202][T18051] tipc: Resetting bearer [ 383.027685][T18050] tipc: Resetting bearer [ 383.040571][T18057] x_tables: duplicate underflow at hook 2 [ 383.065678][T18050] tipc: Disabling bearer [ 383.493603][T18094] bridge0: port 2(bridge_slave_1) entered disabled state [ 383.501327][T18094] bridge0: port 1(bridge_slave_0) entered disabled state [ 383.769831][T18109] tipc: Enabled bearer , priority 0 [ 383.785743][T18109] syzkaller0: entered allmulticast mode [ 383.831830][T18109] tipc: Resetting bearer [ 383.860725][T18117] netlink: 'syz.3.4049': attribute type 1 has an invalid length. [ 383.869987][T18108] tipc: Resetting bearer [ 383.896858][T18108] tipc: Disabling bearer [ 384.279523][T18133] netlink: 'syz.3.4058': attribute type 22 has an invalid length. [ 384.471928][T18142] lo speed is unknown, defaulting to 1000 [ 384.599268][T18148] __nla_validate_parse: 4 callbacks suppressed [ 384.599289][T18148] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4064'. [ 384.848676][T18148] 8021q: adding VLAN 0 to HW filter on device bond7 [ 384.881901][T18156] netlink: 11562 bytes leftover after parsing attributes in process `syz.4.4066'. [ 385.035747][T18170] FAULT_INJECTION: forcing a failure. [ 385.035747][T18170] name failslab, interval 1, probability 0, space 0, times 0 [ 385.074311][T18170] CPU: 0 UID: 0 PID: 18170 Comm: syz.0.4071 Not tainted syzkaller #0 PREEMPT(full) [ 385.074341][T18170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 385.074354][T18170] Call Trace: [ 385.074361][T18170] [ 385.074370][T18170] dump_stack_lvl+0x189/0x250 [ 385.074397][T18170] ? __pfx____ratelimit+0x10/0x10 [ 385.074423][T18170] ? __pfx_dump_stack_lvl+0x10/0x10 [ 385.074445][T18170] ? __pfx__printk+0x10/0x10 [ 385.074475][T18170] ? __pfx___might_resched+0x10/0x10 [ 385.074496][T18170] ? fs_reclaim_acquire+0x7d/0x100 [ 385.074529][T18170] should_fail_ex+0x414/0x560 [ 385.074556][T18170] should_failslab+0xa8/0x100 [ 385.074587][T18170] kmem_cache_alloc_noprof+0x74/0x6f0 [ 385.074612][T18170] ? skb_clone+0x212/0x3a0 [ 385.074630][T18170] ? __pfx___alloc_skb+0x10/0x10 [ 385.074661][T18170] skb_clone+0x212/0x3a0 [ 385.074685][T18170] pfkey_sendmsg+0x44b/0x1090 [ 385.074732][T18170] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 385.074789][T18170] ? aa_sock_msg_perm+0xf1/0x1b0 [ 385.074812][T18170] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 385.074840][T18170] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 385.074869][T18170] __sock_sendmsg+0x21c/0x270 [ 385.074898][T18170] ____sys_sendmsg+0x505/0x820 [ 385.074936][T18170] ? __pfx_____sys_sendmsg+0x10/0x10 [ 385.074977][T18170] ? import_iovec+0x74/0xa0 [ 385.075009][T18170] ___sys_sendmsg+0x21f/0x2a0 [ 385.075051][T18170] ? __pfx____sys_sendmsg+0x10/0x10 [ 385.075090][T18170] ? rcu_read_lock_any_held+0xb3/0x120 [ 385.075145][T18170] ? __fget_files+0x2a/0x420 [ 385.075162][T18170] ? __fget_files+0x3a0/0x420 [ 385.075193][T18170] __x64_sys_sendmsg+0x19b/0x260 [ 385.075227][T18170] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 385.075268][T18170] ? __pfx_ksys_write+0x10/0x10 [ 385.075296][T18170] ? do_syscall_64+0xbe/0xf80 [ 385.075325][T18170] do_syscall_64+0xfa/0xf80 [ 385.075351][T18170] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.075371][T18170] ? clear_bhb_loop+0x60/0xb0 [ 385.075394][T18170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.075414][T18170] RIP: 0033:0x7fc4ba98f749 [ 385.075431][T18170] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 385.075448][T18170] RSP: 002b:00007fc4bb771038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 385.075469][T18170] RAX: ffffffffffffffda RBX: 00007fc4babe5fa0 RCX: 00007fc4ba98f749 [ 385.075483][T18170] RDX: 0000000000040010 RSI: 0000200000000580 RDI: 0000000000000005 [ 385.075495][T18170] RBP: 00007fc4bb771090 R08: 0000000000000000 R09: 0000000000000000 [ 385.075507][T18170] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 385.075518][T18170] R13: 00007fc4babe6038 R14: 00007fc4babe5fa0 R15: 00007ffffbc73bd8 [ 385.075552][T18170] [ 385.385891][T18168] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4070'. [ 385.496193][T18184] netlink: 'syz.1.4077': attribute type 9 has an invalid length. [ 385.597213][T18193] openvswitch: netlink: ERSPAN option length err (len 256, max 255). [ 385.647496][T18197] xt_bpf: check failed: parse error [ 385.706528][T18199] netem: change failed [ 385.748599][T18199] netlink: 27 bytes leftover after parsing attributes in process `syz.2.4082'. [ 385.946187][T18210] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4084'. [ 386.313754][T18225] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4090'. [ 386.334762][T18222] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4089'. [ 386.369253][T18223] ipt_REJECT: TCP_RESET invalid for non-tcp [ 386.528827][T18238] netlink: 'syz.3.4093': attribute type 1 has an invalid length. [ 386.553312][T18238] netlink: 'syz.3.4093': attribute type 3 has an invalid length. [ 386.578843][T18238] netlink: 'syz.3.4093': attribute type 7 has an invalid length. [ 386.588380][T18242] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4095'. [ 386.606709][T18238] netlink: 184 bytes leftover after parsing attributes in process `syz.3.4093'. [ 386.616068][T18238] NCSI netlink: No device for ifindex 131092 [ 386.853585][T18254] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4098'. [ 388.110833][T18329] tipc: Failed to remove unknown binding: 66,1,1/2200785088:708964925/708964927 [ 388.120551][T18329] tipc: Failed to remove unknown binding: 66,1,1/2200785088:708964925/708964927 [ 388.407495][T18346] validate_nla: 1 callbacks suppressed [ 388.407517][T18346] netlink: 'syz.1.4131': attribute type 22 has an invalid length. [ 389.054924][T18374] netlink: 'syz.0.4139': attribute type 4 has an invalid length. [ 389.086500][T18374] netlink: 'syz.0.4139': attribute type 4 has an invalid length. [ 389.167580][T18378] netlink: 'syz.1.4141': attribute type 1 has an invalid length. [ 389.275934][T18381] bond6: (slave gretap1): making interface the new active one [ 389.288386][T18381] bond6: (slave gretap1): Enslaving as an active interface with an up link [ 389.313431][T18378] bond6 (unregistering): (slave gretap1): Releasing active interface [ 389.340465][T18378] bond6 (unregistering): Released all slaves [ 389.685686][T18406] __nla_validate_parse: 12 callbacks suppressed [ 389.685705][T18406] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4149'. [ 389.708798][T18406] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4149'. [ 389.752693][T18367] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 389.887494][T18414] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4152'. [ 389.996425][T18419] netlink: 'syz.0.4154': attribute type 1 has an invalid length. [ 390.036872][T18425] netlink: 52 bytes leftover after parsing attributes in process `syz.3.4157'. [ 390.159289][T18431] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4161'. [ 390.188261][T18431] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4161'. [ 390.741358][T18475] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4174'. [ 390.903151][T18484] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4178'. [ 391.188644][T18506] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4187'. [ 391.415512][T18516] netlink: 'syz.1.4189': attribute type 1 has an invalid length. [ 391.583576][T18528] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4195'. [ 391.748641][T18540] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 392.008405][T18554] netlink: 'syz.1.4203': attribute type 21 has an invalid length. [ 392.268270][ T52] block nbd2: Receive control failed (result -22) [ 392.367177][T18565] xt_CT: You must specify a L4 protocol and not use inversions on it [ 392.546613][T18585] netlink: 'syz.4.4215': attribute type 3 has an invalid length. [ 392.907621][T18598] netlink: 'syz.1.4219': attribute type 1 has an invalid length. [ 392.972913][T18602] netlink: 'syz.3.4220': attribute type 1 has an invalid length. [ 393.059190][T18605] bond8: (slave ipvlan3): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 393.154959][T18605] bond8: (slave ipvlan3): The slave device specified does not support setting the MAC address [ 393.224979][T18605] bond8: (slave ipvlan3): Setting fail_over_mac to active for active-backup mode [ 393.270272][T18608] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 393.459732][ T5156] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 393.469494][ T5156] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 393.481554][ T5156] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 393.490209][ T5156] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 393.512868][ T5156] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 393.610951][T18623] lo speed is unknown, defaulting to 1000 [ 394.062049][T18623] chnl_net:caif_netlink_parms(): no params data found [ 394.254014][T18623] bridge0: port 1(bridge_slave_0) entered blocking state [ 394.272690][T18623] bridge0: port 1(bridge_slave_0) entered disabled state [ 394.281951][T18623] bridge_slave_0: entered allmulticast mode [ 394.291896][T18623] bridge_slave_0: entered promiscuous mode [ 394.302500][T18623] bridge0: port 2(bridge_slave_1) entered blocking state [ 394.310274][T18623] bridge0: port 2(bridge_slave_1) entered disabled state [ 394.318132][T18623] bridge_slave_1: entered allmulticast mode [ 394.325824][T18623] bridge_slave_1: entered promiscuous mode [ 394.383603][T18623] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 394.398253][T18623] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 394.464719][T18623] team0: Port device team_slave_0 added [ 394.481123][T18623] team0: Port device team_slave_1 added [ 394.565689][T18623] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 394.572928][T18623] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 394.605842][T18623] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 394.628831][T18623] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 394.639798][T18623] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 394.667137][T18623] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 394.803529][T18623] hsr_slave_0: entered promiscuous mode [ 394.811979][T18623] hsr_slave_1: entered promiscuous mode [ 394.818973][T18623] debugfs: 'hsr0' already exists in 'hsr' [ 394.826320][T18623] Cannot create hsr debugfs directory [ 394.847591][T18697] __nla_validate_parse: 17 callbacks suppressed [ 394.847612][T18697] netlink: 72 bytes leftover after parsing attributes in process `syz.2.4248'. [ 394.999042][T18704] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4250'. [ 395.031971][ T25] block nbd1: Possible stuck request ffff888024b80000: control (read@0,1024B). Runtime 30 seconds [ 395.038428][T18706] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4252'. [ 395.046256][ T25] block nbd1: Possible stuck request ffff888024b801c0: control (read@1024,1024B). Runtime 30 seconds [ 395.064443][ T25] block nbd1: Possible stuck request ffff888024b80380: control (read@2048,1024B). Runtime 30 seconds [ 395.076401][ T25] block nbd1: Possible stuck request ffff888024b80540: control (read@3072,1024B). Runtime 30 seconds [ 395.084836][T18706] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4252'. [ 395.226132][T18623] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 395.237665][T18623] netdevsim netdevsim4 eth3 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0 [ 395.248442][T18623] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.327973][T18623] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 395.347853][T18623] netdevsim netdevsim4 eth2 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0 [ 395.365636][T18623] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.466200][T18623] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 395.494151][T18623] netdevsim netdevsim4 eth1 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0 [ 395.504017][T18623] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.584275][ T52] Bluetooth: hci3: command tx timeout [ 395.593699][T18623] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 395.607640][T18623] netdevsim netdevsim4 eth0 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0 [ 395.618021][T18623] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.917829][T18623] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 395.950625][T18623] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 395.981182][T18623] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 396.006510][T18623] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 396.064570][T18751] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4267'. [ 396.088930][ T9306] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 396.098730][ T9306] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 396.267390][T18623] 8021q: adding VLAN 0 to HW filter on device bond0 [ 396.326898][T18623] 8021q: adding VLAN 0 to HW filter on device team0 [ 396.375968][T18760] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4269'. [ 396.400118][ T9306] bridge0: port 1(bridge_slave_0) entered blocking state [ 396.407408][ T9306] bridge0: port 1(bridge_slave_0) entered forwarding state [ 396.450370][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 396.457606][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 396.738420][T18788] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4278'. [ 396.799489][T18795] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4280'. [ 396.821578][T18792] netlink: 64 bytes leftover after parsing attributes in process `syz.2.4279'. [ 397.048177][T18623] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 397.054536][T18806] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4283'. [ 397.233351][T18813] netlink: 'syz.2.4286': attribute type 3 has an invalid length. [ 397.398294][T18826] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 397.488622][T18623] veth0_vlan: entered promiscuous mode [ 397.510606][T18623] veth1_vlan: entered promiscuous mode [ 397.548238][T18831] openvswitch: netlink: Duplicate key (type 32). [ 397.567280][T18623] veth0_macvtap: entered promiscuous mode [ 397.581628][T18623] veth1_macvtap: entered promiscuous mode [ 397.617183][T18623] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 397.641546][T18623] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 397.654609][ T52] Bluetooth: hci3: command tx timeout [ 397.666333][ T9311] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 397.676363][ T9311] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 397.695345][ T9311] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 397.706496][ T9311] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 397.952210][ T9306] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 397.993407][ T9306] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 398.121171][ T9311] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 398.147223][ T9311] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 398.229809][T18840] smc: net device gre0 applied user defined pnetid SYZ1 [ 398.238477][T18844] netlink: 'syz.1.4296': attribute type 6 has an invalid length. [ 398.257888][T18840] smc: net device gre0 erased user defined pnetid SYZ1 [ 398.295577][T18844] netlink: 'syz.1.4296': attribute type 5 has an invalid length. [ 398.505593][T18859] x_tables: duplicate underflow at hook 1 [ 399.204930][T18885] netlink: 'syz.0.4308': attribute type 10 has an invalid length. [ 399.228351][T18885] team0: left promiscuous mode [ 399.233995][T18885] team0: left allmulticast mode [ 399.266321][T18885] 8021q: adding VLAN 0 to HW filter on device team0 [ 399.275356][T18885] team0: entered promiscuous mode [ 399.295638][T18885] team0: entered allmulticast mode [ 399.301498][T18885] bond0: (slave team0): Enslaving as an active interface with an up link [ 399.314806][ T5156] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 399.331040][ T5156] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 399.341276][ T5156] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 399.351523][ T5156] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 399.359604][ T5156] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 399.421416][T18888] lo speed is unknown, defaulting to 1000 [ 399.736634][ T52] Bluetooth: hci3: command tx timeout [ 400.073898][T18928] IPVS: Scheduler module ip_vs_sip not found [ 400.130519][T18888] chnl_net:caif_netlink_parms(): no params data found [ 400.445240][T18888] bridge0: port 1(bridge_slave_0) entered blocking state [ 400.459624][T18888] bridge0: port 1(bridge_slave_0) entered disabled state [ 400.468070][T18888] bridge_slave_0: entered allmulticast mode [ 400.477717][T18888] bridge_slave_0: entered promiscuous mode [ 400.488618][ T9312] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 400.498617][ T9312] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 400.524753][T18888] bridge0: port 2(bridge_slave_1) entered blocking state [ 400.538787][T18888] bridge0: port 2(bridge_slave_1) entered disabled state [ 400.547965][T18888] bridge_slave_1: entered allmulticast mode [ 400.557613][T18888] bridge_slave_1: entered promiscuous mode [ 400.610556][ T9312] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 400.620799][ T9312] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 400.684920][T18888] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 400.715851][T18888] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 400.766984][T18965] netlink: 'syz.0.4333': attribute type 1 has an invalid length. [ 400.797310][T18970] __nla_validate_parse: 11 callbacks suppressed [ 400.797331][T18970] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4334'. [ 400.813536][T18966] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4333'. [ 400.826218][T18888] team0: Port device team_slave_0 added [ 400.836116][T18888] team0: Port device team_slave_1 added [ 400.885482][T18973] tipc: Started in network mode [ 400.890408][T18973] tipc: Node identity aaaaaaaaaa35, cluster identity 4711 [ 400.915087][T18973] tipc: Enabled bearer , priority 2 [ 400.936584][T18980] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4336'. [ 401.006825][T18888] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 401.017343][T18888] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 401.043806][T18888] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 401.063162][T18888] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 401.073063][T18888] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 401.100903][T18888] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 401.289861][T18888] hsr_slave_0: entered promiscuous mode [ 401.315742][T18888] hsr_slave_1: entered promiscuous mode [ 401.332582][T18888] debugfs: 'hsr0' already exists in 'hsr' [ 401.351839][T18888] Cannot create hsr debugfs directory [ 401.414846][ T52] Bluetooth: hci0: command tx timeout [ 401.509686][T19006] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4344'. [ 401.519456][T19006] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4344'. [ 401.759061][T19017] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4349'. [ 401.814783][ T52] Bluetooth: hci3: command tx timeout [ 401.818160][T18888] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 401.839028][T18888] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 401.853468][T19021] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4351'. [ 401.952209][T18888] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 401.993321][T18888] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.107911][ T5954] tipc: Node number set to 10463914 [ 402.119560][T19038] sctp: [Deprecated]: syz.0.4353 (pid 19038) Use of int in max_burst socket option. [ 402.119560][T19038] Use struct sctp_assoc_value instead [ 402.136298][T18888] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 402.157347][T18888] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.167610][T19038] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4353'. [ 402.284914][T18888] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 402.304279][T18888] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.358867][T19044] netlink: 212324 bytes leftover after parsing attributes in process `syz.0.4356'. [ 402.437146][T19049] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4358'. [ 402.606820][T18888] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 402.646798][T18888] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 402.671711][T18888] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 402.704296][T18888] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 403.057824][T18888] 8021q: adding VLAN 0 to HW filter on device bond0 [ 403.169456][T18888] 8021q: adding VLAN 0 to HW filter on device team0 [ 403.205008][ T9306] bridge0: port 1(bridge_slave_0) entered blocking state [ 403.212270][ T9306] bridge0: port 1(bridge_slave_0) entered forwarding state [ 403.251285][T19089] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 403.257960][T19089] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 403.274670][ T9306] bridge0: port 2(bridge_slave_1) entered blocking state [ 403.282018][ T9306] bridge0: port 2(bridge_slave_1) entered forwarding state [ 403.494468][ T52] Bluetooth: hci0: command tx timeout [ 403.757099][T18888] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 403.923631][T18888] veth0_vlan: entered promiscuous mode [ 403.996263][T18888] veth1_vlan: entered promiscuous mode [ 404.052013][T19121] netlink: 'syz.0.4385': attribute type 1 has an invalid length. [ 404.244658][T18888] veth0_macvtap: entered promiscuous mode [ 404.296120][T18888] veth1_macvtap: entered promiscuous mode [ 404.421897][T18888] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 404.447318][T18888] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 404.505237][ T9301] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 404.525704][ T9301] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 404.558229][ T9301] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 404.596716][ T9301] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 404.712630][T19143] netlink: 'syz.0.4396': attribute type 30 has an invalid length. [ 404.798437][ T9301] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 404.834333][ T9301] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 404.932103][ T9288] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 404.945904][ T9288] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 405.574869][ T52] Bluetooth: hci0: command tx timeout [ 405.759682][T19192] syzkaller0: entered promiscuous mode [ 405.765996][T19192] syzkaller0: entered allmulticast mode [ 405.869645][ T9288] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 405.885633][ T9288] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 405.937615][ T9288] netdevsim netdevsim0 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 406.029845][ T5156] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 406.039226][ T5156] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 406.047543][ T5156] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 406.056652][ T5156] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 406.072273][ T5156] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 406.132866][ T9288] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 406.161035][ T9288] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 406.193436][T19205] __nla_validate_parse: 6 callbacks suppressed [ 406.193456][T19205] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4420'. [ 406.209256][ T9288] netdevsim netdevsim0 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 406.243203][T19205] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4420'. [ 406.253096][T19205] netlink: 'syz.1.4420': attribute type 6 has an invalid length. [ 406.282360][T19210] sch_tbf: peakrate 7 is lower than or equals to rate 7 ! [ 406.332422][ T9288] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 406.362716][ T9288] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 406.379062][ T9288] netdevsim netdevsim0 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 406.412279][T19196] lo speed is unknown, defaulting to 1000 [ 406.467824][ T9288] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 406.478203][ T9288] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 406.489158][ T9288] netdevsim netdevsim0 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 406.530621][T19217] ieee802154 phy1 wpan1: encryption failed: -22 [ 407.333536][ T9288] bond4 (unregistering): (slave geneve2): Releasing active interface [ 407.578654][ T9288] bond0 (unregistering): (slave team0): Releasing backup interface [ 407.589790][ T9288] team0: left promiscuous mode [ 407.597719][ T9288] team0: left allmulticast mode [ 407.605857][ T9288] bond0 (unregistering): Released all slaves [ 407.660162][ T52] Bluetooth: hci0: command tx timeout [ 407.728006][ T9288] bond1 (unregistering): (slave veth3): Releasing active interface [ 407.740971][ T9288] bond1 (unregistering): (slave veth5): Releasing active interface [ 407.751168][ T9288] bond1 (unregistering): Released all slaves [ 407.765932][ T9288] bond2 (unregistering): Released all slaves [ 407.780403][ T9288] bond3 (unregistering): Released all slaves [ 407.927421][T19256] netlink: 'syz.1.4442': attribute type 11 has an invalid length. [ 407.937589][T19256] netlink: 244 bytes leftover after parsing attributes in process `syz.1.4442'. [ 407.948411][T19255] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 407.950313][ T9288] bond4 (unregistering): Released all slaves [ 408.136686][ T9288] bond5 (unregistering): Released all slaves [ 408.144775][ T52] Bluetooth: hci1: command tx timeout [ 408.165616][ T9288] bond6 (unregistering): Released all slaves [ 408.199419][T19196] chnl_net:caif_netlink_parms(): no params data found [ 408.380385][ T9288] tipc: Left network mode [ 408.630632][T19196] bridge0: port 1(bridge_slave_0) entered blocking state [ 408.641700][T19196] bridge0: port 1(bridge_slave_0) entered disabled state [ 408.663770][T19288] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4454'. [ 408.673128][T19196] bridge_slave_0: entered allmulticast mode [ 408.693767][T19196] bridge_slave_0: entered promiscuous mode [ 408.757508][T19196] bridge0: port 2(bridge_slave_1) entered blocking state [ 408.794810][T19196] bridge0: port 2(bridge_slave_1) entered disabled state [ 408.812612][T19196] bridge_slave_1: entered allmulticast mode [ 408.841687][T19196] bridge_slave_1: entered promiscuous mode [ 408.910727][T19301] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4458'. [ 408.967653][T19289] syzkaller0: entered promiscuous mode [ 408.973205][T19289] syzkaller0: entered allmulticast mode [ 409.132106][T19196] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 409.146876][T19310] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4461'. [ 409.215546][T19196] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 409.605877][T19196] team0: Port device team_slave_0 added [ 409.643210][T19196] team0: Port device team_slave_1 added [ 410.095379][T19353] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 4096 [ 410.224491][ T52] Bluetooth: hci1: command tx timeout [ 411.149954][T19376] IPVS: sync thread started: state = MASTER, mcast_ifn = vlan0, syncid = 4, id = 0 [ 411.160648][T19196] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 411.168211][T19196] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 411.258579][T19196] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 411.279339][T19196] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 411.286639][T19196] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 411.317651][T19196] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 411.642362][T19196] hsr_slave_0: entered promiscuous mode [ 411.691533][T19196] hsr_slave_1: entered promiscuous mode [ 411.707660][T19196] debugfs: 'hsr0' already exists in 'hsr' [ 411.713550][T19196] Cannot create hsr debugfs directory [ 412.196746][ T9288] IPVS: stop unused estimator thread 0... [ 412.321793][ T52] Bluetooth: hci1: command tx timeout [ 413.721025][T19196] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 413.737294][T19449] netlink: 'syz.4.4511': attribute type 7 has an invalid length. [ 413.767688][T19196] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 413.794711][T19449] netlink: 140 bytes leftover after parsing attributes in process `syz.4.4511'. [ 413.841492][T19196] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 413.877706][T19196] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 414.323113][T19196] 8021q: adding VLAN 0 to HW filter on device bond0 [ 414.374413][ T52] Bluetooth: hci1: command tx timeout [ 414.398030][T19196] 8021q: adding VLAN 0 to HW filter on device team0 [ 414.412748][ T9311] bridge0: port 1(bridge_slave_0) entered blocking state [ 414.420036][ T9311] bridge0: port 1(bridge_slave_0) entered forwarding state [ 414.441530][ T9311] bridge0: port 2(bridge_slave_1) entered blocking state [ 414.448820][ T9311] bridge0: port 2(bridge_slave_1) entered forwarding state [ 414.489280][T19477] netlink: 5 bytes leftover after parsing attributes in process `syz.1.4518'. [ 414.517831][T19477] 0ªî{X¹¦: renamed from gretap0 (while UP) [ 414.550744][T19477] 0ªî{X¹¦: entered allmulticast mode [ 414.572843][T19477] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 414.677837][T19481] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4520'. [ 414.690456][T19482] tipc: Started in network mode [ 414.704669][T19482] tipc: Node identity 4, cluster identity 4711 [ 414.710889][T19482] tipc: Node number set to 4 [ 415.158339][T19196] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 415.310005][T19196] veth0_vlan: entered promiscuous mode [ 415.352578][T19196] veth1_vlan: entered promiscuous mode [ 415.359703][T19508] netlink: 19 bytes leftover after parsing attributes in process `syz.1.4528'. [ 415.478056][T19196] veth0_macvtap: entered promiscuous mode [ 415.524872][T19196] veth1_macvtap: entered promiscuous mode [ 415.590856][T19196] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 415.615875][T19196] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 415.653069][ T9301] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 415.672751][ T9301] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 415.698841][ T9301] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 415.729610][ T9301] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 415.998342][ T3483] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 416.020063][ T3483] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 416.131419][ T9306] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 416.161035][ T9306] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 416.457353][T19545] netlink: 'syz.2.4540': attribute type 15 has an invalid length. [ 416.485233][T19545] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4540'. [ 416.807214][T19559] ieee802154 phy1 wpan1: encryption failed: -22 [ 416.898185][T19563] netlink: 224 bytes leftover after parsing attributes in process `syz.4.4546'. [ 416.921633][T19563] ksmbd: Unknown IPC event: 3, ignore. [ 417.058872][T19396] syz.3.4493: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 417.084513][T19396] CPU: 0 UID: 0 PID: 19396 Comm: syz.3.4493 Not tainted syzkaller #0 PREEMPT(full) [ 417.084544][T19396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 417.084575][T19396] Call Trace: [ 417.084583][T19396] [ 417.084593][T19396] dump_stack_lvl+0x189/0x250 [ 417.084626][T19396] ? __pfx_dump_stack_lvl+0x10/0x10 [ 417.084650][T19396] ? __pfx__printk+0x10/0x10 [ 417.084680][T19396] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 417.084722][T19396] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 417.084758][T19396] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 417.084796][T19396] warn_alloc+0x214/0x310 [ 417.084835][T19396] ? __pfx_warn_alloc+0x10/0x10 [ 417.084875][T19396] ? __get_vm_area_node+0x28f/0x300 [ 417.084903][T19396] ? translate_table+0x19b/0x2040 [ 417.084931][T19396] __vmalloc_node_range_noprof+0x690/0x12d0 [ 417.084992][T19396] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 417.085022][T19396] ? translate_table+0x19b/0x2040 [ 417.085047][T19396] ? rcu_is_watching+0x15/0xb0 [ 417.085074][T19396] ? translate_table+0x19b/0x2040 [ 417.085096][T19396] __kvmalloc_node_noprof+0x670/0x910 [ 417.085127][T19396] ? translate_table+0x19b/0x2040 [ 417.085146][T19396] ? do_ip6t_set_ctl+0x88a/0xce0 [ 417.085166][T19396] ? nf_setsockopt+0x26f/0x290 [ 417.085193][T19396] ? do_sock_setsockopt+0x17c/0x1b0 [ 417.085222][T19396] ? __x64_sys_setsockopt+0x13f/0x1b0 [ 417.085261][T19396] translate_table+0x19b/0x2040 [ 417.085309][T19396] ? __pfx_translate_table+0x10/0x10 [ 417.085335][T19396] ? __might_fault+0xb0/0x130 [ 417.085392][T19396] ? _copy_from_user+0x94/0xb0 [ 417.085430][T19396] do_ip6t_set_ctl+0x970/0xce0 [ 417.085457][T19396] ? rcu_is_watching+0x15/0xb0 [ 417.085484][T19396] ? trace_contention_end+0x39/0x100 [ 417.085511][T19396] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 417.085567][T19396] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 417.085603][T19396] ? __pfx___mutex_lock+0x10/0x10 [ 417.085634][T19396] ? file_init_path+0x3b/0x590 [ 417.085665][T19396] nf_setsockopt+0x26f/0x290 [ 417.085695][T19396] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 417.085726][T19396] smc_setsockopt+0x232/0xab0 [ 417.085761][T19396] ? __pfx_smc_setsockopt+0x10/0x10 [ 417.085794][T19396] ? aa_sock_opt_perm+0xff/0x1a0 [ 417.085820][T19396] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 417.085851][T19396] ? __pfx_smc_setsockopt+0x10/0x10 [ 417.085878][T19396] do_sock_setsockopt+0x17c/0x1b0 [ 417.085917][T19396] __x64_sys_setsockopt+0x13f/0x1b0 [ 417.085956][T19396] do_syscall_64+0xfa/0xf80 [ 417.085986][T19396] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.086008][T19396] ? clear_bhb_loop+0x60/0xb0 [ 417.086036][T19396] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.086056][T19396] RIP: 0033:0x7f3c6098f749 [ 417.086075][T19396] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 417.086095][T19396] RSP: 002b:00007f3c617a9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 417.086118][T19396] RAX: ffffffffffffffda RBX: 00007f3c60be5fa0 RCX: 00007f3c6098f749 [ 417.086133][T19396] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000004 [ 417.086146][T19396] RBP: 00007f3c60a13f91 R08: 0000000000000330 R09: 0000000000000000 [ 417.086159][T19396] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 417.086182][T19396] R13: 00007f3c60be6038 R14: 00007f3c60be5fa0 R15: 00007fff9df2b618 [ 417.086220][T19396] [ 417.086243][T19396] Mem-Info: [ 417.443041][T19574] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 417.452622][T19396] active_anon:5989 inactive_anon:0 isolated_anon:0 [ 417.452622][T19396] active_file:3594 inactive_file:40022 isolated_file:0 [ 417.452622][T19396] unevictable:768 dirty:227 writeback:0 [ 417.452622][T19396] slab_reclaimable:12734 slab_unreclaimable:124205 [ 417.452622][T19396] mapped:26483 shmem:1362 pagetables:1283 [ 417.452622][T19396] sec_pagetables:0 bounce:0 [ 417.452622][T19396] kernel_misc_reclaimable:0 [ 417.452622][T19396] free:1278403 free_pcp:16260 free_cma:0 [ 417.499373][T19574] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 417.535385][T19574] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 417.604462][T19396] Node 0 active_anon:22656kB inactive_anon:0kB active_file:14376kB inactive_file:159888kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:98932kB dirty:904kB writeback:0kB shmem:3912kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14424kB pagetables:4700kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 417.664257][T19583] siw: device registration error -23 [ 417.777808][T19396] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 417.884372][T19396] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 417.962182][T19396] lowmem_reserve[]: 0 2504 2504 2504 2504 [ 417.987120][T19396] Node 0 DMA32 free:1207200kB boost:0kB min:34308kB low:42884kB high:51460kB reserved_highatomic:0KB free_highatomic:0KB active_anon:22664kB inactive_anon:0kB active_file:14376kB inactive_file:159892kB unevictable:1536kB writepending:908kB zspages:0kB present:3129332kB managed:2564516kB mlocked:0kB bounce:0kB free_pcp:48264kB local_pcp:42360kB free_cma:0kB [ 418.086841][T19396] lowmem_reserve[]: 0 0 0 0 0 [ 418.091652][T19396] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 418.224205][T19396] lowmem_reserve[]: 0 0 0 0 0 [ 418.239270][T19396] Node 1 Normal free:3891620kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:13632kB local_pcp:8160kB free_cma:0kB [ 418.376386][T19396] lowmem_reserve[]: 0 0 0 0 0 [ 418.382715][T19396] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 418.405768][T19396] Node 0 DMA32: 670*4kB (UME) 492*8kB (UME) 338*16kB (UME) 190*32kB (UME) 72*64kB (ME) 23*128kB (UME) 13*256kB (UME) 95*512kB (UME) 55*1024kB (UE) 25*2048kB (UME) 251*4096kB (UM) = 1213240kB [ 418.425426][T19396] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 418.437491][T19396] Node 1 Normal: 221*4kB (UME) 52*8kB (UME) 39*16kB (UME) 167*32kB (UME) 51*64kB (UME) 13*128kB (UME) 4*256kB (UM) 3*512kB (ME) 2*1024kB (ME) 2*2048kB (UE) 945*4096kB (M) = 3891620kB [ 418.501925][ T5156] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 418.509191][T19396] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 418.528881][ T5156] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 418.550549][ T5156] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 418.558958][ T5156] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 418.571811][ T5156] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 418.606188][T19396] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 418.617340][T19396] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 418.628349][T19396] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 418.637945][T19396] 44975 total pagecache pages [ 418.642785][T19396] 0 pages in swap cache [ 418.661722][T19396] Free swap = 124996kB [ 418.674174][T19396] Total swap = 124996kB [ 418.678406][T19396] 2097051 pages RAM [ 418.682257][T19396] 0 pages HighMem/MovableOnly [ 418.696879][T19396] 424280 pages reserved [ 418.701103][T19396] 0 pages cma reserved [ 418.709510][T19605] lo speed is unknown, defaulting to 1000 [ 418.801999][T19616] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4565'. [ 418.855478][T19620] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4567'. [ 418.884973][T19622] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4565'. [ 418.916808][T19622] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4565'. [ 418.940258][T19625] netlink: 'syz.0.4565': attribute type 10 has an invalid length. [ 418.957975][T19616] 8021q: adding VLAN 0 to HW filter on device bond1 [ 419.021430][T19625] bridge0: port 2(bridge_slave_1) entered disabled state [ 419.029248][T19625] bridge0: port 1(bridge_slave_0) entered disabled state [ 419.078894][T19625] bridge0: port 2(bridge_slave_1) entered blocking state [ 419.086189][T19625] bridge0: port 2(bridge_slave_1) entered forwarding state [ 419.093968][T19625] bridge0: port 1(bridge_slave_0) entered blocking state [ 419.101288][T19625] bridge0: port 1(bridge_slave_0) entered forwarding state [ 419.170782][T19625] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 419.267778][T19622] 8021q: adding VLAN 0 to HW filter on device bond0 [ 419.288841][T19622] bond1: (slave bond0): Enslaving as an active interface with an up link [ 419.311662][T19635] netlink: 'syz.2.4571': attribute type 30 has an invalid length. [ 419.498663][T19641] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4574'. [ 419.533444][ T5912] IPVS: starting estimator thread 0... [ 419.624247][T19644] IPVS: using max 30 ests per chain, 72000 per kthread [ 419.745459][T19653] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4578'. [ 419.799842][T19605] chnl_net:caif_netlink_parms(): no params data found [ 419.916069][T19661] IPv6: Can't replace route, no match found [ 419.994037][T19605] bridge0: port 1(bridge_slave_0) entered blocking state [ 420.012508][T19605] bridge0: port 1(bridge_slave_0) entered disabled state [ 420.023791][T19605] bridge_slave_0: entered allmulticast mode [ 420.032005][T19605] bridge_slave_0: entered promiscuous mode [ 420.041167][T19605] bridge0: port 2(bridge_slave_1) entered blocking state [ 420.050138][T19605] bridge0: port 2(bridge_slave_1) entered disabled state [ 420.063385][T19605] bridge_slave_1: entered allmulticast mode [ 420.076138][T19605] bridge_slave_1: entered promiscuous mode [ 420.090195][T19670] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4585'. [ 420.175789][T19605] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 420.199834][T19605] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 420.335342][ T30] audit: type=1107 audit(1765409050.622:2): pid=19681 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 420.592970][T19605] team0: Port device team_slave_0 added [ 420.602420][T19605] team0: Port device team_slave_1 added [ 420.620811][ T52] Bluetooth: hci5: command tx timeout [ 420.742740][T19605] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 420.767556][T19605] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 420.824188][T19605] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 420.872593][T19605] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 420.895891][T19605] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 420.954527][T19605] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 421.139697][T19605] hsr_slave_0: entered promiscuous mode [ 421.173626][T19605] hsr_slave_1: entered promiscuous mode [ 421.193640][T19605] debugfs: 'hsr0' already exists in 'hsr' [ 421.220206][T19605] Cannot create hsr debugfs directory [ 421.360894][T19726] netlink: 96 bytes leftover after parsing attributes in process `syz.4.4611'. [ 421.679156][T19734] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4615'. [ 421.682317][T19605] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 421.702796][T19605] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 421.886004][T19605] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 421.897847][T19605] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 421.971266][T19745] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4620'. [ 422.057379][T19605] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 422.075181][T19605] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.158649][T19605] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 422.204006][T19605] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.321755][T19757] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 422.329063][T19757] IPv6: NLM_F_CREATE should be set when creating new route [ 422.483089][T19765] netlink: 'syz.4.4629': attribute type 6 has an invalid length. [ 422.493690][T19761] lo speed is unknown, defaulting to 1000 [ 422.595069][T19768] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4631'. [ 422.615220][T19605] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 422.694848][T19605] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 422.698803][ T52] Bluetooth: hci5: command tx timeout [ 422.742227][T19605] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 422.807122][T19605] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 423.082098][T19797] IPv4: Oversized IP packet from 127.202.26.0 [ 423.123414][T19789] lo speed is unknown, defaulting to 1000 [ 423.272338][T19803] ieee802154 phy1 wpan1: encryption failed: -22 [ 423.441304][T19806] lo speed is unknown, defaulting to 1000 [ 423.454862][T19605] 8021q: adding VLAN 0 to HW filter on device bond0 [ 423.596805][T19605] 8021q: adding VLAN 0 to HW filter on device team0 [ 423.613968][ T3483] bridge0: port 1(bridge_slave_0) entered blocking state [ 423.621191][ T3483] bridge0: port 1(bridge_slave_0) entered forwarding state [ 423.690936][ T3483] bridge0: port 2(bridge_slave_1) entered blocking state [ 423.698199][ T3483] bridge0: port 2(bridge_slave_1) entered forwarding state [ 423.918189][T19818] bridge_slave_0: left allmulticast mode [ 423.926405][T19818] bridge_slave_0: left promiscuous mode [ 423.934642][T19818] bridge0: port 1(bridge_slave_0) entered disabled state [ 424.056144][T19838] unsupported nla_type 52263 [ 424.062040][T19829] wireguard0: entered promiscuous mode [ 424.093606][T19829] wireguard0: entered allmulticast mode [ 424.497176][T19852] pim6reg: left allmulticast mode [ 424.598115][T19857] netem: change failed [ 424.779007][ T52] Bluetooth: hci5: command tx timeout [ 424.903875][T19605] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 425.103348][ T25] block nbd1: Possible stuck request ffff888024b80000: control (read@0,1024B). Runtime 60 seconds [ 425.118060][ T25] block nbd1: Possible stuck request ffff888024b801c0: control (read@1024,1024B). Runtime 60 seconds [ 425.130998][ T25] block nbd1: Possible stuck request ffff888024b80380: control (read@2048,1024B). Runtime 60 seconds [ 425.143029][ T25] block nbd1: Possible stuck request ffff888024b80540: control (read@3072,1024B). Runtime 60 seconds [ 425.170375][T19605] veth0_vlan: entered promiscuous mode [ 425.222102][T19605] veth1_vlan: entered promiscuous mode [ 425.376921][T19605] veth0_macvtap: entered promiscuous mode [ 425.396340][T19605] veth1_macvtap: entered promiscuous mode [ 425.458649][T19605] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 425.481324][T19605] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 425.531296][ T9293] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.616469][ T9293] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.629059][T19898] __nla_validate_parse: 3 callbacks suppressed [ 425.629080][T19898] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4686'. [ 425.760835][T19898] IPVS: Error connecting to the multicast addr [ 425.796743][ T9293] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.835464][ T9293] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.962981][ T9293] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 425.988056][ T9293] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 426.085308][ T9317] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 426.104366][ T9317] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 426.859960][ T52] Bluetooth: hci5: command tx timeout [ 426.872479][T19929] syz_tun: entered allmulticast mode [ 426.887328][T19927] syz_tun: left allmulticast mode [ 426.892674][T19930] xt_hashlimit: max too large, truncated to 1048576 [ 427.190222][T19938] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4703'. [ 427.447229][T19944] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4706'. [ 427.644756][T19952] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 427.653358][T19952] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 427.707652][T19952] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 427.761413][T19956] netlink: 'syz.4.4711': attribute type 29 has an invalid length. [ 428.092005][T19906] warn_alloc: 1 callbacks suppressed [ 428.092026][T19906] syz.3.4690: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 428.157008][T19970] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4718'. [ 428.166165][T19906] CPU: 0 UID: 0 PID: 19906 Comm: syz.3.4690 Not tainted syzkaller #0 PREEMPT(full) [ 428.166213][T19906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 428.166250][T19906] Call Trace: [ 428.166259][T19906] [ 428.166269][T19906] dump_stack_lvl+0x189/0x250 [ 428.166314][T19906] ? __pfx_dump_stack_lvl+0x10/0x10 [ 428.166339][T19906] ? __pfx__printk+0x10/0x10 [ 428.166369][T19906] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 428.166404][T19906] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 428.166441][T19906] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 428.166479][T19906] warn_alloc+0x214/0x310 [ 428.166517][T19906] ? __pfx_warn_alloc+0x10/0x10 [ 428.166558][T19906] ? __get_vm_area_node+0x28f/0x300 [ 428.166585][T19906] ? translate_table+0x19b/0x2040 [ 428.166613][T19906] __vmalloc_node_range_noprof+0x690/0x12d0 [ 428.166643][T19906] ? __alloc_frozen_pages_noprof+0x9f/0x370 [ 428.166707][T19906] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 428.166736][T19906] ? translate_table+0x19b/0x2040 [ 428.166760][T19906] ? rcu_is_watching+0x15/0xb0 [ 428.166787][T19906] ? translate_table+0x19b/0x2040 [ 428.166809][T19906] __kvmalloc_node_noprof+0x670/0x910 [ 428.166839][T19906] ? translate_table+0x19b/0x2040 [ 428.166859][T19906] ? do_ip6t_set_ctl+0x88a/0xce0 [ 428.166878][T19906] ? nf_setsockopt+0x26f/0x290 [ 428.166905][T19906] ? do_sock_setsockopt+0x17c/0x1b0 [ 428.166935][T19906] ? __x64_sys_setsockopt+0x13f/0x1b0 [ 428.166975][T19906] translate_table+0x19b/0x2040 [ 428.167024][T19906] ? __pfx_translate_table+0x10/0x10 [ 428.167050][T19906] ? __might_fault+0xb0/0x130 [ 428.167099][T19906] ? _copy_from_user+0x94/0xb0 [ 428.167135][T19906] do_ip6t_set_ctl+0x970/0xce0 [ 428.167162][T19906] ? rcu_is_watching+0x15/0xb0 [ 428.167187][T19906] ? trace_contention_end+0x39/0x100 [ 428.167222][T19906] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 428.167270][T19906] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 428.167310][T19906] ? __pfx___mutex_lock+0x10/0x10 [ 428.167342][T19906] ? file_init_path+0x3b/0x590 [ 428.167373][T19906] nf_setsockopt+0x26f/0x290 [ 428.167402][T19906] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 428.167432][T19906] smc_setsockopt+0x232/0xab0 [ 428.167464][T19906] ? __pfx_smc_setsockopt+0x10/0x10 [ 428.167487][T19906] ? aa_sock_opt_perm+0xff/0x1a0 [ 428.167513][T19906] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 428.167544][T19906] ? __pfx_smc_setsockopt+0x10/0x10 [ 428.167571][T19906] do_sock_setsockopt+0x17c/0x1b0 [ 428.167610][T19906] __x64_sys_setsockopt+0x13f/0x1b0 [ 428.167650][T19906] do_syscall_64+0xfa/0xf80 [ 428.167680][T19906] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.167703][T19906] ? clear_bhb_loop+0x60/0xb0 [ 428.167730][T19906] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.167750][T19906] RIP: 0033:0x7f3c6098f749 [ 428.167769][T19906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 428.167787][T19906] RSP: 002b:00007f3c617a9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 428.167808][T19906] RAX: ffffffffffffffda RBX: 00007f3c60be5fa0 RCX: 00007f3c6098f749 [ 428.167824][T19906] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000006 [ 428.167837][T19906] RBP: 00007f3c60a13f91 R08: 0000000000000330 R09: 0000000000000000 [ 428.167850][T19906] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 428.167862][T19906] R13: 00007f3c60be6038 R14: 00007f3c60be5fa0 R15: 00007fff9df2b618 [ 428.167899][T19906] [ 428.167946][T19906] Mem-Info: [ 428.534175][T19906] active_anon:5621 inactive_anon:0 isolated_anon:0 [ 428.534175][T19906] active_file:3594 inactive_file:40028 isolated_file:0 [ 428.534175][T19906] unevictable:768 dirty:105 writeback:25 [ 428.534175][T19906] slab_reclaimable:12597 slab_unreclaimable:127928 [ 428.534175][T19906] mapped:29713 shmem:1362 pagetables:1228 [ 428.534175][T19906] sec_pagetables:0 bounce:0 [ 428.534175][T19906] kernel_misc_reclaimable:0 [ 428.534175][T19906] free:1281464 free_pcp:10497 free_cma:0 [ 428.583914][T19906] Node 0 active_anon:22484kB inactive_anon:0kB active_file:14376kB inactive_file:159912kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:118852kB dirty:420kB writeback:0kB shmem:3912kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14708kB pagetables:4780kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 428.664517][T19906] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 428.744774][T19906] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 428.827417][T19906] lowmem_reserve[]: 0 2504 2504 2504 2504 [ 428.833283][T19906] Node 0 DMA32 free:1218872kB boost:0kB min:34308kB low:42884kB high:51460kB reserved_highatomic:0KB free_highatomic:0KB active_anon:22556kB inactive_anon:0kB active_file:14376kB inactive_file:159912kB unevictable:1536kB writepending:416kB zspages:0kB present:3129332kB managed:2564516kB mlocked:0kB bounce:0kB free_pcp:27636kB local_pcp:12688kB free_cma:0kB [ 428.913198][T19906] lowmem_reserve[]: 0 0 0 0 0 [ 428.918698][T19906] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 428.960428][T19906] lowmem_reserve[]: 0 0 0 0 0 [ 429.008371][T19906] Node 1 Normal free:3891572kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:13620kB local_pcp:5716kB free_cma:0kB [ 429.069220][T19906] lowmem_reserve[]: 0 0 0 0 0 [ 429.074903][T19906] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 429.088202][T19906] Node 0 DMA32: 781*4kB (ME) 502*8kB (UME) 346*16kB (UME) 198*32kB (ME) 74*64kB (UME) 20*128kB (ME) 6*256kB (UME) 92*512kB (UME) 61*1024kB (UE) 26*2048kB (UME) 251*4096kB (UM) = 1218756kB [ 429.129209][T19906] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 429.164810][T19988] netlink: 'syz.0.4726': attribute type 3 has an invalid length. [ 429.184013][T19906] Node 1 Normal: 158*4kB (UME) 52*8kB (UME) 39*16kB (UME) 173*32kB (UME) 52*64kB (UME) 13*128kB (UME) 4*256kB (UM) 3*512kB (ME) 2*1024kB (ME) 2*2048kB (UE) 945*4096kB (M) = 3891624kB [ 429.210701][T19906] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 429.242959][T19906] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 429.262909][T19906] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 429.284512][T19906] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 429.350814][T19906] 44980 total pagecache pages [ 429.364216][T19906] 0 pages in swap cache [ 429.368525][T19906] Free swap = 124996kB [ 429.372808][T19906] Total swap = 124996kB [ 429.378286][T19906] 2097051 pages RAM [ 429.379780][T19994] netlink: 256 bytes leftover after parsing attributes in process `syz.2.4729'. [ 429.382264][T19906] 0 pages HighMem/MovableOnly [ 429.407160][T19906] 424280 pages reserved [ 429.411495][T19906] 0 pages cma reserved [ 429.443413][T19994] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4729'. [ 429.477730][T19996] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 429.506766][T19996] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 429.539119][T19996] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 429.995201][T20010] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4737'. [ 430.545189][T20021] IPv6: Can't replace route, no match found [ 430.867486][T20029] bond_slave_0: entered promiscuous mode [ 430.873542][T20029] bond_slave_1: entered promiscuous mode [ 430.890566][ T5156] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 430.898603][T20024] bond_slave_0: left promiscuous mode [ 430.904235][T20024] bond_slave_1: left promiscuous mode [ 430.912788][ T5156] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 430.922502][ T5156] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 430.933048][ T5156] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 430.950042][ T5156] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 431.002500][T20039] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 431.029036][T20039] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 431.037822][T20039] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 431.082971][ T3483] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 431.099909][T20044] netlink: 'syz.1.4751': attribute type 29 has an invalid length. [ 431.139734][T20033] lo speed is unknown, defaulting to 1000 [ 431.193682][ T3483] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 431.268279][ T3483] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 431.302482][T20047] netlink: 56 bytes leftover after parsing attributes in process `syz.0.4752'. [ 431.355740][ T3483] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 431.660700][T20033] chnl_net:caif_netlink_parms(): no params data found [ 431.721938][T20065] vlan2: entered allmulticast mode [ 431.747811][T20065] bridge_slave_0: entered allmulticast mode [ 431.941166][T20078] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4764'. [ 432.000117][T20078] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4764'. [ 432.091711][ T3483] bridge_slave_1: left allmulticast mode [ 432.115462][ T3483] bridge_slave_1: left promiscuous mode [ 432.125872][ T3483] bridge0: port 2(bridge_slave_1) entered disabled state [ 432.147316][ T3483] bridge_slave_0: left allmulticast mode [ 432.161171][ T3483] bridge0: port 1(bridge_slave_0) entered disabled state [ 432.833443][T20113] netlink: 'syz.4.4776': attribute type 13 has an invalid length. [ 432.926319][ T3483] bond0 (unregistering): left promiscuous mode [ 432.932555][ T3483] bond_slave_0: left promiscuous mode [ 432.938788][ T3483] bond_slave_1: left promiscuous mode [ 432.948547][ T3483] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 432.958823][ T3483] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 432.968904][ T3483] bond0 (unregistering): Released all slaves [ 433.017396][ T52] Bluetooth: hci2: command tx timeout [ 433.074598][ T3483] bond1 (unregistering): Released all slaves [ 433.089920][ T3483] bond2 (unregistering): Released all slaves [ 433.104388][ T3483] bond3 (unregistering): Released all slaves [ 433.119216][ T3483] bond4 (unregistering): Released all slaves [ 433.256590][ T3483] bond5 (unregistering): Released all slaves [ 433.361561][ T3483] bond6 (unregistering): Released all slaves [ 433.467987][ T3483] bond7 (unregistering): Released all slaves [ 433.482866][ T3483] bond8 (unregistering): Released all slaves [ 433.730159][T20113] gretap0: refused to change device tx_queue_len [ 433.744919][T20113] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 433.763475][T20118] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4778'. [ 433.785086][T20033] bridge0: port 1(bridge_slave_0) entered blocking state [ 433.818063][T20033] bridge0: port 1(bridge_slave_0) entered disabled state [ 433.838422][T20033] bridge_slave_0: entered allmulticast mode [ 433.875199][T20033] bridge_slave_0: entered promiscuous mode [ 433.897030][T20033] bridge0: port 2(bridge_slave_1) entered blocking state [ 433.906637][T20033] bridge0: port 2(bridge_slave_1) entered disabled state [ 433.914005][T20033] bridge_slave_1: entered allmulticast mode [ 433.928835][T20033] bridge_slave_1: entered promiscuous mode [ 433.955581][ T3483] tipc: Disabling bearer [ 433.968041][ T3483] tipc: Left network mode [ 434.212216][T20138] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4784'. [ 434.242718][T20138] bridge_slave_1: left allmulticast mode [ 434.257041][T20138] bridge_slave_1: left promiscuous mode [ 434.263223][T20138] bridge0: port 2(bridge_slave_1) entered disabled state [ 434.273613][T20138] bridge_slave_0: left allmulticast mode [ 434.300949][T20138] bridge_slave_0: left promiscuous mode [ 434.307884][T20138] bridge0: port 1(bridge_slave_0) entered disabled state [ 434.385847][T20033] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 434.419674][T20033] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 434.539923][T20033] team0: Port device team_slave_0 added [ 434.567938][T20033] team0: Port device team_slave_1 added [ 434.796412][T20033] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 434.816810][T20033] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 434.863152][T20033] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 434.953643][T20033] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 434.962279][T20033] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 435.023567][T20033] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 435.099117][ T52] Bluetooth: hci2: command tx timeout [ 435.509536][T20033] hsr_slave_0: entered promiscuous mode [ 435.540221][T20033] hsr_slave_1: entered promiscuous mode [ 435.555809][T20033] debugfs: 'hsr0' already exists in 'hsr' [ 435.561685][T20033] Cannot create hsr debugfs directory [ 435.978581][ T3483] batadv0: left promiscuous mode [ 435.995814][ T3483] hsr_slave_0: left promiscuous mode [ 436.003274][ T3483] hsr_slave_1: left promiscuous mode [ 436.015745][ T3483] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 436.033358][ T3483] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 436.054842][ T3483] batman_adv: batadv0: Removing interface: dummy0 [ 436.796980][ T3483] team0 (unregistering): Port device team_slave_1 removed [ 436.851093][ T3483] team0 (unregistering): Port device team_slave_0 removed [ 437.175088][ T52] Bluetooth: hci2: command tx timeout [ 438.122811][T20279] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4839'. [ 438.147582][ T3483] IPVS: stop unused estimator thread 0... [ 438.179889][T20286] netlink: 'syz.4.4841': attribute type 30 has an invalid length. [ 438.700768][T20299] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.736546][T20033] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 438.787974][T20033] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 438.899929][T20299] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.930497][T20033] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 438.953058][T20317] netlink: 'syz.1.4851': attribute type 12 has an invalid length. [ 438.984332][T20317] netlink: 'syz.1.4851': attribute type 29 has an invalid length. [ 438.992207][T20317] netlink: 148 bytes leftover after parsing attributes in process `syz.1.4851'. [ 439.003951][T20317] netlink: 43 bytes leftover after parsing attributes in process `syz.1.4851'. [ 439.013747][T20033] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 439.092025][T20299] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 439.240025][T20299] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 439.254775][ T52] Bluetooth: hci2: command tx timeout [ 439.392810][T20033] 8021q: adding VLAN 0 to HW filter on device bond0 [ 439.483174][ T13] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 439.512023][T20033] 8021q: adding VLAN 0 to HW filter on device team0 [ 439.561092][ T9311] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 439.629774][ T9311] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 439.646039][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 439.653267][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 439.732149][ T60] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 439.785699][ T9301] bridge0: port 2(bridge_slave_1) entered blocking state [ 439.792967][ T9301] bridge0: port 2(bridge_slave_1) entered forwarding state [ 439.916836][T20352] ipvlan2: entered promiscuous mode [ 439.927795][T20352] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 439.947010][T20356] netlink: 5 bytes leftover after parsing attributes in process `syz.1.4861'. [ 439.993968][T20356] 0ªî{X¹¦: renamed from gretap0 (while UP) [ 440.007937][T20356] 0ªî{X¹¦: entered allmulticast mode [ 440.014819][T20356] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 440.472057][T20378] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4867'. [ 440.484904][T20379] netlink: 'syz.2.4866': attribute type 30 has an invalid length. [ 440.563587][T20378] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 440.627420][T20378] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 440.802569][T20033] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 440.939339][T20033] veth0_vlan: entered promiscuous mode [ 440.991460][T20033] veth1_vlan: entered promiscuous mode [ 441.037389][T20401] lo speed is unknown, defaulting to 1000 [ 441.299318][T20401] lo speed is unknown, defaulting to 1000 [ 441.332582][T20401] lo speed is unknown, defaulting to 1000 [ 441.384469][T20033] veth0_macvtap: entered promiscuous mode [ 441.427962][T20033] veth1_macvtap: entered promiscuous mode [ 441.476757][T20033] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 441.515736][T20033] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 441.528526][T20416] netlink: 'syz.4.4877': attribute type 13 has an invalid length. [ 441.740219][ T5206] udevd[5206]: worker [17250] /devices/virtual/block/nbd1 is taking a long time [ 441.978550][T20432] netlink: 'syz.0.4880': attribute type 1 has an invalid length. [ 442.072211][T20401] infiniband syz1: set active [ 442.089602][T20401] infiniband syz1: added lo [ 442.123401][T20401] syz1: rxe_create_cq: returned err = -12 [ 442.160663][T20401] infiniband syz1: Couldn't create ib_mad CQ [ 442.187647][T20401] infiniband syz1: Couldn't open port 1 [ 442.210921][T20416] bridge0: port 2(bridge_slave_1) entered disabled state [ 442.257654][T20401] RDS/IB: syz1: added [ 442.275690][T20401] smc: adding ib device syz1 with port count 1 [ 442.283994][T20401] smc: ib device syz1 port 1 has no pnetid [ 442.760986][T20416] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 442.816201][T20416] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 443.095718][T20416] tipc: Resetting bearer [ 443.427759][ T45] lo speed is unknown, defaulting to 1000 [ 443.463853][ T9286] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 443.474722][ T9286] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.484019][ T9286] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 443.514180][ T9286] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.528764][T20401] lo speed is unknown, defaulting to 1000 [ 443.570915][ T9286] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 443.589517][ T9286] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.597347][T20455] xt_connbytes: Forcing CT accounting to be enabled [ 443.614537][T20455] set match dimension is over the limit! [ 443.619335][ T5945] lo speed is unknown, defaulting to 1000 [ 443.627502][ T9286] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 443.672935][ T9286] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.698162][ T9286] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.714365][ T9286] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.741798][ T9286] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.757614][ T9286] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 444.053047][T20401] lo speed is unknown, defaulting to 1000 [ 444.620566][T20476] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4891'. [ 445.496681][T20468] syzkaller0: entered promiscuous mode [ 445.502272][T20468] syzkaller0: entered allmulticast mode [ 445.508653][T20470] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4890'. [ 445.519848][T20471] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4890'. [ 445.528982][T20401] lo speed is unknown, defaulting to 1000 [ 447.317679][ T9311] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 447.326836][T20401] lo speed is unknown, defaulting to 1000 [ 447.327574][ T9311] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 447.680214][T20516] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4905'. [ 449.019022][ T9312] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 449.033479][ T9312] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 449.059375][T20516] hsr_slave_0 (unregistering): left promiscuous mode [ 449.073977][T20401] lo speed is unknown, defaulting to 1000 [ 449.240598][T20536] FAULT_INJECTION: forcing a failure. [ 449.240598][T20536] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 449.254527][T20536] CPU: 0 UID: 0 PID: 20536 Comm: syz.4.4914 Not tainted syzkaller #0 PREEMPT(full) [ 449.254555][T20536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 449.254567][T20536] Call Trace: [ 449.254575][T20536] [ 449.254583][T20536] dump_stack_lvl+0x189/0x250 [ 449.254609][T20536] ? __pfx____ratelimit+0x10/0x10 [ 449.254633][T20536] ? __pfx_dump_stack_lvl+0x10/0x10 [ 449.254655][T20536] ? __pfx__printk+0x10/0x10 [ 449.254680][T20536] ? __might_fault+0xb0/0x130 [ 449.254713][T20536] should_fail_ex+0x414/0x560 [ 449.254740][T20536] _copy_from_user+0x2d/0xb0 [ 449.254768][T20536] ___sys_sendmsg+0x158/0x2a0 [ 449.254800][T20536] ? __pfx____sys_sendmsg+0x10/0x10 [ 449.254837][T20536] ? rcu_read_lock_any_held+0xb3/0x120 [ 449.254890][T20536] ? __fget_files+0x2a/0x420 [ 449.254906][T20536] ? __fget_files+0x3a0/0x420 [ 449.254936][T20536] __x64_sys_sendmsg+0x19b/0x260 [ 449.254969][T20536] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 449.255019][T20536] ? __pfx_ksys_write+0x10/0x10 [ 449.255048][T20536] ? do_syscall_64+0xbe/0xf80 [ 449.255078][T20536] do_syscall_64+0xfa/0xf80 [ 449.255104][T20536] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 449.255124][T20536] ? clear_bhb_loop+0x60/0xb0 [ 449.255148][T20536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 449.255167][T20536] RIP: 0033:0x7f0023d8f749 [ 449.255184][T20536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 449.255201][T20536] RSP: 002b:00007f0024c42038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 449.255222][T20536] RAX: ffffffffffffffda RBX: 00007f0023fe5fa0 RCX: 00007f0023d8f749 [ 449.255237][T20536] RDX: 00000000200040c4 RSI: 0000200000001640 RDI: 0000000000000003 [ 449.255249][T20536] RBP: 00007f0024c42090 R08: 0000000000000000 R09: 0000000000000000 [ 449.255261][T20536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 449.255273][T20536] R13: 00007f0023fe6038 R14: 00007f0023fe5fa0 R15: 00007ffe9f7cf578 [ 449.255307][T20536] [ 449.347574][T20532] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4912'. [ 449.403583][T20541] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4916'. [ 449.480361][T20538] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4912'. [ 449.688042][T20401] lo speed is unknown, defaulting to 1000 [ 449.970890][T20561] IPv6: sit1: Disabled Multicast RS [ 449.987549][T20561] sit1: entered allmulticast mode [ 450.005587][T20563] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4925'. [ 450.014467][T20564] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4924'. [ 450.103671][T20401] lo speed is unknown, defaulting to 1000 [ 450.246723][T20567] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4926'. [ 450.280674][T20567] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4926'. [ 450.360192][T20573] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4929'. [ 450.610780][T20578] syzkaller0: entered promiscuous mode [ 450.635827][T20578] syzkaller0: entered allmulticast mode [ 450.647236][T20579] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4930'. [ 450.658078][T20582] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4930'. [ 451.262064][T20593] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4936'. [ 451.271367][T20593] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4936'. [ 452.260631][T20401] lo speed is unknown, defaulting to 1000 [ 452.683650][T20620] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4947'. [ 452.758291][T20626] ip6gre1: entered promiscuous mode [ 453.363019][T20661] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 453.369579][T20661] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 454.004914][T20697] xt_connbytes: Forcing CT accounting to be enabled [ 454.410013][T20719] xt_connbytes: Forcing CT accounting to be enabled [ 454.964837][T20757] netlink: 'syz.3.5010': attribute type 1 has an invalid length. [ 455.181588][ T25] block nbd1: Possible stuck request ffff888024b80000: control (read@0,1024B). Runtime 90 seconds [ 455.194007][ T25] block nbd1: Possible stuck request ffff888024b801c0: control (read@1024,1024B). Runtime 90 seconds [ 455.209580][ T25] block nbd1: Possible stuck request ffff888024b80380: control (read@2048,1024B). Runtime 90 seconds [ 455.220597][ T25] block nbd1: Possible stuck request ffff888024b80540: control (read@3072,1024B). Runtime 90 seconds [ 455.348643][T20780] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 455.721850][T20799] __nla_validate_parse: 7 callbacks suppressed [ 455.721874][T20799] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5030'. [ 456.149595][T20829] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5041'. [ 456.161073][T20830] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5041'. [ 456.171499][T20829] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5041'. [ 456.175073][T20830] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5041'. [ 456.197005][T20829] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5041'. [ 456.197841][ T9286] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 456.207714][T20830] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5041'. [ 456.222451][ T9286] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 456.226570][T20829] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5041'. [ 456.234397][ T9286] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 456.247449][T20830] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5041'. [ 456.252027][ T9286] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 456.408465][T20839] syzkaller0: entered promiscuous mode [ 456.424438][T20839] syzkaller0: entered allmulticast mode [ 456.430732][T20840] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5043'. [ 457.253367][T20862] FAULT_INJECTION: forcing a failure. [ 457.253367][T20862] name failslab, interval 1, probability 0, space 0, times 0 [ 457.274308][T20862] CPU: 1 UID: 0 PID: 20862 Comm: syz.4.5052 Not tainted syzkaller #0 PREEMPT(full) [ 457.274335][T20862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 457.274346][T20862] Call Trace: [ 457.274353][T20862] [ 457.274361][T20862] dump_stack_lvl+0x189/0x250 [ 457.274385][T20862] ? __pfx____ratelimit+0x10/0x10 [ 457.274407][T20862] ? __pfx_dump_stack_lvl+0x10/0x10 [ 457.274425][T20862] ? __pfx__printk+0x10/0x10 [ 457.274450][T20862] ? __pfx___might_resched+0x10/0x10 [ 457.274467][T20862] ? fs_reclaim_acquire+0x7d/0x100 [ 457.274495][T20862] should_fail_ex+0x414/0x560 [ 457.274518][T20862] should_failslab+0xa8/0x100 [ 457.274545][T20862] kmem_cache_alloc_node_noprof+0x77/0x710 [ 457.274566][T20862] ? __alloc_skb+0x255/0x430 [ 457.274588][T20862] ? napi_skb_cache_get+0x4a5/0x780 [ 457.274609][T20862] ? napi_skb_cache_get+0x151/0x780 [ 457.274635][T20862] __alloc_skb+0x255/0x430 [ 457.274660][T20862] ? __pfx___alloc_skb+0x10/0x10 [ 457.274689][T20862] ? netlink_ack_tlv_len+0x6c/0x210 [ 457.274708][T20862] netlink_ack+0x146/0xa50 [ 457.274739][T20862] netlink_rcv_skb+0x28c/0x470 [ 457.274756][T20862] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 457.274783][T20862] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 457.274809][T20862] ? bpf_lsm_capable+0x9/0x20 [ 457.274828][T20862] ? security_capable+0x7e/0x2e0 [ 457.274859][T20862] nfnetlink_rcv+0x282/0x2590 [ 457.274884][T20862] ? unwind_get_return_address+0x4d/0x90 [ 457.274903][T20862] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 457.274928][T20862] ? arch_stack_walk+0xfc/0x150 [ 457.274956][T20862] ? stack_trace_save+0x9c/0xe0 [ 457.274984][T20862] ? __lock_acquire+0x6b6/0x2cf0 [ 457.275004][T20862] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 457.275025][T20862] ? kasan_save_track+0x4f/0x80 [ 457.275046][T20862] ? kasan_save_track+0x3e/0x80 [ 457.275073][T20862] ? __kasan_slab_alloc+0x6c/0x80 [ 457.275094][T20862] ? kmem_cache_alloc_node_noprof+0x433/0x710 [ 457.275112][T20862] ? kmalloc_reserve+0xbd/0x290 [ 457.275134][T20862] ? __alloc_skb+0x27e/0x430 [ 457.275159][T20862] ? __lock_acquire+0x6b6/0x2cf0 [ 457.275183][T20862] ? __lock_acquire+0x6b6/0x2cf0 [ 457.275208][T20862] ? __netlink_lookup+0xbd/0x8a0 [ 457.275240][T20862] ? netlink_deliver_tap+0x2e/0x1b0 [ 457.275262][T20862] ? netlink_deliver_tap+0x2e/0x1b0 [ 457.275285][T20862] netlink_unicast+0x82f/0x9e0 [ 457.275319][T20862] ? __pfx_netlink_unicast+0x10/0x10 [ 457.275345][T20862] ? netlink_sendmsg+0x642/0xb30 [ 457.275360][T20862] ? skb_put+0x11b/0x210 [ 457.275386][T20862] netlink_sendmsg+0x805/0xb30 [ 457.275412][T20862] ? __pfx_netlink_sendmsg+0x10/0x10 [ 457.275432][T20862] ? aa_sock_msg_perm+0xf1/0x1b0 [ 457.275451][T20862] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 457.275473][T20862] ? __pfx_netlink_sendmsg+0x10/0x10 [ 457.275492][T20862] __sock_sendmsg+0x21c/0x270 [ 457.275516][T20862] ____sys_sendmsg+0x505/0x820 [ 457.275569][T20862] ? __pfx_____sys_sendmsg+0x10/0x10 [ 457.275606][T20862] ? import_iovec+0x74/0xa0 [ 457.275637][T20862] ___sys_sendmsg+0x21f/0x2a0 [ 457.275668][T20862] ? __pfx____sys_sendmsg+0x10/0x10 [ 457.275705][T20862] ? rcu_read_lock_any_held+0xb3/0x120 [ 457.275758][T20862] ? __fget_files+0x2a/0x420 [ 457.275775][T20862] ? __fget_files+0x3a0/0x420 [ 457.275803][T20862] __x64_sys_sendmsg+0x19b/0x260 [ 457.275837][T20862] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 457.275878][T20862] ? __pfx_ksys_write+0x10/0x10 [ 457.275907][T20862] ? do_syscall_64+0xbe/0xf80 [ 457.275938][T20862] do_syscall_64+0xfa/0xf80 [ 457.275965][T20862] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.275986][T20862] ? clear_bhb_loop+0x60/0xb0 [ 457.276011][T20862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.276030][T20862] RIP: 0033:0x7f0023d8f749 [ 457.276049][T20862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 457.276075][T20862] RSP: 002b:00007f0024c42038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 457.276096][T20862] RAX: ffffffffffffffda RBX: 00007f0023fe5fa0 RCX: 00007f0023d8f749 [ 457.276111][T20862] RDX: 0000000000000090 RSI: 00002000000002c0 RDI: 0000000000000003 [ 457.276124][T20862] RBP: 00007f0024c42090 R08: 0000000000000000 R09: 0000000000000000 [ 457.276136][T20862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 457.276148][T20862] R13: 00007f0023fe6038 R14: 00007f0023fe5fa0 R15: 00007ffe9f7cf578 [ 457.276182][T20862] [ 459.757297][T20934] xt_l2tp: invalid flags combination: 8 [ 459.774866][T20934] bond0: (slave macvlan2): Error -98 calling set_mac_address [ 460.163439][T20960] FAULT_INJECTION: forcing a failure. [ 460.163439][T20960] name failslab, interval 1, probability 0, space 0, times 0 [ 460.196801][T20960] CPU: 1 UID: 0 PID: 20960 Comm: syz.2.5091 Not tainted syzkaller #0 PREEMPT(full) [ 460.196830][T20960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 460.196842][T20960] Call Trace: [ 460.196850][T20960] [ 460.196858][T20960] dump_stack_lvl+0x189/0x250 [ 460.196886][T20960] ? __pfx____ratelimit+0x10/0x10 [ 460.196911][T20960] ? __pfx_dump_stack_lvl+0x10/0x10 [ 460.196937][T20960] ? __pfx__printk+0x10/0x10 [ 460.196961][T20960] ? kmalloc_reserve+0xbd/0x290 [ 460.197003][T20960] ? __lock_acquire+0x6b6/0x2cf0 [ 460.197026][T20960] should_fail_ex+0x414/0x560 [ 460.197052][T20960] should_failslab+0xa8/0x100 [ 460.197082][T20960] kmem_cache_alloc_noprof+0x74/0x6f0 [ 460.197105][T20960] ? skb_clone+0x212/0x3a0 [ 460.197128][T20960] skb_clone+0x212/0x3a0 [ 460.197149][T20960] __netlink_deliver_tap+0x404/0x850 [ 460.197180][T20960] ? netlink_deliver_tap+0x2e/0x1b0 [ 460.197200][T20960] netlink_deliver_tap+0x19c/0x1b0 [ 460.197220][T20960] netlink_unicast+0x7fa/0x9e0 [ 460.197257][T20960] ? __pfx_netlink_unicast+0x10/0x10 [ 460.197286][T20960] ? netlink_sendmsg+0x642/0xb30 [ 460.197303][T20960] ? skb_put+0x11b/0x210 [ 460.197333][T20960] netlink_sendmsg+0x805/0xb30 [ 460.197362][T20960] ? __pfx_netlink_sendmsg+0x10/0x10 [ 460.197385][T20960] ? aa_sock_msg_perm+0xf1/0x1b0 [ 460.197406][T20960] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 460.197431][T20960] ? __pfx_netlink_sendmsg+0x10/0x10 [ 460.197450][T20960] __sock_sendmsg+0x21c/0x270 [ 460.197476][T20960] ____sys_sendmsg+0x505/0x820 [ 460.197517][T20960] ? __pfx_____sys_sendmsg+0x10/0x10 [ 460.197576][T20960] ? import_iovec+0x74/0xa0 [ 460.197608][T20960] ___sys_sendmsg+0x21f/0x2a0 [ 460.197641][T20960] ? __pfx____sys_sendmsg+0x10/0x10 [ 460.197678][T20960] ? rcu_read_lock_any_held+0xb3/0x120 [ 460.197734][T20960] ? __fget_files+0x2a/0x420 [ 460.197751][T20960] ? __fget_files+0x3a0/0x420 [ 460.197781][T20960] __x64_sys_sendmsg+0x19b/0x260 [ 460.197814][T20960] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 460.197856][T20960] ? __pfx_ksys_write+0x10/0x10 [ 460.197885][T20960] ? do_syscall_64+0xbe/0xf80 [ 460.197916][T20960] do_syscall_64+0xfa/0xf80 [ 460.197943][T20960] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 460.197963][T20960] ? clear_bhb_loop+0x60/0xb0 [ 460.197988][T20960] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 460.198007][T20960] RIP: 0033:0x7f4eda78f749 [ 460.198024][T20960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 460.198041][T20960] RSP: 002b:00007f4edb633038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 460.198062][T20960] RAX: ffffffffffffffda RBX: 00007f4eda9e5fa0 RCX: 00007f4eda78f749 [ 460.198077][T20960] RDX: 0000000000000090 RSI: 00002000000002c0 RDI: 0000000000000003 [ 460.198089][T20960] RBP: 00007f4edb633090 R08: 0000000000000000 R09: 0000000000000000 [ 460.198101][T20960] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 460.198114][T20960] R13: 00007f4eda9e6038 R14: 00007f4eda9e5fa0 R15: 00007ffc99fc81d8 [ 460.198148][T20960] [ 460.606410][T20970] FAULT_INJECTION: forcing a failure. [ 460.606410][T20970] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 460.606876][T20953] syzkaller0: entered promiscuous mode [ 460.625610][T20953] syzkaller0: entered allmulticast mode [ 460.642598][T20970] CPU: 1 UID: 0 PID: 20970 Comm: syz.3.5094 Not tainted syzkaller #0 PREEMPT(full) [ 460.642625][T20970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 460.642637][T20970] Call Trace: [ 460.642645][T20970] [ 460.642654][T20970] dump_stack_lvl+0x189/0x250 [ 460.642680][T20970] ? __pfx____ratelimit+0x10/0x10 [ 460.642711][T20970] ? __pfx_dump_stack_lvl+0x10/0x10 [ 460.642734][T20970] ? __pfx__printk+0x10/0x10 [ 460.642774][T20970] should_fail_ex+0x414/0x560 [ 460.642804][T20970] _copy_to_user+0x31/0xb0 [ 460.642835][T20970] simple_read_from_buffer+0xe1/0x170 [ 460.642872][T20970] proc_fail_nth_read+0x1b3/0x220 [ 460.642903][T20970] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 460.642934][T20970] ? rw_verify_area+0x2a6/0x4d0 [ 460.642959][T20970] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 460.642988][T20970] vfs_read+0x200/0xa30 [ 460.643011][T20970] ? fdget_pos+0x247/0x320 [ 460.643034][T20970] ? __pfx___mutex_lock+0x10/0x10 [ 460.643061][T20970] ? __pfx_vfs_read+0x10/0x10 [ 460.643086][T20970] ? __fget_files+0x2a/0x420 [ 460.643110][T20970] ? __fget_files+0x3a0/0x420 [ 460.643127][T20970] ? __fget_files+0x2a/0x420 [ 460.643155][T20970] ksys_read+0x145/0x250 [ 460.643182][T20970] ? __pfx_ksys_read+0x10/0x10 [ 460.643205][T20970] ? do_syscall_64+0xbe/0xf80 [ 460.643230][T20970] do_syscall_64+0xfa/0xf80 [ 460.643264][T20970] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 460.643280][T20970] ? clear_bhb_loop+0x60/0xb0 [ 460.643299][T20970] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 460.643313][T20970] RIP: 0033:0x7ff5d758e15c [ 460.643328][T20970] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 460.643342][T20970] RSP: 002b:00007ff5d842d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 460.643359][T20970] RAX: ffffffffffffffda RBX: 00007ff5d77e5fa0 RCX: 00007ff5d758e15c [ 460.643370][T20970] RDX: 000000000000000f RSI: 00007ff5d842d0a0 RDI: 0000000000000004 [ 460.643380][T20970] RBP: 00007ff5d842d090 R08: 0000000000000000 R09: 0000000000000000 [ 460.643389][T20970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 460.643398][T20970] R13: 00007ff5d77e6038 R14: 00007ff5d77e5fa0 R15: 00007ffdde8a6ee8 [ 460.643425][T20970] [ 461.138030][T20985] __nla_validate_parse: 4 callbacks suppressed [ 461.138180][T20985] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5100'. [ 461.192861][T20989] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5101'. [ 462.521579][T20993] kthread_run failed with err -4 [ 462.594325][T20998] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5104'. [ 462.834272][T21016] netlink: 'syz.1.5113': attribute type 1 has an invalid length. [ 462.886351][T21015] bond1: (slave ip6gretap1): making interface the new active one [ 462.895259][T21015] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 462.967607][T21022] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5117'. [ 463.185387][T21033] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5121'. [ 463.301450][T21042] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5124'. [ 463.339803][T21045] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5126'. [ 463.356075][T21046] FAULT_INJECTION: forcing a failure. [ 463.356075][T21046] name failslab, interval 1, probability 0, space 0, times 0 [ 463.379410][T21046] CPU: 0 UID: 0 PID: 21046 Comm: syz.4.5127 Not tainted syzkaller #0 PREEMPT(full) [ 463.379439][T21046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 463.379452][T21046] Call Trace: [ 463.379461][T21046] [ 463.379469][T21046] dump_stack_lvl+0x189/0x250 [ 463.379498][T21046] ? __pfx____ratelimit+0x10/0x10 [ 463.379523][T21046] ? __pfx_dump_stack_lvl+0x10/0x10 [ 463.379546][T21046] ? __pfx__printk+0x10/0x10 [ 463.379580][T21046] ? __pfx___might_resched+0x10/0x10 [ 463.379602][T21046] ? fs_reclaim_acquire+0x7d/0x100 [ 463.379636][T21046] should_fail_ex+0x414/0x560 [ 463.379666][T21046] should_failslab+0xa8/0x100 [ 463.379698][T21046] kmem_cache_alloc_lru_noprof+0x79/0x6d0 [ 463.379723][T21046] ? __d_alloc+0x37/0x6f0 [ 463.379744][T21046] ? __debug_object_init+0x102/0x4b0 [ 463.379769][T21046] __d_alloc+0x37/0x6f0 [ 463.379797][T21046] d_alloc_pseudo+0x21/0xc0 [ 463.379820][T21046] alloc_file_pseudo+0xcc/0x210 [ 463.379844][T21046] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 463.379872][T21046] ? alloc_fd+0x64c/0x6c0 [ 463.379907][T21046] sock_alloc_file+0xb8/0x2e0 [ 463.379928][T21046] ? __sys_socket+0x12e/0x320 [ 463.379956][T21046] __sys_socket+0x13e/0x320 [ 463.379986][T21046] __x64_sys_socket+0x7a/0x90 [ 463.380012][T21046] do_syscall_64+0xfa/0xf80 [ 463.380040][T21046] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.380061][T21046] ? clear_bhb_loop+0x60/0xb0 [ 463.380086][T21046] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.380106][T21046] RIP: 0033:0x7f0023d91667 [ 463.380125][T21046] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 463.380143][T21046] RSP: 002b:00007f0024c40f48 EFLAGS: 00000293 ORIG_RAX: 0000000000000029 [ 463.380166][T21046] RAX: ffffffffffffffda RBX: 00007f0023fe5fa0 RCX: 00007f0023d91667 [ 463.380181][T21046] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 463.380194][T21046] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 463.380206][T21046] R10: 00002000000009c0 R11: 0000000000000293 R12: 0000000000000006 [ 463.380219][T21046] R13: 00007f0023fe6038 R14: 00002000000009c0 R15: 0000200000000a00 [ 463.380255][T21046] [ 463.380400][T21046] VFS_BUG_ON_INODE(inode_state_read_once(inode) & I_CLEAR) encountered for inode ffff88806a774b80 [ 463.380400][T21046] fs sockfs mode 140777 opflags 0x8 flags 0x0 state 0x300 count 0 [ 463.625450][T21046] ------------[ cut here ]------------ [ 463.630950][T21046] kernel BUG at fs/inode.c:1971! [ 463.686028][T21053] FAULT_INJECTION: forcing a failure. [ 463.686028][T21053] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 463.719715][T21046] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 463.724308][T21053] CPU: 1 UID: 0 PID: 21053 Comm: syz.1.5130 Not tainted syzkaller #0 PREEMPT(full) [ 463.724342][T21053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 463.724357][T21053] Call Trace: [ 463.724365][T21053] [ 463.724375][T21053] dump_stack_lvl+0x189/0x250 [ 463.724405][T21053] ? __pfx____ratelimit+0x10/0x10 [ 463.724434][T21053] ? __pfx_dump_stack_lvl+0x10/0x10 [ 463.724458][T21053] ? __pfx__printk+0x10/0x10 [ 463.724487][T21053] ? __might_fault+0xb0/0x130 [ 463.724521][T21053] should_fail_ex+0x414/0x560 [ 463.724549][T21053] _copy_from_iter+0x1cd/0x1630 [ 463.724580][T21053] ? __build_skb_around+0x22d/0x3c0 [ 463.724615][T21053] ? __pfx__copy_from_iter+0x10/0x10 [ 463.724641][T21053] ? __alloc_skb+0x2f1/0x430 [ 463.724671][T21053] ? __pfx___alloc_skb+0x10/0x10 [ 463.724703][T21053] ? netlink_sendmsg+0x642/0xb30 [ 463.724724][T21053] ? skb_put+0x11b/0x210 [ 463.724757][T21053] netlink_sendmsg+0x6b2/0xb30 [ 463.724785][T21053] ? __pfx_netlink_sendmsg+0x10/0x10 [ 463.724809][T21053] ? aa_sock_msg_perm+0xf1/0x1b0 [ 463.724831][T21053] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 463.724863][T21053] ? __pfx_netlink_sendmsg+0x10/0x10 [ 463.724884][T21053] __sock_sendmsg+0x21c/0x270 [ 463.724912][T21053] ____sys_sendmsg+0x505/0x820 [ 463.724948][T21053] ? __pfx_____sys_sendmsg+0x10/0x10 [ 463.724988][T21053] ? import_iovec+0x74/0xa0 [ 463.725019][T21053] ___sys_sendmsg+0x21f/0x2a0 [ 463.725054][T21053] ? __pfx____sys_sendmsg+0x10/0x10 [ 463.725097][T21053] ? rcu_read_lock_any_held+0xb3/0x120 [ 463.725141][T21053] ? __fget_files+0x2a/0x420 [ 463.725204][T21053] ? __fget_files+0x3a0/0x420 [ 463.725228][T21053] __x64_sys_sendmsg+0x19b/0x260 [ 463.725263][T21053] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 463.725303][T21053] ? __pfx_ksys_write+0x10/0x10 [ 463.725333][T21053] ? do_syscall_64+0xbe/0xf80 [ 463.725365][T21053] do_syscall_64+0xfa/0xf80 [ 463.725394][T21053] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.725414][T21053] ? clear_bhb_loop+0x60/0xb0 [ 463.725439][T21053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.725461][T21053] RIP: 0033:0x7f05c618f749 [ 463.725481][T21053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 463.725501][T21053] RSP: 002b:00007f05c6fd6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 463.725525][T21053] RAX: ffffffffffffffda RBX: 00007f05c63e5fa0 RCX: 00007f05c618f749 [ 463.725542][T21053] RDX: 0000000000000840 RSI: 0000200000000300 RDI: 0000000000000003 [ 463.725558][T21053] RBP: 00007f05c6fd6090 R08: 0000000000000000 R09: 0000000000000000 [ 463.725571][T21053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 463.725585][T21053] R13: 00007f05c63e6038 R14: 00007f05c63e5fa0 R15: 00007ffe631158a8 [ 463.725612][T21053] [ 464.000575][T21046] CPU: 0 UID: 0 PID: 21046 Comm: syz.4.5127 Not tainted syzkaller #0 PREEMPT(full) [ 464.009969][T21046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 464.020055][T21046] RIP: 0010:iput+0xfc9/0x1030 [ 464.024751][T21046] Code: 8b 7c 24 18 48 c7 c6 a0 df 79 8b e8 e1 58 e8 fe 90 0f 0b e8 e9 6b 81 ff 48 8b 7c 24 18 48 c7 c6 40 df 79 8b e8 c8 58 e8 fe 90 <0f> 0b 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c cd fb ff ff 4c 89 ef [ 464.044364][T21046] RSP: 0018:ffffc9000b827de8 EFLAGS: 00010282 [ 464.050437][T21046] RAX: 000000000000009f RBX: dffffc0000000000 RCX: 83fac0f6d89ecc00 [ 464.058434][T21046] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 464.066427][T21046] RBP: 1ffffffff1ed61d6 R08: ffffc9000b827aa7 R09: 1ffff92001704f54 [ 464.074423][T21046] R10: dffffc0000000000 R11: fffff52001704f55 R12: 1ffff1100d4ee9b0 [ 464.082780][T21046] R13: ffff88806a774d80 R14: 0000000000000200 R15: 1ffffffff1f01152 [ 464.090848][T21046] FS: 00007f0024c426c0(0000) GS:ffff8881260b1000(0000) knlGS:0000000000000000 [ 464.099786][T21046] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 464.106380][T21046] CR2: 00007f4edb5156c0 CR3: 0000000075118000 CR4: 00000000003526f0 [ 464.114382][T21046] Call Trace: [ 464.117680][T21046] [ 464.120632][T21046] ? do_raw_spin_unlock+0x122/0x240 [ 464.125854][T21046] __sys_socket+0x2bf/0x320 [ 464.130475][T21046] __x64_sys_socket+0x7a/0x90 [ 464.135175][T21046] do_syscall_64+0xfa/0xf80 [ 464.139695][T21046] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.145769][T21046] ? clear_bhb_loop+0x60/0xb0 [ 464.150465][T21046] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.156368][T21046] RIP: 0033:0x7f0023d91667 [ 464.160790][T21046] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 464.180404][T21046] RSP: 002b:00007f0024c40f48 EFLAGS: 00000293 ORIG_RAX: 0000000000000029 [ 464.189071][T21046] RAX: ffffffffffffffda RBX: 00007f0023fe5fa0 RCX: 00007f0023d91667 [ 464.197057][T21046] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 464.205034][T21046] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 464.213013][T21046] R10: 00002000000009c0 R11: 0000000000000293 R12: 0000000000000006 [ 464.220993][T21046] R13: 00007f0023fe6038 R14: 00002000000009c0 R15: 0000200000000a00 [ 464.229158][T21046] [ 464.232195][T21046] Modules linked in: [ 464.238309][T21046] ---[ end trace 0000000000000000 ]--- [ 464.244206][T21046] RIP: 0010:iput+0xfc9/0x1030 [ 464.249116][T21046] Code: 8b 7c 24 18 48 c7 c6 a0 df 79 8b e8 e1 58 e8 fe 90 0f 0b e8 e9 6b 81 ff 48 8b 7c 24 18 48 c7 c6 40 df 79 8b e8 c8 58 e8 fe 90 <0f> 0b 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c cd fb ff ff 4c 89 ef [ 464.297201][T21058] FAULT_INJECTION: forcing a failure. [ 464.297201][T21058] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 464.318301][T21058] CPU: 0 UID: 0 PID: 21058 Comm: syz.0.5131 Tainted: G D syzkaller #0 PREEMPT(full) [ 464.318337][T21058] Tainted: [D]=DIE [ 464.318346][T21058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 464.318359][T21058] Call Trace: [ 464.318367][T21058] [ 464.318377][T21058] dump_stack_lvl+0x189/0x250 [ 464.318405][T21058] ? __pfx____ratelimit+0x10/0x10 [ 464.318430][T21058] ? __pfx_dump_stack_lvl+0x10/0x10 [ 464.318452][T21058] ? __pfx__printk+0x10/0x10 [ 464.318478][T21058] ? __might_fault+0xb0/0x130 [ 464.318508][T21058] ? rcu_is_watching+0x15/0xb0 [ 464.318535][T21058] should_fail_ex+0x414/0x560 [ 464.318561][T21058] _copy_from_iter+0x1cd/0x1630 [ 464.318590][T21058] ? __build_skb_around+0x22d/0x3c0 [ 464.318621][T21058] ? __pfx__copy_from_iter+0x10/0x10 [ 464.318646][T21058] ? __alloc_skb+0x2f1/0x430 [ 464.318674][T21058] ? __pfx___alloc_skb+0x10/0x10 [ 464.318704][T21058] ? netlink_sendmsg+0x642/0xb30 [ 464.318724][T21058] ? skb_put+0x11b/0x210 [ 464.318754][T21058] netlink_sendmsg+0x6b2/0xb30 [ 464.318781][T21058] ? __pfx_netlink_sendmsg+0x10/0x10 [ 464.318803][T21058] ? aa_sock_msg_perm+0xf1/0x1b0 [ 464.318824][T21058] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 464.318851][T21058] ? __pfx_netlink_sendmsg+0x10/0x10 [ 464.318872][T21058] __sock_sendmsg+0x21c/0x270 [ 464.318898][T21058] ____sys_sendmsg+0x505/0x820 [ 464.318930][T21058] ? __pfx_____sys_sendmsg+0x10/0x10 [ 464.318966][T21058] ? import_iovec+0x74/0xa0 [ 464.318995][T21058] ___sys_sendmsg+0x21f/0x2a0 [ 464.319038][T21058] ? __pfx____sys_sendmsg+0x10/0x10 [ 464.319085][T21058] ? __fget_files+0x2a/0x420 [ 464.319102][T21058] ? __fget_files+0x3a0/0x420 [ 464.319124][T21058] __x64_sys_sendmsg+0x19b/0x260 [ 464.319155][T21058] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 464.319188][T21058] ? __pfx_ksys_write+0x10/0x10 [ 464.319216][T21058] ? rcu_is_watching+0x15/0xb0 [ 464.319241][T21058] do_syscall_64+0xfa/0xf80 [ 464.319268][T21058] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.319288][T21058] ? clear_bhb_loop+0x60/0xb0 [ 464.319311][T21058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.319330][T21058] RIP: 0033:0x7fec82d8f749 [ 464.319348][T21058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 464.319366][T21058] RSP: 002b:00007fec83b62038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 464.319387][T21058] RAX: ffffffffffffffda RBX: 00007fec82fe5fa0 RCX: 00007fec82d8f749 [ 464.319402][T21058] RDX: 0000000000000014 RSI: 0000200000000000 RDI: 0000000000000007 [ 464.319412][T21046] RSP: 0018:ffffc9000b827de8 EFLAGS: 00010282 [ 464.319416][T21058] RBP: 00007fec83b62090 R08: 0000000000000000 R09: 0000000000000000 [ 464.319429][T21058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 464.319442][T21058] R13: 00007fec82fe6038 R14: 00007fec82fe5fa0 R15: 00007fff7307b788 [ 464.319463][T21058] [ 464.610674][T21046] [ 464.613045][T21046] RAX: 000000000000009f RBX: dffffc0000000000 RCX: 83fac0f6d89ecc00 [ 464.623446][T21046] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 464.632290][T21046] RBP: 1ffffffff1ed61d6 R08: ffffc9000b827aa7 R09: 1ffff92001704f54 [ 464.643412][T21046] R10: dffffc0000000000 R11: fffff52001704f55 R12: 1ffff1100d4ee9b0 [ 464.651725][T21046] R13: ffff88806a774d80 R14: 0000000000000200 R15: 1ffffffff1f01152 [ 464.660187][T21046] FS: 00007f0024c426c0(0000) GS:ffff8881261b1000(0000) knlGS:0000000000000000 [ 464.670083][T21046] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 464.676805][T21046] CR2: 0000555572f53808 CR3: 0000000075118000 CR4: 00000000003526f0 [ 464.684865][T21046] Kernel panic - not syncing: Fatal exception [ 464.691327][T21046] Kernel Offset: disabled [ 464.695655][T21046] Rebooting in 86400 seconds..