last executing test programs: 2.642241717s ago: executing program 1 (id=19089): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x20}, 0xc) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x4, @loopback, 0x8}, 0x1c) sendto$inet6(r0, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$sock(r0, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="89", 0x1}], 0x1}}], 0x1, 0x0) (fail_nth: 1) 1.657421392s ago: executing program 1 (id=19105): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) write$cgroup_devices(0xffffffffffffffff, 0x0, 0xe) r2 = socket(0x10, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40040}, 0x0) sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x4000044) 1.272072359s ago: executing program 2 (id=19109): syz_emit_ethernet(0x2a, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0x800001c, @multicast1}, {0x0, 0x17c1, 0x8}}}}}, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000018c0)={0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f00000002c0)="6bb689ea599e8211ec0ad38634a55ab950e3bad53e90465ea392c0f0c4c8aa0bc19e9c51fb6608cbed4de4a9ec20ac7b4017b9086389d7228ba892ae21170220e45f4d7db97040e5b729f00849c6322c2a730d31ddd4466ff7a520279b864944019231fd159c000c28daedb73d831e89c8043001e0770e96f2fc47f9599e9cc110877f8f387a0f7a307d320ce06506909ccf9fe37b69851a62b29dc651ed971518e9b9fd4efbc771", 0xa8}, {&(0x7f00000003c0)="ca4d664019cf0f7b3f4f4de87203982ea42ff37d2fbb11f1aca105179e2e057fa4cc48c0a8a69bcf9b7b0d99533e9a902dd045513d40353a04941b9395449ff2fe44560cfff268288b3c842c241d9cf77e609d3c93d89b9f9853caad39a3724d5cab257401cd8258990212635498825f315b944db350712cf050e8e926fd7b361ab73028fd7a59276bf5884d711d01f86227e3ae5b582cd22922bf78e1b909c23c0268f349e57b1735803fb38e954f3cdfd20fe91fb2a76dc22377d1df48bd0a871c7334737190ff9da91177d0a6d592e127c4d36971b2dcf471d94d55f2cf8f1daab52e3ef183c25ea9a50d1929", 0xee}], 0x2}, 0x41) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x1b, 0x1fffffffffffffcd, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000070000000000000000800027350000007500000095"], 0x0, 0xbb5, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)}, 0x8000) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f00000004c0)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000180000003d030100000000009500f000000000006926000000000000bf67000000000000560602000fff07007706000020000000170200000ee60000bf250000000000002d350000000000006507000002080000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad35010000000000840400000000000014000000100000009500000000000000db13d5d8b741f2cdaabc8383c8f56b8c2b848b00ea6553f304000000815dcf00c3ee7b042d1937ba"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 1.208578279s ago: executing program 1 (id=19110): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000380)=[@in={0x2, 0x4e20, @multicast1}, @in6={0xa, 0x4e21, 0x68f, @dev={0xfe, 0x80, '\x00', 0x22}, 0x1}, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1f}}, @in6={0xa, 0x4e24, 0x10, @mcast1, 0x6}, @in6={0xa, 0x4e21, 0x2, @ipv4={'\x00', '\xff\xff', @empty}, 0xee5b}, @in6={0xa, 0x4e22, 0x1400000, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, 0x10}, @in={0x2, 0x4e21, @rand_addr=0x64010100}], 0xa0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) getsockopt$WPAN_WANTACK(r2, 0x0, 0x0, &(0x7f00000000c0), &(0x7f00000001c0)=0x4) bind$netlink(r2, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) getsockname$packet(r2, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c00000010000d042abd70008000000000000000", @ANYRES32=r3, @ANYBLOB="0100000000c000001c00128009000100626f6e64000000000c0002800500010006000000", @ANYRES8=r2, @ANYRES8=r2, @ANYRESDEC=r3], 0x3c}, 0x1, 0x0, 0x0, 0x404c084}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000040040000140012800900010076657468000000000400028008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[], 0x54}}, 0x0) r8 = socket$inet(0xa, 0x801, 0x84) connect$inet(r8, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000), 0xffffff6a) r9 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r9, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3}, 0x8) listen(r8, 0x8) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="48000000200001032abd7000000dd192a30000000000000000000000080002007f00000108000b00e03c00000c000c4000000000000080000800020064010100080002000a010102"], 0x48}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0) r11 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000021000100"], 0x28}}, 0x0) r12 = accept4(r8, 0x0, 0x0, 0x0) r13 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r13, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r12, 0x84, 0x6d, &(0x7f0000000700)={r14}, &(0x7f0000000740)=0x8) setsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000200)={r14, 0x1}, 0x8) 1.136327872s ago: executing program 3 (id=19112): socket$packet(0x11, 0x3, 0x300) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x2, 0x2, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0xad}, @exit], &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2a}, 0x90) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000440)={0x0, 0x1003}, 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x7, 0x1, 0x101, 0x0, 0x0, {0xa, 0x0, 0x5}}, 0x14}}, 0x44) 1.037536246s ago: executing program 0 (id=19114): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan1\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, 0x0, 0x80) 1.037313455s ago: executing program 3 (id=19115): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="180000005a00010000000000000000d531000000040005"], 0x18}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000200)={0x28, r1, 0x5, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_RANN_INTERVAL={0x6, 0x10, 0xf000}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 996.352392ms ago: executing program 2 (id=19116): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB="88020000", @ANYRES16=r1, @ANYBLOB="010000000000000000003b000000", @ANYRES32=r2, @ANYBLOB="6102330050300100080211000001080211"], 0x288}, 0x1, 0x0, 0x0, 0x800}, 0x0) 979.188568ms ago: executing program 3 (id=19117): r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/141, 0x8d}, {&(0x7f00000001c0)=""/17, 0x11}], 0x7, &(0x7f0000000600)=""/191, 0xbf}, 0x5}], 0x1, 0x2000, &(0x7f0000003700)={0x77359400}) 921.516101ms ago: executing program 1 (id=19118): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000680)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7}, {}, {0xffff, 0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x800) r0 = socket$nl_route(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r2, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000e00)={0x1c, 0x4, 0x6, 0x5, 0x0, 0x0, {0x7, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x14, 0x3, 0x6, 0x201}, 0x14}}, 0x8081) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r5 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) writev(r4, &(0x7f00000002c0)=[{&(0x7f0000000a40)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e9232f2b8db0049d90491ceaebfd26d4eef23248000000f858dbb8a19052343f", 0x35}, {&(0x7f0000000200)="c67f0d7df9", 0x49}], 0x2) listen(0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=@framed={{0x7d, 0xa, 0xa, 0x0, 0x0, 0x71, 0x10, 0x15}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r3, @ANYBLOB="0000000003120100500012800b000100627269646765000040000280080005000100000006002700000000000800010015000800050025000000000008000400000000000c002e"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0xd, 0x10}}}, 0x24}}, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @private=0xff}, 0x10) 892.094972ms ago: executing program 4 (id=19119): r0 = socket(0x200000100000011, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000240)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x800b, 0x4) sendmsg$netlink(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="34000000020000010000000000000000d96e6c8d5e85080045f00d80724e11d569116e3a1ce41e2a560254ea0043"], 0x34}, {&(0x7f00000004c0)={0xf4, 0x1, 0x0, 0x0, 0x0, "", [@typed={0x8, 0x3c, 0x0, 0x0, @pid}, @typed={0x8, 0x0, 0x0, 0x0, @uid}, @nested={0xd3, 0x0, 0x0, 0x1, [@generic="b308062bb3eb6db2103d7bf69e1beb05d20799da539b86148b5def4185def2d0a01898891f1075909ee6c358c334dfeabd884e418717d87eecb0d1be7a32c9244e3bf79aa06cd0ce01379fd72dc80d5b7f418ad25388910c6b6bf7fe4944eceb7ce1b59b0f86f326f986f0c0357874065cf46d27480a05db057d0d749582abb54e22b7892ce7bf0d51dc46b76689bd006dc7ffb54d822531fba616376233b8b758bd4c", @generic="5fb76fab50b69913057c69d844512502fee8754d75b1993dce090c32365d9f8f7ba7dd1a18877654e0e0cd3e"]}]}, 0xf4}], 0x2}, 0x0) 869.700401ms ago: executing program 0 (id=19120): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="5c00000002060108000100000000000000004000050005000a000000050001000700000005000400000000000900020073797a310000000016000300686173683a6e65742c706f72742c6e65740000000c0007"], 0x5c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f00000500070084000000060005"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) 767.489173ms ago: executing program 2 (id=19121): r0 = socket(0x10, 0x3, 0x0) accept4(r0, &(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @empty}, &(0x7f0000000140)=0x80, 0x80800) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0x5ddc, 0xffffffff, 0x2dfe}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="200000001200010a00000000000000000a000001"], 0x26}}, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000001d80)={'filter\x00', 0x111, 0x4, 0x3a0, 0x0, 0x1d0, 0x1d0, 0x2b8, 0x2b8, 0x2b8, 0x4, 0x0, {[{{@arp={@remote, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local={0x2, 0x80, 0xc2, 0x7}}, {@mac}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'bridge0\x00', 'erspan0\x00'}, 0xc0, 0xe8}, @unspec=@MARK={0x28}}, {{@arp={@empty, @dev={0xac, 0x14, 0x14, 0x19}, 0x0, 0x0, 0x0, 0x0, {@mac}, {@mac, {[0x0, 0x0, 0x0, 0x0, 0xff]}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'pim6reg1\x00', 'lo\x00', {}, {}, 0x0, 0x158}, 0xc0, 0xe8, 0x0, {0xb000000}}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x2}}, {{@arp={@rand_addr, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {@empty, {[0x0, 0x0, 0xff]}}, {@mac=@multicast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'xfrm0\x00', 'ipvlan1\x00'}, 0xc0, 0xe8}, @unspec=@AUDIT={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x3f0) syz_emit_ethernet(0x200000, 0x0, 0x0) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001500)=ANY=[@ANYBLOB="240000001a1401002abd700001dcdf250800010000000000090002"], 0x24}, 0x1, 0x0, 0x0, 0x4000801}, 0x40810) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000300)={0x3, {{0x2, 0x4e23, @multicast2}}, 0x1, 0x2, [{{0x2, 0x4e24, @loopback}}, {{0x2, 0x4e21, @loopback}}]}, 0x190) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_subtree(r3, &(0x7f0000000200), 0x2, 0x0) preadv(r4, &(0x7f0000000140)=[{&(0x7f0000000080)=""/180, 0xb4}], 0x1, 0x47b7, 0x4) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000240)={'syztnl1\x00', &(0x7f0000000180)={'gre0\x00', 0x0, 0x8000, 0x7800, 0xc, 0x3, {{0x1b, 0x4, 0x0, 0x38, 0x6c, 0x68, 0x0, 0xc, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x43}, {[@noop, @end, @timestamp_addr={0x44, 0x1c, 0xf0, 0x1, 0x8, [{@rand_addr=0x64010102, 0x4}, {@remote, 0xb5f9}, {@remote, 0x2d}]}, @ra={0x94, 0x4}, @timestamp_addr={0x44, 0x34, 0x35, 0x1, 0x2, [{@empty, 0x3}, {@remote, 0x7}, {@local, 0x48efd28d}, {@broadcast, 0x4}, {@remote, 0x8}, {@local, 0x8}]}]}}}}}) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f00000002c0)={@private0={0xfc, 0x0, '\x00', 0x1}, r5}, 0x14) socket(0x10, 0x3, 0x0) (async) accept4(r0, &(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @empty}, &(0x7f0000000140)=0x80, 0x80800) (async) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0x5ddc, 0xffffffff, 0x2dfe}, 0x10) (async) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="200000001200010a00000000000000000a000001"], 0x26}}, 0x0) (async) socket$inet_tcp(0x2, 0x1, 0x0) (async) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000001d80)={'filter\x00', 0x111, 0x4, 0x3a0, 0x0, 0x1d0, 0x1d0, 0x2b8, 0x2b8, 0x2b8, 0x4, 0x0, {[{{@arp={@remote, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local={0x2, 0x80, 0xc2, 0x7}}, {@mac}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'bridge0\x00', 'erspan0\x00'}, 0xc0, 0xe8}, @unspec=@MARK={0x28}}, {{@arp={@empty, @dev={0xac, 0x14, 0x14, 0x19}, 0x0, 0x0, 0x0, 0x0, {@mac}, {@mac, {[0x0, 0x0, 0x0, 0x0, 0xff]}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'pim6reg1\x00', 'lo\x00', {}, {}, 0x0, 0x158}, 0xc0, 0xe8, 0x0, {0xb000000}}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x2}}, {{@arp={@rand_addr, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {@empty, {[0x0, 0x0, 0xff]}}, {@mac=@multicast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'xfrm0\x00', 'ipvlan1\x00'}, 0xc0, 0xe8}, @unspec=@AUDIT={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x3f0) (async) syz_emit_ethernet(0x200000, 0x0, 0x0) (async) socket$nl_rdma(0x10, 0x3, 0x14) (async) sendmsg$RDMA_NLDEV_CMD_SET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001500)=ANY=[@ANYBLOB="240000001a1401002abd700001dcdf250800010000000000090002"], 0x24}, 0x1, 0x0, 0x0, 0x4000801}, 0x40810) (async) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000300)={0x3, {{0x2, 0x4e23, @multicast2}}, 0x1, 0x2, [{{0x2, 0x4e24, @loopback}}, {{0x2, 0x4e21, @loopback}}]}, 0x190) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_subtree(r3, &(0x7f0000000200), 0x2, 0x0) (async) preadv(r4, &(0x7f0000000140)=[{&(0x7f0000000080)=""/180, 0xb4}], 0x1, 0x47b7, 0x4) (async) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000240)={'syztnl1\x00', &(0x7f0000000180)={'gre0\x00', 0x0, 0x8000, 0x7800, 0xc, 0x3, {{0x1b, 0x4, 0x0, 0x38, 0x6c, 0x68, 0x0, 0xc, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x43}, {[@noop, @end, @timestamp_addr={0x44, 0x1c, 0xf0, 0x1, 0x8, [{@rand_addr=0x64010102, 0x4}, {@remote, 0xb5f9}, {@remote, 0x2d}]}, @ra={0x94, 0x4}, @timestamp_addr={0x44, 0x34, 0x35, 0x1, 0x2, [{@empty, 0x3}, {@remote, 0x7}, {@local, 0x48efd28d}, {@broadcast, 0x4}, {@remote, 0x8}, {@local, 0x8}]}]}}}}}) (async) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f00000002c0)={@private0={0xfc, 0x0, '\x00', 0x1}, r5}, 0x14) (async) 739.965752ms ago: executing program 4 (id=19122): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x2000080) 739.174196ms ago: executing program 0 (id=19123): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmmsg(r0, &(0x7f0000000dc0)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000600)="ded6428a5918ee0d654fa309061644", 0xf}], 0x1}}], 0x1, 0x4088) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b000000080003", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 721.579923ms ago: executing program 3 (id=19124): syz_emit_ethernet(0x2a, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0x800001c, @multicast1}, {0x0, 0x17c1, 0x8}}}}}, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000018c0)={0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f00000002c0)="6bb689ea599e8211ec0ad38634a55ab950e3bad53e90465ea392c0f0c4c8aa0bc19e9c51fb6608cbed4de4a9ec20ac7b4017b9086389d7228ba892ae21170220e45f4d7db97040e5b729f00849c6322c2a730d31ddd4466ff7a520279b864944019231fd159c000c28daedb73d831e89c8043001e0770e96f2fc47f9599e9cc110877f8f387a0f7a307d320ce06506909ccf9fe37b69851a62b29dc651ed971518e9b9fd4efbc771662ee967aafa97a4cddc895ba8ede2fa36d9450c1720ebad", 0xc0}, {&(0x7f00000003c0)="ca4d664019cf0f7b3f4f4de87203982ea42ff37d2fbb11f1aca105179e2e057fa4cc48c0a8a69bcf9b7b0d99533e9a902dd045513d40353a04941b9395449ff2fe44560cfff268288b3c842c241d9cf77e609d3c93d89b9f9853caad39a3724d5cab257401cd8258990212635498825f315b944db350712cf050e8e926fd7b361ab73028fd7a59276bf5884d711d01f86227e3ae5b582cd22922bf78e1b909c23c0268f349e57b1735803fb38e954f3cdfd20fe91fb2a76dc22377d1df48bd0a871c7334737190ff9da91177d0a6d592e127c4d36971b2dcf471d94d55f2cf8f1daab52e3ef183c25ea9a50d1929", 0xee}], 0x2, 0x0, 0x68}, 0x41) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x1b, 0x1fffffffffffffcd, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000070000000000000000800027350000007500000095"], 0x0, 0xbb5, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r3, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 601.013104ms ago: executing program 1 (id=19125): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB="88020000", @ANYRES16=r1, @ANYBLOB="010000000000000000003b0000000800", @ANYRES32=r2, @ANYBLOB="6102330050300100080211000001080211000000505050505050"], 0x288}, 0x1, 0x0, 0x0, 0x800}, 0x0) 600.521736ms ago: executing program 4 (id=19126): syz_emit_ethernet(0x2a, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0x800001c, @multicast1}, {0x0, 0x17c1, 0x8}}}}}, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000018c0)={0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f00000002c0)="6bb689ea599e8211ec0ad38634a55ab950e3bad53e90465ea392c0f0c4c8aa0bc19e9c51fb6608cbed4de4a9ec20ac7b4017b9086389d7228ba892ae21170220e45f4d7db97040e5b729f00849c6322c2a730d31ddd4466ff7a520279b864944019231fd159c000c28daedb73d831e89c8043001e0770e96f2fc47f9599e9cc110877f8f387a0f7a307d320ce06506909ccf9fe37b69851a62b29dc651ed971518e9b9fd4efbc771", 0xa8}, {&(0x7f00000003c0)="ca4d664019cf0f7b3f4f4de87203982ea42ff37d2fbb11f1aca105179e2e057fa4cc48c0a8a69bcf9b7b0d99533e9a902dd045513d40353a04941b9395449ff2fe44560cfff268288b3c842c241d9cf77e609d3c93d89b9f9853caad39a3724d5cab257401cd8258990212635498825f315b944db350712cf050e8e926fd7b361ab73028fd7a59276bf5884d711d01f86227e3ae5b582cd22922bf78e1b909c23c0268f349e57b1735803fb38e954f3cdfd20fe91fb2a76dc22377d1df48bd0a871c7334737190ff9da91177d0a6d592e127c4d36971b2dcf471d94d55f2cf8f1daab52e3ef183c25ea9a50d1929", 0xee}], 0x2}, 0x41) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x1b, 0x1fffffffffffffcd, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000070000000000000000800027350000007500000095"], 0x0, 0xbb5, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)}, 0x8000) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f00000004c0)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000180000003d030100000000009500f000000000006926000000000000bf67000000000000560602000fff07007706000020000000170200000ee60000bf250000000000002d350000000000006507000002080000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad35010000000000840400000000000014000000100000009500000000000000db13d5d8b741f2cdaabc8383c8f56b8c2b848b00ea6553f304000000815dcf00c3ee7b042d1937ba"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 600.34821ms ago: executing program 0 (id=19127): ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000240)={0x0, 0x91, "2d55994b0e88083cf4e6e38862d1c96fe88495fb885d75ad6b961fe15d6dea27ed393314775d9715ff2420e40d29c799c04d11a8307d8516dcf7301c0b7b459b65dd585cde1d012ffa159377bb5ee1da2e67a9f6412db298ebb98f016270711f3cf871f8ffe8436dda386906899ab003198e8c5743252ada08661e30ac23b22ac0ca75886410dd1f0322bd40fb20893a1b"}, &(0x7f0000000040)=0x99) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={r1}, &(0x7f00000001c0)=0x8) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe", 0x2c}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722", 0x44}], 0x3}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0x6}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}}, 0x0) 534.361852ms ago: executing program 2 (id=19128): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x3f, &(0x7f0000000080)=0x1, 0x4) bind$inet(r0, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x28040041, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)="1f", 0x1}], 0x1}, 0x8c0) recvmmsg(r0, &(0x7f00000005c0), 0x40000000000026c, 0x0, 0x0) 529.391327ms ago: executing program 3 (id=19129): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000180)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x14}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc00082c"], 0xfdef) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x5, 0x47, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3a000000}, 0x50) 423.545041ms ago: executing program 1 (id=19130): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x5c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9, 0x1}, {0x4}, {0xe, 0xd}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x401}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}, @TCA_INGRESS_BLOCK={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x90}, 0x4000c00) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmsg$nl_route_sched(r2, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) r4 = socket$inet6(0xa, 0x2, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) socket(0x400000000010, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) sendmmsg$inet(r4, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @dev={0xac, 0x14, 0x14, 0x41}, @empty}}}], 0x20}}], 0x1, 0x0) 422.654847ms ago: executing program 2 (id=19131): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB="88020000", @ANYRES16=r1, @ANYBLOB="010000000000000000003b0000000800", @ANYRES32=r2, @ANYBLOB="6102330050300100080211000001080211"], 0x288}, 0x1, 0x0, 0x0, 0x800}, 0x0) 325.898357ms ago: executing program 4 (id=19132): r0 = socket(0x200000100000011, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000240)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x800b, 0x4) sendmsg$netlink(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="34000000020000010000000000000000d96e6c8d5e85080045f00d80724e11d569116e3a1ce41e2a560254ea0043"], 0x34}, {&(0x7f00000004c0)={0xf8, 0x1, 0x0, 0x0, 0x0, "", [@typed={0x8, 0x3c, 0x0, 0x0, @pid}, @typed={0x8, 0x0, 0x0, 0x0, @uid}, @nested={0xd8, 0x0, 0x0, 0x1, [@generic="b308062bb3eb6db2103d7bf69e1beb05d20799da539b86148b5def4185def2d0a01898891f1075909ee6c358c334dfeabd884e418717d87eecb0d1be7a32c9244e3bf79aa06cd0ce01379fd72dc80d5b7f418ad25388910c6b6bf7fe4944eceb7ce1b59b0f86f326f986f0c0357874065cf46d27480a05db057d0d749582abb54e22b7892ce7bf0d51dc46b76689bd006dc7ffb54d822531fba616376233b8b758bd4cca5c350af2", @generic="5fb76fab50b69913057c69d844512502fee8754d75b1993dce090c32365d9f8f7ba7dd1a18877654e0e0cd3e"]}]}, 0xf8}], 0x2}, 0x0) 325.467923ms ago: executing program 0 (id=19133): r0 = socket$pppoe(0x18, 0x1, 0x0) ioctl$AUTOFS_IOC_CATATONIC(r0, 0x9362, 0x0) socket$netlink(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_extract_tcp_res(0x0, 0x1, 0x7) sendmsg$NFT_BATCH(r1, 0x0, 0x404c440) sendmsg$NFT_BATCH(r1, 0x0, 0x4000000) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x40a01, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r3) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) socket$inet6(0xa, 0x2, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40) sendmsg$NFT_BATCH(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d65b"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x68}, 0x1, 0x0, 0x0, 0x24000840}, 0x40) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31"], 0x70}, 0x1, 0x0, 0x0, 0x4451099e661a63b1}, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340)="5d46542b3090ce5ceca970bf8abf170549531f3309044e8b5176033b03b6ffb6877fc1bf93944e8918f7671993d5b56494717c96f1a910bc20b312c4ac1319c04da6b26ab882b4086cb2ac1545cef2003c2f29885496d182cc00eb08067822dfbfa896a37248b990eeeec77445d6f8da", &(0x7f0000000100), 0x1003}, 0x38) 127.05648ms ago: executing program 4 (id=19134): r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {0x0}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/141, 0x8d}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}, 0x5}], 0x1, 0x2000, &(0x7f0000003700)={0x77359400}) 109.671889ms ago: executing program 0 (id=19135): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f00000002c0)="a6", 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x9}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='lp', 0x2) socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58) recvmmsg(r0, &(0x7f0000003b00)=[{{&(0x7f0000003c80)=@nfc, 0x80, &(0x7f0000001940)=[{&(0x7f0000000300)=""/251, 0xfb}, {&(0x7f00000004c0)=""/159, 0x8}, {&(0x7f0000003440)=""/248, 0xe8}, {&(0x7f0000000680)=""/242, 0xf2}, {&(0x7f0000000040)=""/4, 0x4}, {&(0x7f0000001c40)}, {&(0x7f0000000780)=""/4096, 0x1000}, {&(0x7f0000000240)=""/6, 0x6}, {&(0x7f0000001780)=""/150, 0x96}, {&(0x7f0000001840)=""/252, 0xfc}], 0xa, &(0x7f0000000400)=""/5, 0x5}, 0xf}, {{&(0x7f0000001a00)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @mcast1}}, 0x80, &(0x7f0000001dc0)=[{&(0x7f0000000580)=""/165, 0xa5}, {&(0x7f0000001b40)=""/94, 0x5e}, {&(0x7f0000001bc0)=""/17, 0x11}, {&(0x7f0000001c00)=""/64, 0x40}, {&(0x7f0000000140)=""/12, 0xc}, {&(0x7f0000001c80)=""/66, 0x42}, {&(0x7f0000001d00)=""/31, 0x1f}, {&(0x7f0000001d40)=""/39, 0x35}, {&(0x7f0000001d80)=""/12, 0xc}], 0x9, &(0x7f0000001e80)=""/193, 0xc1}, 0x2}, {{&(0x7f0000001f80)=@nl, 0x80, &(0x7f00000021c0)=[{&(0x7f0000002000)=""/163, 0xa3}, {&(0x7f00000020c0)=""/57, 0x39}, {&(0x7f0000002100)=""/166, 0xa6}], 0x3, &(0x7f0000002200)=""/4096, 0x1000}, 0x5}, {{&(0x7f0000003200)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @empty}}}, 0x4b, &(0x7f0000003540)=[{&(0x7f0000003280)=""/206, 0xce}, {&(0x7f0000003380)=""/145, 0x91}, {&(0x7f0000003d00)=""/243, 0xf3}], 0x3, &(0x7f0000003580)=""/163, 0xa3}, 0x3}, {{&(0x7f0000003640)=@pppol2tpv3in6, 0x80, &(0x7f0000003a00)=[{&(0x7f00000036c0)=""/182, 0xb6}, {&(0x7f0000003780)=""/109, 0x6d}, {&(0x7f0000003800)=""/30, 0x24}, {&(0x7f0000003840)}, {&(0x7f0000003880)=""/165, 0xa5}, {&(0x7f0000003940)=""/87, 0x57}, {&(0x7f0000000100)=""/10, 0x1}], 0x7, &(0x7f0000003a80)=""/128, 0x80}, 0xfff}], 0x5, 0x0, &(0x7f0000003c40)={0x77359400}) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00') unshare(0x6a040000) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b0000000800000004000000ff03002001"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002e00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000002c0)={r2, 0xffffffffffffffff, 0x25, 0x0, @val=@iter={0x0}}, 0x20) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_netrom_SIOCADDRT(r3, 0x890b, &(0x7f0000000280)={0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bpq0, 0xffff, 'syz0\x00', @default, 0xfffffdba, 0x80002, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @bcast, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}]}) ioctl$sock_netrom_SIOCADDRT(r3, 0x890b, &(0x7f0000000440)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x8, 'syz1\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x7, 0x4, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]}) setsockopt$ALG_SET_AEAD_AUTHSIZE(r1, 0x117, 0x5, 0x0, 0x4) shutdown(r0, 0x1) 96.746628ms ago: executing program 2 (id=19136): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x8042) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x60, 0x9, 0x6, 0x3, 0x0, 0x0, {0x5, 0x0, 0x40}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x38, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e24}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xe0004000}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1=0xac1e0100}}, @IPSET_ATTR_IP2_TO={0xc, 0x16, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x20004000}, 0x80) 89.728435ms ago: executing program 3 (id=19137): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmmsg(r0, &(0x7f0000000dc0)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000600)="ded6428a5918ee0d654fa309061644", 0xf}], 0x1}}], 0x1, 0x4088) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b000000080003", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 0s ago: executing program 4 (id=19138): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000ec0)={'wlan0\x00'}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8040}, 0x44000) kernel console output (not intermixed with test programs): ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.259720][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.267179][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.294310][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.310358][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.347163][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.353941][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.374531][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.396350][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.412194][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.432905][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.448211][T14837] netlink: 'syz.4.16319': attribute type 3 has an invalid length. [ 1048.468555][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.488729][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.505422][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.529695][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.560684][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.576499][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.607362][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.626411][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.644628][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.651692][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.673067][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.696230][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.703017][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.768121][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.774910][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.810508][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.818868][T14819] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 1048.975771][T14868] set match dimension is over the limit! [ 1049.020240][T14873] netlink: 'syz.2.16329': attribute type 29 has an invalid length. [ 1049.052770][T14873] netlink: 'syz.2.16329': attribute type 29 has an invalid length. [ 1049.143213][T14876] netlink: 32 bytes leftover after parsing attributes in process `syz.2.16333'. [ 1049.203816][T14880] Cannot find del_set index 4 as target [ 1049.264708][T14882] netlink: 'syz.1.16335': attribute type 4 has an invalid length. [ 1049.281153][T14882] netlink: 'syz.1.16335': attribute type 1 has an invalid length. [ 1049.343878][T14885] bond0: Invalid ad_actor_system MAC address. [ 1049.364025][T14885] bond0: option ad_actor_system: invalid value (1) [ 1049.382871][T14885] bond0 (unregistering): Released all slaves [ 1049.504805][T14903] syzkaller0: entered promiscuous mode [ 1049.524123][T14903] syzkaller0: entered allmulticast mode [ 1049.620139][T14912] set match dimension is over the limit! [ 1049.749319][T14916] netlink: 'syz.0.16345': attribute type 29 has an invalid length. [ 1049.769972][T14916] netlink: 'syz.0.16345': attribute type 29 has an invalid length. [ 1050.088770][T14940] set match dimension is over the limit! [ 1050.098977][T14937] netlink: 'syz.1.16353': attribute type 10 has an invalid length. [ 1050.138241][T14937] netlink: 'syz.1.16353': attribute type 50 has an invalid length. [ 1050.250952][T14949] netlink: 'syz.2.16358': attribute type 3 has an invalid length. [ 1051.649291][T15041] netlink: 'syz.0.16393': attribute type 1 has an invalid length. [ 1051.765408][T15041] 8021q: adding VLAN 0 to HW filter on device bond10 [ 1051.828136][T15041] __nla_validate_parse: 8 callbacks suppressed [ 1051.828159][T15041] netlink: 56 bytes leftover after parsing attributes in process `syz.0.16393'. [ 1051.845091][T15048] 8021q: adding VLAN 0 to HW filter on device bond10 [ 1051.862109][T15048] bond10: (slave vxcan5): The slave device specified does not support setting the MAC address [ 1051.874589][T15032] netlink: 16 bytes leftover after parsing attributes in process `syz.3.16389'. [ 1051.891461][T15048] bond10: (slave vxcan5): Error -95 calling set_mac_address [ 1051.968369][T15056] netlink: 8 bytes leftover after parsing attributes in process `syz.1.16397'. [ 1051.994723][T15049] veth23: entered promiscuous mode [ 1052.003927][T15049] bond10: (slave veth23): Enslaving as an active interface with a down link [ 1052.036484][T15058] netlink: 4 bytes leftover after parsing attributes in process `syz.2.16398'. [ 1052.204350][T15066] netlink: 8 bytes leftover after parsing attributes in process `syz.2.16400'. [ 1052.283612][T15069] netlink: 20 bytes leftover after parsing attributes in process `syz.4.16402'. [ 1052.346806][T15071] netlink: 'syz.2.16405': attribute type 1 has an invalid length. [ 1052.379336][T15073] º: renamed from veth1_vlan (while UP) [ 1052.407345][T15073] netlink: 'syz.1.16404': attribute type 2 has an invalid length. [ 1052.435758][T15073] netlink: 8 bytes leftover after parsing attributes in process `syz.1.16404'. [ 1052.568808][T15086] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16409'. [ 1052.619578][T15092] netlink: 4 bytes leftover after parsing attributes in process `syz.0.16409'. [ 1052.638169][T15088] netlink: 8 bytes leftover after parsing attributes in process `syz.1.16411'. [ 1052.797599][T15099] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 1053.162988][T15112] udevd[15112]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 1053.203890][T15112] udevd[15112]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 1053.552632][T15138] tipc: Enabled bearer , priority 0 [ 1053.560511][T15138] syzkaller0: entered promiscuous mode [ 1053.566242][T15138] syzkaller0: entered allmulticast mode [ 1053.577328][T15138] tipc: Resetting bearer [ 1053.595104][T15134] tipc: Resetting bearer [ 1053.669551][T15134] tipc: Disabling bearer [ 1054.450864][T15196] syzkaller1: entered promiscuous mode [ 1054.465998][T15196] syzkaller1: entered allmulticast mode [ 1054.789724][T15213] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1054.799460][T15214] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1054.939324][T15223] validate_nla: 3 callbacks suppressed [ 1054.939347][T15223] netlink: 'syz.2.16456': attribute type 3 has an invalid length. [ 1055.099423][T15237] 8021q: VLANs not supported on ip_vti0 [ 1055.635308][T15267] netlink: 'syz.1.16469': attribute type 3 has an invalid length. [ 1055.983311][T15288] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1056.147359][T15294] set match dimension is over the limit! [ 1056.161948][T15298] netlink: 'syz.3.16481': attribute type 3 has an invalid length. [ 1056.844895][T15338] __nla_validate_parse: 18 callbacks suppressed [ 1056.844917][T15338] netlink: 20 bytes leftover after parsing attributes in process `syz.1.16497'. [ 1056.863722][T15339] netlink: 'syz.2.16496': attribute type 3 has an invalid length. [ 1057.154167][T15360] netlink: 'syz.4.16505': attribute type 29 has an invalid length. [ 1057.177168][T15359] netlink: 40 bytes leftover after parsing attributes in process `syz.1.16504'. [ 1057.237596][T15373] netlink: 20 bytes leftover after parsing attributes in process `syz.0.16508'. [ 1057.250863][T15366] netlink: 148 bytes leftover after parsing attributes in process `syz.4.16505'. [ 1057.268985][T15371] netlink: 16 bytes leftover after parsing attributes in process `syz.2.16507'. [ 1057.286697][T15360] netlink: 'syz.4.16505': attribute type 29 has an invalid length. [ 1057.316271][T15366] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1057.448471][T15381] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1057.468830][ C0] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:30) seen on [ 1057.579439][T15383] netlink: 20 bytes leftover after parsing attributes in process `syz.1.16512'. [ 1057.786974][ C1] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:35) seen on [ 1058.069091][T15410] vlan3: entered promiscuous mode [ 1058.074234][T15410] bridge0: entered promiscuous mode [ 1058.134813][T15420] netlink: 32 bytes leftover after parsing attributes in process `syz.4.16527'. [ 1058.257677][T15423] netlink: 20 bytes leftover after parsing attributes in process `syz.2.16528'. [ 1058.312555][T15429] netlink: 'syz.1.16529': attribute type 1 has an invalid length. [ 1058.519934][ C0] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:30) seen on [ 1058.791296][T15454] netlink: 45 bytes leftover after parsing attributes in process `syz.2.16536'. [ 1058.804246][T15455] netlink: 45 bytes leftover after parsing attributes in process `syz.2.16536'. [ 1058.826793][ C1] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:35) seen on [ 1059.078974][T15468] netlink: 'syz.1.16544': attribute type 3 has an invalid length. [ 1059.432443][T15483] lo speed is unknown, defaulting to 1000 [ 1059.474473][T15483] ip6_vti0 speed is unknown, defaulting to 1000 [ 1059.549423][ C0] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:30) seen on [ 1059.635183][ T1304] lec:lec_start_xmit: lec0:No lecd attached [ 1059.866297][ C1] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:35) seen on [ 1060.133539][T15518] netlink: 'syz.0.16558': attribute type 7 has an invalid length. [ 1060.159476][T15518] netlink: 'syz.0.16558': attribute type 8 has an invalid length. [ 1060.586337][ C0] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:30) seen on [ 1060.715110][T15547] netlink: 'syz.1.16565': attribute type 3 has an invalid length. [ 1060.907183][ C1] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:35) seen on [ 1061.197001][T15553] syzkaller0: entered promiscuous mode [ 1061.202539][T15553] syzkaller0: entered allmulticast mode [ 1061.365410][T15568] bond15: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 1061.378484][T15568] bond15 (unregistering): Released all slaves [ 1061.387916][T15571] netlink: 'syz.2.16572': attribute type 1 has an invalid length. [ 1061.416495][T15571] block nbd2: NBD_DISCONNECT [ 1061.421181][T15571] block nbd2: Send disconnect failed -32 [ 1061.430333][T15571] block nbd2: shutting down sockets [ 1061.627492][ C0] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:30) seen on [ 1061.948251][ C1] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:35) seen on [ 1062.668677][ C0] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:30) seen on [ 1062.997268][ C1] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:35) seen on [ 1063.415080][T15583] netlink: 'syz.0.16577': attribute type 3 has an invalid length. [ 1063.584437][T15601] __nla_validate_parse: 15 callbacks suppressed [ 1063.584462][T15601] netlink: 28 bytes leftover after parsing attributes in process `syz.0.16583'. [ 1063.655392][T15601] netlink: 'syz.0.16583': attribute type 4 has an invalid length. [ 1063.697949][T15611] bond0: Caught tx_queue_len zero misconfig [ 1063.708936][ C0] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:30) seen on [ 1063.774039][T15620] netlink: 8 bytes leftover after parsing attributes in process `syz.2.16590'. [ 1063.801100][T15611] netlink: 132 bytes leftover after parsing attributes in process `syz.3.16587'. [ 1063.870359][T15625] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.16589'. [ 1064.027571][ C1] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:35) seen on [ 1064.226239][T15641] netlink: 76 bytes leftover after parsing attributes in process `syz.4.16596'. [ 1064.322797][T15649] SET target dimension over the limit! [ 1064.354153][T15653] netlink: 256 bytes leftover after parsing attributes in process `syz.4.16600'. [ 1064.400746][T15652] netlink: 256 bytes leftover after parsing attributes in process `syz.4.16600'. [ 1064.412871][T15656] netlink: 16 bytes leftover after parsing attributes in process `syz.0.16601'. [ 1064.672789][T15671] netlink: 8 bytes leftover after parsing attributes in process `syz.2.16607'. [ 1064.694394][T15672] netlink: 8 bytes leftover after parsing attributes in process `syz.2.16607'. [ 1064.756098][ C0] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:30) seen on [ 1064.985685][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5350 ms [ 1064.993776][ C0] lec:lec_tx_timeout: lec0 [ 1065.012246][T15692] netlink: 'syz.0.16609': attribute type 7 has an invalid length. [ 1065.066588][ C1] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:35) seen on [ 1065.271262][T15704] syzkaller0: entered promiscuous mode [ 1065.294245][T15704] syzkaller0: entered allmulticast mode [ 1065.316724][T15704] syz.2.16615 uses old SIOCAX25GETINFO [ 1065.371275][T15712] pim6reg527: entered allmulticast mode [ 1065.648492][T15730] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 1065.664552][T15731] netlink: 'syz.4.16622': attribute type 61 has an invalid length. [ 1065.789750][ C0] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:30) seen on [ 1065.956223][T15748] sctp: [Deprecated]: syz.2.16628 (pid 15748) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1065.956223][T15748] Use struct sctp_sack_info instead [ 1066.107955][ C1] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:35) seen on [ 1066.358291][T15773] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 1066.382917][T15771] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 1066.392175][T15771] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 1066.402098][T15773] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 1066.418798][T15771] 8021q: VLANs not supported on gre0 [ 1066.807764][T15801] xt_TCPMSS: Only works on TCP SYN packets [ 1066.826333][ C0] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:30) seen on [ 1067.148224][ C1] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:35) seen on [ 1067.836822][T15862] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 1067.844746][T15862] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1067.866699][ C0] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:30) seen on [ 1068.189187][ C1] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:35) seen on [ 1068.906250][ C0] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:30) seen on [ 1069.132924][T15922] __nla_validate_parse: 17 callbacks suppressed [ 1069.132944][T15922] netlink: 12 bytes leftover after parsing attributes in process `syz.3.16690'. [ 1069.194407][T15925] set match dimension is over the limit! [ 1069.226885][ C1] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:35) seen on [ 1069.266444][T15930] syzkaller1: entered promiscuous mode [ 1069.282342][T15930] syzkaller1: entered allmulticast mode [ 1069.562008][T15941] netlink: 8 bytes leftover after parsing attributes in process `syz.4.16696'. [ 1069.946875][ C0] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:30) seen on [ 1070.268505][T15969] netlink: 28 bytes leftover after parsing attributes in process `syz.2.16709'. [ 1070.278934][ C1] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:35) seen on [ 1070.490074][T15976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1070.961592][T16005] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16724'. [ 1070.986381][ C0] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:30) seen on [ 1071.306720][ C1] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:35) seen on [ 1071.487050][T16026] syzkaller0: entered promiscuous mode [ 1071.492600][T16026] syzkaller0: entered allmulticast mode [ 1072.026861][ C0] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:30) seen on [ 1072.036267][T16067] netlink: 8 bytes leftover after parsing attributes in process `syz.2.16747'. [ 1072.209234][T16077] netlink: 8 bytes leftover after parsing attributes in process `syz.4.16753'. [ 1072.227667][T16071] block nbd2: server does not support multiple connections per device. [ 1072.236664][T16071] block nbd2: shutting down sockets [ 1072.336742][T16072] block nbd7: server does not support multiple connections per device. [ 1072.346464][ C1] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:35) seen on [ 1072.356224][T16072] block nbd7: shutting down sockets [ 1072.763473][T16108] netlink: 'syz.3.16763': attribute type 75 has an invalid length. [ 1072.794027][T16109] netlink: 8 bytes leftover after parsing attributes in process `syz.1.16766'. [ 1072.810674][T16108] mac80211_hwsim hwsim74 ÿ: renamed from wlan1 [ 1072.826743][T16109] netlink: 8 bytes leftover after parsing attributes in process `syz.1.16766'. [ 1072.839687][T16108] netlink: 7 bytes leftover after parsing attributes in process `syz.3.16763'. [ 1072.886688][T16115] netlink: 8 bytes leftover after parsing attributes in process `syz.2.16767'. [ 1072.996971][T16120] FAULT_INJECTION: forcing a failure. [ 1072.996971][T16120] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1073.028935][T16120] CPU: 1 UID: 0 PID: 16120 Comm: syz.3.16770 Not tainted syzkaller #0 PREEMPT(full) [ 1073.028974][T16120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1073.028989][T16120] Call Trace: [ 1073.028999][T16120] [ 1073.029009][T16120] dump_stack_lvl+0xe8/0x150 [ 1073.029043][T16120] should_fail_ex+0x412/0x560 [ 1073.029080][T16120] _copy_from_iter+0x1d3/0x1670 [ 1073.029120][T16120] ? trace_kmem_cache_alloc+0x1f/0xb0 [ 1073.029156][T16120] ? __pfx__copy_from_iter+0x10/0x10 [ 1073.029191][T16120] ? __build_skb_around+0x22d/0x3c0 [ 1073.029225][T16120] ? __alloc_skb+0x193/0x390 [ 1073.029256][T16120] ? netlink_sendmsg+0x650/0xb40 [ 1073.029278][T16120] ? skb_put+0x11b/0x210 [ 1073.029313][T16120] netlink_sendmsg+0x6c0/0xb40 [ 1073.029354][T16120] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1073.029382][T16120] ? aa_file_perm+0x12d/0x1630 [ 1073.029417][T16120] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1073.029449][T16120] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1073.029470][T16120] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1073.029494][T16120] __sock_sendmsg+0x21c/0x270 [ 1073.029524][T16120] ____sys_sendmsg+0x4d7/0x810 [ 1073.029557][T16120] ? __might_fault+0xaf/0x130 [ 1073.029595][T16120] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1073.029638][T16120] ? import_iovec+0x73/0xa0 [ 1073.029665][T16120] ___sys_sendmsg+0x2a5/0x360 [ 1073.029697][T16120] ? __lock_acquire+0x6b5/0x2cf0 [ 1073.029726][T16120] ? __pfx____sys_sendmsg+0x10/0x10 [ 1073.029796][T16120] ? __fget_files+0x2a/0x420 [ 1073.029821][T16120] ? __fget_files+0x3a0/0x420 [ 1073.029858][T16120] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1073.029894][T16120] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1073.029936][T16120] ? __pfx_ksys_write+0x10/0x10 [ 1073.029969][T16120] do_syscall_64+0xe2/0xf80 [ 1073.029998][T16120] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1073.030018][T16120] ? trace_irq_disable+0x37/0x100 [ 1073.030045][T16120] ? clear_bhb_loop+0x60/0xb0 [ 1073.030070][T16120] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1073.030090][T16120] RIP: 0033:0x7f5b6e99acb9 [ 1073.030111][T16120] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1073.030129][T16120] RSP: 002b:00007f5b6f84c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1073.030151][T16120] RAX: ffffffffffffffda RBX: 00007f5b6ec15fa0 RCX: 00007f5b6e99acb9 [ 1073.030166][T16120] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 1073.030179][T16120] RBP: 00007f5b6f84c090 R08: 0000000000000000 R09: 0000000000000000 [ 1073.030191][T16120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1073.030204][T16120] R13: 00007f5b6ec16038 R14: 00007f5b6ec15fa0 R15: 00007fff22486788 [ 1073.030240][T16120] [ 1073.078024][ C0] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:30) seen on [ 1073.386159][ C1] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:35) seen on [ 1073.424244][T16138] sctp: [Deprecated]: syz.0.16777 (pid 16138) Use of int in maxseg socket option. [ 1073.424244][T16138] Use struct sctp_assoc_value instead [ 1073.438747][T16137] IPv6: sit6: Disabled Multicast RS [ 1073.542041][T16145] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1073.711445][T16154] netlink: 'syz.1.16780': attribute type 10 has an invalid length. [ 1073.743897][T16154] syz_tun: left promiscuous mode [ 1073.780731][T16154] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 1073.962659][T16164] FAULT_INJECTION: forcing a failure. [ 1073.962659][T16164] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1073.986408][T16164] CPU: 0 UID: 0 PID: 16164 Comm: syz.0.16785 Not tainted syzkaller #0 PREEMPT(full) [ 1073.986438][T16164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1073.986452][T16164] Call Trace: [ 1073.986461][T16164] [ 1073.986471][T16164] dump_stack_lvl+0xe8/0x150 [ 1073.986505][T16164] should_fail_ex+0x412/0x560 [ 1073.986541][T16164] _copy_from_iter+0x1d3/0x1670 [ 1073.986578][T16164] ? trace_kmem_cache_alloc+0x1f/0xb0 [ 1073.986608][T16164] ? __pfx__copy_from_iter+0x10/0x10 [ 1073.986636][T16164] ? __build_skb_around+0x22d/0x3c0 [ 1073.986670][T16164] ? __alloc_skb+0x193/0x390 [ 1073.986696][T16164] ? netlink_sendmsg+0x650/0xb40 [ 1073.986713][T16164] ? skb_put+0x11b/0x210 [ 1073.986742][T16164] netlink_sendmsg+0x6c0/0xb40 [ 1073.986768][T16164] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1073.986790][T16164] ? aa_file_perm+0x12d/0x1630 [ 1073.986814][T16164] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1073.986839][T16164] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1073.986857][T16164] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1073.986876][T16164] __sock_sendmsg+0x21c/0x270 [ 1073.986901][T16164] ____sys_sendmsg+0x4d7/0x810 [ 1073.986929][T16164] ? __might_fault+0xaf/0x130 [ 1073.986961][T16164] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1073.986997][T16164] ? import_iovec+0x73/0xa0 [ 1073.987020][T16164] ___sys_sendmsg+0x2a5/0x360 [ 1073.987047][T16164] ? __lock_acquire+0x6b5/0x2cf0 [ 1073.987070][T16164] ? __pfx____sys_sendmsg+0x10/0x10 [ 1073.987128][T16164] ? __fget_files+0x2a/0x420 [ 1073.987151][T16164] ? __fget_files+0x3a0/0x420 [ 1073.987182][T16164] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1073.987212][T16164] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1073.987249][T16164] ? __pfx_ksys_write+0x10/0x10 [ 1073.987282][T16164] do_syscall_64+0xe2/0xf80 [ 1073.987307][T16164] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1073.987324][T16164] ? trace_irq_disable+0x37/0x100 [ 1073.987349][T16164] ? clear_bhb_loop+0x60/0xb0 [ 1073.987370][T16164] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1073.987388][T16164] RIP: 0033:0x7ff2ed79acb9 [ 1073.987405][T16164] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1073.987421][T16164] RSP: 002b:00007ff2ee6e3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1073.987441][T16164] RAX: ffffffffffffffda RBX: 00007ff2eda15fa0 RCX: 00007ff2ed79acb9 [ 1073.987455][T16164] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 1073.987467][T16164] RBP: 00007ff2ee6e3090 R08: 0000000000000000 R09: 0000000000000000 [ 1073.987478][T16164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1073.987489][T16164] R13: 00007ff2eda16038 R14: 00007ff2eda15fa0 R15: 00007ffed0524268 [ 1073.987518][T16164] [ 1074.325859][ C0] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:30) seen on [ 1074.468200][ C1] tipc: Duplicate 9faaaa using eth(aa:aa:aa:aa:aa:35) seen on [ 1074.590216][T16186] __nla_validate_parse: 9 callbacks suppressed [ 1074.590246][T16186] netlink: 8 bytes leftover after parsing attributes in process `syz.3.16795'. [ 1074.626857][T16186] netlink: 8 bytes leftover after parsing attributes in process `syz.3.16795'. [ 1074.642717][T16191] netlink: 8 bytes leftover after parsing attributes in process `syz.2.16794'. [ 1074.813545][T16197] netlink: 'syz.3.16797': attribute type 10 has an invalid length. [ 1074.844193][T16201] FAULT_INJECTION: forcing a failure. [ 1074.844193][T16201] name failslab, interval 1, probability 0, space 0, times 0 [ 1074.860941][T16201] CPU: 1 UID: 0 PID: 16201 Comm: syz.0.16799 Not tainted syzkaller #0 PREEMPT(full) [ 1074.860984][T16201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1074.860998][T16201] Call Trace: [ 1074.861006][T16201] [ 1074.861016][T16201] dump_stack_lvl+0xe8/0x150 [ 1074.861069][T16201] should_fail_ex+0x412/0x560 [ 1074.861106][T16201] should_failslab+0xa8/0x100 [ 1074.861135][T16201] kmem_cache_alloc_noprof+0x87/0x6e0 [ 1074.861179][T16201] ? __netlink_lookup+0xc6/0x8b0 [ 1074.861211][T16201] ? skb_clone+0x212/0x3a0 [ 1074.861238][T16201] skb_clone+0x212/0x3a0 [ 1074.861265][T16201] __netlink_deliver_tap+0x404/0x850 [ 1074.861299][T16201] ? netlink_deliver_tap+0x2e/0x1b0 [ 1074.861323][T16201] netlink_deliver_tap+0x19c/0x1b0 [ 1074.861345][T16201] netlink_unicast+0x7e3/0x9b0 [ 1074.861387][T16201] ? __pfx_netlink_unicast+0x10/0x10 [ 1074.861416][T16201] ? __alloc_skb+0x193/0x390 [ 1074.861448][T16201] ? netlink_sendmsg+0x650/0xb40 [ 1074.861467][T16201] ? skb_put+0x11b/0x210 [ 1074.861503][T16201] netlink_sendmsg+0x813/0xb40 [ 1074.861536][T16201] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1074.861562][T16201] ? aa_file_perm+0x12d/0x1630 [ 1074.861591][T16201] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1074.861621][T16201] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1074.861641][T16201] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1074.861665][T16201] __sock_sendmsg+0x21c/0x270 [ 1074.861695][T16201] ____sys_sendmsg+0x4d7/0x810 [ 1074.861727][T16201] ? __might_fault+0xaf/0x130 [ 1074.861765][T16201] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1074.861809][T16201] ? import_iovec+0x73/0xa0 [ 1074.861835][T16201] ___sys_sendmsg+0x2a5/0x360 [ 1074.861867][T16201] ? __lock_acquire+0x6b5/0x2cf0 [ 1074.861894][T16201] ? __pfx____sys_sendmsg+0x10/0x10 [ 1074.861968][T16201] ? __fget_files+0x2a/0x420 [ 1074.861994][T16201] ? __fget_files+0x3a0/0x420 [ 1074.862032][T16201] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1074.862069][T16201] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1074.862112][T16201] ? __pfx_ksys_write+0x10/0x10 [ 1074.862145][T16201] do_syscall_64+0xe2/0xf80 [ 1074.862174][T16201] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1074.862195][T16201] ? trace_irq_disable+0x37/0x100 [ 1074.862230][T16201] ? clear_bhb_loop+0x60/0xb0 [ 1074.862256][T16201] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1074.862277][T16201] RIP: 0033:0x7ff2ed79acb9 [ 1074.862296][T16201] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1074.862313][T16201] RSP: 002b:00007ff2ee6e3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1074.862336][T16201] RAX: ffffffffffffffda RBX: 00007ff2eda15fa0 RCX: 00007ff2ed79acb9 [ 1074.862352][T16201] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 1074.862366][T16201] RBP: 00007ff2ee6e3090 R08: 0000000000000000 R09: 0000000000000000 [ 1074.862379][T16201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1074.862391][T16201] R13: 00007ff2eda16038 R14: 00007ff2eda15fa0 R15: 00007ffed0524268 [ 1074.862425][T16201] [ 1074.862475][T16201] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16799'. [ 1075.094903][T16197] team0: Device veth0_vlan failed to register rx_handler [ 1075.210863][T16197] tipc: Resetting bearer [ 1075.244452][T29816] tipc: Resetting bearer [ 1075.260081][T29816] tipc: Resetting bearer [ 1075.287603][T16204] netlink: 'syz.2.16800': attribute type 1 has an invalid length. [ 1075.536776][T16226] netlink: 28 bytes leftover after parsing attributes in process `syz.1.16804'. [ 1075.560793][T16224] syzkaller0: entered promiscuous mode [ 1075.575802][T16224] syzkaller0: entered allmulticast mode [ 1075.641593][T16231] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16807'. [ 1075.651192][T16231] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16807'. [ 1075.710259][T16235] netlink: 8 bytes leftover after parsing attributes in process `syz.1.16809'. [ 1075.991305][T16252] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16813'. [ 1076.028740][T16251] netlink: 'syz.1.16815': attribute type 10 has an invalid length. [ 1076.202315][T16265] netlink: 28 bytes leftover after parsing attributes in process `syz.2.16819'. [ 1076.671865][ T5842] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1076.689119][ T5842] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1076.700931][ T5842] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1076.709175][ T5842] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1076.721239][ T5842] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1076.758719][ T52] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1076.766341][ T52] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1076.773941][ T52] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1076.805285][ T52] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1076.819089][ T52] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1077.007277][T16295] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 1077.134271][T16286] lo speed is unknown, defaulting to 1000 [ 1077.155110][T16286] ip6_vti0 speed is unknown, defaulting to 1000 [ 1077.792123][T16334] netlink: 'syz.2.16838': attribute type 10 has an invalid length. [ 1078.117195][T16286] chnl_net:caif_netlink_parms(): no params data found [ 1078.204353][T16360] netlink: 'syz.2.16845': attribute type 11 has an invalid length. [ 1078.294084][T16286] bridge0: port 1(bridge_slave_0) entered blocking state [ 1078.302141][T16286] bridge0: port 1(bridge_slave_0) entered disabled state [ 1078.310449][T16286] bridge_slave_0: entered allmulticast mode [ 1078.318895][T16286] bridge_slave_0: entered promiscuous mode [ 1078.328542][T16286] bridge0: port 2(bridge_slave_1) entered blocking state [ 1078.336013][T16286] bridge0: port 2(bridge_slave_1) entered disabled state [ 1078.343506][T16286] bridge_slave_1: entered allmulticast mode [ 1078.351923][T16286] bridge_slave_1: entered promiscuous mode [ 1078.478304][T16286] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1078.510699][T16286] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1078.619126][T16286] team0: Port device team_slave_0 added [ 1078.629293][T16286] team0: Port device team_slave_1 added [ 1078.715541][T16286] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1078.735668][T16286] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1078.792996][T16286] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1078.833993][T16286] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1078.856954][T16286] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1078.900269][T16286] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1078.924121][ T52] Bluetooth: hci5: command tx timeout [ 1078.999240][T16286] hsr_slave_0: entered promiscuous mode [ 1079.006413][T16286] hsr_slave_1: entered promiscuous mode [ 1079.150226][T16397] syzkaller0: entered promiscuous mode [ 1079.166466][T16397] syzkaller0: entered allmulticast mode [ 1079.283945][T16397] tipc: Enabled bearer , priority 0 [ 1079.353281][T16395] tipc: Resetting bearer [ 1079.410306][T16395] tipc: Disabling bearer [ 1079.573047][T16286] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1079.695467][T16286] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1079.807303][T16286] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1079.964515][T16286] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1080.069561][T16449] set match dimension is over the limit! [ 1080.301976][T16458] netlink: 'syz.3.16877': attribute type 1 has an invalid length. [ 1080.328660][T16458] __nla_validate_parse: 19 callbacks suppressed [ 1080.328682][T16458] netlink: 224 bytes leftover after parsing attributes in process `syz.3.16877'. [ 1080.358372][T16457] netlink: 8 bytes leftover after parsing attributes in process `syz.1.16879'. [ 1080.362573][T16286] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1080.391476][T16286] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1080.398768][T16457] netlink: 8 bytes leftover after parsing attributes in process `syz.1.16879'. [ 1080.440816][T16286] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1080.502140][T16286] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1080.580121][T16468] netlink: 'syz.4.16881': attribute type 16 has an invalid length. [ 1080.608703][T16468] netlink: 20 bytes leftover after parsing attributes in process `syz.4.16881'. [ 1080.780868][T16286] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1080.822699][T16286] 8021q: adding VLAN 0 to HW filter on device team0 [ 1080.859296][ T3445] bridge0: port 1(bridge_slave_0) entered blocking state [ 1080.866592][ T3445] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1080.886522][ T3445] bridge0: port 2(bridge_slave_1) entered blocking state [ 1080.893828][ T3445] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1080.953977][T16486] Cannot find set identified by id 0 to match [ 1080.988648][ T52] Bluetooth: hci5: command tx timeout [ 1081.144662][T16496] netlink: 8 bytes leftover after parsing attributes in process `syz.3.16891'. [ 1081.156677][T16496] netlink: 8 bytes leftover after parsing attributes in process `syz.3.16891'. [ 1081.399177][T16286] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1081.563850][T16286] veth0_vlan: entered promiscuous mode [ 1081.591975][T16286] veth1_vlan: entered promiscuous mode [ 1081.645188][T16286] veth0_macvtap: entered promiscuous mode [ 1081.663133][T16286] veth1_macvtap: entered promiscuous mode [ 1081.739106][T16286] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1081.761974][T16286] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1081.800924][ T6394] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1081.836818][ T6394] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1081.847441][T16523] Cannot find set identified by id 0 to match [ 1081.862276][T16526] netlink: 12 bytes leftover after parsing attributes in process `syz.2.16900'. [ 1081.898900][ T6394] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1081.943262][ T6394] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1082.085357][T16535] netlink: 8 bytes leftover after parsing attributes in process `syz.4.16903'. [ 1082.110915][T16535] netlink: 8 bytes leftover after parsing attributes in process `syz.4.16903'. [ 1082.133931][ T6394] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1082.153997][ T6394] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1082.240850][ T6394] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1082.260169][ T6394] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1082.329068][T16543] netlink: 28 bytes leftover after parsing attributes in process `syz.3.16907'. [ 1082.519725][T16553] netlink: 'syz.3.16912': attribute type 21 has an invalid length. [ 1082.792702][ T5842] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1082.803125][ T5842] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1082.813452][ T5842] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1082.821727][ T5842] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1082.831233][ T5842] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1082.882059][T16561] netlink: 'syz.0.16914': attribute type 1 has an invalid length. [ 1083.057569][T16560] lo speed is unknown, defaulting to 1000 [ 1083.085903][ T5842] Bluetooth: hci5: command tx timeout [ 1083.107474][T16560] ip6_vti0 speed is unknown, defaulting to 1000 [ 1083.526321][T16596] netlink: 'syz.2.16926': attribute type 24 has an invalid length. [ 1083.657574][T16606] netlink: 'syz.2.16930': attribute type 2 has an invalid length. [ 1083.679012][T16606] netlink: 'syz.2.16930': attribute type 1 has an invalid length. [ 1083.928545][T16623] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1084.004575][T16560] chnl_net:caif_netlink_parms(): no params data found [ 1084.158976][T16560] bridge0: port 1(bridge_slave_0) entered blocking state [ 1084.167536][T16560] bridge0: port 1(bridge_slave_0) entered disabled state [ 1084.191646][T16560] bridge_slave_0: entered allmulticast mode [ 1084.206501][T16560] bridge_slave_0: entered promiscuous mode [ 1084.232912][T16560] bridge0: port 2(bridge_slave_1) entered blocking state [ 1084.241772][T16560] bridge0: port 2(bridge_slave_1) entered disabled state [ 1084.253559][T16560] bridge_slave_1: entered allmulticast mode [ 1084.261432][T27906] lec:lec_start_xmit: lec0:No lecd attached [ 1084.278492][T16560] bridge_slave_1: entered promiscuous mode [ 1084.366367][T16560] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1084.387508][T16560] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1084.447167][T16560] team0: Port device team_slave_0 added [ 1084.510508][T16560] team0: Port device team_slave_1 added [ 1084.647346][T16560] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1084.654370][T16560] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1084.689924][T16560] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1084.702240][T16651] bridge0: port 1(wlan0) entered blocking state [ 1084.725208][T16651] bridge0: port 1(wlan0) entered disabled state [ 1084.740576][T16651] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 1084.771294][T16560] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1084.795765][T16560] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1084.864437][T16560] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1084.906864][ T5842] Bluetooth: hci3: command tx timeout [ 1085.078784][T16560] hsr_slave_0: entered promiscuous mode [ 1085.117279][T16560] hsr_slave_1: entered promiscuous mode [ 1085.123935][T16560] debugfs: 'hsr0' already exists in 'hsr' [ 1085.143773][T16560] Cannot create hsr debugfs directory [ 1085.152238][ T5842] Bluetooth: hci5: command tx timeout [ 1085.345402][T16685] netlink: 'syz.0.16952': attribute type 1 has an invalid length. [ 1085.368527][T16685] __nla_validate_parse: 7 callbacks suppressed [ 1085.368548][T16685] netlink: 224 bytes leftover after parsing attributes in process `syz.0.16952'. [ 1085.591353][T16560] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1085.724518][T16714] netlink: 28 bytes leftover after parsing attributes in process `syz.2.16960'. [ 1085.779599][T16560] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1085.839940][T16708] netlink: 24 bytes leftover after parsing attributes in process `syz.2.16960'. [ 1085.897143][T16719] 0: reclassify loop, rule prio 0, protocol 700 [ 1085.910557][T16560] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1086.042526][T16560] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1086.372509][T16560] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1086.385098][T16560] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1086.407103][T16560] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1086.429627][T16560] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1086.583701][T16560] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1086.629775][T16560] 8021q: adding VLAN 0 to HW filter on device team0 [ 1086.644742][ T3445] bridge0: port 1(bridge_slave_0) entered blocking state [ 1086.652070][ T3445] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1086.687633][T11928] bridge0: port 2(bridge_slave_1) entered blocking state [ 1086.694840][T11928] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1086.985733][ T5842] Bluetooth: hci3: command tx timeout [ 1087.021197][T16560] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1087.468678][T16560] veth0_vlan: entered promiscuous mode [ 1087.496977][T16560] veth1_vlan: entered promiscuous mode [ 1087.585090][T16560] veth0_macvtap: entered promiscuous mode [ 1087.630558][T16560] veth1_macvtap: entered promiscuous mode [ 1087.662268][T16560] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1087.690246][T16560] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1087.746451][ T1011] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1087.755263][ T1011] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1087.809342][ T1011] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1087.825950][ T1011] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1089.067516][ T5842] Bluetooth: hci3: command tx timeout [ 1089.947759][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5680 ms [ 1089.955876][ C0] lec:lec_tx_timeout: lec0 [ 1090.098669][ T3462] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1090.109975][ T3462] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1090.281509][ T3462] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1090.302686][ T3462] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1090.929140][T16881] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 1091.027310][ T52] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1091.040825][ T52] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1091.051450][ T52] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1091.061345][ T52] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1091.070427][ T52] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1091.166009][ T5842] Bluetooth: hci3: command tx timeout [ 1091.257086][T16884] lo speed is unknown, defaulting to 1000 [ 1091.299182][T16884] ip6_vti0 speed is unknown, defaulting to 1000 [ 1092.006643][T16884] chnl_net:caif_netlink_parms(): no params data found [ 1092.261700][T16884] bridge0: port 1(bridge_slave_0) entered blocking state [ 1092.274037][T16884] bridge0: port 1(bridge_slave_0) entered disabled state [ 1092.282493][T16884] bridge_slave_0: entered allmulticast mode [ 1092.291964][T16884] bridge_slave_0: entered promiscuous mode [ 1092.303350][T16884] bridge0: port 2(bridge_slave_1) entered blocking state [ 1092.312143][T16884] bridge0: port 2(bridge_slave_1) entered disabled state [ 1092.320270][T16884] bridge_slave_1: entered allmulticast mode [ 1092.329321][T16884] bridge_slave_1: entered promiscuous mode [ 1092.385838][T16884] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1092.401266][T16884] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1092.462985][T16884] team0: Port device team_slave_0 added [ 1092.475007][T16884] team0: Port device team_slave_1 added [ 1092.526842][T16884] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1092.534160][T16884] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1092.628855][T16884] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1092.659161][T16884] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1092.696854][T16884] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1092.754999][T16884] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1092.923979][T16934] erspan0: entered promiscuous mode [ 1092.981403][T16934] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1092.994623][T16934] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1093.146653][ T5842] Bluetooth: hci4: command tx timeout [ 1093.201689][T16884] hsr_slave_0: entered promiscuous mode [ 1093.236317][T16884] hsr_slave_1: entered promiscuous mode [ 1093.243007][T16884] debugfs: 'hsr0' already exists in 'hsr' [ 1093.249517][T16957] netlink: 4 bytes leftover after parsing attributes in process `syz.3.17060'. [ 1093.286232][T16884] Cannot create hsr debugfs directory [ 1093.311512][T16962] netlink: 8 bytes leftover after parsing attributes in process `syz.0.17062'. [ 1093.924766][T16884] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1094.008845][T16980] bond1 (unregistering): Released all slaves [ 1094.044474][T16990] netlink: 8 bytes leftover after parsing attributes in process `syz.1.17072'. [ 1094.059830][T16990] netlink: 'syz.1.17072': attribute type 3 has an invalid length. [ 1094.085251][T16884] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1094.308850][T16884] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1094.417093][T16884] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1094.474469][T16999] syzkaller0: entered promiscuous mode [ 1094.481477][T16999] syzkaller0: entered allmulticast mode [ 1094.692773][T16884] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1094.714863][T16884] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1094.739091][T16884] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1094.757679][T17013] netlink: 'syz.1.17080': attribute type 1 has an invalid length. [ 1094.814234][T17013] 8021q: adding VLAN 0 to HW filter on device bond22 [ 1094.843604][T16884] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1094.910142][T17013] vlan7: entered allmulticast mode [ 1094.916333][T17013] veth0_to_bond: entered allmulticast mode [ 1094.928120][T17013] bond22: (slave vlan7): Enslaving as an active interface with a down link [ 1095.087679][T16884] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1095.172421][T16884] 8021q: adding VLAN 0 to HW filter on device team0 [ 1095.203651][ T3517] bridge0: port 1(bridge_slave_0) entered blocking state [ 1095.210928][ T3517] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1095.226933][ T5842] Bluetooth: hci4: command tx timeout [ 1095.291413][ T1011] bridge0: port 2(bridge_slave_1) entered blocking state [ 1095.298701][ T1011] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1095.378329][T17035] netlink: 'syz.3.17088': attribute type 13 has an invalid length. [ 1095.521013][T17035] tipc: Resetting bearer [ 1095.558495][T17035] tipc: Resetting bearer [ 1095.572626][T17035] tipc: Resetting bearer [ 1095.913662][T17056] lo speed is unknown, defaulting to 1000 [ 1095.933992][T17056] ip6_vti0 speed is unknown, defaulting to 1000 [ 1096.582744][T17089] netlink: 'syz.3.17103': attribute type 1 has an invalid length. [ 1096.632197][T16884] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1096.803847][T16884] veth0_vlan: entered promiscuous mode [ 1096.874457][T16884] veth1_vlan: entered promiscuous mode [ 1096.985490][T16884] veth0_macvtap: entered promiscuous mode [ 1097.029416][T16884] veth1_macvtap: entered promiscuous mode [ 1097.112594][T16884] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1097.160245][T16884] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1097.204512][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1097.223964][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1097.244363][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1097.256795][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1097.308750][ T5842] Bluetooth: hci4: command tx timeout [ 1097.481290][ T3445] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1097.524236][ T3445] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1097.593358][ T3445] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1097.608839][ T3445] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1097.823859][T17132] netlink: 12 bytes leftover after parsing attributes in process `syz.4.17119'. [ 1098.304289][ T52] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1098.314577][ T52] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1098.324205][ T52] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1098.333656][ T52] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1098.341863][ T52] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1098.472497][T17142] lo speed is unknown, defaulting to 1000 [ 1098.509664][T17142] ip6_vti0 speed is unknown, defaulting to 1000 [ 1098.850400][T17159] netlink: 12 bytes leftover after parsing attributes in process `syz.1.17132'. [ 1099.380899][T17142] chnl_net:caif_netlink_parms(): no params data found [ 1099.388172][ T52] Bluetooth: hci4: command tx timeout [ 1099.714487][T17142] bridge0: port 1(bridge_slave_0) entered blocking state [ 1099.755483][T17142] bridge0: port 1(bridge_slave_0) entered disabled state [ 1099.781314][T17142] bridge_slave_0: entered allmulticast mode [ 1099.799302][T17142] bridge_slave_0: entered promiscuous mode [ 1099.812321][T17142] bridge0: port 2(bridge_slave_1) entered blocking state [ 1099.826471][T17142] bridge0: port 2(bridge_slave_1) entered disabled state [ 1099.845297][T17142] bridge_slave_1: entered allmulticast mode [ 1099.886548][T17142] bridge_slave_1: entered promiscuous mode [ 1099.953995][T17142] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1099.971772][T17142] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1100.071871][T17142] team0: Port device team_slave_0 added [ 1100.111308][T17142] team0: Port device team_slave_1 added [ 1100.228087][T17142] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1100.235110][T17142] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1100.326203][T17142] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1100.355232][T17142] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1100.372904][T17142] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1100.426353][ T52] Bluetooth: hci2: command tx timeout [ 1100.446087][T17142] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1100.670557][T17142] hsr_slave_0: entered promiscuous mode [ 1100.694971][T17142] hsr_slave_1: entered promiscuous mode [ 1100.709182][T17142] debugfs: 'hsr0' already exists in 'hsr' [ 1100.723878][T17142] Cannot create hsr debugfs directory [ 1101.051436][T17246] sctp: [Deprecated]: syz.1.17166 (pid 17246) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1101.051436][T17246] Use struct sctp_sack_info instead [ 1101.256644][T17142] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1101.270860][T17142] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1101.282652][T17142] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 1101.296189][T17256] netlink: 'syz.1.17169': attribute type 13 has an invalid length. [ 1101.316715][T17256] netlink: 'syz.1.17169': attribute type 17 has an invalid length. [ 1101.346102][T17256] lo: left promiscuous mode [ 1101.406499][T17256] tunl0: left promiscuous mode [ 1101.422341][T17256] gre0: left promiscuous mode [ 1101.429784][T17256] gretap0: left promiscuous mode [ 1101.440348][T17256] erspan0: left promiscuous mode [ 1101.462479][T17256] ip_vti0: left promiscuous mode [ 1101.478788][T17256] sit0: left promiscuous mode [ 1101.563911][T17256] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1101.580705][T17256] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1101.675447][T17142] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1101.688233][T17142] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1101.699861][T17142] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 1101.860405][T17142] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1101.885931][T17142] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1101.902746][T17142] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 1101.994503][T17142] bond0: (slave netdevsim0): Releasing backup interface [ 1102.007530][T17142] netdevsim netdevsim3 netdevsim0 (unregistering): left allmulticast mode [ 1102.020234][T17142] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1102.032153][T17142] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1102.043332][T17142] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 1102.327319][T17294] netlink: 24 bytes leftover after parsing attributes in process `syz.2.17185'. [ 1102.366868][T17142] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1102.407174][T17290] lo speed is unknown, defaulting to 1000 [ 1102.407608][T17142] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1102.513936][ T52] Bluetooth: hci2: command tx timeout [ 1102.577882][T17290] ip6_vti0 speed is unknown, defaulting to 1000 [ 1102.597109][T17142] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1102.640009][T17142] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1102.925076][T17142] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1102.990124][T17142] 8021q: adding VLAN 0 to HW filter on device team0 [ 1103.048127][T17321] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1103.098697][ T4136] bridge0: port 1(bridge_slave_0) entered blocking state [ 1103.105972][ T4136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1103.152232][ T4136] bridge0: port 2(bridge_slave_1) entered blocking state [ 1103.159506][ T4136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1103.642088][T17335] lo speed is unknown, defaulting to 1000 [ 1103.797353][T17335] ip6_vti0 speed is unknown, defaulting to 1000 [ 1104.486238][T17362] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1104.522209][T17362] bond1: (slave bond0): Enslaving as a backup interface with an up link [ 1104.588535][ T52] Bluetooth: hci2: command tx timeout [ 1104.670866][T17142] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1104.854191][T17142] veth0_vlan: entered promiscuous mode [ 1104.877201][T17142] veth1_vlan: entered promiscuous mode [ 1104.989238][T17371] bond1: option xmit_hash_policy: invalid value (8) [ 1105.000792][T17371] bond1 (unregistering): Released all slaves [ 1105.138191][T17379] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1105.197370][T17376] lo speed is unknown, defaulting to 1000 [ 1105.243351][T17376] ip6_vti0 speed is unknown, defaulting to 1000 [ 1105.260819][T17142] veth0_macvtap: entered promiscuous mode [ 1105.278928][T17142] veth1_macvtap: entered promiscuous mode [ 1105.325097][T17142] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1105.365086][T17142] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1105.400040][T17384] netlink: 'syz.4.17220': attribute type 13 has an invalid length. [ 1105.410833][ T6545] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1105.660210][ T6545] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1105.688528][ T6545] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1105.819979][T17395] bridge0: port 2(bridge_slave_1) entered disabled state [ 1105.827797][T17395] bridge0: port 1(bridge_slave_0) entered disabled state [ 1105.989920][T17395] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1106.009635][T17395] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1106.200076][ T6545] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1106.243092][ T6545] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1106.267199][ T6545] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1106.288114][ T6545] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1106.357233][ T6545] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1106.665890][ T52] Bluetooth: hci2: command tx timeout [ 1106.720935][ T3966] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1106.780482][ T3966] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1106.921962][ T3966] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1106.934678][ T3966] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1107.017427][T17436] netlink: 7 bytes leftover after parsing attributes in process `syz.0.17243'. [ 1107.689982][ T5842] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1107.701246][ T5842] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1107.718078][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1107.746683][ T5842] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1107.756843][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1107.813595][T17461] lo speed is unknown, defaulting to 1000 [ 1107.824207][T17461] ip6_vti0 speed is unknown, defaulting to 1000 [ 1108.071283][ T5825] syz_tun (unregistering): left allmulticast mode [ 1108.115317][ T5825] bond0: (slave syz_tun): Releasing backup interface [ 1108.784792][T17461] chnl_net:caif_netlink_parms(): no params data found [ 1109.075055][T17461] bridge0: port 1(bridge_slave_0) entered blocking state [ 1109.100566][T17461] bridge0: port 1(bridge_slave_0) entered disabled state [ 1109.131056][T17461] bridge_slave_0: entered allmulticast mode [ 1109.155972][T17461] bridge_slave_0: entered promiscuous mode [ 1109.177191][T17461] bridge0: port 2(bridge_slave_1) entered blocking state [ 1109.196288][T17461] bridge0: port 2(bridge_slave_1) entered disabled state [ 1109.218146][T17461] bridge_slave_1: entered allmulticast mode [ 1109.244817][T17461] bridge_slave_1: entered promiscuous mode [ 1109.341526][T17461] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1109.377914][T17461] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1109.493146][T17541] vlan2: entered promiscuous mode [ 1109.506799][T17461] team0: Port device team_slave_0 added [ 1109.525428][T17461] team0: Port device team_slave_1 added [ 1109.622448][T17461] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1109.645867][T17461] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1109.675215][T17461] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1109.689299][T17461] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1109.700271][T17461] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1109.762032][T17461] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1109.840870][T17550] pimreg: tun_chr_ioctl cmd 1074025676 [ 1109.848264][T17550] pimreg: owner set to 0 [ 1109.863965][T17461] hsr_slave_0: entered promiscuous mode [ 1109.871543][ T52] Bluetooth: hci1: command tx timeout [ 1109.879923][T17461] hsr_slave_1: entered promiscuous mode [ 1109.887569][T17461] debugfs: 'hsr0' already exists in 'hsr' [ 1109.893439][T17461] Cannot create hsr debugfs directory [ 1110.444187][T17461] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1110.478972][T17575] netlink: 12 bytes leftover after parsing attributes in process `syz.4.17303'. [ 1110.484270][T17461] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1110.596069][T17461] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1110.609241][T17461] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1110.700468][T17584] syzkaller0: entered promiscuous mode [ 1110.727888][T17584] syzkaller0: entered allmulticast mode [ 1110.757009][T17461] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1110.775965][T17461] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1110.880514][T17461] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1110.917456][T17461] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1111.274460][T17461] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1111.289637][T17461] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1111.309814][T17461] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1111.331116][T17461] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1111.447360][T17624] CKÓÔ: entered promiscuous mode [ 1111.532257][T17461] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1111.586932][T17461] 8021q: adding VLAN 0 to HW filter on device team0 [ 1111.622585][ T9931] bridge0: port 1(bridge_slave_0) entered blocking state [ 1111.629832][ T9931] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1111.682302][T29816] bridge0: port 2(bridge_slave_1) entered blocking state [ 1111.689561][T29816] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1111.774819][T17636] netlink: 104 bytes leftover after parsing attributes in process `syz.4.17324'. [ 1111.925187][T17642] netlink: zone id is out of range [ 1111.946619][ T52] Bluetooth: hci1: command tx timeout [ 1111.948391][T17642] netlink: zone id is out of range [ 1111.973202][T17642] netlink: set zone limit has 8 unknown bytes [ 1112.261696][T17461] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1112.378015][T17461] veth0_vlan: entered promiscuous mode [ 1112.462466][T17461] veth1_vlan: entered promiscuous mode [ 1112.613882][T17461] veth0_macvtap: entered promiscuous mode [ 1112.648222][T17461] veth1_macvtap: entered promiscuous mode [ 1112.709976][T17461] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1112.742995][T17461] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1112.778373][ T34] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1112.808396][T17673] netlink: 'syz.0.17342': attribute type 3 has an invalid length. [ 1112.837459][ T34] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1112.858040][ T34] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1112.887397][ T34] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1112.954329][T17679] netlink: 180 bytes leftover after parsing attributes in process `syz.2.17346'. [ 1113.162537][T29816] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1113.196084][T29816] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1113.234877][T17687] netlink: 'syz.0.17349': attribute type 64 has an invalid length. [ 1113.262970][T17687] netlink: 8 bytes leftover after parsing attributes in process `syz.0.17349'. [ 1113.286936][ T4136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1113.294859][ T4136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1113.684875][T17702] netlink: 60 bytes leftover after parsing attributes in process `syz.2.17355'. [ 1113.725474][T17702] netlink: 60 bytes leftover after parsing attributes in process `syz.2.17355'. [ 1113.749837][T17702] netlink: 60 bytes leftover after parsing attributes in process `syz.2.17355'. [ 1113.871870][T17710] netlink: 'syz.4.17359': attribute type 64 has an invalid length. [ 1113.881912][T17710] netlink: 8 bytes leftover after parsing attributes in process `syz.4.17359'. [ 1114.026147][ T52] Bluetooth: hci1: command tx timeout [ 1114.230566][T17728] netlink: 'syz.4.17367': attribute type 7 has an invalid length. [ 1114.374702][T17732] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1114.546913][T17739] netlink: 'syz.2.17373': attribute type 64 has an invalid length. [ 1114.563799][T17739] netlink: 8 bytes leftover after parsing attributes in process `syz.2.17373'. [ 1114.931279][T17752] team0: Port device team_slave_0 removed [ 1114.953193][T17752] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 1114.985488][T17762] netlink: 12 bytes leftover after parsing attributes in process `syz.2.17383'. [ 1115.186106][T17769] netlink: 'syz.0.17386': attribute type 64 has an invalid length. [ 1115.194699][T17769] netlink: 8 bytes leftover after parsing attributes in process `syz.0.17386'. [ 1115.369870][T17779] netlink: 60 bytes leftover after parsing attributes in process `syz.4.17390'. [ 1115.576637][T17793] netlink: 'syz.3.17395': attribute type 1 has an invalid length. [ 1115.761121][T17801] netlink: 'syz.3.17399': attribute type 64 has an invalid length. [ 1116.004675][T17816] netlink: 'syz.0.17406': attribute type 13 has an invalid length. [ 1116.106038][ T52] Bluetooth: hci1: command tx timeout [ 1116.325438][T17832] netlink: 'syz.2.17413': attribute type 64 has an invalid length. [ 1117.856438][T17915] validate_nla: 3 callbacks suppressed [ 1117.856462][T17915] netlink: 'syz.2.17447': attribute type 13 has an invalid length. [ 1118.047111][T17929] siw: device registration error -23 [ 1118.273976][T17930] syzkaller0: entered promiscuous mode [ 1118.280800][T17930] syzkaller0: entered allmulticast mode [ 1118.359349][T17943] __nla_validate_parse: 7 callbacks suppressed [ 1118.359373][T17943] netlink: 8 bytes leftover after parsing attributes in process `syz.0.17452'. [ 1118.492283][T17948] netlink: 'syz.0.17456': attribute type 64 has an invalid length. [ 1118.517665][T17949] netlink: 'syz.1.17455': attribute type 1 has an invalid length. [ 1118.764006][T17965] syz_tun: entered allmulticast mode [ 1118.833736][T17965] dvmrp6: entered allmulticast mode [ 1118.839458][T17972] netlink: 'syz.0.17464': attribute type 13 has an invalid length. [ 1119.009053][T17983] netlink: 'syz.3.17469': attribute type 64 has an invalid length. [ 1119.018466][T17983] netlink: 8 bytes leftover after parsing attributes in process `syz.3.17469'. [ 1119.382588][T18004] netlink: 'syz.4.17482': attribute type 64 has an invalid length. [ 1119.423566][T18004] netlink: 8 bytes leftover after parsing attributes in process `syz.4.17482'. [ 1119.696649][T18020] netlink: 'syz.2.17489': attribute type 10 has an invalid length. [ 1119.753013][T18020] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1119.764569][T18022] lo: Caught tx_queue_len zero misconfig [ 1120.423249][T18041] netlink: 'syz.3.17497': attribute type 39 has an invalid length. [ 1120.494757][T18045] netlink: 'syz.0.17499': attribute type 12 has an invalid length. [ 1121.081336][ T1304] lec:lec_start_xmit: lec0:No lecd attached [ 1121.562163][T18099] gre1: entered promiscuous mode [ 1121.567624][T18099] gre1: entered allmulticast mode [ 1121.667892][T18103] netlink: 'syz.1.17524': attribute type 13 has an invalid length. [ 1122.338992][T18141] lo: Caught tx_queue_len zero misconfig [ 1122.372321][ T39] IPVS: starting estimator thread 0... [ 1122.466255][T18146] IPVS: using max 27 ests per chain, 64800 per kthread [ 1122.497011][T18151] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1123.893068][T18229] netlink: 24 bytes leftover after parsing attributes in process `syz.4.17580'. [ 1124.034968][T18238] netlink: 'syz.0.17585': attribute type 1 has an invalid length. [ 1124.108062][T18238] bond1: entered promiscuous mode [ 1124.113841][T18238] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1124.526319][T18264] bridge: RTM_NEWNEIGH with invalid ether address [ 1124.544282][T18262] ip6_vti0 speed is unknown, defaulting to 1000 [ 1124.953972][T18276] netlink: 'syz.4.17599': attribute type 1 has an invalid length. [ 1125.013821][T18266] netlink: 32 bytes leftover after parsing attributes in process `syz.1.17594'. [ 1125.034313][T18276] bond2: entered promiscuous mode [ 1125.041481][T18276] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1125.346457][T18294] syz_tun: entered allmulticast mode [ 1125.362481][T18294] dvmrp6: entered allmulticast mode [ 1125.791611][T18311] netlink: 4 bytes leftover after parsing attributes in process `syz.0.17613'. [ 1125.808596][T18308] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1126.096098][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 1126.104319][ C0] lec:lec_tx_timeout: lec0 [ 1126.762738][T18366] netlink: 8 bytes leftover after parsing attributes in process `syz.1.17640'. [ 1126.788285][T18366] netlink: 12 bytes leftover after parsing attributes in process `syz.1.17640'. [ 1126.843655][T18369] netlink: 76 bytes leftover after parsing attributes in process `syz.2.17642'. [ 1127.174693][T18386] netlink: 'syz.1.17651': attribute type 1 has an invalid length. [ 1127.219084][T18386] bond2: entered promiscuous mode [ 1127.224704][T18386] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1127.727453][T18415] netlink: 'syz.0.17662': attribute type 64 has an invalid length. [ 1127.741287][T18415] netlink: 8 bytes leftover after parsing attributes in process `syz.0.17662'. [ 1127.772389][T18419] netlink: 'syz.2.17665': attribute type 3 has an invalid length. [ 1128.187824][T18445] netlink: 'syz.4.17677': attribute type 64 has an invalid length. [ 1128.201113][T18445] netlink: 8 bytes leftover after parsing attributes in process `syz.4.17677'. [ 1128.444122][T18454] netlink: 'syz.2.17680': attribute type 3 has an invalid length. [ 1129.539905][T18487] netlink: 'syz.2.17688': attribute type 64 has an invalid length. [ 1129.575782][T18487] netlink: 8 bytes leftover after parsing attributes in process `syz.2.17688'. [ 1129.800886][T18495] netlink: 'syz.2.17691': attribute type 3 has an invalid length. [ 1129.966155][T18498] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 1130.156894][T18479] lec:lec_atm_close: lec0: Shut down! [ 1130.640319][T18524] netlink: 'syz.0.17701': attribute type 64 has an invalid length. [ 1130.665502][T18524] netlink: 8 bytes leftover after parsing attributes in process `syz.0.17701'. [ 1130.830910][T18535] Bluetooth: MGMT ver 1.23 [ 1130.931340][T18539] netlink: 12 bytes leftover after parsing attributes in process `syz.3.17707'. [ 1130.936137][T18541] netlink: 8 bytes leftover after parsing attributes in process `syz.1.17706'. [ 1130.987881][T18541] netlink: 8 bytes leftover after parsing attributes in process `syz.1.17706'. [ 1131.159566][T18552] netlink: 12 bytes leftover after parsing attributes in process `syz.2.17711'. [ 1131.351190][T18566] netlink: 'syz.3.17715': attribute type 64 has an invalid length. [ 1131.370100][T18566] netlink: 8 bytes leftover after parsing attributes in process `syz.3.17715'. [ 1132.045028][T18599] netlink: 8 bytes leftover after parsing attributes in process `syz.2.17730'. [ 1132.076487][T18599] netlink: 40 bytes leftover after parsing attributes in process `syz.2.17730'. [ 1132.106563][T18602] netlink: 'syz.4.17732': attribute type 64 has an invalid length. [ 1132.136773][T18602] netlink: 8 bytes leftover after parsing attributes in process `syz.4.17732'. [ 1134.570529][T18641] netlink: 'syz.0.17747': attribute type 64 has an invalid length. [ 1134.624104][T18643] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1134.675304][T18649] lo: Caught tx_queue_len zero misconfig [ 1135.076188][T18671] __nla_validate_parse: 2 callbacks suppressed [ 1135.076213][T18671] netlink: 20 bytes leftover after parsing attributes in process `syz.0.17762'. [ 1135.128196][T18675] netlink: 8 bytes leftover after parsing attributes in process `syz.1.17764'. [ 1135.161041][T18678] tipc: Started in network mode [ 1135.166591][T18678] tipc: Node identity 2, cluster identity 3142 [ 1135.172860][T18678] tipc: Node number set to 2 [ 1135.181904][T18678] tipc: Cannot configure node identity twice [ 1135.250015][T18682] lo: Caught tx_queue_len zero misconfig [ 1135.290664][T18685] netlink: 8 bytes leftover after parsing attributes in process `syz.1.17768'. [ 1135.302482][T18685] netlink: 8 bytes leftover after parsing attributes in process `syz.1.17768'. [ 1135.362736][T18688] syzkaller1: entered promiscuous mode [ 1135.375617][T18688] syzkaller1: entered allmulticast mode [ 1135.692800][T18702] netlink: 20 bytes leftover after parsing attributes in process `syz.1.17776'. [ 1135.804668][T18706] netlink: 8 bytes leftover after parsing attributes in process `syz.1.17778'. [ 1135.955832][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5800 ms [ 1135.963990][ C0] lec:lec_tx_timeout: lec0 [ 1136.126598][T18719] syzkaller1: entered promiscuous mode [ 1136.147068][T18719] syzkaller1: entered allmulticast mode [ 1136.220252][T18725] netlink: 20 bytes leftover after parsing attributes in process `syz.0.17787'. [ 1136.300191][T18727] netlink: 8 bytes leftover after parsing attributes in process `syz.2.17789'. [ 1136.553163][T18737] syzkaller1: entered promiscuous mode [ 1136.566099][T18737] syzkaller1: entered allmulticast mode [ 1136.580954][T18739] syzkaller1: entered allmulticast mode [ 1136.821480][T18756] netlink: 8 bytes leftover after parsing attributes in process `syz.0.17803'. [ 1137.074574][T18768] lo: entered allmulticast mode [ 1137.295310][T18784] netlink: 8 bytes leftover after parsing attributes in process `syz.0.17816'. [ 1137.426873][T18786] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1137.964454][T18822] syz_tun: entered allmulticast mode [ 1138.030485][T18826] sctp: [Deprecated]: syz.4.17835 (pid 18826) Use of int in maxseg socket option. [ 1138.030485][T18826] Use struct sctp_assoc_value instead [ 1138.087364][T18828] netlink: 'syz.1.17837': attribute type 13 has an invalid length. [ 1138.257725][T18828] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 1138.880875][T18873] netlink: 'syz.2.17858': attribute type 13 has an invalid length. [ 1139.011877][T18873] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 1139.024321][T18880] syzkaller1: entered promiscuous mode [ 1139.041435][T18880] syzkaller1: entered allmulticast mode [ 1139.405732][T18895] syzkaller1: entered allmulticast mode [ 1140.124177][T18938] netlink: 'syz.1.17888': attribute type 1 has an invalid length. [ 1140.251659][T18944] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1140.263079][T18944] bond1: (slave bond0): Enslaving as a backup interface with an up link [ 1140.454062][T18955] dvmrp6: entered allmulticast mode [ 1140.888090][T18979] __nla_validate_parse: 4 callbacks suppressed [ 1140.888113][T18979] netlink: 12 bytes leftover after parsing attributes in process `syz.0.17907'. [ 1140.914727][T18979] netlink: 12 bytes leftover after parsing attributes in process `syz.0.17907'. [ 1141.435245][T19015] netlink: 'syz.4.17920': attribute type 10 has an invalid length. [ 1141.447316][T19015] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 1141.476580][T19015] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1142.362439][T19055] netlink: 60 bytes leftover after parsing attributes in process `syz.3.17935'. [ 1142.403103][T19055] netlink: 60 bytes leftover after parsing attributes in process `syz.3.17935'. [ 1142.441048][T19058] netlink: 4 bytes leftover after parsing attributes in process `syz.0.17936'. [ 1142.467503][T19062] netlink: 60 bytes leftover after parsing attributes in process `syz.3.17935'. [ 1142.516322][T19068] netlink: 60 bytes leftover after parsing attributes in process `syz.3.17935'. [ 1143.416578][T19111] bridge_slave_1: Caught tx_queue_len zero misconfig [ 1144.051096][T19145] netlink: 28 bytes leftover after parsing attributes in process `syz.2.17972'. [ 1144.075825][T19145] netlink: 108 bytes leftover after parsing attributes in process `syz.2.17972'. [ 1144.122093][T19145] netlink: 28 bytes leftover after parsing attributes in process `syz.2.17972'. [ 1144.324830][T19162] dvmrp6: entered allmulticast mode [ 1144.509469][T19170] openvswitch: netlink: Tunnel attr 3 has unexpected len 0 expected 1 [ 1144.935273][T19196] dvmrp6: entered allmulticast mode [ 1146.071630][T19265] __nla_validate_parse: 3 callbacks suppressed [ 1146.071653][T19265] netlink: 8 bytes leftover after parsing attributes in process `syz.4.18017'. [ 1146.838870][T19309] netlink: 60 bytes leftover after parsing attributes in process `syz.4.18035'. [ 1146.850023][T19309] netlink: 60 bytes leftover after parsing attributes in process `syz.4.18035'. [ 1146.863988][T19309] netlink: 60 bytes leftover after parsing attributes in process `syz.4.18035'. [ 1147.323590][T19335] netlink: 6 bytes leftover after parsing attributes in process `syz.2.18044'. [ 1147.361196][T19335] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1147.550167][T27906] lec:lec_start_xmit: lec0:No lecd attached [ 1148.603990][T19402] netlink: 'syz.0.18073': attribute type 29 has an invalid length. [ 1148.613729][T19402] netlink: 'syz.0.18073': attribute type 29 has an invalid length. [ 1149.642834][T19425] syz_tun: entered allmulticast mode [ 1150.330011][T19455] netlink: 8 bytes leftover after parsing attributes in process `syz.1.18096'. [ 1150.648416][T19470] netlink: 'syz.1.18102': attribute type 13 has an invalid length. [ 1151.093133][T19492] netlink: 8 bytes leftover after parsing attributes in process `syz.3.18108'. [ 1151.839693][T19519] netlink: 'syz.0.18120': attribute type 13 has an invalid length. [ 1151.976123][T19522] netlink: 8 bytes leftover after parsing attributes in process `syz.4.18121'. [ 1152.217945][T19532] netlink: 4 bytes leftover after parsing attributes in process `syz.4.18122'. [ 1152.580749][T19542] netlink: 564 bytes leftover after parsing attributes in process `syz.0.18125'. [ 1152.995629][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5440 ms [ 1153.003776][ C0] lec:lec_tx_timeout: lec0 [ 1153.323992][T19566] netlink: 'syz.4.18138': attribute type 1 has an invalid length. [ 1153.512858][T19571] netlink: 564 bytes leftover after parsing attributes in process `syz.4.18140'. [ 1154.032741][T19404] Set syz1 is full, maxelem 65536 reached [ 1154.341186][T19605] ip6_vti0 speed is unknown, defaulting to 1000 [ 1154.601684][T19624] netlink: 4 bytes leftover after parsing attributes in process `syz.3.18156'. [ 1154.872074][T19636] netlink: 8 bytes leftover after parsing attributes in process `syz.4.18165'. [ 1155.433561][T19653] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1155.440965][T19653] IPv6: NLM_F_CREATE should be set when creating new route [ 1157.295136][T19653] bridge0: port 2(bridge_slave_1) entered disabled state [ 1157.302987][T19653] bridge0: port 1(bridge_slave_0) entered disabled state [ 1157.510117][T19653] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1157.552071][T19653] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1157.741322][T17105] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1157.768047][T17105] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1157.794687][T17105] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1157.825785][T17105] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1157.910611][T19694] netlink: 8 bytes leftover after parsing attributes in process `syz.4.18190'. [ 1159.144740][T19751] netlink: 40 bytes leftover after parsing attributes in process `syz.1.18215'. [ 1159.460402][ T52] Bluetooth: hci1: link tx timeout [ 1159.468848][ T52] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 1159.638347][T19782] netlink: 40 bytes leftover after parsing attributes in process `syz.2.18231'. [ 1159.994969][ T5947] IPVS: starting estimator thread 0... [ 1160.086244][T19802] IPVS: using max 30 ests per chain, 72000 per kthread [ 1160.743192][T19848] syzkaller0: entered allmulticast mode [ 1160.844659][T19854] netlink: 68 bytes leftover after parsing attributes in process `syz.0.18264'. [ 1160.981109][T19862] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1160.988474][T19862] IPv6: NLM_F_CREATE should be set when creating new route [ 1161.230555][T19874] netlink: 16 bytes leftover after parsing attributes in process `syz.1.18274'. [ 1161.369154][T19882] netlink: 68 bytes leftover after parsing attributes in process `syz.3.18277'. [ 1161.381928][ T5947] IPVS: starting estimator thread 0... [ 1161.484123][T19888] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1161.491471][T19888] IPv6: NLM_F_CREATE should be set when creating new route [ 1161.527562][T19885] IPVS: using max 32 ests per chain, 76800 per kthread [ 1161.546756][ T52] Bluetooth: hci1: command 0x0406 tx timeout [ 1162.510568][T19956] sctp: [Deprecated]: syz.0.18313 (pid 19956) Use of int in max_burst socket option deprecated. [ 1162.510568][T19956] Use struct sctp_assoc_value instead [ 1162.761122][T19973] netlink: 4 bytes leftover after parsing attributes in process `syz.2.18322'. [ 1162.786537][T19972] netlink: 16 bytes leftover after parsing attributes in process `syz.0.18318'. [ 1163.263146][T20001] netlink: 8 bytes leftover after parsing attributes in process `syz.2.18334'. [ 1163.499246][T20013] netlink: 52 bytes leftover after parsing attributes in process `syz.2.18341'. [ 1163.524272][T20013] netlink: 52 bytes leftover after parsing attributes in process `syz.2.18341'. [ 1163.532155][T20015] netlink: 40 bytes leftover after parsing attributes in process `syz.4.18343'. [ 1163.542088][T20013] netlink: 52 bytes leftover after parsing attributes in process `syz.2.18341'. [ 1163.678168][T20023] netlink: 4 bytes leftover after parsing attributes in process `syz.0.18345'. [ 1163.707037][T20023] bond0: entered promiscuous mode [ 1163.714978][T20023] bond_slave_0: entered promiscuous mode [ 1163.725187][T20023] bond_slave_1: entered promiscuous mode [ 1163.969042][T20035] netlink: 8 bytes leftover after parsing attributes in process `syz.3.18352'. [ 1163.982301][T20035] netlink: 8 bytes leftover after parsing attributes in process `syz.3.18352'. [ 1164.025134][T20037] netlink: 'syz.4.18353': attribute type 72 has an invalid length. [ 1164.047361][T20037] netlink: 8 bytes leftover after parsing attributes in process `syz.4.18353'. [ 1164.165888][T20043] netlink: 40 bytes leftover after parsing attributes in process `syz.3.18356'. [ 1164.367740][T20056] tipc: Failed to remove unknown binding: 66,0,0/0:3089628299/3089628300 [ 1164.386006][T20056] tipc: Failed to remove unknown binding: 66,0,0/0:3089628299/3089628300 [ 1167.009169][T20209] netlink: 'syz.1.18436': attribute type 3 has an invalid length. [ 1168.366835][T20290] __nla_validate_parse: 16 callbacks suppressed [ 1168.366859][T20290] netlink: 24 bytes leftover after parsing attributes in process `syz.1.18475'. [ 1168.787923][T20317] lo: Caught tx_queue_len zero misconfig [ 1168.835917][T20319] netlink: 8 bytes leftover after parsing attributes in process `syz.4.18489'. [ 1168.896412][T20321] syzkaller1: entered promiscuous mode [ 1168.902013][T20321] syzkaller1: entered allmulticast mode [ 1168.944571][T20326] netlink: 12 bytes leftover after parsing attributes in process `syz.2.18492'. [ 1169.138608][T20335] netlink: 'syz.1.18497': attribute type 10 has an invalid length. [ 1169.193681][T20335] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1169.580148][T20361] netlink: 6 bytes leftover after parsing attributes in process `syz.2.18508'. [ 1169.647634][T20361] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1169.947962][T20371] rdma_rxe: rxe_newlink: failed to add ip6_vti0 [ 1170.468697][T20388] netlink: 16 bytes leftover after parsing attributes in process `syz.3.18520'. [ 1170.769433][T20399] netlink: 6 bytes leftover after parsing attributes in process `syz.2.18524'. [ 1170.818879][T20399] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1171.026927][T20406] netlink: 68 bytes leftover after parsing attributes in process `syz.4.18528'. [ 1171.990124][T20431] veth0_to_team: Caught tx_queue_len zero misconfig [ 1172.229449][T20437] netlink: 6 bytes leftover after parsing attributes in process `syz.4.18539'. [ 1172.243183][T20438] netlink: 'syz.2.18542': attribute type 1 has an invalid length. [ 1172.266344][T20437] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1172.751434][T20450] netlink: 8 bytes leftover after parsing attributes in process `syz.1.18548'. [ 1172.915013][T20456] dummy0: entered promiscuous mode [ 1172.930398][T20456] macvtap1: entered promiscuous mode [ 1172.942858][T20456] macvtap1: entered allmulticast mode [ 1172.955370][T20456] dummy0: entered allmulticast mode [ 1173.041593][T20456] dummy0: left allmulticast mode [ 1173.050356][T20456] dummy0: left promiscuous mode [ 1173.916835][T20499] netlink: 4 bytes leftover after parsing attributes in process `syz.4.18573'. [ 1173.942070][T20492] bond1: (slave bond0): Releasing backup interface [ 1174.224716][T20513] netlink: 4 bytes leftover after parsing attributes in process `syz.2.18579'. [ 1174.595345][T20530] netlink: 4 bytes leftover after parsing attributes in process `syz.4.18587'. [ 1174.809464][T20541] netlink: 868 bytes leftover after parsing attributes in process `syz.3.18589'. [ 1174.848206][T20544] netlink: 4 bytes leftover after parsing attributes in process `syz.1.18593'. [ 1175.107682][T20561] netlink: 4 bytes leftover after parsing attributes in process `syz.1.18601'. [ 1175.254219][T20571] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.18605'. [ 1175.313143][T20573] netlink: 868 bytes leftover after parsing attributes in process `syz.3.18606'. [ 1175.700509][T20577] netlink: 12 bytes leftover after parsing attributes in process `syz.3.18608'. [ 1175.710726][T20577] netlink: 4 bytes leftover after parsing attributes in process `syz.3.18608'. [ 1175.739844][ T3445] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1175.754393][ T3445] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1175.786434][ T3445] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1175.806636][ T3445] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1176.527417][T20633] netlink: 'syz.4.18633': attribute type 27 has an invalid length. [ 1176.640180][T20633] bridge0: port 2(bridge_slave_1) entered disabled state [ 1176.648086][T20633] bridge0: port 1(bridge_slave_0) entered disabled state [ 1177.192567][T20633] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1177.254238][T20633] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1178.046535][T20633] bond2: left promiscuous mode [ 1178.074509][ T3489] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1178.094202][ T3489] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1178.111963][ T3489] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1178.146350][ T3489] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1178.303456][T20665] netlink: 'syz.2.18646': attribute type 13 has an invalid length. [ 1178.623615][T20677] tipc: Failed to remove unknown binding: 66,0,0/0:1123810364/1123810365 [ 1178.634245][T20677] tipc: Failed to remove unknown binding: 66,0,0/0:1123810364/1123810365 [ 1178.967654][T20690] __nla_validate_parse: 19 callbacks suppressed [ 1178.967675][T20690] netlink: 860 bytes leftover after parsing attributes in process `syz.0.18657'. [ 1179.170777][T20697] netlink: 32 bytes leftover after parsing attributes in process `syz.4.18661'. [ 1179.212775][T20702] netlink: 88 bytes leftover after parsing attributes in process `syz.1.18663'. [ 1179.292549][T20707] netlink: 28 bytes leftover after parsing attributes in process `syz.3.18665'. [ 1179.409850][T20712] netlink: 8 bytes leftover after parsing attributes in process `syz.0.18668'. [ 1179.423378][T20712] netlink: 8 bytes leftover after parsing attributes in process `syz.0.18668'. [ 1179.714802][T20732] tipc: Failed to remove unknown binding: 66,0,0/0:1693515312/1693515313 [ 1179.739496][T20732] tipc: Failed to remove unknown binding: 66,0,0/0:1693515312/1693515313 [ 1179.848812][T20736] netlink: 828 bytes leftover after parsing attributes in process `syz.4.18681'. [ 1179.867060][T20740] netlink: 'syz.2.18682': attribute type 10 has an invalid length. [ 1180.227980][T20763] netlink: 564 bytes leftover after parsing attributes in process `syz.1.18693'. [ 1180.296924][T20769] tipc: Failed to remove unknown binding: 66,0,0/0:1695275392/1695275393 [ 1180.326315][T20769] tipc: Failed to remove unknown binding: 66,0,0/0:1695275392/1695275393 [ 1180.480331][ T5947] IPVS: starting estimator thread 0... [ 1180.493892][T20777] netlink: 'syz.3.18699': attribute type 72 has an invalid length. [ 1180.516731][T20777] netlink: 892 bytes leftover after parsing attributes in process `syz.3.18699'. [ 1180.616118][T20780] IPVS: using max 27 ests per chain, 64800 per kthread [ 1180.699601][T20792] netlink: 564 bytes leftover after parsing attributes in process `syz.4.18706'. [ 1180.784620][T20799] tipc: Failed to remove unknown binding: 66,0,0/0:3632416153/3632416154 [ 1180.794235][T20799] tipc: Failed to remove unknown binding: 66,0,0/0:3632416153/3632416154 [ 1181.019367][T20813] netlink: 'syz.0.18714': attribute type 72 has an invalid length. [ 1181.279318][T20829] netlink: 'syz.0.18721': attribute type 10 has an invalid length. [ 1181.295600][T20829] mac80211_hwsim hwsim82 wlan1: entered promiscuous mode [ 1181.307555][T20829] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1182.514308][ T1304] lec:lec_start_xmit: lec0:No lecd attached [ 1182.585152][T20880] mpoa:mpoad_close: () going down [ 1183.245945][T20941] netlink: 'syz.3.18772': attribute type 1 has an invalid length. [ 1183.681651][T20944] mpoa:mpoad_close: () going down [ 1184.078193][T20980] netlink: 'syz.2.18789': attribute type 10 has an invalid length. [ 1184.213035][T20986] __nla_validate_parse: 14 callbacks suppressed [ 1184.213057][T20986] netlink: 8 bytes leftover after parsing attributes in process `syz.0.18792'. [ 1184.341390][T20991] netlink: 16 bytes leftover after parsing attributes in process `syz.0.18794'. [ 1184.372283][T20994] netlink: 564 bytes leftover after parsing attributes in process `syz.3.18796'. [ 1184.389190][T20995] netlink: 68 bytes leftover after parsing attributes in process `syz.2.18795'. [ 1184.468631][T20999] netlink: 4 bytes leftover after parsing attributes in process `syz.0.18798'. [ 1184.572290][T21005] netlink: 'syz.0.18801': attribute type 10 has an invalid length. [ 1184.726151][T21013] netlink: 8 bytes leftover after parsing attributes in process `syz.0.18804'. [ 1184.926959][T21025] netlink: 44 bytes leftover after parsing attributes in process `syz.1.18811'. [ 1185.049896][T21032] netlink: 'syz.4.18814': attribute type 10 has an invalid length. [ 1185.062870][T21032] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1185.138660][T21038] netlink: 28 bytes leftover after parsing attributes in process `syz.1.18817'. [ 1185.438790][T21054] netlink: 44 bytes leftover after parsing attributes in process `syz.2.18825'. [ 1185.558882][T21060] netlink: 'syz.2.18828': attribute type 10 has an invalid length. [ 1185.729980][T21069] netlink: 8 bytes leftover after parsing attributes in process `syz.1.18832'. [ 1186.022501][T21090] netlink: 'syz.1.18841': attribute type 10 has an invalid length. [ 1186.272948][T21105] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1186.577323][T21121] netlink: 'syz.1.18854': attribute type 10 has an invalid length. [ 1187.492118][T21170] netlink: 'syz.0.18877': attribute type 2 has an invalid length. [ 1187.501282][T21170] netlink: 'syz.0.18877': attribute type 1 has an invalid length. [ 1187.837255][T21188] syzkaller1: entered promiscuous mode [ 1187.864777][T21188] syzkaller1: entered allmulticast mode [ 1187.946313][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5430 ms [ 1187.954441][ C0] lec:lec_tx_timeout: lec0 [ 1187.996997][T21205] netlink: 'syz.1.18893': attribute type 10 has an invalid length. [ 1188.487289][T21233] syzkaller0: entered promiscuous mode [ 1188.493008][T21233] syzkaller0: entered allmulticast mode [ 1189.276276][T21272] __nla_validate_parse: 12 callbacks suppressed [ 1189.276299][T21272] netlink: 8 bytes leftover after parsing attributes in process `syz.1.18926'. [ 1189.328508][T21274] netlink: 16 bytes leftover after parsing attributes in process `syz.0.18927'. [ 1189.380324][T21278] netlink: 8 bytes leftover after parsing attributes in process `syz.1.18931'. [ 1189.399503][T21274] netlink: 12 bytes leftover after parsing attributes in process `syz.0.18927'. [ 1189.864822][T21309] netlink: 40 bytes leftover after parsing attributes in process `syz.3.18945'. [ 1189.891272][T21311] netlink: 8 bytes leftover after parsing attributes in process `syz.4.18944'. [ 1190.376510][T21342] netlink: 8 bytes leftover after parsing attributes in process `syz.4.18958'. [ 1190.921229][T21374] bond5: entered promiscuous mode [ 1190.928130][T21374] 8021q: adding VLAN 0 to HW filter on device bond5 [ 1190.964264][T21374] bond5: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 1190.992846][T21384] FAULT_INJECTION: forcing a failure. [ 1190.992846][T21384] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1191.027542][T21384] CPU: 1 UID: 0 PID: 21384 Comm: syz.3.18975 Not tainted syzkaller #0 PREEMPT(full) [ 1191.027574][T21384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1191.027589][T21384] Call Trace: [ 1191.027600][T21384] [ 1191.027610][T21384] dump_stack_lvl+0xe8/0x150 [ 1191.027647][T21384] should_fail_ex+0x412/0x560 [ 1191.027684][T21384] _copy_from_user+0x2d/0xb0 [ 1191.027709][T21384] ___sys_sendmsg+0x1c6/0x360 [ 1191.027742][T21384] ? __lock_acquire+0x6b5/0x2cf0 [ 1191.027770][T21384] ? __pfx____sys_sendmsg+0x10/0x10 [ 1191.027851][T21384] ? __fget_files+0x2a/0x420 [ 1191.027878][T21384] ? __fget_files+0x3a0/0x420 [ 1191.027916][T21384] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1191.027953][T21384] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1191.027997][T21384] ? __pfx_ksys_write+0x10/0x10 [ 1191.028031][T21384] do_syscall_64+0xe2/0xf80 [ 1191.028062][T21384] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1191.028083][T21384] ? trace_irq_disable+0x37/0x100 [ 1191.028114][T21384] ? clear_bhb_loop+0x60/0xb0 [ 1191.028140][T21384] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1191.028163][T21384] RIP: 0033:0x7f178479acb9 [ 1191.028183][T21384] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1191.028203][T21384] RSP: 002b:00007f17856f0028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1191.028227][T21384] RAX: ffffffffffffffda RBX: 00007f1784a15fa0 RCX: 00007f178479acb9 [ 1191.028244][T21384] RDX: 0000000000000004 RSI: 0000200000000000 RDI: 0000000000000003 [ 1191.028258][T21384] RBP: 00007f17856f0090 R08: 0000000000000000 R09: 0000000000000000 [ 1191.028272][T21384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1191.028285][T21384] R13: 00007f1784a16038 R14: 00007f1784a15fa0 R15: 00007ffec1befa58 [ 1191.028321][T21384] [ 1191.065458][T21374] bond5: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 1191.248889][T21388] netlink: 60 bytes leftover after parsing attributes in process `syz.4.18973'. [ 1191.265073][T21374] bond5: (slave ipvlan2): Error -95 calling set_mac_address [ 1191.359122][T21374] bond5: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 1191.388259][T21374] bond5: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 1191.402884][T21374] bond5: (slave ipvlan2): Error -95 calling set_mac_address [ 1191.579165][T21404] netlink: 16 bytes leftover after parsing attributes in process `syz.4.18983'. [ 1191.615715][T21404] netlink: 12 bytes leftover after parsing attributes in process `syz.4.18983'. [ 1191.845201][T21418] netlink: 'syz.4.18989': attribute type 1 has an invalid length. [ 1192.244353][T21442] FAULT_INJECTION: forcing a failure. [ 1192.244353][T21442] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1192.296364][T21442] CPU: 1 UID: 0 PID: 21442 Comm: syz.0.19001 Not tainted syzkaller #0 PREEMPT(full) [ 1192.296396][T21442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1192.296417][T21442] Call Trace: [ 1192.296427][T21442] [ 1192.296437][T21442] dump_stack_lvl+0xe8/0x150 [ 1192.296471][T21442] should_fail_ex+0x412/0x560 [ 1192.296505][T21442] _copy_from_user+0x2d/0xb0 [ 1192.296530][T21442] __sys_sendto+0x294/0x550 [ 1192.296566][T21442] ? __pfx___sys_sendto+0x10/0x10 [ 1192.296594][T21442] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1192.296636][T21442] ? __fget_files+0x3a0/0x420 [ 1192.296676][T21442] ? ksys_write+0x242/0x270 [ 1192.296700][T21442] ? __pfx_ksys_write+0x10/0x10 [ 1192.296727][T21442] __x64_sys_sendto+0xde/0x100 [ 1192.296773][T21442] do_syscall_64+0xe2/0xf80 [ 1192.296803][T21442] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1192.296825][T21442] ? trace_irq_disable+0x37/0x100 [ 1192.296846][T21442] ? clear_bhb_loop+0x60/0xb0 [ 1192.296865][T21442] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1192.296880][T21442] RIP: 0033:0x7f1b2eb9acb9 [ 1192.296894][T21442] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1192.296907][T21442] RSP: 002b:00007f1b2cdf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1192.296923][T21442] RAX: ffffffffffffffda RBX: 00007f1b2ee15fa0 RCX: 00007f1b2eb9acb9 [ 1192.296935][T21442] RDX: 0000000000034000 RSI: 0000200000000180 RDI: 0000000000000003 [ 1192.296945][T21442] RBP: 00007f1b2cdf6090 R08: 0000200000000480 R09: 000000000000001c [ 1192.296955][T21442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1192.296965][T21442] R13: 00007f1b2ee16038 R14: 00007f1b2ee15fa0 R15: 00007ffecfc48118 [ 1192.296989][T21442] [ 1192.697088][T21454] FAULT_INJECTION: forcing a failure. [ 1192.697088][T21454] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1192.770976][T21454] CPU: 1 UID: 0 PID: 21454 Comm: syz.3.19005 Not tainted syzkaller #0 PREEMPT(full) [ 1192.771008][T21454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1192.771027][T21454] Call Trace: [ 1192.771036][T21454] [ 1192.771046][T21454] dump_stack_lvl+0xe8/0x150 [ 1192.771081][T21454] should_fail_ex+0x412/0x560 [ 1192.771119][T21454] _copy_to_user+0x31/0xb0 [ 1192.771145][T21454] simple_read_from_buffer+0xe1/0x170 [ 1192.771176][T21454] proc_fail_nth_read+0x1bb/0x230 [ 1192.771204][T21454] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1192.771231][T21454] ? rw_verify_area+0x2a6/0x4d0 [ 1192.771264][T21454] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1192.771289][T21454] vfs_read+0x20c/0xa70 [ 1192.771307][T21454] ? fdget_pos+0x246/0x320 [ 1192.771338][T21454] ? __pfx___mutex_lock+0x10/0x10 [ 1192.771379][T21454] ? __pfx_vfs_read+0x10/0x10 [ 1192.771401][T21454] ? __fget_files+0x2a/0x420 [ 1192.771433][T21454] ? __fget_files+0x3a0/0x420 [ 1192.771456][T21454] ? __fget_files+0x2a/0x420 [ 1192.771492][T21454] ksys_read+0x150/0x270 [ 1192.771516][T21454] ? __pfx_ksys_read+0x10/0x10 [ 1192.771549][T21454] do_syscall_64+0xe2/0xf80 [ 1192.771579][T21454] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1192.771600][T21454] ? trace_irq_disable+0x37/0x100 [ 1192.771629][T21454] ? clear_bhb_loop+0x60/0xb0 [ 1192.771657][T21454] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1192.771678][T21454] RIP: 0033:0x7f178475b58e [ 1192.771697][T21454] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1192.771717][T21454] RSP: 002b:00007f17856effe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1192.771740][T21454] RAX: ffffffffffffffda RBX: 00007f17856f06c0 RCX: 00007f178475b58e [ 1192.771756][T21454] RDX: 000000000000000f RSI: 00007f17856f00a0 RDI: 0000000000000004 [ 1192.771770][T21454] RBP: 00007f17856f0090 R08: 0000000000000000 R09: 0000000000000000 [ 1192.771784][T21454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1192.771797][T21454] R13: 00007f1784a16038 R14: 00007f1784a15fa0 R15: 00007ffec1befa58 [ 1192.771833][T21454] [ 1193.109384][T21460] netlink: 'syz.3.19011': attribute type 2 has an invalid length. [ 1193.117609][T21460] netlink: 'syz.3.19011': attribute type 1 has an invalid length. [ 1193.646523][T21488] FAULT_INJECTION: forcing a failure. [ 1193.646523][T21488] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1193.695376][T21488] CPU: 0 UID: 0 PID: 21488 Comm: syz.2.19022 Not tainted syzkaller #0 PREEMPT(full) [ 1193.695407][T21488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1193.695422][T21488] Call Trace: [ 1193.695433][T21488] [ 1193.695443][T21488] dump_stack_lvl+0xe8/0x150 [ 1193.695478][T21488] should_fail_ex+0x412/0x560 [ 1193.695519][T21488] _copy_from_user+0x2d/0xb0 [ 1193.695544][T21488] ___sys_sendmsg+0x1c6/0x360 [ 1193.695578][T21488] ? __lock_acquire+0x6b5/0x2cf0 [ 1193.695604][T21488] ? __pfx____sys_sendmsg+0x10/0x10 [ 1193.695674][T21488] ? __fget_files+0x2a/0x420 [ 1193.695701][T21488] ? __fget_files+0x3a0/0x420 [ 1193.695739][T21488] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1193.695777][T21488] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1193.695823][T21488] ? __pfx_ksys_write+0x10/0x10 [ 1193.695857][T21488] do_syscall_64+0xe2/0xf80 [ 1193.695889][T21488] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1193.695909][T21488] ? trace_irq_disable+0x37/0x100 [ 1193.695939][T21488] ? clear_bhb_loop+0x60/0xb0 [ 1193.695967][T21488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1193.695989][T21488] RIP: 0033:0x7f2d1599acb9 [ 1193.696009][T21488] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1193.696029][T21488] RSP: 002b:00007f2d1689f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1193.696053][T21488] RAX: ffffffffffffffda RBX: 00007f2d15c15fa0 RCX: 00007f2d1599acb9 [ 1193.696069][T21488] RDX: 0000000000028850 RSI: 0000200000000180 RDI: 0000000000000003 [ 1193.696084][T21488] RBP: 00007f2d1689f090 R08: 0000000000000000 R09: 0000000000000000 [ 1193.696098][T21488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1193.696111][T21488] R13: 00007f2d15c16038 R14: 00007f2d15c15fa0 R15: 00007fff17397148 [ 1193.696148][T21488] [ 1194.223137][T21510] netlink: 'syz.3.19030': attribute type 10 has an invalid length. [ 1194.235272][T21510] bond0: (slave wlan1): Enslaving as an active interface with a down link [ 1194.631914][T21534] netlink: 'syz.4.19041': attribute type 2 has an invalid length. [ 1194.641221][T21534] netlink: 'syz.4.19041': attribute type 1 has an invalid length. [ 1194.692438][T21536] FAULT_INJECTION: forcing a failure. [ 1194.692438][T21536] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1194.706899][T21536] CPU: 0 UID: 0 PID: 21536 Comm: syz.4.19042 Not tainted syzkaller #0 PREEMPT(full) [ 1194.706930][T21536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1194.706944][T21536] Call Trace: [ 1194.706953][T21536] [ 1194.706963][T21536] dump_stack_lvl+0xe8/0x150 [ 1194.706997][T21536] should_fail_ex+0x412/0x560 [ 1194.707032][T21536] _copy_from_user+0x2d/0xb0 [ 1194.707057][T21536] ___sys_sendmsg+0x1c6/0x360 [ 1194.707090][T21536] ? __lock_acquire+0x6b5/0x2cf0 [ 1194.707119][T21536] ? __pfx____sys_sendmsg+0x10/0x10 [ 1194.707189][T21536] ? __fget_files+0x2a/0x420 [ 1194.707216][T21536] ? __fget_files+0x3a0/0x420 [ 1194.707262][T21536] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1194.707290][T21536] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1194.707324][T21536] ? __pfx_ksys_write+0x10/0x10 [ 1194.707384][T21536] do_syscall_64+0xe2/0xf80 [ 1194.707416][T21536] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1194.707437][T21536] ? trace_irq_disable+0x37/0x100 [ 1194.707470][T21536] ? clear_bhb_loop+0x60/0xb0 [ 1194.707490][T21536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1194.707507][T21536] RIP: 0033:0x7f4f4979acb9 [ 1194.707522][T21536] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1194.707535][T21536] RSP: 002b:00007f4f4a66a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1194.707552][T21536] RAX: ffffffffffffffda RBX: 00007f4f49a15fa0 RCX: 00007f4f4979acb9 [ 1194.707564][T21536] RDX: 0000000000028040 RSI: 0000200000000180 RDI: 0000000000000003 [ 1194.707575][T21536] RBP: 00007f4f4a66a090 R08: 0000000000000000 R09: 0000000000000000 [ 1194.707585][T21536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1194.707595][T21536] R13: 00007f4f49a16038 R14: 00007f4f49a15fa0 R15: 00007fff0d8f74f8 [ 1194.707620][T21536] [ 1194.909929][T21538] netlink: 'syz.4.19043': attribute type 10 has an invalid length. [ 1194.998438][T21540] bond1: (slave bond0): Releasing backup interface [ 1195.183569][T21549] __nla_validate_parse: 9 callbacks suppressed [ 1195.183594][T21549] netlink: 12 bytes leftover after parsing attributes in process `syz.1.19048'. [ 1195.311339][T21555] netlink: 32 bytes leftover after parsing attributes in process `syz.1.19051'. [ 1195.381711][T21557] netlink: 'syz.2.19052': attribute type 2 has an invalid length. [ 1195.396672][T21557] netlink: 'syz.2.19052': attribute type 1 has an invalid length. [ 1195.404652][T21557] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1195.463317][T21562] FAULT_INJECTION: forcing a failure. [ 1195.463317][T21562] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1195.477993][T21562] CPU: 1 UID: 0 PID: 21562 Comm: syz.3.19054 Not tainted syzkaller #0 PREEMPT(full) [ 1195.478023][T21562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1195.478037][T21562] Call Trace: [ 1195.478046][T21562] [ 1195.478055][T21562] dump_stack_lvl+0xe8/0x150 [ 1195.478089][T21562] should_fail_ex+0x412/0x560 [ 1195.478135][T21562] _copy_from_user+0x2d/0xb0 [ 1195.478161][T21562] ___sys_sendmsg+0x1c6/0x360 [ 1195.478195][T21562] ? __lock_acquire+0x6b5/0x2cf0 [ 1195.478223][T21562] ? __pfx____sys_sendmsg+0x10/0x10 [ 1195.478297][T21562] ? __fget_files+0x2a/0x420 [ 1195.478323][T21562] ? __fget_files+0x3a0/0x420 [ 1195.478362][T21562] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1195.478400][T21562] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1195.478445][T21562] ? __pfx_ksys_write+0x10/0x10 [ 1195.478479][T21562] do_syscall_64+0xe2/0xf80 [ 1195.478514][T21562] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1195.478534][T21562] ? trace_irq_disable+0x37/0x100 [ 1195.478563][T21562] ? clear_bhb_loop+0x60/0xb0 [ 1195.478590][T21562] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1195.478611][T21562] RIP: 0033:0x7f178479acb9 [ 1195.478631][T21562] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1195.478651][T21562] RSP: 002b:00007f17856f0028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1195.478674][T21562] RAX: ffffffffffffffda RBX: 00007f1784a15fa0 RCX: 00007f178479acb9 [ 1195.478691][T21562] RDX: 0000000000000000 RSI: 0000200000003700 RDI: 0000000000000003 [ 1195.478705][T21562] RBP: 00007f17856f0090 R08: 0000000000000000 R09: 0000000000000000 [ 1195.478719][T21562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1195.478733][T21562] R13: 00007f1784a16038 R14: 00007f1784a15fa0 R15: 00007ffec1befa58 [ 1195.478768][T21562] [ 1195.478944][T21563] netlink: 'syz.0.19053': attribute type 72 has an invalid length. [ 1195.777432][T21570] netlink: 1688 bytes leftover after parsing attributes in process `syz.2.19058'. [ 1195.850465][T21576] FAULT_INJECTION: forcing a failure. [ 1195.850465][T21576] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1195.864328][T21576] CPU: 0 UID: 0 PID: 21576 Comm: syz.2.19061 Not tainted syzkaller #0 PREEMPT(full) [ 1195.864357][T21576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1195.864380][T21576] Call Trace: [ 1195.864390][T21576] [ 1195.864399][T21576] dump_stack_lvl+0xe8/0x150 [ 1195.864433][T21576] should_fail_ex+0x412/0x560 [ 1195.864468][T21576] _copy_from_user+0x2d/0xb0 [ 1195.864492][T21576] __sys_sendto+0x294/0x550 [ 1195.864524][T21576] ? __pfx___sys_sendto+0x10/0x10 [ 1195.864551][T21576] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1195.864597][T21576] ? __fget_files+0x3a0/0x420 [ 1195.864634][T21576] ? ksys_write+0x242/0x270 [ 1195.864658][T21576] ? __pfx_ksys_write+0x10/0x10 [ 1195.864685][T21576] __x64_sys_sendto+0xde/0x100 [ 1195.864720][T21576] do_syscall_64+0xe2/0xf80 [ 1195.864751][T21576] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1195.864772][T21576] ? trace_irq_disable+0x37/0x100 [ 1195.864801][T21576] ? clear_bhb_loop+0x60/0xb0 [ 1195.864827][T21576] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1195.864848][T21576] RIP: 0033:0x7f2d1599acb9 [ 1195.864869][T21576] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1195.864887][T21576] RSP: 002b:00007f2d1689f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1195.864911][T21576] RAX: ffffffffffffffda RBX: 00007f2d15c15fa0 RCX: 00007f2d1599acb9 [ 1195.864928][T21576] RDX: 000000000000000a RSI: 0000200000000100 RDI: 0000000000000004 [ 1195.864942][T21576] RBP: 00007f2d1689f090 R08: 0000200000000000 R09: 0000000000000010 [ 1195.864956][T21576] R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000001 [ 1195.864970][T21576] R13: 00007f2d15c16038 R14: 00007f2d15c15fa0 R15: 00007fff17397148 [ 1195.865006][T21576] [ 1196.224433][T21583] bond1: (slave vxcan1): The slave device specified does not support setting the MAC address [ 1196.237395][T21583] bond1: (slave vxcan1): Error -95 calling set_mac_address [ 1196.253422][T21586] netlink: 32 bytes leftover after parsing attributes in process `syz.4.19065'. [ 1196.279959][T21589] gretap1: entered promiscuous mode [ 1196.298364][T21589] macvlan2: entered promiscuous mode [ 1196.303897][T21589] macvlan2: entered allmulticast mode [ 1196.312090][T21589] bond1: entered promiscuous mode [ 1196.320228][T21589] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1196.344906][T21589] bond1: left promiscuous mode [ 1196.370707][T21592] FAULT_INJECTION: forcing a failure. [ 1196.370707][T21592] name failslab, interval 1, probability 0, space 0, times 0 [ 1196.384065][T21592] CPU: 1 UID: 0 PID: 21592 Comm: syz.0.19067 Not tainted syzkaller #0 PREEMPT(full) [ 1196.384107][T21592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1196.384122][T21592] Call Trace: [ 1196.384132][T21592] [ 1196.384142][T21592] dump_stack_lvl+0xe8/0x150 [ 1196.384176][T21592] should_fail_ex+0x412/0x560 [ 1196.384208][T21592] should_failslab+0xa8/0x100 [ 1196.384232][T21592] __kmalloc_noprof+0xde/0x7e0 [ 1196.384250][T21592] ? kfree+0x4d/0x650 [ 1196.384273][T21592] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1196.384305][T21592] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1196.384332][T21592] ? tomoyo_domain+0xd7/0x130 [ 1196.384364][T21592] ? tomoyo_path_number_perm+0x219/0x630 [ 1196.384385][T21592] tomoyo_path_number_perm+0x246/0x630 [ 1196.384409][T21592] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1196.384430][T21592] ? __lock_acquire+0x6b5/0x2cf0 [ 1196.384463][T21592] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1196.384507][T21592] ? __fget_files+0x2a/0x420 [ 1196.384533][T21592] ? __fget_files+0x2a/0x420 [ 1196.384554][T21592] ? __fget_files+0x3a0/0x420 [ 1196.384576][T21592] ? __fget_files+0x2a/0x420 [ 1196.384602][T21592] security_file_ioctl+0xc3/0x2a0 [ 1196.384623][T21592] __se_sys_ioctl+0x47/0x170 [ 1196.384653][T21592] do_syscall_64+0xe2/0xf80 [ 1196.384680][T21592] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1196.384697][T21592] ? trace_irq_disable+0x37/0x100 [ 1196.384722][T21592] ? clear_bhb_loop+0x60/0xb0 [ 1196.384744][T21592] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1196.384762][T21592] RIP: 0033:0x7f1b2eb9acb9 [ 1196.384779][T21592] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1196.384795][T21592] RSP: 002b:00007f1b2cdf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1196.384815][T21592] RAX: ffffffffffffffda RBX: 00007f1b2ee15fa0 RCX: 00007f1b2eb9acb9 [ 1196.384829][T21592] RDX: 0000200000000380 RSI: 00000000400442c8 RDI: 0000000000000005 [ 1196.384841][T21592] RBP: 00007f1b2cdf6090 R08: 0000000000000000 R09: 0000000000000000 [ 1196.384853][T21592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1196.384864][T21592] R13: 00007f1b2ee16038 R14: 00007f1b2ee15fa0 R15: 00007ffecfc48118 [ 1196.384893][T21592] [ 1196.384919][T21592] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1196.884410][T21608] netlink: 164 bytes leftover after parsing attributes in process `syz.2.19074'. [ 1196.987823][T21614] netlink: 16 bytes leftover after parsing attributes in process `syz.1.19076'. [ 1197.003567][T21616] netlink: 32 bytes leftover after parsing attributes in process `syz.0.19078'. [ 1197.031550][T21614] bond0: (slave wlan1): Releasing backup interface [ 1197.039734][T21618] netlink: 16 bytes leftover after parsing attributes in process `syz.3.19077'. [ 1197.050243][T21618] netlink: 16 bytes leftover after parsing attributes in process `syz.3.19077'. [ 1197.067527][T21621] FAULT_INJECTION: forcing a failure. [ 1197.067527][T21621] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1197.084921][T21621] CPU: 1 UID: 0 PID: 21621 Comm: syz.4.19080 Not tainted syzkaller #0 PREEMPT(full) [ 1197.084949][T21621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1197.084962][T21621] Call Trace: [ 1197.084971][T21621] [ 1197.084980][T21621] dump_stack_lvl+0xe8/0x150 [ 1197.085014][T21621] should_fail_ex+0x412/0x560 [ 1197.085048][T21621] _copy_from_user+0x2d/0xb0 [ 1197.085072][T21621] ___sys_sendmsg+0x1c6/0x360 [ 1197.085111][T21621] ? __lock_acquire+0x6b5/0x2cf0 [ 1197.085136][T21621] ? __pfx____sys_sendmsg+0x10/0x10 [ 1197.085202][T21621] ? __fget_files+0x2a/0x420 [ 1197.085227][T21621] ? __fget_files+0x3a0/0x420 [ 1197.085262][T21621] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1197.085297][T21621] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1197.085338][T21621] ? __pfx_ksys_write+0x10/0x10 [ 1197.085371][T21621] do_syscall_64+0xe2/0xf80 [ 1197.085399][T21621] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1197.085418][T21621] ? trace_irq_disable+0x37/0x100 [ 1197.085445][T21621] ? clear_bhb_loop+0x60/0xb0 [ 1197.085469][T21621] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1197.085489][T21621] RIP: 0033:0x7f4f4979acb9 [ 1197.085511][T21621] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1197.085528][T21621] RSP: 002b:00007f4f4a66a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1197.085550][T21621] RAX: ffffffffffffffda RBX: 00007f4f49a15fa0 RCX: 00007f4f4979acb9 [ 1197.085565][T21621] RDX: 0000000000044000 RSI: 0000200000001640 RDI: 0000000000000004 [ 1197.085578][T21621] RBP: 00007f4f4a66a090 R08: 0000000000000000 R09: 0000000000000000 [ 1197.085592][T21621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1197.085604][T21621] R13: 00007f4f49a16038 R14: 00007f4f49a15fa0 R15: 00007fff0d8f74f8 [ 1197.085639][T21621] [ 1197.442411][T21630] gre0: entered promiscuous mode [ 1197.450931][T21630] gre0: entered allmulticast mode [ 1197.720348][T21647] FAULT_INJECTION: forcing a failure. [ 1197.720348][T21647] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1197.733727][T21647] CPU: 0 UID: 0 PID: 21647 Comm: syz.1.19089 Not tainted syzkaller #0 PREEMPT(full) [ 1197.733773][T21647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1197.733788][T21647] Call Trace: [ 1197.733797][T21647] [ 1197.733807][T21647] dump_stack_lvl+0xe8/0x150 [ 1197.733842][T21647] should_fail_ex+0x412/0x560 [ 1197.733879][T21647] _copy_from_user+0x2d/0xb0 [ 1197.733904][T21647] ___sys_sendmsg+0x1c6/0x360 [ 1197.733941][T21647] ? __lock_acquire+0x6b5/0x2cf0 [ 1197.733961][T21647] ? __pfx____sys_sendmsg+0x10/0x10 [ 1197.733990][T21647] ? kstrtouint+0x6e/0xe0 [ 1197.734029][T21647] ? __fget_files+0x2a/0x420 [ 1197.734048][T21647] ? __fget_files+0x3a0/0x420 [ 1197.734075][T21647] __sys_sendmmsg+0x27c/0x4e0 [ 1197.734093][T21647] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1197.734106][T21647] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1197.734168][T21647] ? ksys_write+0x242/0x270 [ 1197.734186][T21647] ? __pfx_ksys_write+0x10/0x10 [ 1197.734206][T21647] __x64_sys_sendmmsg+0xa0/0xc0 [ 1197.734223][T21647] do_syscall_64+0xe2/0xf80 [ 1197.734251][T21647] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1197.734279][T21647] ? trace_irq_disable+0x37/0x100 [ 1197.734300][T21647] ? clear_bhb_loop+0x60/0xb0 [ 1197.734318][T21647] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1197.734333][T21647] RIP: 0033:0x7f91a6f9acb9 [ 1197.734347][T21647] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1197.734360][T21647] RSP: 002b:00007f91a7d8e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1197.734377][T21647] RAX: ffffffffffffffda RBX: 00007f91a7216090 RCX: 00007f91a6f9acb9 [ 1197.734388][T21647] RDX: 0000000000000001 RSI: 00002000000008c0 RDI: 0000000000000003 [ 1197.734398][T21647] RBP: 00007f91a7d8e090 R08: 0000000000000000 R09: 0000000000000000 [ 1197.734408][T21647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1197.734437][T21647] R13: 00007f91a7216128 R14: 00007f91a7216090 R15: 00007ffced604cf8 [ 1197.734469][T21647] [ 1197.992704][T21650] netlink: 32 bytes leftover after parsing attributes in process `syz.2.19091'. [ 1198.094343][T21656] FAULT_INJECTION: forcing a failure. [ 1198.094343][T21656] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1198.110952][T21656] CPU: 0 UID: 0 PID: 21656 Comm: syz.3.19094 Not tainted syzkaller #0 PREEMPT(full) [ 1198.110982][T21656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1198.111003][T21656] Call Trace: [ 1198.111012][T21656] [ 1198.111022][T21656] dump_stack_lvl+0xe8/0x150 [ 1198.111056][T21656] should_fail_ex+0x412/0x560 [ 1198.111090][T21656] _copy_from_user+0x2d/0xb0 [ 1198.111115][T21656] ___sys_sendmsg+0x1c6/0x360 [ 1198.111148][T21656] ? __lock_acquire+0x6b5/0x2cf0 [ 1198.111177][T21656] ? __pfx____sys_sendmsg+0x10/0x10 [ 1198.111254][T21656] ? __fget_files+0x2a/0x420 [ 1198.111283][T21656] ? __fget_files+0x3a0/0x420 [ 1198.111321][T21656] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1198.111359][T21656] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1198.111403][T21656] ? __pfx_ksys_write+0x10/0x10 [ 1198.111437][T21656] do_syscall_64+0xe2/0xf80 [ 1198.111467][T21656] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1198.111487][T21656] ? trace_irq_disable+0x37/0x100 [ 1198.111515][T21656] ? clear_bhb_loop+0x60/0xb0 [ 1198.111542][T21656] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1198.111563][T21656] RIP: 0033:0x7f178479acb9 [ 1198.111582][T21656] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1198.111600][T21656] RSP: 002b:00007f17856f0028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1198.111623][T21656] RAX: ffffffffffffffda RBX: 00007f1784a15fa0 RCX: 00007f178479acb9 [ 1198.111639][T21656] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 1198.111653][T21656] RBP: 00007f17856f0090 R08: 0000000000000000 R09: 0000000000000000 [ 1198.111666][T21656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1198.111678][T21656] R13: 00007f1784a16038 R14: 00007f1784a15fa0 R15: 00007ffec1befa58 [ 1198.111712][T21656] [ 1198.696464][T21682] FAULT_INJECTION: forcing a failure. [ 1198.696464][T21682] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1198.728026][T21682] CPU: 1 UID: 0 PID: 21682 Comm: syz.4.19104 Not tainted syzkaller #0 PREEMPT(full) [ 1198.728056][T21682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1198.728067][T21682] Call Trace: [ 1198.728076][T21682] [ 1198.728086][T21682] dump_stack_lvl+0xe8/0x150 [ 1198.728121][T21682] should_fail_ex+0x412/0x560 [ 1198.728159][T21682] _copy_to_user+0x31/0xb0 [ 1198.728187][T21682] simple_read_from_buffer+0xe1/0x170 [ 1198.728221][T21682] proc_fail_nth_read+0x1bb/0x230 [ 1198.728248][T21682] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1198.728276][T21682] ? rw_verify_area+0x2a6/0x4d0 [ 1198.728310][T21682] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1198.728334][T21682] vfs_read+0x20c/0xa70 [ 1198.728353][T21682] ? fdget_pos+0x246/0x320 [ 1198.728387][T21682] ? __pfx___mutex_lock+0x10/0x10 [ 1198.728419][T21682] ? __pfx_vfs_read+0x10/0x10 [ 1198.728442][T21682] ? __fget_files+0x2a/0x420 [ 1198.728473][T21682] ? __fget_files+0x3a0/0x420 [ 1198.728499][T21682] ? __fget_files+0x2a/0x420 [ 1198.728537][T21682] ksys_read+0x150/0x270 [ 1198.728562][T21682] ? __pfx_ksys_read+0x10/0x10 [ 1198.728596][T21682] do_syscall_64+0xe2/0xf80 [ 1198.728626][T21682] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1198.728648][T21682] ? trace_irq_disable+0x37/0x100 [ 1198.728677][T21682] ? clear_bhb_loop+0x60/0xb0 [ 1198.728705][T21682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1198.728727][T21682] RIP: 0033:0x7f4f4975b58e [ 1198.728747][T21682] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1198.728765][T21682] RSP: 002b:00007f4f4a648fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1198.728787][T21682] RAX: ffffffffffffffda RBX: 00007f4f4a6496c0 RCX: 00007f4f4975b58e [ 1198.728803][T21682] RDX: 000000000000000f RSI: 00007f4f4a6490a0 RDI: 0000000000000004 [ 1198.728815][T21682] RBP: 00007f4f4a649090 R08: 0000000000000000 R09: 0000000000000000 [ 1198.728829][T21682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1198.728841][T21682] R13: 00007f4f49a16128 R14: 00007f4f49a16090 R15: 00007fff0d8f74f8 [ 1198.728877][T21682] [ 1199.081112][T21689] bond1: (slave veth3): Enslaving as an active interface with a down link [ 1199.195475][T21689] bond1: (slave veth5): Enslaving as an active interface with a down link [ 1199.404494][T21705] bridge0: port 2(bridge_slave_1) entered disabled state [ 1199.413168][T21705] bridge0: port 1(bridge_slave_0) entered disabled state [ 1199.562639][T21715] x_tables: unsorted underflow at hook 4 [ 1199.796317][T21731] validate_nla: 4 callbacks suppressed [ 1199.796340][T21731] netlink: 'syz.0.19127': attribute type 4 has an invalid length. [ 1199.879530][T21738] netlink: 'syz.1.19130': attribute type 13 has an invalid length. [ 1200.027516][ T52] Bluetooth: hci5: command 0x0406 tx timeout [ 1200.129288][T21746] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 1200.265378][T21758] __nla_validate_parse: 10 callbacks suppressed [ 1200.265401][T21758] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.19137'. [ 1200.318753][T21754] ip6_vti0 speed is unknown, defaulting to 1000 [ 1200.327192][T21759] [ 1200.329580][T21759] ====================================================== [ 1200.336636][T21759] WARNING: possible circular locking dependency detected [ 1200.343703][T21759] syzkaller #0 Not tainted [ 1200.348149][T21759] ------------------------------------------------------ [ 1200.355194][T21759] syz.0.19135/21759 is trying to acquire lock: [ 1200.361380][T21759] ffffffff8f9245f8 (nr_neigh_list_lock){+...}-{3:3}, at: nr_remove_neigh+0x25/0xe0 [ 1200.370754][T21759] [ 1200.370754][T21759] but task is already holding lock: [ 1200.378154][T21759] ffff888052ae0c70 (&nr_node->node_lock){+...}-{3:3}, at: nr_add_node+0xcce/0x2570 [ 1200.387536][T21759] [ 1200.387536][T21759] which lock already depends on the new lock. [ 1200.387536][T21759] [ 1200.397966][T21759] [ 1200.397966][T21759] the existing dependency chain (in reverse order) is: [ 1200.406998][T21759] [ 1200.406998][T21759] -> #2 (&nr_node->node_lock){+...}-{3:3}: [ 1200.415017][T21759] _raw_spin_lock_bh+0x36/0x50 [ 1200.420342][T21759] nr_rt_device_down+0x12a/0x720 [ 1200.425833][T21759] nr_device_event+0x137/0x150 [ 1200.431144][T21759] notifier_call_chain+0x19d/0x3a0 [ 1200.436801][T21759] __dev_notify_flags+0x16d/0x310 [ 1200.442482][T21759] netif_change_flags+0xe8/0x1a0 [ 1200.448234][T21759] dev_change_flags+0x130/0x260 [ 1200.453643][T21759] dev_ioctl+0x7b4/0x1150 [ 1200.458525][T21759] sock_do_ioctl+0x23e/0x320 [ 1200.463651][T21759] sock_ioctl+0x5c6/0x7f0 [ 1200.468517][T21759] __se_sys_ioctl+0xfc/0x170 [ 1200.473662][T21759] do_syscall_64+0xe2/0xf80 [ 1200.478710][T21759] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1200.485145][T21759] [ 1200.485145][T21759] -> #1 (nr_node_list_lock){+...}-{3:3}: [ 1200.493171][T21759] _raw_spin_lock_bh+0x36/0x50 [ 1200.498496][T21759] nr_rt_device_down+0xa9/0x720 [ 1200.503896][T21759] nr_device_event+0x137/0x150 [ 1200.509202][T21759] notifier_call_chain+0x19d/0x3a0 [ 1200.514862][T21759] __dev_notify_flags+0x16d/0x310 [ 1200.520437][T21759] netif_change_flags+0xe8/0x1a0 [ 1200.525927][T21759] dev_change_flags+0x130/0x260 [ 1200.531329][T21759] dev_ioctl+0x7b4/0x1150 [ 1200.536208][T21759] sock_do_ioctl+0x23e/0x320 [ 1200.541353][T21759] sock_ioctl+0x5c6/0x7f0 [ 1200.546232][T21759] __se_sys_ioctl+0xfc/0x170 [ 1200.551411][T21759] do_syscall_64+0xe2/0xf80 [ 1200.556466][T21759] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1200.562905][T21759] [ 1200.562905][T21759] -> #0 (nr_neigh_list_lock){+...}-{3:3}: [ 1200.570843][T21759] __lock_acquire+0x15a5/0x2cf0 [ 1200.576240][T21759] lock_acquire+0x106/0x330 [ 1200.581288][T21759] _raw_spin_lock_bh+0x36/0x50 [ 1200.586603][T21759] nr_remove_neigh+0x25/0xe0 [ 1200.591743][T21759] nr_add_node+0x1d9f/0x2570 [ 1200.596893][T21759] nr_rt_ioctl+0xcb0/0xdf0 [ 1200.601862][T21759] sock_do_ioctl+0x101/0x320 [ 1200.606994][T21759] sock_ioctl+0x5c6/0x7f0 [ 1200.611953][T21759] __se_sys_ioctl+0xfc/0x170 [ 1200.617103][T21759] do_syscall_64+0xe2/0xf80 [ 1200.622165][T21759] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1200.628949][T21759] [ 1200.628949][T21759] other info that might help us debug this: [ 1200.628949][T21759] [ 1200.639221][T21759] Chain exists of: [ 1200.639221][T21759] nr_neigh_list_lock --> nr_node_list_lock --> &nr_node->node_lock [ 1200.639221][T21759] [ 1200.653157][T21759] Possible unsafe locking scenario: [ 1200.653157][T21759] [ 1200.660624][T21759] CPU0 CPU1 [ 1200.666009][T21759] ---- ---- [ 1200.671393][T21759] lock(&nr_node->node_lock); [ 1200.676180][T21759] lock(nr_node_list_lock); [ 1200.683316][T21759] lock(&nr_node->node_lock); [ 1200.690618][T21759] lock(nr_neigh_list_lock); [ 1200.695356][T21759] [ 1200.695356][T21759] *** DEADLOCK *** [ 1200.695356][T21759] [ 1200.703518][T21759] 1 lock held by syz.0.19135/21759: [ 1200.708733][T21759] #0: ffff888052ae0c70 (&nr_node->node_lock){+...}-{3:3}, at: nr_add_node+0xcce/0x2570 [ 1200.718534][T21759] [ 1200.718534][T21759] stack backtrace: [ 1200.724456][T21759] CPU: 1 UID: 0 PID: 21759 Comm: syz.0.19135 Not tainted syzkaller #0 PREEMPT(full) [ 1200.724487][T21759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1200.724500][T21759] Call Trace: [ 1200.724511][T21759] [ 1200.724522][T21759] dump_stack_lvl+0xe8/0x150 [ 1200.724551][T21759] print_circular_bug+0x2e1/0x300 [ 1200.724580][T21759] check_noncircular+0x12e/0x150 [ 1200.724607][T21759] __lock_acquire+0x15a5/0x2cf0 [ 1200.724637][T21759] ? nr_remove_neigh+0x25/0xe0 [ 1200.724653][T21759] lock_acquire+0x106/0x330 [ 1200.724671][T21759] ? nr_remove_neigh+0x25/0xe0 [ 1200.724687][T21759] ? nr_add_node+0xcce/0x2570 [ 1200.724713][T21759] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1200.724750][T21759] ? nr_remove_neigh+0x25/0xe0 [ 1200.724766][T21759] _raw_spin_lock_bh+0x36/0x50 [ 1200.724789][T21759] ? nr_remove_neigh+0x25/0xe0 [ 1200.724805][T21759] nr_remove_neigh+0x25/0xe0 [ 1200.724822][T21759] nr_add_node+0x1d9f/0x2570 [ 1200.724849][T21759] ? __asan_memcpy+0x40/0x70 [ 1200.724878][T21759] ? nr_call_to_digi+0x126/0x1b0 [ 1200.724905][T21759] nr_rt_ioctl+0xcb0/0xdf0 [ 1200.724936][T21759] ? __pfx_nr_rt_ioctl+0x10/0x10 [ 1200.724967][T21759] ? apparmor_capable+0x137/0x1a0 [ 1200.724989][T21759] ? capable+0x88/0xe0 [ 1200.725102][T21759] ? nr_ioctl+0x1b1/0x3b0 [ 1200.725128][T21759] sock_do_ioctl+0x101/0x320 [ 1200.725152][T21759] ? __pfx_sock_do_ioctl+0x10/0x10 [ 1200.725171][T21759] ? do_futex+0x333/0x420 [ 1200.725198][T21759] sock_ioctl+0x5c6/0x7f0 [ 1200.725218][T21759] ? __pfx_sock_ioctl+0x10/0x10 [ 1200.725237][T21759] ? __fget_files+0x2a/0x420 [ 1200.725259][T21759] ? __fget_files+0x3a0/0x420 [ 1200.725280][T21759] ? __fget_files+0x2a/0x420 [ 1200.725304][T21759] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1200.725323][T21759] ? __pfx_sock_ioctl+0x10/0x10 [ 1200.725341][T21759] __se_sys_ioctl+0xfc/0x170 [ 1200.725371][T21759] do_syscall_64+0xe2/0xf80 [ 1200.725397][T21759] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1200.725414][T21759] ? trace_irq_disable+0x37/0x100 [ 1200.725439][T21759] ? clear_bhb_loop+0x60/0xb0 [ 1200.725459][T21759] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1200.725477][T21759] RIP: 0033:0x7f1b2eb9acb9 [ 1200.725496][T21759] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1200.725513][T21759] RSP: 002b:00007f1b2cdd5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1200.725534][T21759] RAX: ffffffffffffffda RBX: 00007f1b2ee16090 RCX: 00007f1b2eb9acb9 [ 1200.725549][T21759] RDX: 0000200000000440 RSI: 000000000000890b RDI: 000000000000000b [ 1200.725564][T21759] RBP: 00007f1b2ec08bf7 R08: 0000000000000000 R09: 0000000000000000 [ 1200.725576][T21759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1200.725588][T21759] R13: 00007f1b2ee16128 R14: 00007f1b2ee16090 R15: 00007ffecfc48118 [ 1200.725610][T21759] [ 1205.066007][ T5842] Bluetooth: hci3: command 0x0406 tx timeout