last executing test programs: 13.789829579s ago: executing program 3 (id=6223): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58) (async) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept(r0, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000300), r1) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async, rerun: 32) r3 = socket(0x400000000010, 0x3, 0x0) (async, rerun: 32) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r5, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) (async) sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x34, 0x2c, 0xd3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xb, 0xfff3}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0) (async, rerun: 64) r6 = socket(0x400000000010, 0x3, 0x0) (rerun: 64) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x38, 0x2c, 0xd3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xb, 0xfff3}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x8, 0x2, [@TCA_BASIC_EMATCHES={0x4}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000780)=ANY=[], 0xfe0}, 0x1, 0x0, 0x0, 0x1}, 0x1) 13.676717579s ago: executing program 3 (id=6228): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x3c8, 0x0, 0x111, 0x4b4, 0x1e0, 0xd4feffff, 0x2f8, 0x20a, 0x278, 0x2f8, 0x278, 0x3, 0x0, {[{{@ipv6={@empty, @empty, [0x0, 0xffffff00], [0x0, 0xffffffff], 'ipvlan0\x00', 'team_slave_0\x00', {}, {}, 0x73, 0xe}, 0x0, 0x198, 0x1e0, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x2, 0x4, 0x3, 0x0, 0x8}}, @common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "6d93eb04697dfa39de04767f46614613a407abbf4ed2e83a63b484dbb3bf6b2a850e79009e2905d2f98ba19f91f3c9faee6d3686e9bee067f4e77d9ad66238750c4100d7ee97ec7646259d90edece6e9787a97bc956c01754c34c5c9518c46178ed5f9194454980e579c80eca35a58dc47d1d5e4ff6e216c724e88c702448587", 0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00', 0x1, 0x8, {0x2}}}}, {{@ipv6={@remote, @mcast2, [0x0, 0x0, 0xff000000], [0xff], 'veth1_to_hsr\x00', 'veth0_to_bond\x00'}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@ipv4={'\x00', '\xff\xff', @loopback}, 'wlan1\x00', {0x7}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x428) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@setneightbl={0x24, 0x43, 0x2, 0x70bd28, 0x25dfdbfb, {0x2}, [@NDTA_THRESH3={0x8, 0x4, 0xe0}, @NDTA_THRESH1={0x8, 0x2, 0xd}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x8000) 13.42941537s ago: executing program 3 (id=6231): r0 = openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000040), 0x2, 0x0) ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000140)={0x0, 0xfbf6, 0x100000001, 0x1}) ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000540)={r1, 0xe8, 0xfffffffffffffffc, 0x1}) (async) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000d40)=ANY=[@ANYBLOB="6000000010000104a0518fd50000000000000000", @ANYRES32=0x0, @ANYBLOB="096b0200000000002c00128009000100626f6e64000000001c00028006001900ff030000080009000100"], 0x60}, 0x1, 0x0, 0x0, 0x20044054}, 0xd4) 13.107478073s ago: executing program 3 (id=6241): listen(0xffffffffffffffff, 0x100) (async) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000001e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0b04000000000000000002000000400004803c0001800900010068617368000000002c00028008000640e80000ff08000140000000030800044020000003080003400000000408000240000000120900010073797a30000000000900020073797a32"], 0x94}}, 0x0) (async) accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) (async) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) (async, rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0xa4}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0xd}], {0x95, 0x0, 0x9}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x85}, 0x52) (async, rerun: 32) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_AUTHENTICATE(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="110000000000fcdbdf252500000008000300", @ANYRES32=r5, @ANYBLOB="0800350000000000a4038b4d0a000600ffffffffffff0020"], 0x30}}, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000003c0)='sys_enter\x00', r1}, 0x18) (async, rerun: 64) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) (rerun: 64) setsockopt$inet6_tcp_int(r6, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) (async) connect$inet6(r6, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c) (async) r7 = socket$xdp(0x2c, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'sit0\x00', 0x0}) (async, rerun: 32) setsockopt$XDP_TX_RING(r7, 0x11b, 0x3, &(0x7f00000001c0)=0x2, 0x4) (async, rerun: 32) setsockopt$XDP_UMEM_COMPLETION_RING(r7, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r7, 0x11b, 0x5, &(0x7f0000000240)=0x4000, 0x4) bind$xdp(r7, &(0x7f0000000100)={0x2c, 0x0, r9}, 0x10) (async, rerun: 64) bind$xdp(r7, &(0x7f0000000200)={0x2c, 0x4, 0x0, 0x11}, 0x10) (rerun: 64) setsockopt$inet6_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f00000002c0), 0x4) (async) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4) (async) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_128={{0x304}, "bd88818314ff7d84", "0b3ea924c47b25d75b4cd362581725c7", "fa00", "d5a1d50399459b68"}, 0x28) recvfrom$inet6(r6, &(0x7f0000000300)=""/218, 0xda, 0x120, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), r6) (async) shutdown(r6, 0x0) 12.977031866s ago: executing program 3 (id=6243): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'gretap0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x4}]}}]}, 0x3c}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) sendmsg$NFT_MSG_GETSETELEM(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)={0x14, 0xd, 0xa, 0x801, 0x0, 0x0, {0x0, 0x0, 0xd}}, 0x14}}, 0x8800) 12.768787181s ago: executing program 3 (id=6249): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) r2 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4) bind$inet6(r2, &(0x7f0000000200)={0xa, 0x4e20, 0x4000b, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x12}}, 0x80ad}, 0x1c) r3 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x33, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x1}]}, 0x10) bind$inet6(r3, &(0x7f0000000200)={0xa, 0x4e20, 0x4000b, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x12}}, 0x80ad}, 0x1c) sendmsg$MPTCP_PM_CMD_GET_ADDR(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000010000000000000300000014000180060001"], 0x28}}, 0x0) 2.559856056s ago: executing program 2 (id=6354): socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0x1, 0x7}, 0x6) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r2, 0x84, 0x17, &(0x7f0000000600)=ANY=[@ANYRES32=r2], 0x27) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000001340)={'batadv0\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @local}, @loopback, 0x5, 0x2, 0x8, 0xc00, 0x7, 0xc80032, r3}) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00') r4 = accept$ax25(0xffffffffffffffff, 0x0, &(0x7f0000000040)) recvfrom$ax25(r4, &(0x7f0000000100)=""/148, 0x94, 0x40, &(0x7f0000000240)={{0x3, @bcast, 0x8}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) unshare(0x6a040000) r5 = socket(0x8, 0x3, 0x0) r6 = syz_init_net_socket$ax25(0x3, 0x5, 0xce) ioctl$SIOCAX25ADDUID(r6, 0x89e1, &(0x7f0000000240)={0x3, @bcast, 0xee00}) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, 0x0) 2.117780687s ago: executing program 1 (id=6359): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYRESDEC=r0], 0x138}, 0x1, 0x0, 0x0, 0x20000010}, 0x401c000) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_LIMIT={0x8, 0x1, 0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c) 1.96098545s ago: executing program 0 (id=6360): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = socket(0x2, 0x80805, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r1, 0x84, 0x23, &(0x7f0000000100)={0x0, 0xa11c}, 0x8) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_buf(r2, 0x29, 0xcf, 0x0, 0x4) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0xf, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r6 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r6, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r7 = socket$l2tp(0x2, 0x2, 0x73) bind$l2tp(r7, &(0x7f0000000180)={0x2, 0x0, @multicast1, 0x4}, 0x10) close(r7) sendmsg$nl_route_sched(r3, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r5, {0x0, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0xfffffffd, 0x400, 0xffffffffffffffff, 0x6, 0x7}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x0) 1.925871464s ago: executing program 1 (id=6361): bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x10, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007baaf8ff00000000b7080000341200007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb702000008"], 0x0, 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x4, &(0x7f0000000740)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x61}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000880)={r0, 0x2f, 0x28, 0x0, &(0x7f0000000640)="c1dfb080cd21d308098e000081007e2288a8", 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="c34edc406b6da974505e90f99d29fd86fd43eb3b8156f23f99f85c13853d7e91b80e928ff1978c454cc362d84630e7b023a3e92e7da36f120c075e426ecc4d261aec6c5a81febcfc15d4898bbbde53bb3b8bc879bd7c050c21f1aab311ccba7d89b859d6ff1d6027716ed00163a2d35dc920384ce5b71f6aa741ed9af0191f379a9743b8c63f30ad5f7c6fd13a2ba036aaa5a94e6e51130dddf7818cad07e59bc12111e55b13c729d0d5b3ee54f31df595285b5aadcf5c974e9fc41063fe20d8df88a42ea570ce5ff0daae69446f441ef561eb031e532f2ae1931a6aec14aa5a6cc7580c"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) 1.90095214s ago: executing program 2 (id=6362): r0 = socket$netlink(0x10, 0x3, 0xc) close(r0) (async) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) (async, rerun: 64) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)={{0x14, 0x10, 0x7c, 0x0, 0x6000, {0x5}}, [@NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_EXPR={0x14, 0x11, 0x0, 0x1, @counter={{0xc}, @val={0x4}}}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x2}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, "d1"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xb8}}, 0x40) (rerun: 64) 1.161322445s ago: executing program 4 (id=6363): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0x64}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x80) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5, 0x0, 0x4}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @fwd={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_FWD_NFPROTO={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_FWD_SREG_DEV={0x8, 0x1, 0x1, 0x0, 0x17}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc0}}, 0x0) 1.025401084s ago: executing program 0 (id=6364): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x9, 0x8c4b815a5465c2b1, r1, 0xb0260000) mmap(&(0x7f0000691000/0x4000)=nil, 0x4000, 0x3, 0x28011, r0, 0xc6e9f000) mmap(&(0x7f0000d8c000/0x1000)=nil, 0x1000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000867000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0xffffe000) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x7000000, 0x6e073, r1, 0x2000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), r2) sendmsg$DEVLINK_CMD_PORT_GET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)=ANY=[@ANYBLOB="3cf6449147ae982d4f215c53e647c7000000", @ANYRES16=r3, @ANYBLOB="0100ffffffff00000000390000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800730000000000"], 0x3c}}, 0x0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000008, 0x11, r0, 0x9610c000) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r1, 0xc0096616, &(0x7f0000000100)={0x4, [0x0, 0x0, 0x0, 0x0]}) 980.692843ms ago: executing program 1 (id=6365): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x1, 0x6}, 0x4) (async) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x50, 0x0, 0x5, 0x38f0}, {0x6, 0x1, 0x2, 0xffffffff}]}, 0x10) (async) r1 = socket$inet6(0xa, 0x2, 0x0) (async) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) (async) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) (async) socket(0x2, 0x5, 0x0) (async) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast}) ioctl$TUNSETVNETBE(r3, 0x400454de, &(0x7f0000000080)=0x1) ioctl$TUNSETTXFILTER(r2, 0x400454d1, &(0x7f00000001c0)=ANY=[@ANYBLOB="ffffffffff04a900ae9df07fe0ce17cd3b6fa34b53bbc4d5587a5acb10a5492e69f2a3c71e807e88b7ebb120e8540d1ecdad9c1429eb5ff0250761afb116ba708d5b10ab08c62b8ad328751c9d4403e246fc2c70baaca5fb9cde598dae65c808935c967a8e559f790f6f5b7c05d20c0a4e2e02ff34117dc4faf37733d25d17a0312863d8db9c49091e4714932cc47dc3365ff78138480024ee7d07ec50674c99e4e0cf4f3ecc9ccf02f8949ff2c31b2303b5d2f78a7ca38c963fd4771f6f02fa4240f0de4400baf781a70a228c1ed382d0bb"]) (async) r4 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmmsg$inet(r1, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @dev={0xac, 0x14, 0x14, 0x41}, @empty}}}], 0x20}}], 0x1, 0x8000004) 851.872098ms ago: executing program 4 (id=6366): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000540)=0x5, 0x4) (async) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000540)=0x5, 0x4) listen(r0, 0x0) (async) listen(r0, 0x0) close(r0) (async) close(r0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000061106d000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = syz_init_net_socket$ax25(0x3, 0x5, 0xce) bind$vsock_stream(r1, &(0x7f0000009c80)={0x28, 0x0, 0xffffffff, @host}, 0x10) (async) bind$vsock_stream(r1, &(0x7f0000009c80)={0x28, 0x0, 0xffffffff, @host}, 0x10) r2 = socket$igmp(0x2, 0x3, 0x2) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0xc) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=@can_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@CGW_DST_IF={0x8}, @CGW_SRC_IF={0x8}, @CGW_MOD_UID={0x8, 0xe, r4}, @CGW_MOD_SET={0x15, 0x4, {{{0x3, 0x1, 0x1, 0x1}, 0xa, 0x1, 0x0, 0x0, "0325175362eb4cf2"}, 0x4}}]}, 0x44}}, 0x0) ioctl$SIOCAX25GETUID(r1, 0x89e0, &(0x7f0000000440)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, r4}) setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0xb001, 0x4, 0x3e8, 0x1f8, 0xe8, 0x0, 0x300, 0x300, 0x300, 0x7fffffe, 0x0, {[{{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28}}, {{@uncond, 0xc0, 0x110, 0x0, {0x0, 0x1e03}}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@local, @empty, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x2, 0x1}}}, {{@arp={@initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x9}, 0x0, 0x0, 0xf, 0x6, {@empty, {[0x0, 0xff]}}, {@mac=@multicast}, 0x0, 0x0, 0xf, 0x7f, 0x0, 0x0, 'wlan1\x00', 'netpci0\x00', {0xff}, {0xff}}, 0xc0, 0x108}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x33, 'syz0\x00', {0x5}}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0xff7e) 851.156669ms ago: executing program 2 (id=6367): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f00000006c0), 0x0, 0x0) shutdown(r0, 0x1) r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000001a0001000000000000000000022091428306db374578db832000000000000000"], 0x24}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) writev(r2, &(0x7f0000000400), 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000180)={0x0, 0x1ff, 0x0, 0x9, 0x1, 0x4, 0x2, 0x3, {0x0, @in6={{0xa, 0x4e20, 0x8, @empty, 0xfffffffb}}, 0x7fff, 0xc, 0x0, 0x6, 0x2817c26c}}, &(0x7f00000000c0)=0xb0) r3 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt(r3, 0x1, 0x1e, 0x0, &(0x7f00000004c0)) r4 = socket(0x11, 0xa, 0x0) getsockname$packet(r4, 0x0, &(0x7f0000000040)) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$sock_attach_bpf(r5, 0x1, 0x21, &(0x7f00000001c0), 0x4) bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e20, 0x5, @mcast2, 0x1}, 0x1c) recvmsg(r5, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000600)=""/203, 0xcb}], 0x1}, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getsockopt$sock_buf(r6, 0x1, 0x1f, 0x0, &(0x7f0000001040)=0xa00) ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x8914, &(0x7f0000000100)={'netdevsim0\x00', 0x4000}) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x24, 0x0, 0x10, 0x70bd27, 0x25dfdbfc, {{}, {}, {0x8, 0x11, 0x101}}, ["", "", "", "", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x11}, 0x8000) 821.171646ms ago: executing program 0 (id=6368): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000140)=ANY=[@ANYBLOB="44010000100001000000000000000000fe800000000000000000000000000000ac1e000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc0100000000000000000000000000000000000032000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000048000200656362286369706865725f6e756c6c2900"/233, @ANYRES32], 0x144}}, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_WIPHY(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x24, r2, 0x400, 0x2000, 0x100002, {}, [@NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x85}, @NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0x8}]}, 0x24}}, 0x2000c000) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x89ff, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000400)=@ethtool_ringparam={0x6, 0x0, 0x20040001}}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'gre0\x00', &(0x7f0000000280)={'gre0\x00', 0x0, 0x1, 0x20, 0x4, 0x1, {{0x36, 0x4, 0x0, 0x13, 0xd8, 0x66, 0x0, 0x71, 0x4, 0x0, @remote, @private=0xa010102, {[@lsrr={0x83, 0x13, 0xf6, [@remote, @broadcast, @loopback, @broadcast]}, @ra={0x94, 0x4}, @timestamp_addr={0x44, 0x4c, 0x2c, 0x1, 0x0, [{@broadcast, 0x58}, {@private=0xa010102, 0x4}, {@rand_addr=0x64010101, 0xffffffc0}, {@private=0xa010102, 0x2}, {@dev={0xac, 0x14, 0x14, 0x21}, 0xa5}, {@private=0xa010101, 0x401}, {@rand_addr=0x64010101, 0x1}, {@initdev={0xac, 0x1e, 0x0, 0x0}}, {@multicast1, 0x401}]}, @noop, @generic={0xac6f4bbdc2544eca, 0x5, "cd0c40"}, @cipso={0x86, 0x57, 0x1, [{0x7, 0xd, "6ccc26b3e98e348fcb8fa5"}, {0x7, 0xc, "10f644e8cd9bf627d68a"}, {0x2, 0x10, "1cf220ccc3eca41f9a71547ca5c2"}, {0x0, 0xc, "826079dc937c828bf2d1"}, {0x6, 0x12, "94ef97181743c69f853df355d7ff2133"}, {0x2, 0xa, "1786208799349b58"}]}, @ra={0x94, 0x4}]}}}}}) sendto$packet(r5, &(0x7f0000000080)="9cd6f92988", 0x5, 0x8000, &(0x7f0000000380)={0x11, 0x19, r6}, 0x14) sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r2, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r4}, @void}}}, 0x28}, 0x1, 0x6c00}, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000c40)=@ipv6_newrule={0x30, 0x20, 0x2d2c6d60ea1da725, 0x70bd26, 0x25dfdbfd, {0xa, 0x0, 0x0, 0xcd, 0xff, 0x0, 0x0, 0x1, 0x10002}, [@FIB_RULE_POLICY=@FRA_PRIORITY={0x8}, @FIB_RULE_POLICY=@FRA_UID_RANGE={0xc}]}, 0x30}, 0x1, 0x0, 0x0, 0x20008081}, 0x0) 731.444363ms ago: executing program 4 (id=6369): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001e00)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000000000280000000000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142da7646c4fe02996b60cf81ebcd50fa9ea4308123f602000000000000de89e661168c1886d0d4d94f204e345c652fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762011052eac2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dc8aff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340a1c8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e4b9ec7a410ec42315255be1ed66d9051f22614d1f62734d679039a97d2b74f9e8e997ccd314000f747f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90de36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798ab20000000bebd69413afc9d8a5edd7aaa000000000000001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d2000000000000000819363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480e5aee9c9e5f2e5a56a6d920335c8e8726fd8329d9a728995b1531bd20360d33d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c55969a2b50025419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba84279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047050d7296cd3856476a60a49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5603a9d801300000000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2dde267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed03a6fe7860b3e13c3173a60a1823cb7dde8212a8531bd9060000006a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d34df524b760ab92efcce7dd1574052c73596f860221156437f4d6b76ecc4b35bf6a752c015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d535556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbebe6c74d71ec3b23e29895eff1d1017024fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a0000000000000001ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba0790ee0d112f99e59ba82e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c685d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921414d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a930867094fd6a78218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9db696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee52303da186b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c44500f8ffff970d5254727e804dbd99ccefb7c09269dd2c5ca93125e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8f09c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c1b04e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3138e2361c51cd1eab8a26b232acf6bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305977eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f87204311327c18380fedf3d309d8549f99bf6c5cb060fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39289f675f39d01719cdbab3f1ce1060f3e6806e774a5f079c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f2fafd45bb7d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae794286b6c3e1f5a76b85ed6e1f0000c608b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc882d8f5d55e5e7ebf147105272aaae56e86d856b3cf79a3f7306436762dd07cebc7892ec6f9f696da38feed3dc0001500e34adae1ba89a32bad2af9030f840f1ba4664f35547cdadd5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1951393352bc756f3fcaad2c1c399a3e43eaaeca70db90f2fa395964434476719334482eb5424c81814079a24fe3681ad9ac361f71ac279a688f10a12105edebc5e3b8dad4c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e9300b0144fe040cf5fcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fbdd351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd61dfb3de7f503d58ac8c8a0b07d9859e04adb18964dcce9bce546074c26dffbc2dff78ce9308c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f200000000000000000089de7f8485d9507164a187220b36ddc7fa645d4bd0c1414c30a416f80ba17d21d53961471b2d2d459e4bb23230d676ca49633b25e26a322024beb7c3427da59f7daa70a5d44a0eb895f29245df6401295d3da939954e126a3be932f47fe61ef1bfe83086651af7e23c2a8fa702b9aaa65aa3edaaa6b3f5a0c7cdfd008c898d73bb97168ca390ef539800000000000077a5ad1e683aeff92bb0b66b33ed878df1e344b99450086c819bf174578705c049d2fb25a91ba04643cde1a3c391d8646e5249dbf28b13b1c4d5127f685ee0c0576bf74e17cd3b4df4eb7095e504e361689572b0f93ff1dc6f52e8728a03e5a4df80a32c6055df8f4f4152c0d74d793b20ac2cfa907b5af80716118f82027d3e4cb096fe86de545008b85cb9b637bca30d765b0c3ad489db32955454dcfe000000002830e5e125322d2f5829040a91405bf2fe5bf14833fd7b1e72c775f267bc4511183096eff3188a288c408b10285e7ec75f826e9b08a82cde1f4470545eebc71440623752e87ecc689b7fec2f667e22705b4660b2ef936cce446244bb48f8c7d062ea4a955facf6c2957cfb3c3ee9229efab5b72a5c5266eb493c7c3b08a91971692d9673cb9df620a8240d4f94b9fafd8e2bf0f9cedd1e08f4f10fd8f25f3169ed878624adccb5572cb918e0e3ba7e4ac0967aa65241903509778e63bebf00107524f858d7d48ef9e2c112c75d732344dc0a9bc506172d5a45e3bcb203862307c24c20fe1ffe6b5a43dbc1b20156161b5f59ab9955f2a6fbc64f547a671ded4896d8c4bac78f23e15c8e6cb72599d27607e5a1ad434cdee73d026e5dd14d9824202052181dda714fff7dc43444bc948541f641ac8215a5dae7fa8a50897b916a856aedcdf16be8736b33823ab7b2f1c77554bf2c36e412fcdc2c7c2bf0499ed5dfe84db2d7d3bb802f47dd2ebb7945e09f542d464dfbd2c70a90ab36ebd331a6549fa16f2e83a06c512c83eec56b5b94040d31da56e021a48c8651ebf3e1f8931a6d18150f1d76d07e7d8ecacbed15e9c2a50e610f1d0b523083b182cde6cf655ddd45409400c23fb89eba0db0ab4eee055a60a6ac7fea75703e8e4d737bfabae0fc3c1406b6b454ba694673a69b1782eb0052c2a4e251c8f96c7bcab1845dc347ded7fb207fd19f2bea2e496d63613af735b8e8376658ce4b43a09b53846f0a0218661d917e39bcd79063128f4c5c570b6214db8ed5e1255d48725ad8dc0d3c5aafafb47095dc1f3572650e4b3d0540cec5340638d325897dc3ecc721634875abc32f6ea1c28bf579013269924fc1388f42741b45e99bf7b77322210cf699b2590a33f51f95c572b12156910e926f184d2a309caeef8c206093ee3ab2aec16959da2425"], &(0x7f0000000140)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffe3d}, 0x48) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="d8000000180081064e81f782db4cb904021d0800fd007c05e8fe55a10a0005000140020203600e4109000800ac00060311000000160012000a00fc000000035c3b61c1d67f6f94007134cf6efb8000a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000000008af26c8b7b55f4d2a6823a45f28fcb1d", 0xd8}], 0x1}, 0x0) 561.471016ms ago: executing program 2 (id=6370): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x68, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_SEQ_ADJ_REPLY={0x4, 0x4}]}, 0x68}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0x74}]}, &(0x7f0000000080)='syzkaller\x00', 0x4}, 0x90) 556.082159ms ago: executing program 4 (id=6371): bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x21, 0x5, 0x0, 0x0, 0x5}, 0x48) (async) socket$packet(0x11, 0x2, 0x300) (async) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) (async) r1 = socket(0xa, 0x3, 0x3a) socket$inet_mptcp(0x2, 0x1, 0x106) (async) setsockopt$MRT6_TABLE(r1, 0x29, 0xc8, 0x0, 0x0) (async) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0x6, &(0x7f0000000400)={0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, {0x0, @in={{0x2, 0x4e1e, @remote}}}}, &(0x7f0000000100)=0xb0) r2 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000040)={'vxcan1\x00', 0x0}) connect$can_bcm(r2, &(0x7f0000000140)={0x1d, r3}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000c80)=ANY=[@ANYBLOB="cc000000", @ANYRES16=r5, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=0x0, @ANYBLOB="55000e0080000000080211000000080211000001505050505050000000000000000000009d92fd67da8a"], 0xcc}}, 0x0) (async) recvmmsg(r2, &(0x7f0000007140)=[{{0x0, 0x0, 0x0}, 0x6}], 0x1, 0x40010000, &(0x7f0000007300)={0x0, 0x989680}) (async) r6 = socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) (async) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) (async) r7 = socket$can_raw(0x1d, 0x3, 0x1) (async) close(0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) r9 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r9, 0x11, 0x40, &(0x7f0000000b40)=@raw={'raw\x00', 0x2, 0x3, 0x1b8, 0x0, 0x178, 0x178, 0x178, 0x178, 0x230, 0x230, 0x230, 0x230, 0x230, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x218) sendmsg$nl_route_sched(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r8, {0xb, 0x6}, {0x3, 0xfff9}, {0x2}}}, 0x24}}, 0x0) 535.967987ms ago: executing program 1 (id=6372): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x4b}, [@ldst={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) socket$inet(0x2, 0x4, 0x8c23) r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 449.467385ms ago: executing program 0 (id=6373): ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000000)={'ip6tnl0\x00', &(0x7f0000000080)={'ip6gre0\x00', 0x0, 0x4, 0x5, 0x5, 0xa9, 0x21, @ipv4={'\x00', '\xff\xff', @remote}, @remote, 0x20, 0x20, 0x1, 0xf}}) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4e4ff000000000079100000000000006300f8ff000000009500740000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', r0}, 0x94) 441.1817ms ago: executing program 2 (id=6374): socket$nl_netfilter(0x10, 0x3, 0xc) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) socket$inet6_tcp(0xa, 0x1, 0x0) socket(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) (async) socket$netlink(0x10, 0x3, 0x0) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_DAEMON(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x301, 0x70bd2a, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x20000090}, 0x20000080) (async) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000cd03000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0xedf0e51957efc755, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r2}, &(0x7f0000000240), &(0x7f0000000380)=r3}, 0x20) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r3, 0x18000000000002a0, 0x5ee, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) (async) syz_extract_tcp_res(0x0, 0x8, 0x400) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x103a, 0x300, 0x70bd25, 0xfffffffc, {0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x4004081}, 0x0) 439.264415ms ago: executing program 4 (id=6375): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3000000010005fba00"/20, @ANYRES32=0x0, @ANYBLOB="800002000800000008001b000000000008000d0001000000"], 0x30}}, 0x0) r2 = socket(0x2d, 0x2, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x9, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000000)={r2}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xb, 0x3, &(0x7f0000000000)=@framed={{0x62, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0x4e}}, &(0x7f0000000480)='GPL\x00'}, 0x90) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) readv(r0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/24, 0x18}], 0x1) 403.840184ms ago: executing program 1 (id=6376): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000580)={'netdevsim0\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000a40)={r0, r2, 0x25, 0x8, @void}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000008c0)=@setlink={0x30, 0x13, 0x709, 0x0, 0x0, {}, [@IFLA_NET_NS_PID={0x8}, @IFLA_TARGET_NETNSID={0x8}]}, 0x30}}, 0x0) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000027c0)=@newtfilter={0x8b0, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r7, {0x0, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x87c, 0x2, [@TCA_MATCHALL_ACT={0x878, 0x2, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x1ff, 0x3, 0x10000, 0x81, 0x7f, 0xfffffffb, 0x4, 0x2, 0xffffffc0, 0x5, 0x2234, 0x7f, 0x81b, 0x800, 0x8, 0x0, 0x3, 0x7ed53619, 0x1, 0x2, 0x9644, 0x4, 0x58b, 0x85a, 0x3ff, 0x46, 0x2, 0x1, 0x0, 0x80000000, 0x10001, 0x790, 0x5, 0xab2, 0xfffffff9, 0x1a77, 0x9, 0x3, 0x400, 0x63c, 0x4, 0xffffffff, 0x1, 0x3, 0x1, 0x5b1f, 0x7b0, 0x7, 0x100, 0x6, 0xd, 0xff, 0x3, 0x10000, 0x6, 0x6b7, 0x1ff, 0x80, 0x4, 0x7, 0x3, 0xa14, 0x3, 0x2, 0x80000000, 0x81, 0x7, 0x8, 0x5, 0x10001, 0xf7, 0x3, 0xfffffff9, 0x9, 0x4, 0x8, 0xfff, 0x3, 0x1, 0x6, 0x7, 0x8, 0x100, 0xc0000000, 0x6, 0x6, 0x6, 0x8, 0x80000001, 0x8, 0x1d24, 0x2, 0x9, 0x0, 0x7f, 0x7, 0x863c, 0xff, 0x24, 0x5, 0x7, 0x6, 0x7a, 0x8, 0x0, 0x7, 0x470, 0x7f, 0x6, 0x0, 0x1, 0x0, 0x4, 0x9, 0x61, 0x200, 0x6, 0x2, 0x2, 0x6, 0x10001, 0x8, 0x7, 0xf, 0xda56, 0x7ffffffe, 0x80, 0x2f0cb955, 0x7, 0xfed, 0xf, 0x6ae, 0x2, 0x1, 0x9, 0x8001, 0x0, 0xec000, 0x0, 0x1, 0x2, 0xfffffffb, 0x7, 0x8, 0x4, 0x1, 0xffffcf1b, 0x282, 0x5517bc7b, 0x3, 0x4, 0xb6b, 0x5, 0x0, 0xac, 0x9, 0x6, 0x10, 0x9, 0x8, 0x80000001, 0x0, 0x74, 0x2, 0x7fffffff, 0x0, 0xa, 0x6, 0xffffffff, 0x8, 0x2, 0x7, 0x7f, 0x5, 0x3, 0xa, 0x1, 0x0, 0x9, 0x300, 0x5, 0x3, 0x6, 0xffffffff, 0xffb, 0xff, 0x5, 0x8, 0x3, 0x2, 0x5, 0xfca, 0x399d, 0x6, 0x8ab6, 0x18000, 0x2, 0xfffffff9, 0x2, 0x2, 0x528c, 0x5, 0x200, 0xac, 0xf, 0xd05, 0x9a2ce73, 0x4, 0x6, 0xe074, 0x6b10, 0x5, 0x1, 0x6, 0xb, 0xa26, 0xaf6, 0x0, 0xec, 0x8, 0xde16, 0xc418, 0xffffffff, 0xffffffff, 0x9, 0x400, 0x80001, 0x5, 0x354d, 0x5, 0x2, 0x1, 0x7, 0x1, 0x177, 0x7, 0x0, 0x80, 0x5, 0x8, 0xfffffffb, 0x9, 0xe7b, 0x0, 0x7, 0x42bf, 0x10000, 0x9, 0x9, 0x6, 0x4b75, 0x80000001, 0x1000, 0x5915, 0x10001, 0x1]}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x1080, 0x4, 0xec2, 0x6, 0x8, 0x400, 0x5, 0x1, 0x7, 0x470, 0x487, 0x100, 0xa99, 0xffffff01, 0x5, 0x37f, 0x8, 0x6, 0x3, 0x3, 0x800, 0xd2f5, 0x40, 0x4, 0x4, 0x5, 0x7, 0x12, 0x2, 0x8, 0x101, 0xffffffff, 0x2, 0x10000, 0xa6, 0x3, 0x10000, 0x5, 0x4, 0x0, 0x3, 0x0, 0xd, 0x6, 0x98, 0x8, 0x6, 0x9, 0x1000, 0xb3000, 0xf, 0x3, 0x9, 0xb4, 0x94d, 0x9, 0x8, 0x6, 0x9, 0xec0, 0xffff, 0x4, 0x2, 0x3ff, 0x3e, 0xb828, 0x0, 0x0, 0x365, 0x8, 0x8, 0xf, 0x1, 0xfffffffe, 0xfffffff6, 0x93, 0x7ff, 0x92, 0x0, 0x7, 0xfffffffc, 0x7ff, 0x9, 0x2, 0x0, 0x2, 0x8, 0x4, 0x3, 0x9, 0xc, 0x0, 0x3, 0x3, 0x400, 0x100000, 0x2000007f, 0x2, 0x8, 0x4, 0x7, 0x4, 0x7, 0xfffffffa, 0x101, 0xadd9, 0x1, 0x0, 0x7, 0x7fffffff, 0x2, 0x4, 0x0, 0x5, 0x4, 0x3, 0x8, 0x9, 0x6, 0x6, 0x2, 0xb, 0x3, 0x7f, 0xffff, 0x401, 0x1685, 0xa252, 0x2, 0x200, 0x3, 0x1, 0x400, 0xfffffffc, 0xfffffffc, 0x1000, 0x7ff, 0x1, 0x1f6, 0x751, 0x7, 0x40000000, 0x4, 0xffffdbb7, 0x50, 0xf, 0xf, 0xe, 0x3, 0x0, 0x81, 0xfff80000, 0x7a7, 0x1, 0x6, 0x3, 0x8, 0x7, 0x5, 0x2, 0x0, 0x4e8, 0x80, 0x3, 0x8, 0x5, 0x0, 0x24354b2c, 0x7fff, 0x7, 0x8, 0x6a4941c5, 0x2ea567b4, 0x8, 0x80000000, 0x6, 0x40, 0x2, 0xfff, 0x8, 0x7, 0x1, 0x1, 0x0, 0x0, 0xd3bed341, 0x691f, 0x0, 0x2, 0x9, 0x6, 0x0, 0x1ff, 0x3, 0x3, 0x6, 0x5fc8462f, 0x3, 0x7, 0xffff, 0xfffffffc, 0x5, 0x0, 0xb9a6, 0x522, 0x2, 0x2, 0x900, 0x8, 0xbb99, 0xb8000000, 0x8, 0xffffff01, 0xc0a1, 0x8, 0x8, 0x7, 0x59, 0x9, 0x2, 0x101, 0x5f502dc7, 0x7, 0x0, 0x4, 0x6, 0x80000001, 0x3, 0xffffff97, 0x2, 0xfff, 0x1, 0x40, 0x8, 0x3, 0x710, 0x8, 0x1, 0xfffff339, 0x3, 0x8001, 0x1, 0x8001, 0x9, 0x8, 0xfffffffa, 0x8, 0x9, 0x3, 0xe, 0x10000, 0x9, 0x9, 0x7, 0xfffffff8]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xfffffe00, 0x20000000, 0x5, 0x1, 0x8, {0x8, 0x0, 0xb55, 0x5, 0x7, 0x5}, {0x6, 0x2, 0xd, 0x5, 0x1, 0x5d17}, 0x2, 0x0, 0x6}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}}]}, 0x8b0}, 0x1, 0x0, 0x0, 0x10}, 0x0) setsockopt$inet_mreqn(r4, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @loopback, r7}, 0xc) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x49920d862a92153b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x20000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MTU={0x8, 0x4, 0x60}]}, 0x3c}}, 0x0) 261.121997ms ago: executing program 0 (id=6377): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x2}, 0x8) sendto$inet6(r1, &(0x7f0000000040)="aa", 0x1, 0x4048084, &(0x7f0000000100)={0xa, 0x0, 0x100, @ipv4={'\x00', '\xff\xff', @private=0xa010105}, 0x2}, 0x1c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000001c0)={0x0, 0x2, 0x800}, 0x8) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000680)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000000c0)}}], 0x2, 0x4040040) r2 = socket(0x11, 0xa, 0x0) bind$packet(r2, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r4 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000200)=0x62ea, 0x4) sendto$inet6(r4, 0x0, 0x97, 0x24000800, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local}, 0x1c) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4000000) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r5, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r3, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x8, 0x3, 0x278, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x328, 0xffffffff, 0xffffffff, 0x328, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x18}}, [], [], 'wg1\x00', 'caif0\x00', {}, {}, 0x62}, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x0, 0x0, 0x0, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x2d8) r7 = socket$kcm(0x29, 0x2, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r7, 0x119, 0x1, &(0x7f0000000040), 0x4) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a64000000060a010400000000000000000200000038000480340001800b0001006e756d67656e00002400028008000140000000000800024000000003080003400000000108000440ffffffff0900010073797a30000000000900020073797a32"], 0x8c}}, 0x0) 257.316563ms ago: executing program 2 (id=6378): r0 = socket(0x25, 0x80000, 0x0) r1 = epoll_create1(0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000040), r0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0}, &(0x7f0000000140)=0x14) sendmsg$FOU_CMD_GET(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x68, r3, 0x802, 0x70bd28, 0x25dfdbfb, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e21}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_PEER_V4={0x8, 0x8, @loopback}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e21}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e24}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @private0={0xfc, 0x0, '\x00', 0x1}}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e21}, @FOU_ATTR_IFINDEX={0x8, 0xb, r4}]}, 0x68}, 0x1, 0x0, 0x0, 0x4000080}, 0x1) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x10000001}) epoll_pwait(r1, &(0x7f0000000080)=[{}], 0x1, 0x80000000, 0x0, 0x0) shutdown(r0, 0x1) 90.594842ms ago: executing program 0 (id=6379): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x54, r2, 0x1, 0x70bd2d, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc}, {0xc, 0x90, 0xfffffffffffffffd}}]}, 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x48000) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000200), r0) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002780)={&(0x7f00000002c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010029bd7000fbdbdf25010000000c00020000000000000000001c0007801800018008000100", @ANYBLOB="04"], 0x3c}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000) 66.270071ms ago: executing program 4 (id=6380): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000040)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_MATCH_INFO={0x14, 0x3, "f4f03b0200000000030007116b61979e"}, @NFTA_MATCH_NAME={0x9, 0x1, 'l2tp\x00'}, @NFTA_MATCH_NAME={0x9, 0x1, 'ipvs\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}, 0x1, 0x0, 0x0, 0x10}, 0x0) (async) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000000000000001000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) socket(0x1e, 0x1, 0x0) (async) sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, 0x0, 0x84010) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000080850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) (async) bpf$BPF_PROG_TEST_RUN_LIVE(0xa, &(0x7f0000000080)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x60}, 0x50) (async) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0) syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) (async) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r5, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000000041}, 0xc) (async) sendmmsg$inet6(r2, &(0x7f0000000880)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x4001) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r1}, 0x10) (async) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x100, 0x1, 0x28}, 0x50) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b703000000010000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) syz_emit_ethernet(0x2a, &(0x7f0000000040)={@multicast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x3, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010300, @local}, @info_reply={0xd, 0x0, 0x0, 0xfffe, 0x9}}}}}, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r8}, 0xc) (async) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x7, 0x10012, r6, 0x0) write$cgroup_subtree(r6, 0x0, 0x4d) (async) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000000000000850000001300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r9, 0x18000000000002a0, 0x18, 0x0, &(0x7f0000000180)="d2ff03076003008cb89e056100c8940eee244b27634b87e8", 0x0, 0x9, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) r10 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)={0x14, 0x15, 0x1, 0x70bd29, 0x0, {0x2}}, 0x14}}, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 0s ago: executing program 1 (id=6381): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d4", 0x5) r1 = accept4(r0, 0x0, 0x0, 0x80000) syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r1) r2 = socket$inet_smc(0x2b, 0x1, 0x0) r3 = socket(0x10, 0x80003, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xf, "0000000000000000000100000e00"}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x2000000}, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000140)={0x0, 0xfffffffffffffde7, &(0x7f0000000480)={&(0x7f0000000080)=ANY=[], 0x78}}, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r3, 0x0, 0x60, &(0x7f00000046c0)={'filter\x00', 0x7, 0x4, 0x3c8, 0x0, 0x0, 0x0, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x2e}, @mac=@remote, @loopback, @local, 0x1, 0x1}}}, {{@arp={@multicast2, @private=0xa010100, 0xff, 0xffffff00, 0xc, 0x4, {@mac=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, {[0xff, 0xff, 0xff, 0xff, 0x0, 0xbe9240b8a223bba0]}}, {@mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x24}, {[0xff, 0x0, 0xff, 0xff, 0xff]}}, 0x2, 0x6, 0x23b0, 0x9dd7, 0x80, 0x9, 'veth1_vlan\x00', 'ip_vti0\x00', {0xff}, {0xff}, 0x0, 0x12}, 0xc0, 0xe8}, @unspec=@AUDIT={0x28}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE0={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418) writev(r1, &(0x7f0000000040)=[{&(0x7f00000012c0)="a4eac90f8e3ae7580e2e693731ef6b447fc2057d9a84e61f40c79e10218d131f865d68b23cd7c3f2b681e2205f67f140252abcc3b8015e176881d81a9e61b6a2c92a9d8e1f51861b64e7b61bf9a131e197f5a6c6d4d887d86c79836e81c69e211d2bf4c595b01c94de464ff9aa72b6058fe774c81142bbce9bd0d83f6239362c3347e3daadb292cf3fee4766a2d43cf006a476ce0e4dd221acdcdefcf67733ed2978c2cd564772844077920cf54543db03688079168e36709dbbf84933a2415a32617f7de4336d89967c2cbcd76a973d88a3c440862bc11e51df6f1cd25f1aa711b721c33703645bcf93b775f1eb28c7640d1b7cbe44b9fc0e55d1a4d8f83b8fd537a231fe", 0x105}], 0x1) accept4(r2, 0x0, &(0x7f0000000000), 0x800) socket$alg(0x26, 0x5, 0x0) (async) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) (async) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d4", 0x5) (async) accept4(r0, 0x0, 0x0, 0x80000) (async) syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r1) (async) socket$inet_smc(0x2b, 0x1, 0x0) (async) socket(0x10, 0x80003, 0x0) (async) socket$inet6_udp(0xa, 0x2, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'lo\x00'}) (async) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xf, "0000000000000000000100000e00"}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x2000000}, 0x0) (async) sendmsg$nl_generic(r3, &(0x7f0000000140)={0x0, 0xfffffffffffffde7, &(0x7f0000000480)={&(0x7f0000000080)=ANY=[], 0x78}}, 0x0) (async) setsockopt$ARPT_SO_SET_REPLACE(r3, 0x0, 0x60, &(0x7f00000046c0)={'filter\x00', 0x7, 0x4, 0x3c8, 0x0, 0x0, 0x0, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x2e}, @mac=@remote, @loopback, @local, 0x1, 0x1}}}, {{@arp={@multicast2, @private=0xa010100, 0xff, 0xffffff00, 0xc, 0x4, {@mac=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, {[0xff, 0xff, 0xff, 0xff, 0x0, 0xbe9240b8a223bba0]}}, {@mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x24}, {[0xff, 0x0, 0xff, 0xff, 0xff]}}, 0x2, 0x6, 0x23b0, 0x9dd7, 0x80, 0x9, 'veth1_vlan\x00', 'ip_vti0\x00', {0xff}, {0xff}, 0x0, 0x12}, 0xc0, 0xe8}, @unspec=@AUDIT={0x28}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE0={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418) (async) writev(r1, &(0x7f0000000040)=[{&(0x7f00000012c0)="a4eac90f8e3ae7580e2e693731ef6b447fc2057d9a84e61f40c79e10218d131f865d68b23cd7c3f2b681e2205f67f140252abcc3b8015e176881d81a9e61b6a2c92a9d8e1f51861b64e7b61bf9a131e197f5a6c6d4d887d86c79836e81c69e211d2bf4c595b01c94de464ff9aa72b6058fe774c81142bbce9bd0d83f6239362c3347e3daadb292cf3fee4766a2d43cf006a476ce0e4dd221acdcdefcf67733ed2978c2cd564772844077920cf54543db03688079168e36709dbbf84933a2415a32617f7de4336d89967c2cbcd76a973d88a3c440862bc11e51df6f1cd25f1aa711b721c33703645bcf93b775f1eb28c7640d1b7cbe44b9fc0e55d1a4d8f83b8fd537a231fe", 0x105}], 0x1) (async) accept4(r2, 0x0, &(0x7f0000000000), 0x800) (async) kernel console output (not intermixed with test programs): 41139][T21251] bond5: entered allmulticast mode [ 356.797004][T21278] macvtap1: entered allmulticast mode [ 356.812686][T21278] veth0_macvtap: entered allmulticast mode [ 357.006319][T21290] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 357.043013][T21294] netlink: zone id is out of range [ 357.043415][T21303] xt_TCPMSS: Only works on TCP SYN packets [ 357.050189][T21294] netlink: zone id is out of range [ 357.070970][T21294] netlink: zone id is out of range [ 357.085454][T21294] netlink: zone id is out of range [ 357.099488][T21294] netlink: zone id is out of range [ 357.119230][T21294] netlink: zone id is out of range [ 357.153610][T21294] netlink: zone id is out of range [ 357.184379][T21294] netlink: zone id is out of range [ 357.669254][T21354] geneve2: entered promiscuous mode [ 357.674657][T21354] geneve2: entered allmulticast mode [ 357.822469][T21366] netlink: 'syz.0.4421': attribute type 9 has an invalid length. [ 357.887286][T21370] netlink: 'syz.1.4422': attribute type 3 has an invalid length. [ 358.256845][T21394] x_tables: duplicate underflow at hook 3 [ 358.898430][T21442] bridge3: entered promiscuous mode [ 358.982754][T21449] __nla_validate_parse: 73 callbacks suppressed [ 358.982772][T21449] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4446'. [ 359.006563][T21449] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4446'. [ 359.032012][T21449] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4446'. [ 359.054299][T21449] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4446'. [ 359.243105][T21463] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4450'. [ 359.256411][T21460] netlink: 'syz.3.4448': attribute type 9 has an invalid length. [ 359.463478][T21469] netlink: 'syz.0.4451': attribute type 39 has an invalid length. [ 359.472604][T21471] netlink: 'syz.0.4451': attribute type 39 has an invalid length. [ 359.494397][T21472] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4453'. [ 359.544173][T21474] netlink: 'syz.3.4454': attribute type 2 has an invalid length. [ 359.761390][T21496] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4459'. [ 359.782710][T21495] netlink: 'syz.2.4460': attribute type 1 has an invalid length. [ 359.801878][T21495] netlink: 'syz.2.4460': attribute type 2 has an invalid length. [ 359.834873][T21495] netlink: 100 bytes leftover after parsing attributes in process `syz.2.4460'. [ 359.950224][T21491] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 359.985652][T21491] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.142250][T21491] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 360.168177][T21491] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.189166][T21514] netlink: 'syz.1.4462': attribute type 6 has an invalid length. [ 360.247234][T21508] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4462'. [ 360.291532][T21518] netlink: 'syz.2.4467': attribute type 33 has an invalid length. [ 360.335020][T21520] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4469'. [ 360.368241][T21491] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 360.394192][T21491] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.556857][T21491] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 360.586003][T21491] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.632402][T21542] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 360.790517][T21551] syzkaller0: entered promiscuous mode [ 360.796390][T21551] syzkaller0: entered allmulticast mode [ 360.869161][ T8933] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 360.887104][ T8933] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 360.962535][ T8933] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 360.972327][ T8933] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 361.068704][ T1158] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 361.094657][ T1158] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 361.113211][ T1158] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 361.142660][ T1158] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 361.770168][T21621] netlink: 'syz.4.4498': attribute type 5 has an invalid length. [ 361.873069][T21628] tipc: Enabling of bearer rejected, failed to enable media [ 361.908665][T21628] netlink: 'syz.1.4502': attribute type 3 has an invalid length. [ 363.532913][T21722] net_ratelimit: 4 callbacks suppressed [ 363.532930][T21722] netlink: zone id is out of range [ 363.776201][T21738] IPVS: set_ctl: invalid protocol: 58 224.0.0.1:3619 [ 363.796144][T21738] IPVS: set_ctl: invalid protocol: 58 100.1.1.0:20003 [ 363.997588][T21751] veth0: entered promiscuous mode [ 364.060344][T21750] veth0: left promiscuous mode [ 364.371738][T21769] nbd: must specify at least one socket [ 364.535899][T21779] sctp: [Deprecated]: syz.0.4546 (pid 21779) Use of int in maxseg socket option. [ 364.535899][T21779] Use struct sctp_assoc_value instead [ 364.635486][T21785] __nla_validate_parse: 79 callbacks suppressed [ 364.635504][T21785] netlink: 2 bytes leftover after parsing attributes in process `syz.4.4543'. [ 364.674609][T21787] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4550'. [ 364.704387][T21785] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4543'. [ 365.084873][T21819] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4557'. [ 365.097718][T21819] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4557'. [ 365.138079][T21821] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4558'. [ 365.219704][T21823] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4560'. [ 365.246752][T21823] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4560'. [ 365.280662][T21828] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4560'. [ 365.291939][T21828] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4560'. [ 365.417736][T21841] syzkaller0: entered promiscuous mode [ 365.423257][T21841] syzkaller0: entered allmulticast mode [ 365.478289][T21849] netlink: 'syz.2.4567': attribute type 83 has an invalid length. [ 365.512339][T21852] sctp: [Deprecated]: syz.4.4569 (pid 21852) Use of int in maxseg socket option. [ 365.512339][T21852] Use struct sctp_assoc_value instead [ 365.908387][T21879] atomic_op ffff888024b34198 conn xmit_atomic 0000000000000000 [ 366.080271][T21882] tipc: Enabled bearer , priority 0 [ 366.100042][T21882] syzkaller0: entered promiscuous mode [ 366.117941][T21882] syzkaller0: entered allmulticast mode [ 366.141405][T21882] tipc: Resetting bearer [ 366.151780][T21881] tipc: Resetting bearer [ 366.192715][T21881] tipc: Disabling bearer [ 366.303782][T21903] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 366.328967][T21905] tipc: Enabled bearer , priority 0 [ 366.340323][T21905] syzkaller0: entered promiscuous mode [ 366.346262][T21905] syzkaller0: entered allmulticast mode [ 366.368859][T21904] tipc: Resetting bearer [ 366.380131][T21912] netlink: 'syz.2.4588': attribute type 1 has an invalid length. [ 366.397607][T21904] tipc: Disabling bearer [ 366.424282][T21912] bond6: entered promiscuous mode [ 366.430139][T21912] 8021q: adding VLAN 0 to HW filter on device bond6 [ 366.440335][T21912] netlink: 'syz.2.4588': attribute type 1 has an invalid length. [ 366.473498][T21912] netlink: 'syz.2.4588': attribute type 1 has an invalid length. [ 366.494856][T21912] netlink: 'syz.2.4588': attribute type 1 has an invalid length. [ 366.504276][T21912] netlink: 'syz.2.4588': attribute type 1 has an invalid length. [ 366.512389][T21912] netlink: 'syz.2.4588': attribute type 1 has an invalid length. [ 366.525788][T21912] netlink: 'syz.2.4588': attribute type 1 has an invalid length. [ 366.540800][T21912] netlink: 'syz.2.4588': attribute type 1 has an invalid length. [ 366.553890][T21912] netlink: 'syz.2.4588': attribute type 1 has an invalid length. [ 367.259463][T21925] gtp0: left allmulticast mode [ 367.269525][T21925] bridge_slave_0: left allmulticast mode [ 367.278214][T21925] macvtap2: left allmulticast mode [ 367.330189][T21925] veth3: left allmulticast mode [ 367.351081][T21925] ip6gre1: left allmulticast mode [ 367.368260][T21930] bridge_slave_1: left allmulticast mode [ 367.374252][T21930] bridge_slave_1: left promiscuous mode [ 367.381039][T21930] bridge0: port 2(bridge_slave_1) entered disabled state [ 367.391261][T21930] bridge_slave_0: left allmulticast mode [ 367.399278][T21930] bridge_slave_0: left promiscuous mode [ 367.409368][T21930] bridge0: port 1(bridge_slave_0) entered disabled state [ 367.495441][ T1158] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 367.504542][ T1158] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.513713][ T1158] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 367.552257][ T1158] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.575460][ T8932] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 367.584364][ T8932] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.623265][ T8932] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 367.633434][ T8932] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.025922][T21983] x_tables: duplicate underflow at hook 3 [ 368.027342][T21984] x_tables: duplicate underflow at hook 3 [ 368.330285][T22007] FAULT_INJECTION: forcing a failure. [ 368.330285][T22007] name failslab, interval 1, probability 0, space 0, times 0 [ 368.380154][T22007] CPU: 1 UID: 0 PID: 22007 Comm: syz.0.4617 Not tainted syzkaller #0 PREEMPT(full) [ 368.380180][T22007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 368.380198][T22007] Call Trace: [ 368.380206][T22007] [ 368.380215][T22007] dump_stack_lvl+0x189/0x250 [ 368.380243][T22007] ? __pfx____ratelimit+0x10/0x10 [ 368.380265][T22007] ? __pfx_dump_stack_lvl+0x10/0x10 [ 368.380288][T22007] ? __pfx__printk+0x10/0x10 [ 368.380313][T22007] ? __pfx___might_resched+0x10/0x10 [ 368.380332][T22007] ? fs_reclaim_acquire+0x7d/0x100 [ 368.380362][T22007] should_fail_ex+0x414/0x560 [ 368.380392][T22007] should_failslab+0xa8/0x100 [ 368.380411][T22007] kmem_cache_alloc_node_noprof+0x77/0x710 [ 368.380433][T22007] ? __alloc_skb+0x112/0x2d0 [ 368.380456][T22007] ? netlink_autobind+0xdb/0x300 [ 368.380478][T22007] __alloc_skb+0x112/0x2d0 [ 368.380507][T22007] netlink_sendmsg+0x5c6/0xb30 [ 368.380534][T22007] ? __pfx_netlink_sendmsg+0x10/0x10 [ 368.380562][T22007] ? aa_sock_msg_perm+0xf1/0x1d0 [ 368.380588][T22007] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 368.380605][T22007] ? __pfx_netlink_sendmsg+0x10/0x10 [ 368.380632][T22007] __sock_sendmsg+0x21c/0x270 [ 368.380657][T22007] ____sys_sendmsg+0x505/0x830 [ 368.380681][T22007] ? __pfx_____sys_sendmsg+0x10/0x10 [ 368.380710][T22007] ? import_iovec+0x74/0xa0 [ 368.380734][T22007] ___sys_sendmsg+0x21f/0x2a0 [ 368.380756][T22007] ? __pfx____sys_sendmsg+0x10/0x10 [ 368.380819][T22007] ? __fget_files+0x2a/0x420 [ 368.380835][T22007] ? __fget_files+0x3a0/0x420 [ 368.380863][T22007] __x64_sys_sendmsg+0x19b/0x260 [ 368.380885][T22007] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 368.380914][T22007] ? __pfx_ksys_write+0x10/0x10 [ 368.380942][T22007] ? do_syscall_64+0xbe/0xfa0 [ 368.380967][T22007] do_syscall_64+0xfa/0xfa0 [ 368.380987][T22007] ? lockdep_hardirqs_on+0x9c/0x150 [ 368.381009][T22007] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 368.381027][T22007] ? clear_bhb_loop+0x60/0xb0 [ 368.381050][T22007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 368.381071][T22007] RIP: 0033:0x7f074058efc9 [ 368.381087][T22007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 368.381103][T22007] RSP: 002b:00007f074135c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 368.381130][T22007] RAX: ffffffffffffffda RBX: 00007f07407e6090 RCX: 00007f074058efc9 [ 368.381144][T22007] RDX: 0000000004004000 RSI: 0000200000000380 RDI: 0000000000000003 [ 368.381156][T22007] RBP: 00007f074135c090 R08: 0000000000000000 R09: 0000000000000000 [ 368.381171][T22007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 368.381182][T22007] R13: 00007f07407e6128 R14: 00007f07407e6090 R15: 00007fffde8bf1d8 [ 368.381214][T22007] [ 369.074593][T22041] batadv0: entered promiscuous mode [ 369.094656][T22041] bond0: entered promiscuous mode [ 369.102000][T22041] debugfs: 'hsr1' already exists in 'hsr' [ 369.108314][T22041] Cannot create hsr debugfs directory [ 369.113818][T22041] hsr1: Slave B (bond0) is not up; please bring it up to get a fully working HSR network [ 369.124170][T22041] hsr1: entered allmulticast mode [ 369.129626][T22041] batadv0: entered allmulticast mode [ 369.135626][T22041] bond0: entered allmulticast mode [ 369.140757][T22041] bridge0: entered allmulticast mode [ 369.146807][T22041] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 369.190758][T22045] bond2: option all_slaves_active: invalid value (91) [ 369.200157][T22045] bond2 (unregistering): Released all slaves [ 369.757056][ T12] bond0: (slave bridge0): link status definitely up [ 369.770222][ T12] bond0: active interface up! [ 369.935960][T22097] __nla_validate_parse: 50 callbacks suppressed [ 369.935978][T22097] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4645'. [ 369.954938][T22100] FAULT_INJECTION: forcing a failure. [ 369.954938][T22100] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 369.970620][T22097] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4645'. [ 369.973253][T22095] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 369.980583][T22100] CPU: 1 UID: 0 PID: 22100 Comm: syz.4.4647 Not tainted syzkaller #0 PREEMPT(full) [ 369.980608][T22100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 369.980618][T22100] Call Trace: [ 369.980625][T22100] [ 369.980633][T22100] dump_stack_lvl+0x189/0x250 [ 369.980660][T22100] ? __pfx____ratelimit+0x10/0x10 [ 369.980678][T22100] ? __pfx_dump_stack_lvl+0x10/0x10 [ 369.980698][T22100] ? __pfx__printk+0x10/0x10 [ 369.980716][T22100] ? __might_fault+0xb0/0x130 [ 369.980751][T22100] should_fail_ex+0x414/0x560 [ 369.980780][T22100] _copy_from_iter+0x1de/0x1790 [ 369.980805][T22100] ? rcu_is_watching+0x15/0xb0 [ 369.980828][T22100] ? kmalloc_reserve+0xbd/0x290 [ 369.980853][T22100] ? __pfx__copy_from_iter+0x10/0x10 [ 369.980873][T22100] ? __build_skb_around+0x262/0x3f0 [ 369.980900][T22100] ? netlink_sendmsg+0x642/0xb30 [ 369.980915][T22100] ? skb_put+0x11b/0x210 [ 369.980934][T22100] netlink_sendmsg+0x6b2/0xb30 [ 369.980960][T22100] ? __pfx_netlink_sendmsg+0x10/0x10 [ 369.980988][T22100] ? aa_sock_msg_perm+0xf1/0x1d0 [ 369.981013][T22100] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 369.981030][T22100] ? __pfx_netlink_sendmsg+0x10/0x10 [ 369.981054][T22100] __sock_sendmsg+0x21c/0x270 [ 369.981079][T22100] ____sys_sendmsg+0x505/0x830 [ 369.981102][T22100] ? __pfx_____sys_sendmsg+0x10/0x10 [ 369.981129][T22100] ? import_iovec+0x74/0xa0 [ 369.981153][T22100] ___sys_sendmsg+0x21f/0x2a0 [ 369.981173][T22100] ? __pfx____sys_sendmsg+0x10/0x10 [ 369.981227][T22100] ? __fget_files+0x2a/0x420 [ 369.981243][T22100] ? __fget_files+0x3a0/0x420 [ 369.981269][T22100] __x64_sys_sendmsg+0x19b/0x260 [ 369.981290][T22100] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 369.981318][T22100] ? __pfx_ksys_write+0x10/0x10 [ 369.981345][T22100] ? do_syscall_64+0xbe/0xfa0 [ 369.981369][T22100] do_syscall_64+0xfa/0xfa0 [ 369.981396][T22100] ? lockdep_hardirqs_on+0x9c/0x150 [ 369.981416][T22100] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.981433][T22100] ? clear_bhb_loop+0x60/0xb0 [ 369.981454][T22100] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.981470][T22100] RIP: 0033:0x7f26ee98efc9 [ 369.981487][T22100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 369.981501][T22100] RSP: 002b:00007f26ecbf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 369.981520][T22100] RAX: ffffffffffffffda RBX: 00007f26eebe5fa0 RCX: 00007f26ee98efc9 [ 369.981533][T22100] RDX: 0000000004004000 RSI: 0000200000000380 RDI: 0000000000000003 [ 369.981544][T22100] RBP: 00007f26ecbf6090 R08: 0000000000000000 R09: 0000000000000000 [ 369.981555][T22100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 369.981565][T22100] R13: 00007f26eebe6038 R14: 00007f26eebe5fa0 R15: 00007ffd1e0ee148 [ 369.981596][T22100] [ 370.434185][T22124] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4654'. [ 370.856025][T22153] FAULT_INJECTION: forcing a failure. [ 370.856025][T22153] name failslab, interval 1, probability 0, space 0, times 0 [ 370.885988][T22153] CPU: 1 UID: 0 PID: 22153 Comm: syz.4.4659 Not tainted syzkaller #0 PREEMPT(full) [ 370.886014][T22153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 370.886024][T22153] Call Trace: [ 370.886032][T22153] [ 370.886040][T22153] dump_stack_lvl+0x189/0x250 [ 370.886067][T22153] ? __pfx____ratelimit+0x10/0x10 [ 370.886088][T22153] ? __pfx_dump_stack_lvl+0x10/0x10 [ 370.886111][T22153] ? __pfx__printk+0x10/0x10 [ 370.886135][T22153] ? __lock_acquire+0xab9/0xd20 [ 370.886161][T22153] should_fail_ex+0x414/0x560 [ 370.886192][T22153] should_failslab+0xa8/0x100 [ 370.886212][T22153] kmem_cache_alloc_noprof+0x74/0x6e0 [ 370.886237][T22153] ? skb_clone+0x212/0x3a0 [ 370.886261][T22153] skb_clone+0x212/0x3a0 [ 370.886284][T22153] __netlink_deliver_tap+0x404/0x850 [ 370.886332][T22153] ? netlink_deliver_tap+0x2e/0x1b0 [ 370.886359][T22153] netlink_deliver_tap+0x19c/0x1b0 [ 370.886385][T22153] netlink_unicast+0x7fa/0x9e0 [ 370.886417][T22153] ? __pfx_netlink_unicast+0x10/0x10 [ 370.886443][T22153] ? netlink_sendmsg+0x642/0xb30 [ 370.886457][T22153] ? skb_put+0x11b/0x210 [ 370.886477][T22153] netlink_sendmsg+0x805/0xb30 [ 370.886503][T22153] ? __pfx_netlink_sendmsg+0x10/0x10 [ 370.886532][T22153] ? aa_sock_msg_perm+0xf1/0x1d0 [ 370.886559][T22153] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 370.886576][T22153] ? __pfx_netlink_sendmsg+0x10/0x10 [ 370.886603][T22153] __sock_sendmsg+0x21c/0x270 [ 370.886629][T22153] ____sys_sendmsg+0x505/0x830 [ 370.886654][T22153] ? __pfx_____sys_sendmsg+0x10/0x10 [ 370.886683][T22153] ? import_iovec+0x74/0xa0 [ 370.886709][T22153] ___sys_sendmsg+0x21f/0x2a0 [ 370.886730][T22153] ? __pfx____sys_sendmsg+0x10/0x10 [ 370.886787][T22153] ? __fget_files+0x2a/0x420 [ 370.886804][T22153] ? __fget_files+0x3a0/0x420 [ 370.886832][T22153] __x64_sys_sendmsg+0x19b/0x260 [ 370.886853][T22153] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 370.886882][T22153] ? __pfx_ksys_write+0x10/0x10 [ 370.886910][T22153] ? do_syscall_64+0xbe/0xfa0 [ 370.886936][T22153] do_syscall_64+0xfa/0xfa0 [ 370.886956][T22153] ? lockdep_hardirqs_on+0x9c/0x150 [ 370.886978][T22153] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.886995][T22153] ? clear_bhb_loop+0x60/0xb0 [ 370.887017][T22153] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.887034][T22153] RIP: 0033:0x7f26ee98efc9 [ 370.887051][T22153] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 370.887066][T22153] RSP: 002b:00007f26ecbf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 370.887086][T22153] RAX: ffffffffffffffda RBX: 00007f26eebe5fa0 RCX: 00007f26ee98efc9 [ 370.887099][T22153] RDX: 0000000004004000 RSI: 0000200000000380 RDI: 0000000000000003 [ 370.887110][T22153] RBP: 00007f26ecbf6090 R08: 0000000000000000 R09: 0000000000000000 [ 370.887122][T22153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 370.887132][T22153] R13: 00007f26eebe6038 R14: 00007f26eebe5fa0 R15: 00007ffd1e0ee148 [ 370.887165][T22153] [ 371.201069][T22156] bridge_slave_0: mtu less than device minimum [ 371.369066][T22160] tipc: Enabled bearer , priority 0 [ 371.434855][T22180] validate_nla: 27 callbacks suppressed [ 371.434873][T22180] netlink: 'syz.4.4666': attribute type 10 has an invalid length. [ 371.523786][T22160] tipc: Disabling bearer [ 371.603975][T22180] netlink: 'syz.4.4666': attribute type 10 has an invalid length. [ 371.698086][T22180] netlink: 'syz.4.4666': attribute type 10 has an invalid length. [ 371.754046][T22180] netlink: 'syz.4.4666': attribute type 10 has an invalid length. [ 371.833020][T22180] netlink: 'syz.4.4666': attribute type 10 has an invalid length. [ 371.857094][T22180] netlink: 'syz.4.4666': attribute type 10 has an invalid length. [ 371.900600][T22180] netlink: 'syz.4.4666': attribute type 10 has an invalid length. [ 372.186232][T22239] netlink: 'syz.3.4683': attribute type 1 has an invalid length. [ 372.194095][T22239] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4683'. [ 372.207934][T22239] NCSI netlink: No device for ifindex 0 [ 372.240910][T22246] netlink: 'syz.3.4683': attribute type 13 has an invalid length. [ 372.446902][T22246] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 372.503605][ T43] lo speed is unknown, defaulting to 1000 [ 372.511661][ T43] syz0: Port: 1 Link ACTIVE [ 372.524466][ T43] lo speed is unknown, defaulting to 1000 [ 372.609694][T22264] tipc: Enabled bearer , priority 0 [ 372.627621][T22264] syzkaller0: entered promiscuous mode [ 372.633658][T22264] syzkaller0: entered allmulticast mode [ 372.644387][T22264] tipc: Resetting bearer [ 372.679222][T22262] tipc: Resetting bearer [ 372.690782][T13808] IPVS: starting estimator thread 0... [ 372.698496][T22266] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold [ 372.736774][T22262] tipc: Disabling bearer [ 372.755814][ T56] block nbd0: Possible stuck request ffff888025040000: control (read@0,1024B). Runtime 210 seconds [ 372.767644][ T56] block nbd0: Possible stuck request ffff8880250401c0: control (read@1024,1024B). Runtime 210 seconds [ 372.779802][ T56] block nbd0: Possible stuck request ffff888025040380: control (read@2048,1024B). Runtime 210 seconds [ 372.791063][ T56] block nbd0: Possible stuck request ffff888025040540: control (read@3072,1024B). Runtime 210 seconds [ 372.795161][T22271] IPVS: using max 28 ests per chain, 67200 per kthread [ 372.809997][T22270] FAULT_INJECTION: forcing a failure. [ 372.809997][T22270] name failslab, interval 1, probability 0, space 0, times 0 [ 372.842214][T22270] CPU: 0 UID: 0 PID: 22270 Comm: syz.3.4692 Not tainted syzkaller #0 PREEMPT(full) [ 372.842241][T22270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 372.842251][T22270] Call Trace: [ 372.842258][T22270] [ 372.842265][T22270] dump_stack_lvl+0x189/0x250 [ 372.842293][T22270] ? __pfx____ratelimit+0x10/0x10 [ 372.842313][T22270] ? __pfx_dump_stack_lvl+0x10/0x10 [ 372.842335][T22270] ? __pfx__printk+0x10/0x10 [ 372.842359][T22270] ? __pfx___might_resched+0x10/0x10 [ 372.842383][T22270] should_fail_ex+0x414/0x560 [ 372.842413][T22270] should_failslab+0xa8/0x100 [ 372.842434][T22270] __kmalloc_noprof+0xcb/0x7f0 [ 372.842457][T22270] ? nl80211_trigger_scan+0x52f/0x1f10 [ 372.842479][T22270] ? __pfx___cfg80211_wdev_from_attrs+0x10/0x10 [ 372.842504][T22270] nl80211_trigger_scan+0x52f/0x1f10 [ 372.842541][T22270] genl_family_rcv_msg_doit+0x215/0x300 [ 372.842571][T22270] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 372.842607][T22270] ? bpf_lsm_capable+0x9/0x20 [ 372.842627][T22270] ? security_capable+0x7e/0x2e0 [ 372.842657][T22270] genl_rcv_msg+0x60e/0x790 [ 372.842686][T22270] ? __pfx_genl_rcv_msg+0x10/0x10 [ 372.842704][T22270] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 372.842720][T22270] ? __pfx_nl80211_trigger_scan+0x10/0x10 [ 372.842740][T22270] ? __pfx_nl80211_post_doit+0x10/0x10 [ 372.842759][T22270] ? __asan_memcpy+0x40/0x70 [ 372.842780][T22270] ? __pfx_ref_tracker_free+0x10/0x10 [ 372.842806][T22270] netlink_rcv_skb+0x208/0x470 [ 372.842828][T22270] ? __lock_acquire+0xab9/0xd20 [ 372.842847][T22270] ? __pfx_genl_rcv_msg+0x10/0x10 [ 372.842869][T22270] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 372.842916][T22270] ? down_read+0x1ad/0x2e0 [ 372.842943][T22270] genl_rcv+0x28/0x40 [ 372.842961][T22270] netlink_unicast+0x82f/0x9e0 [ 372.842994][T22270] ? __pfx_netlink_unicast+0x10/0x10 [ 372.843020][T22270] ? netlink_sendmsg+0x642/0xb30 [ 372.843034][T22270] ? skb_put+0x11b/0x210 [ 372.843055][T22270] netlink_sendmsg+0x805/0xb30 [ 372.843083][T22270] ? __pfx_netlink_sendmsg+0x10/0x10 [ 372.843136][T22270] ? aa_sock_msg_perm+0xf1/0x1d0 [ 372.843163][T22270] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 372.843180][T22270] ? __pfx_netlink_sendmsg+0x10/0x10 [ 372.843206][T22270] __sock_sendmsg+0x21c/0x270 [ 372.843232][T22270] ____sys_sendmsg+0x505/0x830 [ 372.843258][T22270] ? __pfx_____sys_sendmsg+0x10/0x10 [ 372.843288][T22270] ? import_iovec+0x74/0xa0 [ 372.843314][T22270] ___sys_sendmsg+0x21f/0x2a0 [ 372.843335][T22270] ? __pfx____sys_sendmsg+0x10/0x10 [ 372.843394][T22270] ? __fget_files+0x2a/0x420 [ 372.843410][T22270] ? __fget_files+0x3a0/0x420 [ 372.843439][T22270] __x64_sys_sendmsg+0x19b/0x260 [ 372.843461][T22270] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 372.843491][T22270] ? __pfx_ksys_write+0x10/0x10 [ 372.843519][T22270] ? do_syscall_64+0xbe/0xfa0 [ 372.843545][T22270] do_syscall_64+0xfa/0xfa0 [ 372.843565][T22270] ? lockdep_hardirqs_on+0x9c/0x150 [ 372.843586][T22270] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 372.843604][T22270] ? clear_bhb_loop+0x60/0xb0 [ 372.843627][T22270] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 372.843644][T22270] RIP: 0033:0x7f440c18efc9 [ 372.843661][T22270] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 372.843676][T22270] RSP: 002b:00007f440cfab038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 372.843696][T22270] RAX: ffffffffffffffda RBX: 00007f440c3e5fa0 RCX: 00007f440c18efc9 [ 372.843710][T22270] RDX: 0000000004004000 RSI: 0000200000000380 RDI: 0000000000000003 [ 372.843721][T22270] RBP: 00007f440cfab090 R08: 0000000000000000 R09: 0000000000000000 [ 372.843733][T22270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 372.843743][T22270] R13: 00007f440c3e6038 R14: 00007f440c3e5fa0 R15: 00007ffc74b7ad18 [ 372.843778][T22270] [ 373.412035][T22296] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4699'. [ 373.457778][T22289] netlink: 1196 bytes leftover after parsing attributes in process `syz.1.4702'. [ 373.879374][T22329] FAULT_INJECTION: forcing a failure. [ 373.879374][T22329] name failslab, interval 1, probability 0, space 0, times 0 [ 373.914622][ T5839] Bluetooth: hci2: link tx timeout [ 373.922410][ T5839] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.952485][T22329] CPU: 0 UID: 0 PID: 22329 Comm: syz.2.4711 Not tainted syzkaller #0 PREEMPT(full) [ 373.952511][T22329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 373.952521][T22329] Call Trace: [ 373.952528][T22329] [ 373.952536][T22329] dump_stack_lvl+0x189/0x250 [ 373.952563][T22329] ? __pfx____ratelimit+0x10/0x10 [ 373.952584][T22329] ? __pfx_dump_stack_lvl+0x10/0x10 [ 373.952606][T22329] ? __pfx__printk+0x10/0x10 [ 373.952627][T22329] ? __pfx___might_resched+0x10/0x10 [ 373.952649][T22329] should_fail_ex+0x414/0x560 [ 373.952677][T22329] should_failslab+0xa8/0x100 [ 373.952698][T22329] kmem_cache_alloc_node_noprof+0x77/0x710 [ 373.952721][T22329] ? __alloc_skb+0x112/0x2d0 [ 373.952751][T22329] __alloc_skb+0x112/0x2d0 [ 373.952779][T22329] netlink_ack+0x146/0xa50 [ 373.952800][T22329] ? __pfx_genl_rcv_msg+0x10/0x10 [ 373.952817][T22329] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 373.952835][T22329] ? __pfx_nl80211_post_doit+0x10/0x10 [ 373.952855][T22329] ? __asan_memcpy+0x40/0x70 [ 373.952876][T22329] ? __pfx_ref_tracker_free+0x10/0x10 [ 373.952901][T22329] netlink_rcv_skb+0x28c/0x470 [ 373.952923][T22329] ? __lock_acquire+0xab9/0xd20 [ 373.952941][T22329] ? __pfx_genl_rcv_msg+0x10/0x10 [ 373.952961][T22329] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 373.953005][T22329] ? down_read+0x1ad/0x2e0 [ 373.953039][T22329] genl_rcv+0x28/0x40 [ 373.953057][T22329] netlink_unicast+0x82f/0x9e0 [ 373.953088][T22329] ? __pfx_netlink_unicast+0x10/0x10 [ 373.953113][T22329] ? netlink_sendmsg+0x642/0xb30 [ 373.953127][T22329] ? skb_put+0x11b/0x210 [ 373.953146][T22329] netlink_sendmsg+0x805/0xb30 [ 373.953174][T22329] ? __pfx_netlink_sendmsg+0x10/0x10 [ 373.953202][T22329] ? aa_sock_msg_perm+0xf1/0x1d0 [ 373.953227][T22329] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 373.953243][T22329] ? __pfx_netlink_sendmsg+0x10/0x10 [ 373.953267][T22329] __sock_sendmsg+0x21c/0x270 [ 373.953292][T22329] ____sys_sendmsg+0x505/0x830 [ 373.953315][T22329] ? __pfx_____sys_sendmsg+0x10/0x10 [ 373.953343][T22329] ? import_iovec+0x74/0xa0 [ 373.953369][T22329] ___sys_sendmsg+0x21f/0x2a0 [ 373.953390][T22329] ? __pfx____sys_sendmsg+0x10/0x10 [ 373.953447][T22329] ? __fget_files+0x2a/0x420 [ 373.953463][T22329] ? __fget_files+0x3a0/0x420 [ 373.953489][T22329] __x64_sys_sendmsg+0x19b/0x260 [ 373.953511][T22329] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 373.953540][T22329] ? __pfx_ksys_write+0x10/0x10 [ 373.953568][T22329] ? do_syscall_64+0xbe/0xfa0 [ 373.953594][T22329] do_syscall_64+0xfa/0xfa0 [ 373.953614][T22329] ? lockdep_hardirqs_on+0x9c/0x150 [ 373.953634][T22329] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 373.953651][T22329] ? clear_bhb_loop+0x60/0xb0 [ 373.953672][T22329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 373.953688][T22329] RIP: 0033:0x7fccc2d8efc9 [ 373.953704][T22329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 373.953719][T22329] RSP: 002b:00007fccc3c3a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 373.953737][T22329] RAX: ffffffffffffffda RBX: 00007fccc2fe5fa0 RCX: 00007fccc2d8efc9 [ 373.953748][T22329] RDX: 0000000004004000 RSI: 0000200000000380 RDI: 0000000000000003 [ 373.953759][T22329] RBP: 00007fccc3c3a090 R08: 0000000000000000 R09: 0000000000000000 [ 373.953771][T22329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 373.953781][T22329] R13: 00007fccc2fe6038 R14: 00007fccc2fe5fa0 R15: 00007ffcbb623518 [ 373.953814][T22329] [ 374.411642][T22343] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4713'. [ 374.496564][T22349] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4717'. [ 374.507355][T22349] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4717'. [ 374.617352][T22360] netlink: 'syz.1.4722': attribute type 8 has an invalid length. [ 374.659460][T22364] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4724'. [ 375.910331][T22452] __nla_validate_parse: 2 callbacks suppressed [ 375.910349][T22452] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4746'. [ 375.957290][ T5149] Bluetooth: hci2: command 0x0406 tx timeout [ 375.992938][T22457] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4750'. [ 376.449244][T22491] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4761'. [ 376.728840][T22515] xt_connbytes: Forcing CT accounting to be enabled [ 376.840101][T22517] syzkaller0: entered promiscuous mode [ 376.845861][T22517] syzkaller0: entered allmulticast mode [ 376.919387][T22522] netlink: 72 bytes leftover after parsing attributes in process `syz.2.4769'. [ 377.094991][T22538] syzkaller0: entered promiscuous mode [ 377.106462][T22538] syzkaller0: entered allmulticast mode [ 377.650780][T22575] netlink: 64 bytes leftover after parsing attributes in process `syz.0.4788'. [ 377.683550][T22575] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 377.766084][T22587] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4792'. [ 378.184110][T22617] netlink: 88 bytes leftover after parsing attributes in process `syz.1.4802'. [ 378.486348][T22638] tipc: Enabling of bearer rejected, failed to enable media [ 378.634996][T22650] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4813'. [ 378.851334][T22669] netlink: 'syz.4.4819': attribute type 1 has an invalid length. [ 378.859520][T22668] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4818'. [ 379.136068][T22687] syzkaller0: entered promiscuous mode [ 379.144940][T22687] syzkaller0: entered allmulticast mode [ 379.301796][T22699] ksmbd: Unknown IPC event: 3, ignore. [ 379.464588][T22711] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4832'. [ 379.512803][T22715] netlink: 'syz.1.4833': attribute type 2 has an invalid length. [ 380.101276][T22759] netlink: 'syz.1.4844': attribute type 23 has an invalid length. [ 380.454363][T22776] netlink: 'syz.4.4850': attribute type 6 has an invalid length. [ 380.596656][ T5149] Bluetooth: hci0: command 0x0c20 tx timeout [ 381.375917][T22835] __nla_validate_parse: 8 callbacks suppressed [ 381.375935][T22835] netlink: 60 bytes leftover after parsing attributes in process `syz.4.4865'. [ 381.570843][T22858] IPVS: set_ctl: invalid protocol: 137 172.30.1.5:20000 [ 381.584338][T22859] IPVS: set_ctl: invalid protocol: 137 172.30.1.5:20000 [ 381.759917][T22869] syzkaller1: entered promiscuous mode [ 381.765709][T22869] syzkaller1: entered allmulticast mode [ 382.358614][T22879] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4877'. [ 382.405759][T22883] netlink: 152 bytes leftover after parsing attributes in process `syz.2.4879'. [ 382.558995][T22891] sit2: entered promiscuous mode [ 382.569669][T22891] sit2: entered allmulticast mode [ 382.579810][T22897] netlink: 'syz.4.4884': attribute type 1 has an invalid length. [ 382.593180][T22897] netlink: 228 bytes leftover after parsing attributes in process `syz.4.4884'. [ 382.604040][T22895] syzkaller0: entered promiscuous mode [ 382.604755][T22896] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4881'. [ 382.613532][T22895] syzkaller0: entered allmulticast mode [ 382.740536][T22905] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4885'. [ 382.750245][T22906] netlink: 6 bytes leftover after parsing attributes in process `syz.1.4882'. [ 382.759492][T22906] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 382.863349][T22911] pimreg: entered allmulticast mode [ 383.087538][T22919] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 383.101379][T22919] xt_cgroup: xt_cgroup: no path or classid specified [ 383.341252][T22934] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4894'. [ 383.489864][T22943] veth0: entered promiscuous mode [ 383.491242][T22942] sock: sock_set_timeout: `syz.3.4896' (pid 22942) tries to set negative timeout [ 383.519694][T22943] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4897'. [ 383.581971][T22943] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4897'. [ 383.670890][T22954] netlink: 'syz.3.4900': attribute type 3 has an invalid length. [ 383.685263][T22954] netlink: 'syz.3.4900': attribute type 3 has an invalid length. [ 383.693078][T22954] netlink: 'syz.3.4900': attribute type 3 has an invalid length. [ 383.709153][T22954] netlink: 'syz.3.4900': attribute type 3 has an invalid length. [ 383.717323][T22954] netlink: 'syz.3.4900': attribute type 3 has an invalid length. [ 383.728594][T22941] veth0: left promiscuous mode [ 384.288538][T22995] validate_nla: 45 callbacks suppressed [ 384.288617][T22995] netlink: 'syz.3.4915': attribute type 1 has an invalid length. [ 384.330502][T22995] 8021q: adding VLAN 0 to HW filter on device bond4 [ 384.338204][T23000] mac80211_hwsim hwsim42 : renamed from wlan1 [ 384.373688][T22998] netlink: 'syz.4.4914': attribute type 5 has an invalid length. [ 384.405004][T22995] 8021q: adding VLAN 0 to HW filter on device bond4 [ 384.413915][T22995] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address [ 384.426304][T22995] bond4: (slave vxcan3): Error -95 calling set_mac_address [ 384.490223][T23001] veth5: entered promiscuous mode [ 384.517058][T23001] bond4: (slave veth5): Enslaving as an active interface with a down link [ 384.892440][T23031] netlink: 'syz.0.4928': attribute type 1 has an invalid length. [ 384.937537][T23034] ipt_REJECT: TCP_RESET invalid for non-tcp [ 384.999902][T23037] netlink: 'syz.1.4929': attribute type 2 has an invalid length. [ 385.234835][T23052] netlink: 'syz.3.4933': attribute type 32 has an invalid length. [ 385.347027][T23052] bond5: Setting coupled_control to off (0) [ 385.421827][T23073] netlink: 'syz.2.4937': attribute type 1 has an invalid length. [ 385.810269][T23093] syz.2.4945 (23093) used obsolete PPPIOCDETACH ioctl [ 385.983359][T23104] IPv6: addrconf: prefix option has invalid lifetime [ 386.137207][T23109] bond8 (unregistering): Released all slaves [ 386.422922][T23134] __nla_validate_parse: 21 callbacks suppressed [ 386.422940][T23134] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4956'. [ 386.487552][T23140] IPVS: set_ctl: invalid protocol: 20 0.0.0.0:256 [ 387.022057][T23175] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4964'. [ 387.057112][T23172] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4964'. [ 387.304774][T23199] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 387.493737][T23212] syzkaller0: entered promiscuous mode [ 387.545503][T23212] syzkaller0: entered allmulticast mode [ 387.612413][T23219] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4975'. [ 387.775469][T23226] netlink: 'syz.3.4977': attribute type 14 has an invalid length. [ 387.804205][T23226] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4977'. [ 387.909100][T23222] bridge0: port 2(bridge_slave_1) entered disabled state [ 387.916868][T23222] bridge0: port 1(bridge_slave_0) entered disabled state [ 388.094964][T23222] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 388.114598][T23222] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 388.266183][T23222] veth0_macvtap: left allmulticast mode [ 388.296257][T23226] netlink: 'syz.3.4977': attribute type 14 has an invalid length. [ 388.297603][ T1147] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 388.304440][T23226] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4977'. [ 388.313187][ T1147] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 388.344739][ T1147] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 388.359193][ T1147] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 388.400632][ T1147] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 388.421795][ T1147] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 388.431282][ T1147] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 388.435684][T23247] netlink: 'syz.3.4984': attribute type 21 has an invalid length. [ 388.441368][ T1147] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 390.835985][ T5149] Bluetooth: hci5: command 0x0406 tx timeout [ 401.075446][ T5149] Bluetooth: hci1: command 0x0406 tx timeout [ 402.836048][ T56] block nbd0: Possible stuck request ffff888025040000: control (read@0,1024B). Runtime 240 seconds [ 402.847031][ T56] block nbd0: Possible stuck request ffff8880250401c0: control (read@1024,1024B). Runtime 240 seconds [ 402.858036][ T56] block nbd0: Possible stuck request ffff888025040380: control (read@2048,1024B). Runtime 240 seconds [ 402.869674][ T56] block nbd0: Possible stuck request ffff888025040540: control (read@3072,1024B). Runtime 240 seconds [ 406.195485][ T5839] Bluetooth: hci3: command 0x0406 tx timeout [ 409.249434][T23313] netlink: 'syz.0.4997': attribute type 1 has an invalid length. [ 409.268136][T23313] netlink: 'syz.0.4997': attribute type 3 has an invalid length. [ 409.280318][T23313] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4997'. [ 409.441669][T23322] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 409.453502][T23326] netlink: 44 bytes leftover after parsing attributes in process `syz.1.5000'. [ 410.001154][T23367] netlink: 'syz.4.5015': attribute type 10 has an invalid length. [ 410.009795][T23367] bridge_slave_1: left allmulticast mode [ 410.015984][T23367] bridge_slave_1: left promiscuous mode [ 410.022516][T23367] bridge0: port 2(bridge_slave_1) entered disabled state [ 410.040557][T23367] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 410.110162][T23372] tipc: Enabled bearer , priority 0 [ 410.129732][T23372] syzkaller0: entered promiscuous mode [ 410.142212][T23372] syzkaller0: entered allmulticast mode [ 410.160076][T23372] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 410.214692][T23372] tipc: Resetting bearer [ 410.264775][T23379] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5018'. [ 410.339701][T23383] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5019'. [ 410.363550][T23386] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5021'. [ 410.420937][T23390] tipc: Enabled bearer , priority 10 [ 410.446813][T23390] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5022'. [ 410.514575][T23397] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5024'. [ 410.598670][T23395] nbd2: detected capacity change from 0 to 63 [ 410.607251][T23400] block nbd2: NBD_DISCONNECT [ 410.613605][T23400] block nbd2: Disconnected due to user request. [ 410.630508][T23400] block nbd2: shutting down sockets [ 410.636892][T15312] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 410.655503][T15312] Buffer I/O error on dev nbd2, logical block 0, async page read [ 410.669379][T23403] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5026'. [ 410.679986][ T95] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 3 prio class 2 [ 410.689307][T23403] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5026'. [ 410.689338][T23403] netlink: 'syz.0.5026': attribute type 14 has an invalid length. [ 410.689351][T23403] netlink: 'syz.0.5026': attribute type 13 has an invalid length. [ 410.716393][ T95] Buffer I/O error on dev nbd2, logical block 1, async page read [ 410.724402][ T95] Buffer I/O error on dev nbd2, logical block 2, async page read [ 410.733833][ T95] Buffer I/O error on dev nbd2, logical block 3, async page read [ 410.743268][T15312] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 410.752492][T15312] Buffer I/O error on dev nbd2, logical block 0, async page read [ 410.762141][T15312] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 410.771707][T15312] Buffer I/O error on dev nbd2, logical block 1, async page read [ 410.780391][T15312] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 410.791068][T15312] Buffer I/O error on dev nbd2, logical block 2, async page read [ 410.800473][T15312] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 410.809886][T23364] tipc: Resetting bearer [ 410.816161][T15312] Buffer I/O error on dev nbd2, logical block 3, async page read [ 410.824068][T15312] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 410.833943][T15312] Buffer I/O error on dev nbd2, logical block 0, async page read [ 410.842751][T15312] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 410.859531][T15312] Buffer I/O error on dev nbd2, logical block 1, async page read [ 410.872013][T15312] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 410.881438][T23412] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not filter [ 410.899501][T23364] tipc: Disabling bearer [ 410.905976][T15312] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 410.922675][T15312] ldm_validate_partition_table(): Disk read failed. [ 410.932766][T15312] Dev nbd2: unable to read RDB block 0 [ 410.947536][T15312] nbd2: unable to read partition table [ 410.969678][T15312] ldm_validate_partition_table(): Disk read failed. [ 410.979095][T15312] Dev nbd2: unable to read RDB block 0 [ 410.987913][T15312] nbd2: unable to read partition table [ 411.128468][T23428] bridge6: entered promiscuous mode [ 411.133711][T23428] bridge6: entered allmulticast mode [ 411.150228][T23430] sctp: [Deprecated]: syz.3.5031 (pid 23430) Use of int in maxseg socket option. [ 411.150228][T23430] Use struct sctp_assoc_value instead [ 411.252460][T23441] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5038'. [ 411.282159][T23441] netlink: 'syz.2.5038': attribute type 4 has an invalid length. [ 412.039746][T23460] gretap2: entered promiscuous mode [ 412.045264][T23460] gretap2: entered allmulticast mode [ 412.268700][T23465] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 412.546536][T23485] xt_l2tp: missing protocol rule (udp|l2tpip) [ 413.149567][T23527] netlink: 'syz.4.5060': attribute type 1 has an invalid length. [ 413.183908][T23529] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 413.642085][T23549] bond8: ARP target 1.0.0.0 is already present [ 413.666957][T23549] bond8: option arp_ip_target: invalid value (1) [ 413.682972][T23549] bond8 (unregistering): Released all slaves [ 414.541104][T23608] bridge6: entered promiscuous mode [ 414.550066][T23608] bridge6: entered allmulticast mode [ 414.562247][T23610] workqueue: name exceeds WQ_NAME_LEN. Truncating to: ^>>Mv^侦Kc'A [ 414.647487][T23614] tipc: Enabling of bearer rejected, failed to enable media [ 414.754994][T23617] netlink: 'syz.1.5088': attribute type 1 has an invalid length. [ 415.011781][T23646] __nla_validate_parse: 12 callbacks suppressed [ 415.011800][T23646] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5095'. [ 415.083203][T23653] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5097'. [ 415.099667][T23652] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5097'. [ 415.251237][T23661] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5099'. [ 415.265280][T23661] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5099'. [ 415.342031][T23661] bond6: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 415.374528][T23661] bond6 (unregistering): Released all slaves [ 415.642173][T23673] batadv_slave_0: entered promiscuous mode [ 415.652879][T23673] batadv_slave_0: entered allmulticast mode [ 415.897221][T23708] IPVS: set_ctl: invalid protocol: 60 100.1.1.0:20000 [ 416.259193][T23729] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5117'. [ 416.477056][T23743] netlink: 'syz.0.5123': attribute type 11 has an invalid length. [ 416.495821][T23743] netlink: 224 bytes leftover after parsing attributes in process `syz.0.5123'. [ 416.647756][T23764] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5130'. [ 416.663905][T23764] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5130'. [ 416.701147][T23770] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 416.719169][T23765] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 416.790838][T23764] bond2: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 416.824130][T23764] bond2 (unregistering): Released all slaves [ 416.992870][T23791] netlink: 'syz.0.5137': attribute type 1 has an invalid length. [ 417.001815][T23791] netlink: 228 bytes leftover after parsing attributes in process `syz.0.5137'. [ 417.014579][T23789] bridge5: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms) [ 417.287721][T23803] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 417.303608][T23803] syzkaller0: Linktype set failed because interface is up [ 419.146451][T23841] tipc: Enabling of bearer rejected, failed to enable media [ 419.395943][T23859] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 419.544547][T23870] netlink: 'syz.1.5161': attribute type 1 has an invalid length. [ 419.804130][T23891] netlink: 'syz.0.5165': attribute type 1 has an invalid length. [ 419.818385][T23891] netlink: 'syz.0.5165': attribute type 11 has an invalid length. [ 420.034472][T23908] __nla_validate_parse: 9 callbacks suppressed [ 420.034492][T23908] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5171'. [ 420.098184][T23908] team1: entered promiscuous mode [ 420.103397][T23908] team1: entered allmulticast mode [ 420.184056][T23914] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5173'. [ 420.258036][T23916] sch_tbf: burst 88 is lower than device veth5 mtu (1514) ! [ 420.278822][T23917] xt_ecn: cannot match TCP bits for non-tcp packets [ 420.330398][T23917] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5174'. [ 420.373042][T23928] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5175'. [ 420.438819][T23933] netlink: 'syz.2.5178': attribute type 15 has an invalid length. [ 420.447658][T23933] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5178'. [ 420.469273][T23933] netlink: 'syz.2.5178': attribute type 15 has an invalid length. [ 420.477841][T23933] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5178'. [ 420.687907][T23945] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5183'. [ 420.698246][T23942] x_tables: duplicate underflow at hook 3 [ 420.799916][T23945] syzkaller0: entered promiscuous mode [ 420.805663][T23945] syzkaller0: entered allmulticast mode [ 422.307031][T23957] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 422.420378][T23977] netlink: 5 bytes leftover after parsing attributes in process `syz.1.5192'. [ 422.453664][T23978] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5190'. [ 422.453948][T23977] 0{X: renamed from gretap0 [ 422.477135][T23977] 0{X: entered allmulticast mode [ 422.492086][T23977] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check. [ 422.891260][T24012] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 422.938760][T24016] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 422.946070][T24016] IPv6: NLM_F_CREATE should be set when creating new route [ 422.954092][T24022] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5208'. [ 422.987120][T24016] netlink: 'syz.3.5206': attribute type 17 has an invalid length. [ 423.865628][T24070] netlink: 'syz.4.5222': attribute type 12 has an invalid length. [ 424.036456][T24075] netlink: zone id is out of range [ 424.048108][T24075] netlink: zone id is out of range [ 424.094081][T24075] netlink: zone id is out of range [ 424.104522][T24075] netlink: zone id is out of range [ 424.126609][T24075] netlink: zone id is out of range [ 424.140509][T24075] netlink: zone id is out of range [ 424.162930][T24075] netlink: zone id is out of range [ 424.308162][T24101] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 424.374330][T24105] macsec0: entered promiscuous mode [ 424.386368][T24105] macsec0: entered allmulticast mode [ 424.418294][T24105] veth1_macvtap: entered allmulticast mode [ 424.434593][T24105] macsec0: left promiscuous mode [ 424.467493][T24105] macsec0: left allmulticast mode [ 424.485179][T24105] veth1_macvtap: left allmulticast mode [ 424.612961][T24116] netlink: 'syz.1.5235': attribute type 4 has an invalid length. [ 424.842751][T24133] netlink: 'syz.1.5242': attribute type 75 has an invalid length. [ 424.999612][T24133] 8021q: adding VLAN 0 to HW filter on device bond6 [ 425.113663][T24156] tipc: Enabling of bearer rejected, failed to enable media [ 425.161788][T24159] block nbd2: Unsupported socket: should be TCP or UNIX. [ 425.640014][T24181] __nla_validate_parse: 7 callbacks suppressed [ 425.640032][T24181] netlink: 44 bytes leftover after parsing attributes in process `syz.3.5254'. [ 425.873058][T24195] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5260'. [ 425.939501][T24199] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5261'. [ 426.082206][T24209] netlink: 'syz.0.5266': attribute type 10 has an invalid length. [ 426.138560][T24214] netlink: 196 bytes leftover after parsing attributes in process `syz.3.5268'. [ 426.156267][T24214] netlink: 196 bytes leftover after parsing attributes in process `syz.3.5268'. [ 426.165643][T24214] netlink: 19 bytes leftover after parsing attributes in process `syz.3.5268'. [ 426.178339][T24214] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5268'. [ 426.244535][ T30] audit: type=1107 audit(1761400596.596:9): pid=24221 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 426.369329][T24228] net_ratelimit: 13 callbacks suppressed [ 426.369438][T24228] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 426.731868][T24258] openvswitch: netlink: IP tunnel dst address not specified [ 426.985811][T24265] can: request_module (can-proto-4) failed. [ 427.085648][T24285] openvswitch: netlink: Message has 4 unknown bytes. [ 427.118748][T24288] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5289'. [ 427.142831][T24288] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5289'. [ 427.175178][T24288] geneve2: entered promiscuous mode [ 427.186602][T24288] geneve2: entered allmulticast mode [ 427.313161][T24307] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5296'. [ 427.733769][T24331] netlink: 'syz.2.5305': attribute type 1 has an invalid length. [ 427.794856][T24331] 8021q: adding VLAN 0 to HW filter on device bond8 [ 427.823911][T24331] bond8: (slave ip6gretap1): making interface the new active one [ 427.854899][T24331] bond8: (slave ip6gretap1): Enslaving as an active interface with an up link [ 428.046935][T24358] netlink: 'syz.3.5313': attribute type 6 has an invalid length. [ 428.133401][T24351] vlan0 (unregistering): left allmulticast mode [ 428.141202][T24351] veth0_vlan (unregistering): left allmulticast mode [ 428.149177][T24351] vlan0 (unregistering): left promiscuous mode [ 428.198009][T24358] : entered promiscuous mode [ 428.512418][T24391] delete_channel: no stack [ 428.807205][T24421] netlink: 'syz.1.5332': attribute type 11 has an invalid length. [ 429.011721][T24437] netlink: 'syz.3.5337': attribute type 29 has an invalid length. [ 429.024250][T24437] netlink: 'syz.3.5337': attribute type 29 has an invalid length. [ 429.375983][T24466] syzkaller0: entered promiscuous mode [ 429.381656][T24466] syzkaller0: entered allmulticast mode [ 429.778766][T24499] IPVS: length: 132 != 1152 [ 429.784163][T24495] bond2: Removing last ns target with arp_interval on [ 430.508703][T24546] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 430.652450][T24553] bond9: (slave bond_slave_1): Device is not bonding slave [ 430.660277][T24553] bond9: option active_slave: invalid value (bond_slave_1) [ 430.671350][T24553] bond9 (unregistering): Released all slaves [ 430.736264][T24567] __nla_validate_parse: 49 callbacks suppressed [ 430.736284][T24567] netlink: 9 bytes leftover after parsing attributes in process `syz.4.5379'. [ 430.781171][T24570] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5380'. [ 430.790996][T24570] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5380'. [ 430.800719][T24570] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5380'. [ 430.812178][T24571] netlink: 'syz.4.5379': attribute type 1 has an invalid length. [ 430.825624][T24572] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5380'. [ 430.834590][T24572] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5380'. [ 430.851116][T24572] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5380'. [ 430.930792][T24576] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5382'. [ 431.009919][T24579] netlink: 64 bytes leftover after parsing attributes in process `syz.2.5383'. [ 431.054456][T24579] bond9: Removing last arp target with arp_interval on [ 431.120645][T24584] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5384'. [ 431.404196][T24597] netlink: 'syz.0.5388': attribute type 1 has an invalid length. [ 431.718896][T24617] xt_hashlimit: size too large, truncated to 1048576 [ 431.830318][T24625] netlink: 'syz.3.5399': attribute type 1 has an invalid length. [ 432.347765][T24659] x_tables: ip6_tables: NETMAP.0 target: invalid size 40 (kernel) != (user) 0 [ 432.915359][ T56] block nbd0: Possible stuck request ffff888025040000: control (read@0,1024B). Runtime 270 seconds [ 432.926945][ T56] block nbd0: Possible stuck request ffff8880250401c0: control (read@1024,1024B). Runtime 270 seconds [ 432.929266][T24691] tipc: Enabled bearer , priority 0 [ 432.938012][ T56] block nbd0: Possible stuck request ffff888025040380: control (read@2048,1024B). Runtime 270 seconds [ 432.938045][ T56] block nbd0: Possible stuck request ffff888025040540: control (read@3072,1024B). Runtime 270 seconds [ 432.971234][T24691] syzkaller0: entered promiscuous mode [ 432.976810][T24691] syzkaller0: entered allmulticast mode [ 433.010176][T24690] tipc: Resetting bearer [ 433.034133][T24690] tipc: Disabling bearer [ 433.223506][T24704] IPVS: dh: SCTP 172.20.20.187:0 - no destination available [ 434.261624][T24735] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 434.385262][T24740] netlink: 'syz.1.5433': attribute type 1 has an invalid length. [ 434.654116][T24739] gretap0: entered promiscuous mode [ 434.659707][T24739] gretap0: entered allmulticast mode [ 434.689130][T24756] 8021q: VLANs not supported on ip6gre0 [ 434.961066][T24778] netlink: 'syz.2.5440': attribute type 13 has an invalid length. [ 434.997565][T24778] veth0_macvtap: left promiscuous mode [ 435.044187][T24778] macvtap0: entered allmulticast mode [ 435.069577][T24778] macvtap0: refused to change device tx_queue_len [ 435.588395][T24821] xfrm1: entered promiscuous mode [ 435.601866][T24821] xfrm1: entered allmulticast mode [ 435.609427][T24817] syzkaller0: entered promiscuous mode [ 435.614942][T24817] syzkaller0: entered allmulticast mode [ 435.800769][T24816] delete_channel: no stack [ 435.850763][T24836] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 435.941705][T24847] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 436.134869][T24865] __nla_validate_parse: 20 callbacks suppressed [ 436.134888][T24865] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5469'. [ 436.219040][T24870] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5473'. [ 436.249902][ T30] audit: type=1804 audit(1761400606.606:10): pid=24871 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.5472" name="/newroot/517/cgroup.controllers" dev="tmpfs" ino=2656 res=1 errno=0 [ 436.279291][T24872] netlink: 48 bytes leftover after parsing attributes in process `syz.2.5472'. [ 436.279751][ T30] audit: type=1800 audit(1761400606.616:11): pid=24871 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.5472" name="cgroup.controllers" dev="tmpfs" ino=2656 res=0 errno=0 [ 436.612040][T24888] netlink: 'syz.1.5476': attribute type 6 has an invalid length. [ 436.836835][T24904] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 436.843032][T24902] netlink: 'syz.0.5477': attribute type 6 has an invalid length. [ 436.894834][T24912] netlink: 'syz.0.5477': attribute type 6 has an invalid length. [ 436.947781][T24915] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5481'. [ 437.353788][T24937] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5491'. [ 437.476832][T24951] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5494'. [ 437.663925][T24962] block nbd3: not configured, cannot reconfigure [ 437.857774][T24970] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5500'. [ 437.897803][T15312] udevd[15312]: inotify_add_watch(7, /dev/nbd3, 10) failed: No such file or directory [ 437.913704][T24972] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5502'. [ 437.927840][T24973] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5502'. [ 437.998434][T24980] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5504'. [ 438.101129][T24988] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 438.288749][T24995] pim6reg1: entered promiscuous mode [ 438.294251][T24995] pim6reg1: entered allmulticast mode [ 438.533708][T25010] IPv6: sit1: Disabled Multicast RS [ 438.541880][T25010] sit1: entered allmulticast mode [ 438.879745][T25043] netlink: 'syz.0.5526': attribute type 2 has an invalid length. [ 438.888335][T25043] netlink: 'syz.0.5526': attribute type 1 has an invalid length. [ 439.283406][T25067] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 439.439677][T25079] : entered promiscuous mode [ 439.499361][T25086] netlink: 'syz.2.5542': attribute type 11 has an invalid length. [ 439.936541][T25120] netlink: 'syz.0.5552': attribute type 1 has an invalid length. [ 440.104500][T25124] 8021q: adding VLAN 0 to HW filter on device bond4 [ 440.138216][T25124] bond3: (slave bond4): making interface the new active one [ 440.161221][T25124] bond3: (slave bond4): Enslaving as an active interface with an up link [ 440.214179][T25120] bond3: (slave ipvlan0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 440.238163][T25120] bond3: (slave ipvlan0): The slave device specified does not support setting the MAC address [ 440.421651][T25139] team0 (unregistering): Port device team_slave_0 removed [ 440.463657][T25139] team0 (unregistering): Port device team_slave_1 removed [ 440.496405][T25139] team0 (unregistering): Port device dummy0 removed [ 440.748960][T25173] --map-set only usable from mangle table [ 440.847401][T25183] netlink: 'syz.4.5566': attribute type 1 has an invalid length. [ 440.889021][T25187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 440.925468][ T8935] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 440.950096][ T8935] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 440.959743][ T8935] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 440.983869][ T8935] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 441.190194][T25202] bond5: (slave bond_slave_1): Device is not bonding slave [ 441.200011][T25204] __nla_validate_parse: 25 callbacks suppressed [ 441.200028][T25204] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5572'. [ 441.202650][T25202] bond5: option active_slave: invalid value (bond_slave_1) [ 441.224784][T25209] netlink: 68 bytes leftover after parsing attributes in process `syz.0.5573'. [ 441.227237][T25202] bond5 (unregistering): Released all slaves [ 441.338372][T25204] netlink: 1 bytes leftover after parsing attributes in process `syz.2.5572'. [ 441.412044][T25224] netlink: 10684 bytes leftover after parsing attributes in process `syz.4.5577'. [ 441.444766][T25224] netlink: 508 bytes leftover after parsing attributes in process `syz.4.5577'. [ 441.464290][T25224] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5577'. [ 441.499469][T25228] macvtap1: entered promiscuous mode [ 441.504959][T25228] macvtap1: entered allmulticast mode [ 441.688551][T25237] netlink: 64 bytes leftover after parsing attributes in process `syz.4.5583'. [ 441.698024][T25237] team0: No ports can be present during mode change [ 441.712917][T25243] netlink: 'syz.1.5584': attribute type 1 has an invalid length. [ 441.801887][T25243] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5584'. [ 441.811047][T25243] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5584'. [ 442.016347][T25267] delete_channel: no stack [ 442.043059][T25272] netlink: 'syz.0.5594': attribute type 1 has an invalid length. [ 442.080687][T25274] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5594'. [ 442.182154][T25272] bond5: entered promiscuous mode [ 442.189761][T25272] 8021q: adding VLAN 0 to HW filter on device bond5 [ 442.209998][T25289] netlink: 'syz.4.5597': attribute type 10 has an invalid length. [ 442.743432][T25323] macsec2: entered promiscuous mode [ 442.751502][T25323] macsec2: entered allmulticast mode [ 442.758188][T25323] bond10: (slave macsec2): Error -34 calling dev_set_mtu [ 443.162622][T25347] pim6reg1: entered promiscuous mode [ 443.168380][T25347] pim6reg1: entered allmulticast mode [ 443.213032][T25347] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 443.222696][T25347] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 443.329495][T25360] x_tables: duplicate underflow at hook 3 [ 443.392110][T25357] smc: ib device syz0 ibport 1 erased user defined pnetid SYZ0 [ 443.856777][T25395] set match dimension is over the limit! [ 443.876025][T25398] netlink: 'syz.2.5635': attribute type 24 has an invalid length. [ 444.379513][T25435] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 444.643816][T25450] netlink: 'syz.0.5654': attribute type 33 has an invalid length. [ 444.662986][T25451] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 444.685723][T25450] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 444.747887][T25456] team0: Device gtp2 is up. Set it down before adding it as a team port [ 444.905279][T25471] netlink: 'syz.2.5661': attribute type 4 has an invalid length. [ 445.488313][T25523] x_tables: duplicate underflow at hook 1 [ 445.770458][T25538] delete_channel: no stack [ 446.269135][T25592] __nla_validate_parse: 30 callbacks suppressed [ 446.269240][T25592] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5698'. [ 446.279726][T25594] netlink: 'syz.4.5699': attribute type 2 has an invalid length. [ 446.297135][T25594] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5699'. [ 446.306836][T25594] netlink: 'syz.4.5699': attribute type 26 has an invalid length. [ 446.316012][T25594] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5699'. [ 446.328510][T25592] 8021q: adding VLAN 0 to HW filter on device bond8 [ 446.338452][T25596] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5697'. [ 446.341763][T25594] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5699'. [ 446.359341][T25594] netlink: 'syz.4.5699': attribute type 26 has an invalid length. [ 446.367886][T25594] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5699'. [ 446.377434][T25592] 8021q: adding VLAN 0 to HW filter on device bond8 [ 446.384689][T25592] bond8: (slave vxcan1): The slave device specified does not support setting the MAC address [ 446.396672][T25592] bond8: (slave vxcan1): Error -95 calling set_mac_address [ 446.453940][T25599] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5700'. [ 446.601901][T25607] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 446.611925][T25612] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5703'. [ 446.763838][T25623] netlink: 216 bytes leftover after parsing attributes in process `syz.4.5708'. [ 446.774645][T25623] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5708'. [ 446.828149][T25623] macvtap2: entered promiscuous mode [ 446.833679][T25623] macvtap2: entered allmulticast mode [ 446.840286][T25623] vlan0: entered allmulticast mode [ 446.845705][T25623] veth0_vlan: entered allmulticast mode [ 446.866314][T25625] netlink: 'syz.1.5709': attribute type 5 has an invalid length. [ 446.906629][T25625] geneve3: entered promiscuous mode [ 446.912134][T25625] geneve3: entered allmulticast mode [ 446.934708][ T8935] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 256 - 0 [ 446.967475][ T8935] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 256 - 0 [ 447.014525][ T8935] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 256 - 0 [ 447.023605][ T8935] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 256 - 0 [ 447.435080][T25669] Cannot find del_set index 3 as target [ 447.500604][T25674] netlink: 'syz.1.5726': attribute type 10 has an invalid length. [ 447.544152][T25674] bond0: (slave geneve1): Enslaving as an active interface with an up link [ 447.582589][ T1158] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 6081 - 0 [ 447.612302][ T1158] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 6081 - 0 [ 447.633015][ T1158] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 6081 - 0 [ 447.690158][ T1158] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 6081 - 0 [ 447.746095][T25694] veth1_to_bond: entered allmulticast mode [ 447.752825][T25692] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0 [ 447.813111][T25698] netlink: 'syz.2.5734': attribute type 1 has an invalid length. [ 447.828759][T25694] veth1_to_bond (unregistering): left allmulticast mode [ 447.854049][T25696] tipc: Enabled bearer , priority 0 [ 447.908459][T25698] 8021q: adding VLAN 0 to HW filter on device bond11 [ 448.061971][T25698] bond11: (slave gretap1): making interface the new active one [ 448.102315][T25698] bond11: (slave gretap1): Enslaving as an active interface with an up link [ 448.158713][T25714] netlink: 'syz.0.5736': attribute type 1 has an invalid length. [ 448.183438][T25696] tipc: Disabling bearer [ 448.479739][T25731] veth5: entered allmulticast mode [ 448.687817][T25748] block nbd4: not configured, cannot reconfigure [ 448.964244][T25774] netlink: 'syz.4.5753': attribute type 4 has an invalid length. [ 448.971634][T25767] bond12: invalid ARP target 0.0.0.0 specified for addition [ 448.982480][T25767] bond12: option arp_ip_target: invalid value (0) [ 448.997288][T25767] bond12 (unregistering): Released all slaves [ 449.122405][T25779] netlink: 'syz.3.5756': attribute type 9 has an invalid length. [ 449.221400][T25783] tipc: Enabled bearer , priority 0 [ 449.229319][T25783] syzkaller0: entered promiscuous mode [ 449.234804][T25783] syzkaller0: entered allmulticast mode [ 449.272667][T25783] tipc: Resetting bearer [ 449.285809][T25782] tipc: Resetting bearer [ 449.331090][T25782] tipc: Disabling bearer [ 449.381142][T25798] netlink: 'syz.4.5763': attribute type 33 has an invalid length. [ 449.542899][T25808] Cannot find del_set index 4 as target [ 449.716641][T25825] syzkaller0: entered promiscuous mode [ 449.733398][T25825] syzkaller0: entered allmulticast mode [ 449.780527][T25832] xt_time: unknown flags 0xf4 [ 450.276543][T25854] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0001 with DS=0x2 [ 450.320825][T25859] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input5 [ 450.820510][T25881] 8021q: VLANs not supported on ip6_vti0 [ 450.838632][T25881] syzkaller0: entered promiscuous mode [ 450.844137][T25881] syzkaller0: entered allmulticast mode [ 451.420945][T25906] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 451.541903][T25915] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 451.631913][T25920] netlink: 'syz.4.5802': attribute type 2 has an invalid length. [ 451.660597][T25920] __nla_validate_parse: 12 callbacks suppressed [ 451.660615][T25920] netlink: 56 bytes leftover after parsing attributes in process `syz.4.5802'. [ 451.769463][T25928] netlink: 108 bytes leftover after parsing attributes in process `syz.2.5805'. [ 451.845575][T25937] netlink: 14 bytes leftover after parsing attributes in process `syz.4.5807'. [ 452.143119][T25937] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 452.154699][T25937] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface [ 452.170011][T25937] bond0 (unregistering): Released all slaves [ 452.272226][T25963] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5814'. [ 452.308183][T25963] tipc: Invalid UDP bearer configuration [ 452.308240][T25963] tipc: Enabling of bearer rejected, failed to enable media [ 452.459826][T25973] xt_TCPMSS: Only works on TCP SYN packets [ 452.459832][T25974] netlink: 'syz.1.5818': attribute type 1 has an invalid length. [ 452.459849][T25974] netlink: 228 bytes leftover after parsing attributes in process `syz.1.5818'. [ 452.484723][T25976] vlan3: entered promiscuous mode [ 452.484744][T25976] bridge0: entered promiscuous mode [ 452.578066][T25980] netlink: 'syz.0.5823': attribute type 27 has an invalid length. [ 452.606646][T25982] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5822'. [ 452.676993][T25990] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 452.889150][T26002] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5827'. [ 452.907576][T26006] netlink: 'syz.4.5828': attribute type 1 has an invalid length. [ 452.919417][T26006] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5828'. [ 453.071359][T26022] netlink: 56 bytes leftover after parsing attributes in process `syz.1.5830'. [ 453.555367][T26049] block nbd2: server does not support multiple connections per device. [ 453.564129][T26049] block nbd2: shutting down sockets [ 454.252993][T26076] netlink: 'syz.1.5847': attribute type 6 has an invalid length. [ 454.263593][T26074] netlink: 108 bytes leftover after parsing attributes in process `syz.2.5846'. [ 454.425569][T26089] vlan3: entered promiscuous mode [ 454.830072][T26118] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 455.090812][T26134] bond12: entered allmulticast mode [ 455.097429][T26134] 8021q: adding VLAN 0 to HW filter on device bond12 [ 455.357073][T26162] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 455.391474][T26160] bridge7: entered promiscuous mode [ 455.397149][T26160] bridge7: entered allmulticast mode [ 455.664207][T26191] net veth1_virt_wifi .: renamed from virt_wifi0 [ 455.824194][T26193] netlink: 'syz.4.5881': attribute type 2 has an invalid length. [ 455.937663][T26206] netlink: 'syz.4.5887': attribute type 1 has an invalid length. [ 456.068011][T26206] 8021q: adding VLAN 0 to HW filter on device bond4 [ 456.077480][T26206] bond0: (slave bond4): making interface the new active one [ 456.099428][T26206] bond0: (slave bond4): Enslaving as an active interface with an up link [ 456.147024][T26212] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 456.185674][T26212] bond0: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 456.234841][ T5839] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 456.248790][ T5839] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 456.259222][ T5839] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 456.269151][ T5839] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 456.286695][ T5839] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 456.424773][T26216] wg1 speed is unknown, defaulting to 1000 [ 456.441723][T26216] lo speed is unknown, defaulting to 1000 [ 456.621656][ T8933] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 456.635908][ T8933] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 456.836870][ T8933] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 456.885904][ T8933] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 457.008168][T26247] __nla_validate_parse: 13 callbacks suppressed [ 457.008185][T26247] netlink: 108 bytes leftover after parsing attributes in process `syz.1.5898'. [ 457.032244][ T8933] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 457.045907][T26247] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5898'. [ 457.062327][ T8933] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 457.091319][T26257] netlink: 80 bytes leftover after parsing attributes in process `syz.3.5901'. [ 457.217571][ T8933] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 457.242109][ T8933] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 457.653009][T26288] syzkaller0: entered promiscuous mode [ 457.660724][T26288] syzkaller0: entered allmulticast mode [ 457.780598][T26216] chnl_net:caif_netlink_parms(): no params data found [ 457.850117][T26301] netlink: 'syz.0.5913': attribute type 64 has an invalid length. [ 457.858390][T26301] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5913'. [ 457.865969][T26297] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5910'. [ 457.902316][T26302] netlink: 'syz.0.5913': attribute type 64 has an invalid length. [ 457.910899][T26302] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5913'. [ 458.107324][T26267] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 458.114226][T26267] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 458.360412][ T5839] Bluetooth: hci4: command tx timeout [ 458.798243][ T8933] bond8 (unregistering): (slave ip6gretap1): Releasing active interface [ 458.922058][ T8933] bond11 (unregistering): (slave gretap1): Releasing active interface [ 459.020263][ T8933] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 459.028948][ T8933] bridge0 (unregistering): left allmulticast mode [ 459.436343][ T8933] bond0 (unregistering): left promiscuous mode [ 459.443200][ T8933] bond0 (unregistering): Released all slaves [ 459.456357][ T8933] bond1 (unregistering): Released all slaves [ 459.469596][ T8933] bond2 (unregistering): Released all slaves [ 459.573689][ T8933] bond3 (unregistering): Released all slaves [ 459.586858][ T8933] bond4 (unregistering): Released all slaves [ 459.679572][ T8933] bond5 (unregistering): Released all slaves [ 459.771754][ T8933] bond6 (unregistering): Released all slaves [ 459.783914][ T8933] bond7 (unregistering): Released all slaves [ 459.882399][ T8933] bond8 (unregistering): Released all slaves [ 459.895123][ T8933] bond9 (unregistering): Released all slaves [ 459.907986][ T8933] bond10 (unregistering): Released all slaves [ 460.001852][ T8933] bond11 (unregistering): Released all slaves [ 460.092388][ T8933] bond12 (unregistering): Released all slaves [ 460.142853][T26267] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 460.154270][T26267] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 460.307643][T26267] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 460.317591][T26267] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 460.361265][T26313] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5916'. [ 460.370806][ T8933] tipc: Left network mode [ 460.391908][T26310] bridge1: left promiscuous mode [ 460.404428][T26310] bridge2: left promiscuous mode [ 460.411958][T26310] veth9: left promiscuous mode [ 460.419782][T26310] bridge4: left promiscuous mode [ 460.426330][T26310] geneve2: left promiscuous mode [ 460.433478][T26310] bond5: left promiscuous mode [ 460.439262][ T5839] Bluetooth: hci4: command tx timeout [ 460.448511][T26267] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 460.457975][T26267] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 460.531542][T26317] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5915'. [ 460.540870][T26267] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 460.549705][T26267] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 460.697189][T26216] bridge0: port 1(bridge_slave_0) entered blocking state [ 460.714655][T26216] bridge0: port 1(bridge_slave_0) entered disabled state [ 460.729998][T26216] bridge_slave_0: entered allmulticast mode [ 460.750734][T26216] bridge_slave_0: entered promiscuous mode [ 460.803353][T26216] bridge0: port 2(bridge_slave_1) entered blocking state [ 460.813955][T26216] bridge0: port 2(bridge_slave_1) entered disabled state [ 460.834644][T26216] bridge_slave_1: entered allmulticast mode [ 460.853639][T26216] bridge_slave_1: entered promiscuous mode [ 461.050507][T26216] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 461.110417][T26216] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 461.241145][T26216] team0: Port device team_slave_0 added [ 461.267710][T26216] team0: Port device team_slave_1 added [ 461.334289][ T8933] batadv0: left promiscuous mode [ 461.348890][ T8933] hsr_slave_0: left promiscuous mode [ 461.356429][ T8933] hsr_slave_1: left promiscuous mode [ 461.374563][ T8933] veth1_macvtap: left promiscuous mode [ 461.381330][ T8933] veth1_vlan: left promiscuous mode [ 461.523379][ T8933] pimreg (unregistering): left allmulticast mode [ 462.356822][T26216] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 462.374096][T26216] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 462.413113][T26385] netlink: 104 bytes leftover after parsing attributes in process `syz.3.5933'. [ 462.429071][T26216] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 462.460679][T26379] netlink: 48 bytes leftover after parsing attributes in process `syz.1.5932'. [ 462.472886][T26385] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5933'. [ 462.484888][T26216] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 462.492689][T26216] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 462.523996][T26216] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 462.536726][T26390] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5933'. [ 462.699573][T26394] netlink: 'syz.4.5936': attribute type 3 has an invalid length. [ 462.762027][T26216] hsr_slave_0: entered promiscuous mode [ 462.776607][T26216] hsr_slave_1: entered promiscuous mode [ 462.793189][T26396] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5937'. [ 462.872813][T26408] netlink: 'syz.1.5941': attribute type 1 has an invalid length. [ 462.885649][T26408] netlink: 228 bytes leftover after parsing attributes in process `syz.1.5941'. [ 462.967051][T26404] tipc: Enabled bearer , priority 0 [ 462.986203][T26394] syzkaller0: entered promiscuous mode [ 462.991712][T26394] syzkaller0: entered allmulticast mode [ 463.008429][ T56] block nbd0: Possible stuck request ffff888025040000: control (read@0,1024B). Runtime 300 seconds [ 463.013549][T26413] batadv4: entered allmulticast mode [ 463.019370][ T56] block nbd0: Possible stuck request ffff8880250401c0: control (read@1024,1024B). Runtime 300 seconds [ 463.035635][T26411] netlink: 104 bytes leftover after parsing attributes in process `syz.0.5942'. [ 463.045707][ T56] block nbd0: Possible stuck request ffff888025040380: control (read@2048,1024B). Runtime 300 seconds [ 463.056839][ T56] block nbd0: Possible stuck request ffff888025040540: control (read@3072,1024B). Runtime 300 seconds [ 463.094029][T26404] tipc: Resetting bearer [ 463.113507][T26419] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5945'. [ 463.133981][T26393] tipc: Resetting bearer [ 463.177566][T26393] tipc: Disabling bearer [ 463.201337][T26423] netlink: 'syz.0.5946': attribute type 3 has an invalid length. [ 463.214684][T26423] netlink: 'syz.0.5946': attribute type 3 has an invalid length. [ 463.243763][T26423] netlink: 'syz.0.5946': attribute type 3 has an invalid length. [ 463.273026][T26423] netlink: 'syz.0.5946': attribute type 3 has an invalid length. [ 463.283612][T26423] netlink: 'syz.0.5946': attribute type 3 has an invalid length. [ 463.291724][T26423] netlink: 'syz.0.5946': attribute type 3 has an invalid length. [ 463.300404][T26423] netlink: 'syz.0.5946': attribute type 3 has an invalid length. [ 463.308518][T26423] netlink: 'syz.0.5946': attribute type 3 has an invalid length. [ 463.322947][T26423] netlink: 'syz.0.5946': attribute type 3 has an invalid length. [ 463.351552][ T8933] IPVS: stop unused estimator thread 0... [ 463.455475][T26442] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5949'. [ 463.492833][T26442] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5949'. [ 464.066314][T26216] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 464.087532][T26216] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 464.116136][T26216] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 464.146943][T26216] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 464.318937][T26491] bond6 (unregistering): Released all slaves [ 464.328970][T26477] vcan0: tx address claim with dlc 0 [ 464.510945][T26216] 8021q: adding VLAN 0 to HW filter on device bond0 [ 464.592621][T26216] 8021q: adding VLAN 0 to HW filter on device team0 [ 464.619502][ T8932] bridge0: port 1(bridge_slave_0) entered blocking state [ 464.626730][ T8932] bridge0: port 1(bridge_slave_0) entered forwarding state [ 464.933677][T26518] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20000 [ 464.945837][ T8933] bridge0: port 2(bridge_slave_1) entered blocking state [ 464.953002][ T8933] bridge0: port 2(bridge_slave_1) entered forwarding state [ 465.192005][T26532] syzkaller0: entered promiscuous mode [ 465.207341][T26532] syzkaller0: entered allmulticast mode [ 465.270228][T26534] 8021q: adding VLAN 0 to HW filter on device bond6 [ 465.288649][T26538] vlan3: entered promiscuous mode [ 465.316151][T26538] bond6: entered promiscuous mode [ 465.321616][T26538] vlan3: entered allmulticast mode [ 465.328694][T26538] bond6: entered allmulticast mode [ 465.474724][T26216] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 465.654616][T26216] veth0_vlan: entered promiscuous mode [ 465.717330][T26216] veth1_vlan: entered promiscuous mode [ 465.837401][T26216] veth0_macvtap: entered promiscuous mode [ 465.860317][T26216] veth1_macvtap: entered promiscuous mode [ 465.900680][T26577] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_team, syncid = 4, id = 0 [ 465.950271][T26216] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 466.021452][T26216] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 466.091736][ T1147] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.109266][ T1147] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.144592][ T1147] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.161781][ T1147] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.189843][T26585] syzkaller0: entered promiscuous mode [ 466.207893][T26585] syzkaller0: entered allmulticast mode [ 466.572869][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 466.600134][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 466.641989][T26615] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 466.668189][ T1147] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 466.677948][ T1147] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 466.915875][T26633] bridge0: port 2(bridge_slave_1) entered disabled state [ 466.923420][T26633] bridge0: port 1(bridge_slave_0) entered disabled state [ 467.139114][T26652] syzkaller0: entered promiscuous mode [ 467.144711][T26652] syzkaller0: entered allmulticast mode [ 467.476624][T26670] pim6reg527: entered allmulticast mode [ 467.599581][T26675] __nla_validate_parse: 27 callbacks suppressed [ 467.599598][T26675] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6008'. [ 467.648926][T26675] netlink: 17 bytes leftover after parsing attributes in process `syz.0.6008'. [ 467.680526][T26686] netlink: 224 bytes leftover after parsing attributes in process `syz.4.6011'. [ 467.739304][T26688] netlink: 64138 bytes leftover after parsing attributes in process `syz.0.6012'. [ 467.828895][T26693] netlink: 48 bytes leftover after parsing attributes in process `syz.2.6013'. [ 467.989479][T26710] IPVS: set_ctl: invalid protocol: 50 172.20.20.187:20000 [ 468.132509][T26718] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6022'. [ 468.152972][T26718] netlink: zone id is out of range [ 468.253655][T26725] netlink: 256 bytes leftover after parsing attributes in process `syz.2.6025'. [ 468.288783][T26725] validate_nla: 72 callbacks suppressed [ 468.288801][T26725] netlink: 'syz.2.6025': attribute type 9 has an invalid length. [ 468.580104][T26746] tipc: Enabling of bearer rejected, failed to enable media [ 468.659579][T26749] tipc: Started in network mode [ 468.674299][T26749] tipc: Node identity a6831c3c9cad, cluster identity 4711 [ 468.690035][T26749] tipc: Enabled bearer , priority 0 [ 468.719073][T26754] syzkaller0: entered promiscuous mode [ 468.724613][T26754] syzkaller0: entered allmulticast mode [ 468.779659][T26749] tipc: Resetting bearer [ 468.827076][T26749] netlink: 52 bytes leftover after parsing attributes in process `syz.2.6033'. [ 469.129293][ T5149] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 469.143146][ T5149] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 469.156003][ T5149] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 469.196095][ T5149] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 469.220462][ T5149] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 469.492224][T26749] tipc: Resetting bearer [ 469.517291][T26749] tipc: Disabling bearer [ 469.577064][T26772] netlink: 232 bytes leftover after parsing attributes in process `syz.4.6037'. [ 469.644209][T26769] netlink: 'syz.0.6036': attribute type 29 has an invalid length. [ 469.667017][T26770] netlink: 'syz.0.6036': attribute type 29 has an invalid length. [ 469.714237][T26764] wg1 speed is unknown, defaulting to 1000 [ 469.723220][T26764] lo speed is unknown, defaulting to 1000 [ 470.119443][T26798] netlink: 32 bytes leftover after parsing attributes in process `syz.4.6045'. [ 470.149169][T26802] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 470.546466][T26764] chnl_net:caif_netlink_parms(): no params data found [ 470.708993][T26764] bridge0: port 1(bridge_slave_0) entered blocking state [ 470.717386][T26764] bridge0: port 1(bridge_slave_0) entered disabled state [ 470.724802][T26764] bridge_slave_0: entered allmulticast mode [ 470.733171][T26764] bridge_slave_0: entered promiscuous mode [ 470.748569][T26764] bridge0: port 2(bridge_slave_1) entered blocking state [ 470.763152][T26764] bridge0: port 2(bridge_slave_1) entered disabled state [ 470.772700][T26764] bridge_slave_1: entered allmulticast mode [ 470.781126][T26764] bridge_slave_1: entered promiscuous mode [ 470.838390][T26838] syzkaller0: entered promiscuous mode [ 470.843983][T26838] syzkaller0: entered allmulticast mode [ 471.105682][T26848] netlink: 'syz.2.6060': attribute type 10 has an invalid length. [ 471.316029][ T5839] Bluetooth: hci0: command tx timeout [ 472.210642][T26764] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 472.229704][T26764] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 472.246302][T26845] vlan2: entered promiscuous mode [ 472.251363][T26845] bridge0: entered promiscuous mode [ 472.317553][T26848] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 472.457359][T26851] netlink: 'syz.4.6061': attribute type 25 has an invalid length. [ 472.478995][T26764] team0: Port device team_slave_0 added [ 472.500800][T26764] team0: Port device team_slave_1 added [ 472.634651][ T8935] nci: nci_ntf_packet: unknown ntf opcode 0x303 [ 472.646847][T26764] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 472.661430][T26764] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 472.690801][T26764] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 472.705485][T26764] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 472.713411][T26764] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 472.742574][T26764] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 472.764016][T26883] bridge1: entered promiscuous mode [ 472.769740][T26883] bridge1: entered allmulticast mode [ 472.902982][T26764] hsr_slave_0: entered promiscuous mode [ 472.927467][T26764] hsr_slave_1: entered promiscuous mode [ 472.934759][T26764] debugfs: 'hsr0' already exists in 'hsr' [ 472.940656][T26764] Cannot create hsr debugfs directory [ 473.056142][T26764] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 473.067987][T26764] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 473.078627][T26764] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 473.142796][T26764] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 473.153429][T26764] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 473.168249][T26764] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 473.230969][T26764] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 473.242283][T26764] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 473.253843][T26764] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 473.314300][T26879] netlink: 'syz.2.6066': attribute type 11 has an invalid length. [ 473.336632][T26879] __nla_validate_parse: 4 callbacks suppressed [ 473.336649][T26879] netlink: 224 bytes leftover after parsing attributes in process `syz.2.6066'. [ 473.395810][ T5839] Bluetooth: hci0: command tx timeout [ 473.438902][T26764] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 473.460017][T26764] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 473.473494][T26764] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 473.540436][T26896] netlink: 108 bytes leftover after parsing attributes in process `syz.4.6072'. [ 473.552210][T26905] veth1_to_bond: entered allmulticast mode [ 473.570244][T26905] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6075'. [ 473.631301][T26910] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6077'. [ 473.666721][T26905] veth1_to_bond (unregistering): left allmulticast mode [ 473.832817][T26918] bridge2: entered promiscuous mode [ 473.838391][T26918] bridge2: entered allmulticast mode [ 473.845936][T26918] team0: Port device bridge2 added [ 473.862855][T26764] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 473.874537][T26764] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 473.910644][T26764] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 473.948108][T26764] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 473.992029][T26927] bridge0: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms) [ 474.027534][T26941] netlink: 124 bytes leftover after parsing attributes in process `syz.2.6084'. [ 474.138722][T26764] 8021q: adding VLAN 0 to HW filter on device bond0 [ 474.190787][T26764] 8021q: adding VLAN 0 to HW filter on device team0 [ 474.229002][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 474.236222][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 474.270622][ T8935] bridge0: port 2(bridge_slave_1) entered blocking state [ 474.277843][ T8935] bridge0: port 2(bridge_slave_1) entered forwarding state [ 474.289164][T26951] netlink: 'syz.4.6088': attribute type 11 has an invalid length. [ 474.298822][T26951] netlink: 224 bytes leftover after parsing attributes in process `syz.4.6088'. [ 474.388923][T26764] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 474.780924][T26764] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 474.831792][T26984] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6096'. [ 474.886877][T26986] netlink: 184 bytes leftover after parsing attributes in process `syz.2.6097'. [ 474.922424][T26764] veth0_vlan: entered promiscuous mode [ 474.967815][T26764] veth1_vlan: entered promiscuous mode [ 475.050384][T26764] veth0_macvtap: entered promiscuous mode [ 475.066732][T26764] veth1_macvtap: entered promiscuous mode [ 475.101564][T26764] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 475.114671][T26999] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6101'. [ 475.125303][T26999] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6101'. [ 475.139805][T26764] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 475.164789][ T8932] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 475.174582][ T8932] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 475.202077][ T8932] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 475.221256][ T8932] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 475.343415][ T8935] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 475.360801][ T8935] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 475.430248][ T1158] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 475.440499][ T1158] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 475.441277][T27010] sctp: [Deprecated]: syz.0.6106 (pid 27010) Use of struct sctp_assoc_value in delayed_ack socket option. [ 475.441277][T27010] Use struct sctp_sack_info instead [ 475.475196][ T5839] Bluetooth: hci0: command tx timeout [ 475.597250][T27019] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 475.600848][T27023] netlink: 'syz.0.6110': attribute type 1 has an invalid length. [ 475.604521][T27019] IPv6: NLM_F_CREATE should be set when creating new route [ 475.619504][T27019] IPv6: NLM_F_CREATE should be set when creating new route [ 475.627652][T27019] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 475.650488][T27021] syzkaller0: entered promiscuous mode [ 475.657372][T27021] syzkaller0: entered allmulticast mode [ 475.683316][T27023] bond8: (slave vxcan1): The slave device specified does not support setting the MAC address [ 475.694865][T27023] bond8: (slave vxcan1): Error -95 calling set_mac_address [ 475.727659][T27027] gretap1: entered promiscuous mode [ 475.736397][T27027] bond8: (slave gretap1): making interface the new active one [ 475.747266][T27027] bond8: (slave gretap1): Enslaving as an active interface with an up link [ 475.784604][T27023] macvlan0: entered promiscuous mode [ 475.790468][T27023] macvlan0: entered allmulticast mode [ 475.805681][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 475.815476][T27023] bond8: entered promiscuous mode [ 475.821520][T27023] 8021q: adding VLAN 0 to HW filter on device macvlan0 [ 475.838431][T27023] bond8: (slave macvlan0): the slave hw address is in use by the bond; giving it the hw address of gretap1 [ 475.852987][T27023] bond8: left promiscuous mode [ 476.137809][T27035] team0 (unregistering): Port device team_slave_0 removed [ 476.167827][T27035] team0 (unregistering): Port device team_slave_1 removed [ 476.196030][T27035] team0 (unregistering): Port device bridge2 removed [ 476.663058][ T5149] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 476.672954][ T5149] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 476.688796][ T5149] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 476.697063][ T5149] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 476.709314][ T5149] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 476.939254][T27045] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 476.958864][T27045] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 477.067158][T27045] veth1_vlan: left allmulticast mode [ 477.194159][T27045] veth0_macvtap: left allmulticast mode [ 477.250537][T13803] lo speed is unknown, defaulting to 1000 [ 477.256446][T13803] syz0: Port: 1 Link DOWN [ 477.290429][T27069] bond1: option arp_validate: mode dependency failed, not supported in mode balance-alb(6) [ 477.310707][T27069] bond1 (unregistering): Released all slaves [ 477.371584][ T8933] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 477.405124][ T8933] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.436915][ T8933] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 477.456531][ T8933] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.485779][T13817] lo speed is unknown, defaulting to 1000 [ 477.490777][T27075] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 477.498725][T27082] --map-set only usable from mangle table [ 477.520427][T27075] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 477.547219][T27075] gretap1: entered promiscuous mode [ 477.552575][T27075] gretap1: entered allmulticast mode [ 477.555310][ T5149] Bluetooth: hci0: command tx timeout [ 477.609937][T27088] pim6reg: entered allmulticast mode [ 477.628628][ T8933] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 477.650934][ T8933] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.661955][ T8933] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 477.672586][ T8933] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.763886][T27060] wg1 speed is unknown, defaulting to 1000 [ 477.782691][T27060] lo speed is unknown, defaulting to 1000 [ 477.848313][T27100] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 478.303201][T27121] bridge0: port 3(batadv1) entered blocking state [ 478.319450][T27121] bridge0: port 3(batadv1) entered disabled state [ 478.328733][T27121] batadv1: entered allmulticast mode [ 478.342807][T27121] batadv1: entered promiscuous mode [ 478.516213][T27135] bridge7: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms) [ 478.545558][T27060] chnl_net:caif_netlink_parms(): no params data found [ 478.691733][T27150] xt_l2tp: v2 sid > 0xffff: 1114112 [ 478.710764][T27060] bridge0: port 1(bridge_slave_0) entered blocking state [ 478.722481][T27154] __nla_validate_parse: 5 callbacks suppressed [ 478.722498][T27154] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6142'. [ 478.734423][T27060] bridge0: port 1(bridge_slave_0) entered disabled state [ 478.757809][ T5149] Bluetooth: hci1: command tx timeout [ 478.776181][T27060] bridge_slave_0: entered allmulticast mode [ 478.784009][T27060] bridge_slave_0: entered promiscuous mode [ 478.796097][ T1158] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 478.805414][ T1158] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 478.806789][T27060] bridge0: port 2(bridge_slave_1) entered blocking state [ 478.821869][T27060] bridge0: port 2(bridge_slave_1) entered disabled state [ 478.830184][T27060] bridge_slave_1: entered allmulticast mode [ 478.837571][T27060] bridge_slave_1: entered promiscuous mode [ 478.944778][T27060] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 479.063809][T27060] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 479.202613][T27060] team0: Port device team_slave_0 added [ 479.231842][T27060] team0: Port device team_slave_1 added [ 479.285418][T27174] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 479.317809][T27060] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 479.335739][T27060] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 479.392021][T27060] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 479.469942][T27060] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 479.496473][T27060] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 479.568887][T27060] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 479.794854][T27060] hsr_slave_0: entered promiscuous mode [ 479.812251][T27060] hsr_slave_1: entered promiscuous mode [ 479.827266][T27060] debugfs: 'hsr0' already exists in 'hsr' [ 479.842311][T27060] Cannot create hsr debugfs directory [ 479.914753][T27216] netlink: 'syz.1.6158': attribute type 11 has an invalid length. [ 480.166497][T27228] netlink: 348 bytes leftover after parsing attributes in process `syz.3.6159'. [ 480.249019][T27060] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 480.283083][T27060] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.293773][T27236] openvswitch: netlink: IP tunnel dst address not specified [ 480.313989][T27236] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6160'. [ 480.382524][T27060] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 480.396696][T27060] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.510151][T27060] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 480.523289][T27251] netlink: 'syz.2.6166': attribute type 1 has an invalid length. [ 480.532493][T27060] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.541118][T27254] sock: sock_set_timeout: `syz.4.6168' (pid 27254) tries to set negative timeout [ 480.582008][T27256] tipc: Enabled bearer , priority 0 [ 480.595993][T27256] syzkaller0: entered promiscuous mode [ 480.601520][T27256] syzkaller0: entered allmulticast mode [ 480.688319][T27060] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 480.702838][T27060] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.729448][T27269] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6173'. [ 480.757732][T27267] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 480.776068][T27269] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6173'. [ 480.785887][T27257] tipc: Resetting bearer [ 480.807622][T27272] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6174'. [ 480.824791][T27257] tipc: Disabling bearer [ 480.836533][ T5149] Bluetooth: hci1: command tx timeout [ 480.924190][T27272] tipc: Enabled bearer , priority 10 [ 481.094546][T27060] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 481.124413][T27060] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 481.185823][T27060] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 481.215246][T27295] netlink: 'syz.1.6181': attribute type 33 has an invalid length. [ 481.225207][T27060] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 481.439089][T27320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6185'. [ 481.468198][T27325] netlink: 'syz.2.6187': attribute type 21 has an invalid length. [ 481.491208][T27326] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6185'. [ 481.645198][T27331] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6188'. [ 481.687457][T27334] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6189'. [ 481.773363][T27331] 8021q: adding VLAN 0 to HW filter on device bond7 [ 481.800715][T27060] 8021q: adding VLAN 0 to HW filter on device bond0 [ 481.851537][T27060] 8021q: adding VLAN 0 to HW filter on device team0 [ 481.867926][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 481.875139][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 481.886411][T27346] netlink: 'syz.1.6191': attribute type 3 has an invalid length. [ 481.922160][ T8933] bridge0: port 2(bridge_slave_1) entered blocking state [ 481.929383][ T8933] bridge0: port 2(bridge_slave_1) entered forwarding state [ 482.047189][ T8685] tipc: Node number set to 976100412 [ 482.249248][T27366] Bluetooth: MGMT ver 1.23 [ 482.352752][T27060] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 482.450283][T27060] veth0_vlan: entered promiscuous mode [ 482.480683][T27060] veth1_vlan: entered promiscuous mode [ 482.553836][T27060] veth0_macvtap: entered promiscuous mode [ 482.569465][T27060] veth1_macvtap: entered promiscuous mode [ 482.592117][T27060] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 482.607874][T27060] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 482.634473][ T8933] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.666949][ T8933] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.718842][ T8933] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.752435][ T8933] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.779333][T27394] netlink: 'syz.1.6207': attribute type 9 has an invalid length. [ 482.792431][T27392] geneve2: entered promiscuous mode [ 482.798984][T27392] geneve2: entered allmulticast mode [ 482.810236][ T8933] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.847966][ T8933] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.875482][ T8933] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.884236][ T8933] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.915627][ T5149] Bluetooth: hci1: command tx timeout [ 482.938676][ T8933] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 482.946697][T27405] netlink: 'syz.3.6209': attribute type 21 has an invalid length. [ 482.962467][ T8933] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 482.983016][T27405] netlink: 'syz.3.6209': attribute type 1 has an invalid length. [ 483.000625][ T8933] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 483.009541][ T8933] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 483.073537][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 483.098517][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 483.216971][ T8932] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 483.247243][ T8932] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 483.404189][T27431] delete_channel: no stack [ 483.651103][T27444] netlink: zone id is out of range [ 483.686696][T27432] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 483.827393][T27460] __nla_validate_parse: 10 callbacks suppressed [ 483.827412][T27460] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6222'. [ 483.937755][T27460] tipc: Enabled bearer , priority 0 [ 483.945510][T27460] syzkaller0: entered promiscuous mode [ 483.958849][T27460] syzkaller0: entered allmulticast mode [ 483.961575][T27467] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 483.965141][T27470] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 484.038200][T27460] tipc: Resetting bearer [ 484.051741][T27453] tipc: Resetting bearer [ 484.081068][T27453] tipc: Disabling bearer [ 484.258370][T27484] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6231'. [ 484.287739][T27484] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6231'. [ 484.319269][T27487] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6235'. [ 484.330154][T27484] bond8: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 484.352471][T27484] bond8 (unregistering): Released all slaves [ 484.406012][T27493] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6236'. [ 484.731888][T27517] netlink: 60 bytes leftover after parsing attributes in process `syz.2.6245'. [ 484.862988][T27526] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6249'. [ 484.873248][T27526] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6249'. [ 484.964276][T27519] netlink: 'syz.1.6246': attribute type 4 has an invalid length. [ 484.995463][ T5149] Bluetooth: hci1: command tx timeout [ 485.071844][T27537] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6251'. [ 485.482774][T27559] netlink: 60 bytes leftover after parsing attributes in process `syz.2.6259'. [ 485.598109][T27559] geneve2: entered promiscuous mode [ 485.689923][ T5839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 485.708326][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 485.723262][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 485.740533][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 485.754086][ T5839] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 485.919746][T27567] wg1 speed is unknown, defaulting to 1000 [ 485.939481][T27567] lo speed is unknown, defaulting to 1000 [ 486.002866][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 486.653022][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 486.761807][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 486.997162][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 487.146411][T27630] netlink: 'syz.1.6276': attribute type 1 has an invalid length. [ 487.247208][T27630] 8021q: adding VLAN 0 to HW filter on device bond1 [ 487.398120][T27641] Unsupported xt match [ 487.398139][T27641] unable to load match [ 487.627722][T27657] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 487.753978][T27672] x_tables: unsorted entry at hook 2 [ 487.807246][ T5149] Bluetooth: hci3: command tx timeout [ 488.000439][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807b5c6000: rx timeout, send abort [ 488.472677][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 488.482571][ T12] bond0 (unregistering): Released all slaves [ 488.500553][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805ba3fc00: rx timeout, send abort [ 488.509774][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807b5c6000: abort rx timeout. Force session deactivation [ 488.603370][ T12] bond1 (unregistering): Released all slaves [ 488.616320][ T12] bond2 (unregistering): Released all slaves [ 488.628768][ T12] bond3 (unregistering): Released all slaves [ 488.733375][ T12] bond4 (unregistering): (slave veth5): Releasing active interface [ 488.742189][ T12] bond4 (unregistering): Released all slaves [ 488.756321][ T12] bond5 (unregistering): Released all slaves [ 488.862828][ T12] bond6 (unregistering): Released all slaves [ 488.969033][ T12] bond7 (unregistering): Released all slaves [ 489.001360][T27567] chnl_net:caif_netlink_parms(): no params data found [ 489.008874][ C0] vcan0 (unregistering): j1939_tp_rxtimer: 0xffff88805ba3fc00: abort rx timeout. Force session deactivation [ 489.165217][T27690] netlink: 'syz.0.6291': attribute type 1 has an invalid length. [ 489.212540][ T12] 9: left promiscuous mode [ 489.242891][T27697] __nla_validate_parse: 14 callbacks suppressed [ 489.242911][T27697] netlink: 108 bytes leftover after parsing attributes in process `syz.1.6293'. [ 489.259149][T27697] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6293'. [ 489.294917][T27690] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6291'. [ 489.377843][ T12] : left promiscuous mode [ 489.474098][ T12] tipc: Left network mode [ 489.476105][T27567] bridge0: port 1(bridge_slave_0) entered blocking state [ 489.497003][T27567] bridge0: port 1(bridge_slave_0) entered disabled state [ 489.515371][T27567] bridge_slave_0: entered allmulticast mode [ 489.531331][T27567] bridge_slave_0: entered promiscuous mode [ 489.616358][T27718] can: request_module (can-proto-3) failed. [ 489.650197][T27567] bridge0: port 2(bridge_slave_1) entered blocking state [ 489.669746][T27567] bridge0: port 2(bridge_slave_1) entered disabled state [ 489.685632][T27567] bridge_slave_1: entered allmulticast mode [ 489.707437][T27567] bridge_slave_1: entered promiscuous mode [ 489.736896][T27727] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6301'. [ 489.883460][ T5149] Bluetooth: hci3: command tx timeout [ 489.970916][T27567] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 490.046954][T27726] netlink: 92 bytes leftover after parsing attributes in process `syz.2.6302'. [ 490.059945][T27567] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 490.081939][T27743] netlink: 60 bytes leftover after parsing attributes in process `syz.0.6306'. [ 491.945796][T27772] netlink: 'syz.4.6315': attribute type 21 has an invalid length. [ 491.953658][T27772] IPv6: NLM_F_CREATE should be specified when creating new route [ 491.966487][ T5149] Bluetooth: hci3: command tx timeout [ 491.974830][T27772] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 491.977382][T27567] team0: Port device team_slave_0 added [ 491.982088][T27772] IPv6: NLM_F_CREATE should be set when creating new route [ 491.994894][T27772] IPv6: NLM_F_CREATE should be set when creating new route [ 492.002142][T27772] IPv6: NLM_F_CREATE should be set when creating new route [ 492.032062][T27567] team0: Port device team_slave_1 added [ 492.161703][T27775] netlink: 'syz.1.6318': attribute type 1 has an invalid length. [ 492.193693][T27775] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6318'. [ 492.204249][ T8684] IPVS: starting estimator thread 0... [ 492.210683][T27783] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 492.280147][T27567] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 492.297926][T27567] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 492.345230][T27790] IPVS: using max 31 ests per chain, 74400 per kthread [ 492.392182][T27567] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 492.440578][T27567] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 492.464240][T27567] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 492.490276][T27801] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6324'. [ 492.504420][T27567] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 492.623322][ T12] hsr_slave_1: left promiscuous mode [ 492.632889][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 492.663520][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 492.681169][T27810] netlink: 81 bytes leftover after parsing attributes in process `syz.4.6328'. [ 493.088308][ T56] block nbd0: Possible stuck request ffff888025040000: control (read@0,1024B). Runtime 330 seconds [ 493.099339][ T56] block nbd0: Possible stuck request ffff8880250401c0: control (read@1024,1024B). Runtime 330 seconds [ 493.110405][ T56] block nbd0: Possible stuck request ffff888025040380: control (read@2048,1024B). Runtime 330 seconds [ 493.121864][ T56] block nbd0: Possible stuck request ffff888025040540: control (read@3072,1024B). Runtime 330 seconds [ 493.469829][ T1158] smc: removing ib device syz0 [ 493.789938][T27567] hsr_slave_0: entered promiscuous mode [ 493.816468][T27567] hsr_slave_1: entered promiscuous mode [ 493.840223][T27567] debugfs: 'hsr0' already exists in 'hsr' [ 493.856022][T27567] Cannot create hsr debugfs directory [ 494.038690][ T5149] Bluetooth: hci3: command tx timeout [ 494.079221][T27852] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6341'. [ 494.088809][T27846] netlink: 'syz.4.6341': attribute type 2 has an invalid length. [ 494.364831][T27857] __nla_validate_parse: 1 callbacks suppressed [ 494.364848][T27857] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6345'. [ 494.411051][T27857] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6345'. [ 494.527639][T27863] netlink: 72 bytes leftover after parsing attributes in process `syz.0.6347'. [ 494.763695][T27866] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6348'. [ 494.805217][T27866] netlink: 2 bytes leftover after parsing attributes in process `syz.4.6348'. [ 495.102583][T27881] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6355'. [ 495.116434][T27881] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6355'. [ 495.185999][T27881] gretap0: entered promiscuous mode [ 495.205858][T27881] gretap0: left promiscuous mode [ 495.254877][T27878] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6353'. [ 495.402276][T27882] wg1 speed is unknown, defaulting to 1000 [ 496.066055][T27567] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 496.126280][ T5149] Bluetooth: hci3: command tx timeout [ 496.436580][T27567] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 496.471920][T27567] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 496.680544][T27567] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 496.845836][T27928] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6368'. [ 496.940365][T27931] netlink: 'syz.4.6369': attribute type 5 has an invalid length. [ 496.956715][T27928] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6368'. [ 497.099119][T27567] 8021q: adding VLAN 0 to HW filter on device bond0 [ 497.104925][T27939] sctp: [Deprecated]: syz.1.6372 (pid 27939) Use of int in max_burst socket option. [ 497.104925][T27939] Use struct sctp_assoc_value instead [ 497.161511][T27567] 8021q: adding VLAN 0 to HW filter on device team0 [ 497.217568][ T1147] bridge0: port 1(bridge_slave_0) entered blocking state [ 497.224784][ T1147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 497.358341][ T1147] bridge0: port 2(bridge_slave_1) entered blocking state [ 497.365533][ T1147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 497.487403][ T12] IPVS: stop unused estimator thread 0... [ 497.562606][ T31] INFO: task udevd:5846 blocked for more than 143 seconds. [ 497.589297][ T31] Not tainted syzkaller #0 [ 497.592045][T27965] block nbd2: Unsupported socket: should be TCP or UNIX. [ 497.605751][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 497.622782][ T31] task:udevd state:D stack:21896 pid:5846 tgid:5846 ppid:5198 task_flags:0x400140 flags:0x00080003 [ 497.635844][ T31] Call Trace: [ 497.639156][ T31] [ 497.642109][ T31] __schedule+0x1798/0x4cc0 [ 497.647386][ T31] ? __pfx___schedule+0x10/0x10 [ 497.652428][ T31] ? schedule+0x91/0x360 [ 497.656989][ T31] schedule+0x165/0x360 [ 497.661413][ T31] io_schedule+0x80/0xd0 [ 497.666149][ T31] folio_wait_bit_common+0x6b0/0xb80 [ 497.671630][ T31] ? __pfx_folio_wait_bit_common+0x10/0x10 [ 497.678893][ T31] ? __pfx_wake_page_function+0x10/0x10 [ 497.684641][ T31] ? __filemap_get_folio+0x770/0xaf0 [ 497.690408][ T31] ? do_read_cache_folio+0x4e9/0x590 [ 497.705732][ T31] do_read_cache_folio+0x1aa/0x590 [ 497.711107][ T31] ? __pfx_blkdev_read_folio+0x10/0x10 [ 497.717827][ T31] read_part_sector+0xb6/0x2b0 [ 497.722940][ T31] adfspart_check_POWERTEC+0x8c/0xf30 [ 497.728736][ T31] ? __pfx_adfspart_check_ICS+0x10/0x10 [ 497.734866][ T31] ? __pfx_adfspart_check_POWERTEC+0x10/0x10 [ 497.741284][ T31] bdev_disk_changed+0x75f/0x14b0 [ 497.746683][ T31] ? __pfx_bdev_disk_changed+0x10/0x10 [ 497.752198][ T31] ? wait_on_inode+0xc0/0x230 [ 497.757141][ T31] blkdev_get_whole+0x380/0x510 [ 497.762040][ T31] bdev_open+0x31e/0xd30 [ 497.766923][ T31] blkdev_open+0x457/0x600 [ 497.771424][ T31] ? __pfx_blkdev_open+0x10/0x10 [ 497.776509][ T31] do_dentry_open+0x953/0x13f0 [ 497.781313][ T31] vfs_open+0x3b/0x340 [ 497.785569][ T31] ? path_openat+0x2ecd/0x3830 [ 497.790426][ T31] path_openat+0x2ee5/0x3830 [ 497.798061][ T31] ? __pfx_path_openat+0x10/0x10 [ 497.803117][ T31] do_filp_open+0x1fa/0x410 [ 497.807870][ T31] ? __lock_acquire+0xab9/0xd20 [ 497.812737][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 497.818107][ T31] ? _raw_spin_unlock+0x28/0x50 [ 497.823048][ T31] ? alloc_fd+0x64c/0x6c0 [ 497.828248][ T31] do_sys_openat2+0x121/0x1c0 [ 497.832934][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 497.838227][ T31] __x64_sys_openat+0x138/0x170 [ 497.843084][ T31] do_syscall_64+0xfa/0xfa0 [ 497.847692][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 497.853755][ T31] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 497.860345][ T31] ? clear_bhb_loop+0x60/0xb0 [ 497.865171][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 497.871080][ T31] RIP: 0033:0x7f88c78a7407 [ 497.875596][ T31] RSP: 002b:00007ffed3fdc520 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 497.884059][ T31] RAX: ffffffffffffffda RBX: 00007f88c7f90880 RCX: 00007f88c78a7407 [ 497.892623][ T31] RDX: 00000000000a0800 RSI: 000055649e55ca60 RDI: ffffffffffffff9c [ 497.900929][ T31] RBP: 000055649e549910 R08: 0000000000000000 R09: 0000000000000000 [ 497.909128][ T31] R10: 0000000000000000 R11: 0000000000000202 R12: 000055649e55cad0 [ 497.917552][ T31] R13: 000055649e557190 R14: 0000000000000000 R15: 000055649e55cad0 [ 497.925698][ T31] [ 497.930698][ T31] [ 497.930698][ T31] Showing all locks held in the system: [ 497.947539][ T31] 3 locks held by kworker/u8:0/12: [ 497.952799][ T31] #0: ffff88801aedf148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 497.978576][ T31] #1: ffffc90000117ba0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 497.989689][ T31] #2: ffffffff8f2be230 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x820 [ 498.000574][ T31] 1 lock held by khungtaskd/31: [ 498.006667][ T31] #0: ffffffff8df3d2e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 498.018031][ T31] 2 locks held by getty/5589: [ 498.022854][ T31] #0: ffff88802fe940a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 498.033453][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 498.045251][ T31] 1 lock held by udevd/5846: [ 498.049987][ T31] #0: ffff888025000358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30 [ 498.059638][ T31] 2 locks held by kworker/1:8/8684: [ 498.065308][ T31] #0: ffff8880b893a058 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 498.069100][T27567] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 498.075952][ T31] #1: ffff8880b8924048 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880 [ 498.091314][ T31] 3 locks held by kworker/0:30/13808: [ 498.097286][ T31] #0: ffff88801a055948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 498.109565][ T31] #1: ffffc9000397fba0 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 498.123171][ T31] #2: ffff88805690c240 (&data->fib_lock){+.+.}-{4:4}, at: nsim_fib_event_work+0x1f7/0x3b0 [ 498.128657][T27567] veth0_vlan: entered promiscuous mode [ 498.142919][ T31] 2 locks held by syz-executor/27567: [ 498.148774][ T31] 4 locks held by syz.4.6380/27968: [ 498.151470][T27567] veth1_vlan: entered promiscuous mode [ 498.155716][ T31] #0: ffff88804d5fc148 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 498.178423][ T31] #1: ffffffff8f32f1d0 ((netlink_chain).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain+0x54/0x90 [ 498.190091][ T31] #2: ffff888072fe6cd8 (&nft_net->commit_mutex){+.+.}-{4:4}, at: nft_rcv_nl_event+0x116/0x640 [ 498.209801][ T31] #3: ffffffff8df42d78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730 [ 498.218572][T27567] veth0_macvtap: entered promiscuous mode [ 498.226781][ T31] [ 498.229117][ T31] ============================================= [ 498.229117][ T31] [ 498.238832][ T31] NMI backtrace for cpu 0 [ 498.238851][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 498.238871][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 498.238888][ T31] Call Trace: [ 498.238895][ T31] [ 498.238903][ T31] dump_stack_lvl+0x189/0x250 [ 498.238933][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 498.238956][ T31] ? __pfx__printk+0x10/0x10 [ 498.238988][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 498.239009][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 498.239030][ T31] ? __pfx__printk+0x10/0x10 [ 498.239051][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 498.239077][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 498.239097][ T31] watchdog+0xf60/0xfa0 [ 498.239129][ T31] ? watchdog+0x1e2/0xfa0 [ 498.239153][ T31] kthread+0x711/0x8a0 [ 498.239177][ T31] ? __pfx_watchdog+0x10/0x10 [ 498.239193][ T31] ? __pfx_kthread+0x10/0x10 [ 498.239217][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 498.239237][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 498.239255][ T31] ? __pfx_kthread+0x10/0x10 [ 498.239274][ T31] ret_from_fork+0x4bc/0x870 [ 498.239294][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 498.239316][ T31] ? __switch_to_asm+0x39/0x70 [ 498.239330][ T31] ? __switch_to_asm+0x33/0x70 [ 498.239342][ T31] ? __pfx_kthread+0x10/0x10 [ 498.239364][ T31] ret_from_fork_asm+0x1a/0x30 [ 498.239396][ T31] [ 498.239403][ T31] Sending NMI from CPU 0 to CPUs 1: [ 498.388261][ C1] NMI backtrace for cpu 1 [ 498.388278][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) [ 498.388296][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 498.388305][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 498.388329][ C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 21 22 00 f3 0f 1e fa fb f4 c8 e6 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 498.388342][ C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6 [ 498.388358][ C1] RAX: 5ab334ac5dcbf600 RBX: ffffffff81967b87 RCX: 5ab334ac5dcbf600 [ 498.388371][ C1] RDX: 0000000000000001 RSI: ffffffff8d70c96a RDI: ffffffff8bbf0460 [ 498.388382][ C1] RBP: ffffc90000197f10 R08: ffff8880b8932fdb R09: 1ffff110171265fb [ 498.388395][ C1] R10: dffffc0000000000 R11: ffffed10171265fc R12: ffffffff8f7cd370 [ 498.388407][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff110039d3b58 [ 498.388418][ C1] FS: 0000000000000000(0000) GS:ffff88812623e000(0000) knlGS:0000000000000000 [ 498.388435][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 498.388447][ C1] CR2: 00007f26eebb3ad8 CR3: 000000007d9dc000 CR4: 00000000003526f0 [ 498.388461][ C1] Call Trace: [ 498.388468][ C1] [ 498.388475][ C1] default_idle+0x13/0x20 [ 498.388496][ C1] default_idle_call+0x73/0xb0 [ 498.388518][ C1] do_idle+0x1e7/0x510 [ 498.388538][ C1] ? __pfx_do_idle+0x10/0x10 [ 498.388563][ C1] cpu_startup_entry+0x44/0x60 [ 498.388579][ C1] start_secondary+0x101/0x110 [ 498.388601][ C1] common_startup_64+0x13e/0x147 [ 498.388637][ C1] [ 498.582596][T27567] veth1_macvtap: entered promiscuous mode [ 498.612190][T27567] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 498.628376][T27567] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 498.671431][ T8932] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 498.681024][ T8932] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 498.689963][ T8932] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 498.700846][ T8932] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 498.776337][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 498.786913][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 498.823598][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 498.831623][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50