last executing test programs: 2m30.87583607s ago: executing program 3 (id=9031): syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), 0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000000)) syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r1) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000a80), 0xffffffffffffffff) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r0) 2m30.089879707s ago: executing program 3 (id=9032): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x6) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0) getsockname$packet(r1, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000900)=@newqdisc={0x24, 0x24, 0xf1d, 0x70bd29, 0x0, {0x0, 0x0, 0x0, r5, {}, {0x9, 0xffff}, {0x0, 0xffff}}}, 0x24}}, 0x4000800) 2m29.488073748s ago: executing program 3 (id=9036): r0 = socket$packet(0x11, 0x2, 0x300) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000702"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8000}, [@call={0x85, 0x0, 0x0, 0x75}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) pipe(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)='wi', 0x2}], 0x1, 0x1) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$SMC_PNETID_ADD(0xffffffffffffffff, 0x0, 0xc800) splice(r3, 0x0, r5, 0x0, 0x10d00, 0xf) 2m29.116395056s ago: executing program 3 (id=9037): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x4c0c0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$igmp6(0xa, 0x3, 0x2) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000380)={'syzkaller1\x00', @link_local}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [], {0x14}}, 0x28}}, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x2}}) write$tun(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72) 2m28.028756832s ago: executing program 3 (id=9043): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r6, {0xffff}, {0xffff, 0xffff}, {0x2, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x20004000) 2m27.290227169s ago: executing program 3 (id=9046): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'bond0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000200)={'batadv0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004010}, 0x8000) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="38000000031401002abd7000ffdbdf00090002007379873100000000080041007278650014003300626f6e643000000000"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=0x0, @ANYBLOB='!\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=r2, @ANYBLOB="2000128008000100687372001400028008000100", @ANYRES32=r1, @ANYBLOB="08000200", @ANYRES32=r2], 0x48}, 0x1, 0x0, 0x0, 0x20040000}, 0x8010) 2m11.882367311s ago: executing program 32 (id=9046): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'bond0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000200)={'batadv0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004010}, 0x8000) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="38000000031401002abd7000ffdbdf00090002007379873100000000080041007278650014003300626f6e643000000000"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=0x0, @ANYBLOB='!\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=r2, @ANYBLOB="2000128008000100687372001400028008000100", @ANYRES32=r1, @ANYBLOB="08000200", @ANYRES32=r2], 0x48}, 0x1, 0x0, 0x0, 0x20040000}, 0x8010) 2m7.644687774s ago: executing program 1 (id=9115): socket$inet6(0xa, 0x1, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) close(0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet(r1, &(0x7f00000060c0)=[{{0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000140)='@', 0x1}, {0x0}], 0x2}}], 0x1, 0x4000000) setsockopt$sock_int(r0, 0x1, 0x3c, 0x0, 0x0) sendmmsg$sock(r0, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000280)="f8", 0x1}], 0x1, &(0x7f0000000a40)=[@timestamping={{0x14, 0x1, 0x4f, 0x3ff}}], 0x18}}], 0x1, 0x40440d1) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 2m7.401202348s ago: executing program 1 (id=9117): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x4) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x30, r3, 0x1, 0x70bd2c, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x1c}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x20, r5, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x48040}, 0x0) 2m7.154329885s ago: executing program 1 (id=9119): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) close(0x3) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) close(r0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_int(r2, 0x29, 0x4e, &(0x7f0000000040)=0x2, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f00000005c0)=[@in6={0xa, 0x4e23, 0x0, @remote, 0x3}], 0x1c) sendmmsg$inet6(r2, &(0x7f0000001d80)=[{{&(0x7f00000003c0)={0xa, 0x4e20, 0x9, @local, 0x9}, 0x1c, &(0x7f0000001c00)=[{&(0x7f0000001740)='p', 0x1}], 0x1}}], 0x1, 0x5dc) setsockopt(r1, 0x84, 0x80, &(0x7f0000000000)="1400000009000000", 0x8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00', 0x6}, 0x1c) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @ipv4={'\x00', '\xff\xff', @broadcast}}], 0x1c) 2m6.181980006s ago: executing program 1 (id=9125): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfbffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) r5 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000800)=@newtfilter={0x38, 0x2c, 0xca7, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r6, {0x4, 0x4}, {}, {0x1, 0xfff1}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0x3, 0xa}}]}}]}, 0x38}}, 0x60040050) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f5f, 0xfffffffd, 0xc5, 0xe23, 0x1, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x0) 2m1.450824855s ago: executing program 1 (id=9131): r0 = socket(0x2, 0x80805, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000300)={0x84, @rand_addr=0x64010102, 0x4e20, 0x3, 'lblcr\x00', 0x7, 0x660f537f, 0x72}, 0x2c) setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4f29, 0x3, 'nq\x00', 0x5, 0xc, 0x6c}, {@loopback, 0x4e23, 0x3, 0xcd, 0x1}}, 0x44) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r0, 0x0, 0x28841) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(0xffffffffffffffff, 0x0, 0x4008000) r1 = socket$kcm(0xa, 0x2, 0x0) r2 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x81, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x4e23, 0x10000, 0x1cb, 0x12d61, 0x12d58}}, 0x44) socket$inet(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e24, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x10000, 0x0, 0x12d5c, 0x12d4c}}, 0x44) sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0xfffffeec}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) 2m1.308282281s ago: executing program 1 (id=9134): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00') unshare(0x6a040000) ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r0, 0x4048587b, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) r2 = socket$kcm(0xa, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010101, 0x4e24, 0x3, 'lc\x00', 0x5, 0x9}, {@dev={0xac, 0x14, 0x14, 0x3e}, 0x4e20, 0x10001, 0x100002, 0x2}}, 0x44) sendmsg$sock(r2, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 1m46.001620923s ago: executing program 33 (id=9134): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00') unshare(0x6a040000) ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r0, 0x4048587b, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) r2 = socket$kcm(0xa, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010101, 0x4e24, 0x3, 'lc\x00', 0x5, 0x9}, {@dev={0xac, 0x14, 0x14, 0x3e}, 0x4e20, 0x10001, 0x100002, 0x2}}, 0x44) sendmsg$sock(r2, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 6.157798638s ago: executing program 6 (id=9709): syz_emit_ethernet(0x2e, &(0x7f0000000240)={@multicast, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x4002, 0x5, 0x11, 0x0, @empty, @empty}, {0x4e24, 0x0, 0xc, 0x0, @gue={{0x1, 0x0, 0x1, 0x8, 0x100, @void}}}}}}}, 0x0) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x4008054) write$nci(r0, &(0x7f0000000240)=ANY=[@ANYBLOB='p\x00\t'], 0xc) write$nci(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="5001", @ANYRES8=r1, @ANYRES16], 0x14) 5.625772371s ago: executing program 6 (id=9716): r0 = socket(0x10, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x10}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001300)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r4, {0x0, 0xffe0}, {}, {0xa}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x2}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x20000000) sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0) 5.326353324s ago: executing program 6 (id=9719): socket$netlink(0x10, 0x3, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x215eb000) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0x94) socket$packet(0x11, 0x2, 0x300) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x5, 0x14, 0x0, &(0x7f0000000000)="259a534871a76d2608fff74588a80a38882f15e0", 0x0, 0xf11, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 5.174484257s ago: executing program 0 (id=9720): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@remote, @in6=@loopback, 0x4e20, 0x0, 0x4e23, 0x3, 0x2, 0x20, 0x0, 0x2b}, {0xffffffffffffffff, 0xfffffffffffffff7, 0x4, 0xfffffffffffffffb, 0x4, 0x8, 0x6, 0x67}, {0x8, 0x3, 0x9, 0x2}, 0x3, 0x6e6bc0, 0x0, 0x1, 0x2, 0x3}, {{@in6=@local, 0x4d3, 0x33}, 0x2, @in=@multicast1, 0x3505, 0x1, 0x3, 0x8, 0x9, 0x64c, 0x3}}, 0xe8) getsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, 0x0, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x32}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x67, 0x0, 0x2, 0x6, 0x0, @rand_addr=0x64010001, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2, 0x5, 0x0, 0x6}}}}}}, 0x0) 4.967144793s ago: executing program 0 (id=9721): r0 = socket$kcm(0x23, 0x2, 0x0) sendmsg$sock(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) recvmmsg(r0, &(0x7f0000000780)=[{{0x0, 0x0, 0x0}, 0x42b7}], 0x1, 0x22, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000240)=0x9, 0x4) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="1c0000f500000000000000862dfdff00000002"], 0x78) 4.472655326s ago: executing program 0 (id=9724): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x4000000) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000020c0)={&(0x7f00000000c0)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd22, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0xc, 0xf}, {}, {0xffe0, 0x2}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x8848}, 0x80) socket$alg(0x26, 0x5, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdafd, {0x0, 0x0, 0x0, r3, {0xffe0, 0xc}, {0x0, 0xfff1}, {0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000811}, 0x4041810) 3.713418508s ago: executing program 6 (id=9727): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x48}}, 0x400400c0) r2 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2b, 0x2, {0x0, 0x0, 0x0, r3, {0x0, 0x10}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0xa8d}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}]}}]}, 0x44}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x14, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}}, 0x14}}, 0x0) sendmmsg$alg(r1, &(0x7f00000000c0), 0x492492492492627, 0x0) 3.475316341s ago: executing program 0 (id=9729): r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x40, 0x0, 0x0, 0x0, 0xb4a02fe0ce239f93, '\x00', 0x0, 0x2}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x59, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) 3.315464531s ago: executing program 6 (id=9730): socket$nl_generic(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_RX_RING(0xffffffffffffffff, 0x10e, 0x6, 0x0, 0x0) close(0x4) r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_buf(r0, 0x0, 0x8008000000010, &(0x7f0000005e40)="17000000020001000003d68c5ee17688a2003208020300ecff3f0200000300000a000000009afc5ad9485bbb6a880000d6c8db0000dba67e060180000a0000f10607bdff59100ac45761407a681f009cee4a5acb3da400001fb700674f19b44e09f9315033bf79ac2dff060115003901000000000000ea000000000000000009ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e000"/184, 0xb8) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x10) close(0x4) 3.117247573s ago: executing program 2 (id=9733): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x44000}, 0x800) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x2a, 0x8001, 0x2, 0x6, 0x6, 0x5, 0x3, 0x200, 0xfffffffb}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001b80)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r3, {0x0, 0xfff3}, {0xffe0, 0xb}, {0x9, 0xb}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_MEMORY={0x8, 0xa, 0x9}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2000c061}, 0x0) r4 = socket(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f0000000000), 0x4000000000001f2, 0x0) 3.085697059s ago: executing program 0 (id=9734): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee9, 0x8031, r0, 0x215eb000) r1 = socket(0x14, 0x2, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x61d0, 0x0) ioctl$sock_TIOCINQ(r1, 0x61d8, 0x0) 3.056319483s ago: executing program 6 (id=9735): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x4a4000, 0x0) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000300), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x4008054) write$nci(r0, &(0x7f0000000240)=ANY=[], 0xc) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) socket$nl_generic(0x10, 0x3, 0x10) 2.63255362s ago: executing program 2 (id=9737): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) sendmsg$nl_route_sched(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r3, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x24, 0x2c, 0x1, 0x470bd28, 0xfffff000, {0x0, 0x0, 0x0, r5, {0xffe0, 0xfff2}, {}, {0x7, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) 2.449752755s ago: executing program 4 (id=9738): socket$inet6_sctp(0xa, 0x5, 0x84) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x215eb000) getsockopt$EBT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x10f) 2.26483409s ago: executing program 2 (id=9740): r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000380)={0xa0000001}) ppoll(&(0x7f0000000200)=[{r3, 0x1}], 0x1, 0x0, 0x0, 0x3) epoll_pwait(r0, &(0x7f0000000040)=[{}], 0x1, 0xfffffffe, 0x0, 0x0) 2.054709591s ago: executing program 0 (id=9742): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) ioctl$sock_SIOCBRADDBR(r2, 0x89a0, 0x0) ioctl$FAT_IOCTL_GET_ATTRIBUTES(0xffffffffffffffff, 0x80047210, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xf, 0x4, 0x8, 0xa}, 0x50) ioctl$F2FS_IOC_COMPRESS_FILE(r3, 0xf518, 0x0) r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010026bd7000fcdbdf250200000008000100", @ANYRES32=r5], 0x1c}}, 0x840) write$nci(r0, &(0x7f0000000480)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x1, 0x3, 0x3, 0x47, @a={0x8, 0x4, 0x0, 0x2, {0x2, 0x4a, "7dc533ac530990105f2c68199f46710f2ff6cf8db2b5bfccc4bbdd245ca7ab367ea941dedac7c036f061c9610458e34cc4cf5cf82bc66f3cae30bdb323403424ebe30637639379672f68", 0x40, 0x4b}, 0x2}}, 0x56) 1.503688164s ago: executing program 4 (id=9743): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@newqdisc={0x88, 0x24, 0xe0b, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_BURST={0x8, 0x6, 0x9c4}, @TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x5, 0x4, 0x3}, 0xfffffffd, 0x83, 0xfffffffd}}]}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xa, 0x1, 0x1, 0x40, 0x2, 0xffffffff, 0x0, 0x1}}, {0x6, 0x2, [0x0]}}]}]}, 0x88}}, 0x0) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @remote}, 0x14) sendto$inet6(r0, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f000006892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0) 1.308442983s ago: executing program 4 (id=9744): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r2, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="18020000000000020000000000000000850000001700000095"], &(0x7f00000005c0)='GPL\x00'}, 0x94) r4 = socket(0x10, 0x803, 0x8) sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x2d}, 0x1, 0x0, 0x0, 0x8801}, 0x8000) getsockname$packet(r4, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000c80)={r3, r5, 0x25, 0x0, @val=@tcx}, 0x1c) 1.103389917s ago: executing program 5 (id=9745): socket$alg(0x26, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x4, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x59, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) socket$netlink(0x10, 0x3, 0xb) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000a80)={0x0, 0x0, 0x0}, 0x40010020) 983.618838ms ago: executing program 4 (id=9746): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @remote}, 0x14) sendto$inet6(r0, &(0x7f0000001640)="4103082c1116480401020200c52cf7c25975e04518674d60d0eafd000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516ddfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a75a025fb6504d9563d109f5d8eec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d5ba91845aa991b082601d04e57a44d32aa826992860ec994d26435d6907d8e4dda2e5e9385bba5efa10fcb170862415ca450bc7ed6873214e3740656d63ca6407349d805c55d879f920d1eb920c06dd4c542e03155b7f16b164c6d6090", 0xffffffffffffffe1, 0x4040841, 0x0, 0x0) 874.937031ms ago: executing program 4 (id=9747): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f00000002c0)={@void, @void, @eth={@multicast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x56}, @val={@val={0x88a8, 0x0, 0x1, 0x2}, {0x8100, 0x0, 0x0, 0x2}}, {@ipv6={0x86dd, @udp={0xd, 0x6, '\x00 \x00', 0x8, 0x11, 0x0, @empty, @mcast2, {[], {0x4f19, 0x4e20, 0x8}}}}}}}, 0x46) 812.111286ms ago: executing program 5 (id=9748): bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x3, 0xe, &(0x7f0000003540)=ANY=[@ANYBLOB="b7000000d00000d0bca30000000000002403000040feffff7b1af0ff0000000079a4f0ff000000001f030000000000002e030200000000002604fdffffff000e61141800000000001d430000000000007a0a00fe0000001f6114140000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566de74e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48b936e6f9e0fcda88fe4413537528fd79153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b602396df7e0c1e02b88c114f2440000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54dd84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f0e6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c9494963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf699b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a4a274000000000000000000000000000000000000000000000009dd14b38f2f5426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd030000006d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10b0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c88629a6c921c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0c69c2c03f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fbf05b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac98708007c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fc52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71ca3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812dc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795835f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb7ed9d12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca780049d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e2848890522c2288072467d2afe269f589fb7e034b92d3ca245b16b71998711bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb16e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b2676c07bb0fd14020a66718378825d5ed789711b77d40dc31e0b8fc651b45559da463f0000000000000000000000000052d42124e9c26aba885015e69d42ecd710342ac597ebea576ae15fdf611356f622e831741ab15549e0d7a2bd0324e2b3b48a10551607492c19eaf58485feb4cab19c303b30ba2ddea0d792d77724c9fa4ed58b93668fc20484f141ee2b6a0029e88fdc853189b4dafd36ff23b11967090e508f45e3f10857038a52ef275cf9e3e4b5d30b12d138dfa70930c603b5e3f4b7be67be3dba3cbd8d4d143195af0697d779445d67dcfbd922d12a8b49f93eac7a72faacf80346b3b60f132a2bf8a858392f34072d99aee0ec70aa6d75096e608d97ac4b7bfa2e0ae3e59718e7a7691a98b1334e34553300000000000000000000000000000000062c7cf52e9624806a4833e1c0059e5a703ab9c2e9b38779270dc5e80af75d509b1a31fe6ed3f8c0172659256dc88de4e377c8a07e95ec5549ae47dc43b93a159a201be254048b9e0857ea3c736c761e686f9b3d0690f035617a12055b2cb3a03794d67b95e7f4fc6af323120c09d0503c8ce92e869e22bb2590299ad76d541f844d32f96184f74d433793bbd75ec15fb1497ce835445212421cb4e3ce08395c9055a2"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xffffffffffffffc2}, 0x48) r0 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000000d80)="170000007a006bcd9e3fe3dc6e08170007000054250000", 0x17}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, 0x0, 0x0) socket$igmp(0x2, 0x3, 0x2) pipe(&(0x7f00000002c0)) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r2, @ANYBLOB="060015000700fdff0c00168008000100", @ANYRES32=r2], 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x10) 610.114722ms ago: executing program 5 (id=9749): r0 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r0, &(0x7f0000000140)={0x18, 0x2, {0xffff, @loopback}}, 0x1e) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[], &(0x7f0000000000)='syzkaller\x00'}, 0x94) connect$pptp(r0, &(0x7f0000000080)={0x18, 0x2, {0x801, @loopback}}, 0x1e) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x101402, 0x0) ioctl$PPPIOCATTCHAN(r1, 0x40047438, &(0x7f0000000040)=0x1) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x31, &(0x7f0000000200), 0x4) write$ppp(r1, &(0x7f0000000240)="16e539c55832c18db10ba557566cdef238985fb93b2d28f664997343e358579aa8dd11fb77f62c4f406eb6bab3eda5535b661611b596f98f23782b923ba90ad897e278667f047ed8ba3fbf582f66cde5f2bc29ee3a762a5a1dc20b53ced1f507c2230e87e38c17ef8534604f7a88c7d4668d0964b41104e4d2af8ce4862ab57540879a66b0de4b663fbcf54047b75c9b50729ed7e4ceca30ce287e33ecb8153362b0d60886ecb42a49539e260d89aea972aa38a9bbedbbf8f91a29ee69cc90fbb4dda76b01923c35d24db12d08a68874439ee21423a338da0125eac92cb59d0254e72d065f0d8ec7c928a889197c6002d0c66e96267121d87dabc14f9664844ae2cf3435f2d136e381b0799ae6f9699b6d4c78e06a8c8bd868445720ae3dca045efa7a0ebcf800e6a31ce6f57e736577631e99658b975ecd719337bc4bf6d7bbb0f3752e31bb502588913eb1271544f172a9be241904eb28531a3cdedf7b4073e9c107a63a663659c5669b3ef48e0aec0295f0756ec617baefc93a8a026e88d6cd1e86423aeb5d73d451c745de80c1c8afe1c4dc6c2a57b9a2ba4616c910f4f0f8def52d39a1ae0ec6f5046e51c739e5b1484167486eb3ada3cf7f93706b61060e2cb39de53e1097c95c7d1312de2cb6ad3eff33dfdf6decbc76b8deecfa010bbc6599edab286f72d47210d64b018ebc4bc9fa6e9d654a4d542bc492380cce73a99dfff06a371ecebe781933c6e27892a399e87441cb4b21e8fe552c06ac665a63ef65c41e813276e1ef869be0f88ad7b2e7a9924a1a114d1f233d0e5037541cbb5a7e4ecd6ae0e6bf0bd585787ca004a9233873b03d5ea1978c3053ca8b085ad6ab6f1757da919c33f971924bbe6d790b497a43d3635d9bf338aa7f974b29b2ca1390686c9b165728a683ed78a8c2e43de3303bd9337b80ebffe303efe95958aa284843e1eb0212f86212757c96f5e7ad21cd30a364fccbd0d148d23f46cffc09bfd025f3605e39e2031ffa1b373fc893179068aeea22e2475640043dc8536d3d48a4af112a46ada9b1b600954995527d5a3c7dbb75593d9b52a6fc8e6134f06c22d2805a518f93a0f352d11ce6b5411de146bade252f17e9e86782ff57dd2d6f4b04ea077d001d6e992c5dd38e20a9f945048867575b349bcbb8b3517efadfbedfee099fd8e2db76c8ad578ab03a24e32af1a4c0ef425d91815a6ce9fcc783d4dd592a45e620e0521026174c332676a64e8cd9a3e3b3fae08b1920d015c2cb738657373bd44a00b8d92e29f2fdc38dd164791b00cb6987ea6063cfe44f6373d7b31161f6295903112ab10b1834dacb01694d6148cc13562c3440f2f0bd0adfa8b5c70796dabdc1326c103d614a32d291fa353feb0a1a4d021c8e2168a40d0ce61959cb530b5ef6340e9c1f85ff90034e022511d969e3e967efc87f108a3a8e317388761f6a8420329fc0f7c4c846e639ae891aee0dff33632087c23c7eecc46dd17e2cf9efbdf97367fc79612c0e8b6b6e7ee3ca756abd9427771957d599dc0f9233b0b0d6c930a7aca103b5e03a46a8b94d8b6fea2636063a5be5635923e3c2e21a5bdbdebd01d6aab5214e628e6a1cbd529af6910708dea83d2cc3b28e8a650b13aa5bd65994e96726fa185aec74b31c19a1514d226924f6e77f6046197fe750b34785e1b12993bfe5db4c85540c960f27c29e55cbf08f427d7c97208eb1767081a43cda6847509ec78bb05e36162823f89b6bf375b0fadceba8898afdfde52163a1da016243f4860a06c92b884bef165533ffce8b4af617128b08de573b2c964507fddc7bdb4b7a6545160671e7affea32cda1c3555f17b72003e93c450a50ad37d7a4d47e136821aa2fa7b4680dbfe3a2d161bd1044fb46c3942b59a4bd4101e8f0e1123136f4a270d62ed2816374b10ef260a1365834ea93064e9d1a7687a39a8ddfe7ec72a590c77cb199a41c4089df9810bf6a7ea3d2db4792b8ffdb521a75918f6ae76a20b0610bae35c87cf69947a01b70bf560a11b7779133aab54a126b97a33289832d14d72309a6bfda9d8f47336c83f43abee2bcfd7130829e9f03a6da9bf351e00b559caafbe963500024a2587efd549d269be97a17329aa9d805a3370b5f42d892905dea54d17ce615f3c636c44894ca35756ee562d9f60fe01784b5c58d29d74a8232abfe3a959a479f88ed31132a8108c6d560220e61a9c77063a0697dd68c102b9d44b7065554bda49be88959b49fec5a4834708882d9a35c98d3974120613ebd4f239d2b8e84dfa22f7f8f1fa8b0337c938989d7b598ac0c23059aa2a460544456df9abcf0a55f29528b5dc31e1e7b11b48f6b8dd0813433596e83f046a0fe6b78ee187b7fb6c340572cf82b3429e1a245ee654c06b1a02194551cbe7b2a202a5d057b35ae265a22c95a3a06a2ed38db6b0cc547d2edfc434d052f4c915ed600f7a31657e25e63c8a30feb1c713c63ee21d7d3d48fc4113ada5fbe184beb1f964d7f28ee8ddc6b621ab80921f182371a86625bfcdff1e14a7c2441e6d1c0c8832a273aa39367026c317a0284861e0f224bb4b4e9520c9251d34693c588346d7171eb439360f3d9413712e7c48d845adaa435f486e4b76ae7c23bfead88fd008cb6dafd0537844ef69c85cc4be091e2577ddd0900de57f93011fd474cd4606687ce03f0a842b582dec9c4c8eff1cc277458401bdfc7514286f1075fcbd6863025315c43d38b9064d714bb2ba43541f7c20f9437bd38b0b8ac31383f296238dc628874b0e6bf8b72af13f4f65306b004b330aba285bc35d9e4a0a9421679487df0582ca669542377dbeb6dc499bb4531b1589a6c16333468e96a227ad276a1fcc4f9d00d9c41765d58eae5c06d7e460cc71ddeb2c3a3c7eed6f9cdea92b51e971e4d80091bc76d81388dd8a8461180a375809b57cd32326aa936dd6d54648173abdd479e2849523144ba5243e862bec056eb891dee3d38f97c8832622aad2014b8b4f907616cfabb311e96848367be726f7219b4e305279bd3ac6202e6233b1414f36c17ae9b25e7822d530071cded273be7f00262421a25e68f3342af7c01e7b4b90f4661247505ee6f7a51146bb2d07859b1d4d6bd3efd0dbaac0c4c0573ff36e59cbfc6421862e82bc057d7d995a57ffc025c767f5b8795b4aea79ab35af46b92cb58933b0b5f2c700e6c6024f45a328fb3aa76ea9866c13a7f5e0b4ab9a0aaaf6105dbcd0684c006525dbf0c684432a35f1c145de1a7f1bdf7944b979e7059cc991450e9fdfab82133c48d8ffdea022b02c7ebf9c3b0de4dbd1549a4f791ab2896f33a1ba5fb1db911e9ee90d87fa573a12c1dec5a9d0ba4686a8fc372450dc614779bbaa8ab0424915463ace44a9b1b10f5d7635e352765607d565420419c86accd585a0783dd4dbee68904326d6fd9b85569bb3d87cac8b11888a63b5ea9173b8373561b5b6cf96707c033c6ec9beabd863b189f5cc82a5e17da016c4f975356b71c5afc25898386f7fcede7cb6d03ee9d9e2e4b5874d5631d3c48401d7373fcaa9f3c023a516a8d9e9956dadf5cabae9b2ff48d924023dfda42e665199b9ed39736175f7f7b8c5623934d327ba04ee72e4e9c85a2b5f8358bbfe7d8daccb76435db9fc090cbf6a44aab0b9c51a0f56f1ec086c3e2ab51734a3dd60dee323ec17c2c1f619f9c4c0246d08ed6b8ea3584ad267e848f654033e460808dad6975814d7d9449b377f174d5d8d5c04952ec78d81b63a97f94c21f24197243f2882b243cbd44e486c2f00da69ee6f7a5c237ee79ff9ac4b0baaabb135b1a87de4aa767d09ecbec82322d0c998b4766824a223529c0bc4f87e39f6b91a4e0487f9194f21ef325d3d07b6eaee18f9883dbb1a11849bc33e6cfd1eb967d1b37f20cced91b9d38b415cd75c7e5d4eb196f7c0573865eeca951e8b984ad3d1aab4e9f985bf21fcf950a6bf1ca74e435f5c6ed734d73aa4465045d3a1788a239174c69513d0ebd7056ff6dde86501d65459d48c6cf03eab5272766557aae3f0df5f007f46c5e0259dbe5e052a9cdd37f3220307df5e94866c48632ca1b9a0d818a2f81585b4b506a2cf34495b79de2e0c8c4c050b891959b6f3c4b616f95b06d77462a05fbf0d9c2096e51a0c896aca4076c562d9af310267105c2c47005574b8678a2ce692b2885a595d279dc8499a4238a2d41ebd375bce968f826aa979c6cfd8c74585ea9d0d4695753bc74f3cf4e993ae38ab28ac982416afb35dbdbf535afea10626e6e6093c3b7c41d80d22f714da561d6772e8548764bd09636e07e7b16780893410709a50804cee2209c7d60d187da8a45e22d286ef1c2865fd25ef5a2455e40c9f48ff5309a9de0b11f858020d2a97d4fda9cdbbbaf744331938c55a56310ccc379a316b76178c0e3193795e8d54ca393077e06e76e2614328400c9e44bcbdf418d1f5fb63401bf203f3d5ab405dfc03f8989ecffdfb94cdb434ddac9939187c4fe7d356bfff83205ba40bc09d8e71f751ac16085fc09b31412d472a1f5ae84ef071f2f9810920ed6b6d5d6223f62e8430651a71a34fb12adc0f51a31d0f3a2c339411a06acd0f99b7070622d46ef60d136b5447de8fc25cb990d41929bc30ebeef481e66d82deb43826aec3d55ac5840d86dfb5874726ec8942d3a092be0194e57bd5134f87e0da2c06bb5e1a8b23ad86ac7b5f48fe85e4dc2416db951296f7c64d542fc4f6d21354151f7798df70f5913b0c3ec006c79772e2acd822da18298dd1350e189254c39168e95c52168944312665c78a02b0d7e1023e2d4786da8a5b2d70301435ff08916c9f680c1bf1942fbc18464136e2947d26854972d571cceecf9e0ec5dae4f9ce8a89378126a509ba", 0xd7c) 581.140497ms ago: executing program 2 (id=9750): writev(0xffffffffffffffff, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="3c00000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800900010076657468000000000400028008000a00", @ANYRES32=r3], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="a4280400000000001400350064756d6d79300000000000000000000008000a00", @ANYRES32=r3], 0x3c}}, 0x8000) sendmsg$kcm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000011008188040f46ecdb4cb9cca7480e1211000000e3bd012a128748b429021627e305dd2b7a146efb4400", 0x2e}], 0x1}, 0x24000000) 565.737767ms ago: executing program 4 (id=9751): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) listen(r0, 0x80) accept$netrom(r0, 0x0, 0x0) close(0xffffffffffffffff) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, r1, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x40, 0x0, 0x0, 0x0, 0xb4a02fe0ce239f93, '\x00', 0x0, 0x2}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x59, '\x00', 0x0, @sk_skb=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r3, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) 424.778479ms ago: executing program 5 (id=9752): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) sendmsg$inet(0xffffffffffffffff, 0x0, 0x300440f1) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x12, 0x0, 0x0) readv(r0, 0x0, 0x0) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d002000000911ff00000000000000000000000000000000ff0200000000000000000000000000014f194e20184f93"], 0x4a) 255.636282ms ago: executing program 2 (id=9753): socket$inet_icmp(0x2, 0x2, 0x1) r0 = socket(0x10, 0x803, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x100, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x94, 0x2c, 0xd27, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xffff, 0xfff3}, {}, {0x7, 0x5}}, [@filter_kind_options=@f_matchall={{0xd}, {0x60, 0x2, [@TCA_MATCHALL_ACT={0x5c, 0x2, [@m_skbedit={0x58, 0x1, 0x0, 0x0, {{0xc}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x6fe2}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x4, 0x3, 0x10000002, 0xb4, 0xda}}, @TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0x10, 0x4}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0x50}, 0x0) 174.199781ms ago: executing program 5 (id=9754): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x3, 0xf}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x4, 0x1, 0xff, 0x3, 0x80000001, 0xee9}}}}]}, 0x4c}}, 0x20040084) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56741, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {0x4}, {0xffff, 0xffff}, {0x6, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) 120.804004ms ago: executing program 2 (id=9755): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x10) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xffe0}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000700)=@newqdisc={0x434, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x10}, {}, {0xa, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x1, 0x9, 0x8000, 0x3, 0x5, 0x5, 0xb762, 0x4, 0x7, 0x8, 0xf, 0x2, 0x80000001, 0xb, 0x1007fc, 0xffff8000, 0x6, 0x8, 0x9, 0x8, 0xffffe4f5, 0xd6, 0x4, 0xfffb, 0x7, 0x0, 0xfffff4f0, 0x9, 0x1, 0xfffffffc, 0x4, 0x1, 0x8be3, 0x9, 0xc, 0x20001000, 0x4, 0x2, 0x7, 0x4, 0x99, 0x9, 0x5, 0x6, 0x7, 0xfffffff7, 0xe6f, 0x2, 0x9, 0x9, 0x912, 0x3, 0x8, 0x1, 0x4, 0x7ff, 0x8, 0x7, 0x7fbffffe, 0x74422dd4, 0x9, 0xfffffa72, 0xcd, 0x5, 0x80000000, 0x401, 0x9, 0x65, 0x91, 0x659, 0x9, 0xf, 0x9, 0x2, 0x9, 0x7, 0x3, 0x401, 0x3, 0x2, 0xfff7fffa, 0x1, 0x10001, 0x3, 0x1, 0x4, 0x8, 0x8, 0x7, 0x1, 0x0, 0x1, 0x40007, 0x40, 0x8, 0x12, 0x6, 0x1, 0x4dc, 0x80, 0x3, 0x7fffffff, 0xff, 0x9, 0xa7, 0xf, 0x1, 0x0, 0x3, 0x1001, 0x4, 0x401, 0x7, 0x80000000, 0xffff, 0x6, 0x5, 0x4f, 0xffffffff, 0x80000004, 0x1966f9ad, 0x200, 0x20200, 0xed5, 0xfffffc00, 0x6, 0x4, 0x8, 0x485e, 0xa85, 0x80000040, 0xa, 0x7, 0x7, 0x102, 0x2d5421e8, 0x7, 0x10003, 0x2, 0x6, 0x3ff, 0xf04, 0x0, 0x2, 0x8, 0xfffffc00, 0x1, 0x8d, 0x4, 0x401, 0x4, 0x9, 0x3, 0xfffffffb, 0x3, 0x1, 0x3, 0x2, 0x5, 0x8, 0x3, 0x4, 0x3, 0x2, 0x8, 0x7ff, 0x1, 0x9, 0x6, 0x5, 0x5, 0x8, 0x1ff, 0xfffff060, 0x3, 0x469, 0x3, 0x0, 0x200, 0x10000005, 0x7, 0x3, 0x8, 0x42ba, 0x404, 0x9, 0x3, 0x8, 0x8, 0x53, 0x6, 0x4, 0x400, 0x8000, 0x0, 0x2c310b18, 0xfff, 0x0, 0x3, 0xcd34, 0x1, 0x81, 0xdf3, 0x2, 0x7, 0x8, 0x40fff, 0x1ff, 0x8000, 0x3, 0xcfdb, 0x80, 0x8, 0x9a6, 0xe4cb, 0x8, 0x1, 0x1ff, 0x10001, 0x9b4, 0x1, 0x8, 0x0, 0x8, 0x0, 0x9, 0x0, 0x4, 0x24, 0x901, 0x5, 0x1ff, 0x7b, 0xfffffeff, 0x6, 0x6, 0xc, 0x1000, 0x9, 0x9, 0xe6, 0xab, 0x400, 0x7fffffff, 0xed, 0x7ff, 0xd83, 0x68, 0x80000001, 0x6, 0x9fd, 0x10000006, 0x200, 0x2]}]}}]}, 0x434}, 0x1, 0x0, 0x0, 0x40098}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) 0s ago: executing program 5 (id=9756): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0x8}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084) sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000022c0)=@newtfilter={0x40, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x5, 0xfff1}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0xf7513c36066f8950}, 0x20000010) sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001740)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdf8, {0x0, 0x0, 0x0, r4, {0x5}, {}, {0xa, 0x3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40098}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syzkaller0\x00', 0x0}) sendto$packet(0xffffffffffffffff, &(0x7f00000002c0)="05031600d3fc140000004788031c09102c28", 0xfd1e, 0x4, &(0x7f0000000140)={0x11, 0x0, r11, 0x1, 0x0, 0x6, @multicast}, 0x14) kernel console output (not intermixed with test programs): [ T5846] Buffer I/O error on dev nbd3, logical block 0, async page read [ 455.869662][ T5846] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 455.942955][ T5846] Buffer I/O error on dev nbd3, logical block 1, async page read [ 455.962212][ T5846] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 455.987116][ T5846] Buffer I/O error on dev nbd3, logical block 2, async page read [ 456.013568][ T5846] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 456.073658][ T5846] Buffer I/O error on dev nbd3, logical block 3, async page read [ 456.117098][ T5846] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 456.165630][ T5846] Buffer I/O error on dev nbd3, logical block 0, async page read [ 456.201297][ T5846] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 456.236505][ T5846] Buffer I/O error on dev nbd3, logical block 1, async page read [ 456.315757][ T5846] ldm_validate_partition_table(): Disk read failed. [ 456.368146][ T5846] Dev nbd3: unable to read RDB block 0 [ 456.415298][ T5846] nbd3: unable to read partition table [ 456.520183][ T5846] ldm_validate_partition_table(): Disk read failed. [ 456.562409][ T5846] Dev nbd3: unable to read RDB block 0 [ 456.599304][ T5846] nbd3: unable to read partition table [ 458.721816][T20286] netlink: 'syz.3.6854': attribute type 4 has an invalid length. [ 458.730831][T20283] tipc: New replicast peer: 255.255.255.255 [ 458.754855][T20283] tipc: Enabled bearer , priority 10 [ 458.790730][T20288] __nla_validate_parse: 3 callbacks suppressed [ 458.790756][T20288] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6853'. [ 458.861352][T20291] IPv6: Can't replace route, no match found [ 458.869863][T20291] IPv6: Can't replace route, no match found [ 459.635031][T20327] : renamed from bond0 [ 460.186144][T20344] xt_hashlimit: size too large, truncated to 1048576 [ 460.236806][T20345] : renamed from vxcan1 (while UP) [ 461.575869][T20393] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6902'. [ 461.866506][T20405] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6908'. [ 461.925670][T20405] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6908'. [ 461.953235][T20405] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6908'. [ 462.335054][T20426] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6918'. [ 462.375665][T20426] ipvlan2: entered allmulticast mode [ 462.391413][T20426] syz_tun: entered allmulticast mode [ 463.096666][T20458] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6932'. [ 463.250561][T20465] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6935'. [ 464.086524][T20506] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6955'. [ 464.475359][T20522] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6962'. [ 464.753281][T20532] netlink: 108 bytes leftover after parsing attributes in process `syz.4.6967'. [ 464.859704][ T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 465.019465][T20544] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 465.050838][T20544] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 465.089052][T20546] netlink: 64 bytes leftover after parsing attributes in process `syz.1.6974'. [ 465.736332][T20579] netlink: 'syz.4.6988': attribute type 4 has an invalid length. [ 466.569534][T20618] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7009'. [ 466.810845][T20632] IPv6: NLM_F_CREATE should be specified when creating new route [ 466.912163][T20638] netlink: 'syz.0.7019': attribute type 1 has an invalid length. [ 466.927064][T20638] netlink: 'syz.0.7019': attribute type 3 has an invalid length. [ 466.945761][T20638] netlink: 'syz.0.7019': attribute type 7 has an invalid length. [ 466.986860][T20638] netlink: 'syz.0.7019': attribute type 8 has an invalid length. [ 466.998763][T20638] netlink: 184 bytes leftover after parsing attributes in process `syz.0.7019'. [ 467.011834][T20638] NCSI netlink: No device for ifindex 131092 [ 467.369916][T20658] netlink: 48 bytes leftover after parsing attributes in process `syz.3.7026'. [ 467.493554][T20665] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7026'. [ 467.567550][T20664] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 469.807148][T20766] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7075'. [ 470.130571][T20778] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7081'. [ 470.180715][T20778] netlink: 'syz.2.7081': attribute type 30 has an invalid length. [ 470.203963][T20778] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7081'. [ 470.429524][T20794] erspan0: entered promiscuous mode [ 470.588800][T20801] netlink: 100 bytes leftover after parsing attributes in process `syz.1.7092'. [ 470.614691][T20803] netlink: 68 bytes leftover after parsing attributes in process `syz.2.7091'. [ 471.877718][T20859] netlink: 81 bytes leftover after parsing attributes in process `syz.0.7119'. [ 472.025961][T20865] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7122'. [ 472.420923][T20885] netem: incorrect gi model size [ 472.449575][T20885] netem: change failed [ 472.839488][T20904] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7139'. [ 473.109223][T20919] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.7142'. [ 474.082009][T20952] netlink: 'syz.3.7160': attribute type 10 has an invalid length. [ 474.157677][T20956] netlink: 'syz.0.7162': attribute type 83 has an invalid length. [ 474.175392][T20952] veth0_vlan: left promiscuous mode [ 474.196337][T20952] veth0_vlan: entered promiscuous mode [ 474.242139][T20952] team0: Device veth0_vlan failed to register rx_handler [ 474.494705][T20965] syz.1.7167: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 474.574953][T20973] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7170'. [ 474.593088][T20965] CPU: 0 UID: 0 PID: 20965 Comm: syz.1.7167 Not tainted syzkaller #0 PREEMPT(full) [ 474.593126][T20965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 474.593146][T20965] Call Trace: [ 474.593156][T20965] [ 474.593167][T20965] dump_stack_lvl+0xe8/0x150 [ 474.593210][T20965] warn_alloc+0x249/0x340 [ 474.593249][T20965] ? stack_trace_save+0xa9/0x100 [ 474.593279][T20965] ? __pfx_warn_alloc+0x10/0x10 [ 474.593323][T20965] ? kasan_save_track+0x4f/0x80 [ 474.593356][T20965] ? kasan_save_track+0x3e/0x80 [ 474.593386][T20965] ? __kasan_kmalloc+0x93/0xb0 [ 474.593407][T20965] ? __kmalloc_cache_noprof+0x31c/0x660 [ 474.593439][T20965] ? xskq_create+0x56/0x170 [ 474.593463][T20965] ? xsk_setsockopt+0x54c/0x990 [ 474.593483][T20965] ? do_sock_setsockopt+0x17c/0x1b0 [ 474.593516][T20965] ? __x64_sys_setsockopt+0x13d/0x1b0 [ 474.593552][T20965] ? do_syscall_64+0x15f/0xf80 [ 474.593587][T20965] __vmalloc_node_range_noprof+0x132/0x1730 [ 474.593656][T20965] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 474.593698][T20965] ? __kasan_kmalloc+0x93/0xb0 [ 474.593727][T20965] vmalloc_user_noprof+0xad/0xe0 [ 474.593761][T20965] ? xskq_create+0xbf/0x170 [ 474.593785][T20965] xskq_create+0xbf/0x170 [ 474.593813][T20965] xsk_init_queue+0x8a/0xe0 [ 474.593839][T20965] xsk_setsockopt+0x54c/0x990 [ 474.593864][T20965] ? __pfx_xsk_setsockopt+0x10/0x10 [ 474.593887][T20965] ? __pfx_aa_sk_perm+0x10/0x10 [ 474.593922][T20965] ? aa_sock_opt_perm+0xff/0x1a0 [ 474.593956][T20965] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 474.594005][T20965] ? __pfx_xsk_setsockopt+0x10/0x10 [ 474.594030][T20965] do_sock_setsockopt+0x17c/0x1b0 [ 474.594071][T20965] __x64_sys_setsockopt+0x13d/0x1b0 [ 474.594107][T20965] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 474.594134][T20965] do_syscall_64+0x15f/0xf80 [ 474.594161][T20965] ? trace_irq_disable+0x3b/0x140 [ 474.594185][T20965] ? clear_bhb_loop+0x40/0x90 [ 474.594213][T20965] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 474.594243][T20965] RIP: 0033:0x7f57ce99c819 [ 474.594265][T20965] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 474.594286][T20965] RSP: 002b:00007f57cf93c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 474.594315][T20965] RAX: ffffffffffffffda RBX: 00007f57cec15fa0 RCX: 00007f57ce99c819 [ 474.594333][T20965] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 474.594347][T20965] RBP: 00007f57cea32c91 R08: 0000000000000004 R09: 0000000000000000 [ 474.594360][T20965] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 474.594374][T20965] R13: 00007f57cec16038 R14: 00007f57cec15fa0 R15: 00007ffefcb4e798 [ 474.594410][T20965] [ 474.594530][T20965] Mem-Info: [ 474.903231][T20965] active_anon:5635 inactive_anon:0 isolated_anon:0 [ 474.903231][T20965] active_file:3077 inactive_file:40082 isolated_file:0 [ 474.903231][T20965] unevictable:768 dirty:295 writeback:0 [ 474.903231][T20965] slab_reclaimable:10773 slab_unreclaimable:103010 [ 474.903231][T20965] mapped:29150 shmem:1352 pagetables:1145 [ 474.903231][T20965] sec_pagetables:0 bounce:0 [ 474.903231][T20965] kernel_misc_reclaimable:0 [ 474.903231][T20965] free:1323815 free_pcp:9125 free_cma:0 [ 474.952097][T20975] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7171'. [ 474.986232][T20965] Node 0 active_anon:22540kB inactive_anon:0kB active_file:12308kB inactive_file:160116kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:116700kB dirty:1176kB writeback:0kB shmem:3872kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12184kB pagetables:4628kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 475.114038][T20965] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:212kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 475.185440][T20965] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 475.258337][T20965] lowmem_reserve[]: 0 2491 2492 2492 2492 [ 475.279176][T20965] Node 0 DMA32 free:1338900kB boost:0kB min:34184kB low:42728kB high:51272kB reserved_highatomic:0KB free_highatomic:0KB active_anon:22540kB inactive_anon:0kB active_file:12308kB inactive_file:160116kB unevictable:1536kB writepending:1176kB zspages:0kB present:3129332kB managed:2551528kB mlocked:0kB bounce:0kB free_pcp:36648kB local_pcp:17412kB free_cma:0kB [ 475.364008][T20965] lowmem_reserve[]: 0 0 0 0 0 [ 475.375981][T20989] netlink: 64 bytes leftover after parsing attributes in process `syz.4.7178'. [ 475.383048][T20965] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:612kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 475.465246][T20965] lowmem_reserve[]: 0 0 0 0 0 [ 475.490077][T20965] Node 1 Normal free:3941000kB boost:0kB min:55708kB low:69632kB high:83556kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:212kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 475.546010][T20965] lowmem_reserve[]: 0 0 0 0 0 [ 475.565347][T20965] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 475.650203][T20965] Node 0 DMA32: 4481*4kB (UME) 3046*8kB (UME) 1690*16kB (UME) 179*32kB (UM) 100*64kB (UM) 105*128kB (UME) 77*256kB (UME) 61*512kB (UME) 39*1024kB (UM) 17*2048kB (UM) 273*4096kB (UM) = 1338804kB [ 475.732129][T20965] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 475.779636][T20965] Node 1 Normal: 4*4kB (U) 7*8kB (UM) 4*16kB (UM) 2*32kB (UM) 7*64kB (UM) 4*128kB (UM) 6*256kB (UM) 4*512kB (UM) 2*1024kB (UM) 1*2048kB (U) 960*4096kB (M) = 3941000kB [ 475.813650][T20965] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 475.836638][T20965] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 475.848653][T20965] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 475.882972][T20965] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 475.904502][T21004] block nbd4: Unsupported socket: should be TCP or UNIX. [ 475.973573][T20965] 45484 total pagecache pages [ 476.044334][T20965] 0 pages in swap cache [ 476.059850][T20965] Free swap = 124996kB [ 476.073466][T20965] Total swap = 124996kB [ 476.083043][T20965] 2097051 pages RAM [ 476.112918][T20965] 0 pages HighMem/MovableOnly [ 476.119386][T20965] 427401 pages reserved [ 476.139680][T20965] 0 pages cma reserved [ 476.374596][T21020] netlink: 'syz.1.7190': attribute type 83 has an invalid length. [ 476.551210][T21029] netlink: 'syz.2.7192': attribute type 5 has an invalid length. [ 477.084907][T21045] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.7203'. [ 477.321611][T21052] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7206'. [ 477.392315][T21052] netlink: 16 bytes leftover after parsing attributes in process `syz.1.7206'. [ 477.426224][T21058] xt_hashlimit: size too large, truncated to 1048576 [ 477.485499][T21060] veth0_to_bridge (unregistering): left allmulticast mode [ 477.534003][T21060] veth0_to_bridge (unregistering): left promiscuous mode [ 477.576898][T21060] bridge0: port 3(veth0_to_bridge) entered disabled state [ 477.668306][T21060] x9 (unregistering): left allmulticast mode [ 477.684487][T21060] x9 (unregistering): left promiscuous mode [ 477.691838][T21060] bridge0: port 1(0x9) entered disabled state [ 477.830508][T21069] netlink: 36 bytes leftover after parsing attributes in process `syz.0.7212'. [ 478.282114][T21088] netdevsim netdevsim4 netdevsim0: IPsec offload requires 128 bit authentication [ 479.015629][T21121] sctp: [Deprecated]: syz.2.7236 (pid 21121) Use of struct sctp_assoc_value in delayed_ack socket option. [ 479.015629][T21121] Use struct sctp_sack_info instead [ 479.171847][T21128] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7240'. [ 479.348801][T21134] netlink: 232 bytes leftover after parsing attributes in process `syz.3.7243'. [ 479.669355][T21149] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7250'. [ 479.741779][T21153] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7250'. [ 480.155892][T21168] netlink: 'syz.3.7258': attribute type 4 has an invalid length. [ 480.775144][T21191] netlink: 'syz.4.7268': attribute type 21 has an invalid length. [ 480.839839][T21191] netlink: 152 bytes leftover after parsing attributes in process `syz.4.7268'. [ 480.868040][T21195] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7270'. [ 481.104584][T21207] netlink: 104 bytes leftover after parsing attributes in process `syz.0.7275'. [ 481.821282][T21240] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7292'. [ 481.858643][T21240] netlink: 60 bytes leftover after parsing attributes in process `syz.1.7292'. [ 481.897416][T21240] netlink: 16 bytes leftover after parsing attributes in process `syz.1.7292'. [ 482.276118][T21259] vcan0: tx address claim with dlc 1 [ 482.625665][T21279] syzkaller1: entered promiscuous mode [ 482.657077][T21279] syzkaller1: entered allmulticast mode [ 482.789870][T21287] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7314'. [ 482.819588][T21287] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7314'. [ 485.540785][T21415] sctp: [Deprecated]: syz.4.7372 (pid 21415) Use of struct sctp_assoc_value in delayed_ack socket option. [ 485.540785][T21415] Use struct sctp_sack_info instead [ 485.711875][T21424] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.7376'. [ 485.885958][T21428] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7378'. [ 485.924788][T21428] gtp0: entered promiscuous mode [ 485.930359][T21428] gtp0: entered allmulticast mode [ 485.960064][T21430] netlink: 'syz.0.7379': attribute type 11 has an invalid length. [ 486.093551][T21436] netlink: 'syz.3.7382': attribute type 63 has an invalid length. [ 486.148514][T21441] netlink: 'syz.3.7382': attribute type 63 has an invalid length. [ 486.445278][T21447] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7385'. [ 486.554763][T21449] netlink: 65011 bytes leftover after parsing attributes in process `syz.4.7385'. [ 486.829670][T21464] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7391'. [ 486.871517][T21464] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7391'. [ 486.977536][ T12] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 486.998834][T19120] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 487.055149][T19120] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 487.111245][T19120] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 487.567763][ T132] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 487.583733][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 487.957009][T21504] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.7410'. [ 488.044074][ T45] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 488.055949][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 488.065299][T21506] macvlan0: entered promiscuous mode [ 488.287216][T19120] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 488.299432][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 488.632374][T21532] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7422'. [ 488.667534][T21532] netlink: 'syz.3.7422': attribute type 7 has an invalid length. [ 488.703264][T21532] netlink: 'syz.3.7422': attribute type 8 has an invalid length. [ 488.734471][T21532] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7422'. [ 488.934030][T21543] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7427'. [ 489.276891][T21551] 8021q: adding VLAN 0 to HW filter on device bond0 [ 489.305097][T21551] 8021q: adding VLAN 0 to HW filter on device team0 [ 489.343849][T21551] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 489.540681][T21569] syzkaller1: entered promiscuous mode [ 489.547357][T21569] syzkaller1: entered allmulticast mode [ 490.247626][T21591] syzkaller1: entered promiscuous mode [ 490.270351][T21591] syzkaller1: entered allmulticast mode [ 490.488092][T21600] netlink: 207952 bytes leftover after parsing attributes in process `syz.1.7451'. [ 490.888097][T21610] tipc: Enabling of bearer rejected, already enabled [ 491.063383][T21621] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 491.078209][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 491.216438][T21626] af_packet: tpacket_rcv: packet too big, clamped from 2 to 4294967272. macoff=96 [ 491.274450][T21632] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 492.357100][T21674] netlink: 16 bytes leftover after parsing attributes in process `syz.1.7484'. [ 492.602634][T21684] netlink: 'syz.2.7487': attribute type 17 has an invalid length. [ 492.624845][T21684] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7487'. [ 492.673172][T21684] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7487'. [ 492.687033][ T12] net_ratelimit: 3 callbacks suppressed [ 492.687056][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 492.702967][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 492.767566][T21684] gretap0: entered promiscuous mode [ 492.816717][T21684] gretap0: left promiscuous mode [ 493.102467][T21705] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 493.121959][T21705] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 493.143669][T21705] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 493.167407][T21705] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 493.178140][T21705] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 493.189086][T21705] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 493.199806][T21705] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 493.225929][T21705] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 493.517184][T21716] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.7504'. [ 493.650400][T21721] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7507'. [ 494.018495][T21736] netlink: 'syz.1.7515': attribute type 4 has an invalid length. [ 494.031967][T21737] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7514'. [ 494.578159][T21758] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.7526'. [ 494.604317][T21756] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 64993 [ 495.297487][T21787] netlink: 16 bytes leftover after parsing attributes in process `syz.0.7539'. [ 495.455602][T21789] block nbd4: server does not support multiple connections per device. [ 495.481979][T21789] block nbd4: shutting down sockets [ 495.568825][T21801] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7545'. [ 495.641574][T21805] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7545'. [ 495.949385][T21811] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 496.052392][T21814] syzkaller1: entered promiscuous mode [ 496.071088][T21814] syzkaller1: entered allmulticast mode [ 496.145826][T21817] netlink: 'syz.0.7552': attribute type 1 has an invalid length. [ 496.179244][T21817] netlink: 'syz.0.7552': attribute type 2 has an invalid length. [ 496.947980][T21848] sctp: [Deprecated]: syz.3.7564 (pid 21848) Use of int in max_burst socket option deprecated. [ 496.947980][T21848] Use struct sctp_assoc_value instead [ 496.991531][T21852] netlink: 'syz.1.7567': attribute type 2 has an invalid length. [ 497.006305][T21852] netlink: 'syz.1.7567': attribute type 2 has an invalid length. [ 497.303896][T21862] netlink: 'syz.1.7573': attribute type 10 has an invalid length. [ 497.336260][T21862] bridge_slave_1: left allmulticast mode [ 497.346963][T21862] bridge_slave_1: left promiscuous mode [ 497.353928][T21862] bridge0: port 2(bridge_slave_1) entered disabled state [ 497.378798][T21862] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 497.532900][T21872] __nla_validate_parse: 5 callbacks suppressed [ 497.532922][T21872] netlink: 36 bytes leftover after parsing attributes in process `syz.1.7576'. [ 497.852093][T21881] erspan0: entered promiscuous mode [ 497.858891][T21881] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7579'. [ 498.195962][T21897] net_ratelimit: 482 callbacks suppressed [ 498.195986][T21897] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 498.626008][T21918] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 498.717789][T21918] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 498.849051][T21928] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 498.857820][T21928] IPv6: NLM_F_CREATE should be set when creating new route [ 498.992010][T21936] netlink: 68 bytes leftover after parsing attributes in process `syz.0.7604'. [ 499.165424][ T45] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 499.176442][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 499.357804][T21949] netlink: 67 bytes leftover after parsing attributes in process `syz.3.7608'. [ 499.803464][ T132] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 499.813672][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 500.390435][T21995] netlink: 'syz.1.7629': attribute type 1 has an invalid length. [ 500.400960][T21995] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7629'. [ 500.444473][ T132] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 500.454957][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 500.991841][T22023] netlink: 84 bytes leftover after parsing attributes in process `syz.4.7639'. [ 501.452359][T22032] syzkaller1: entered promiscuous mode [ 501.484310][T22032] syzkaller1: entered allmulticast mode [ 501.846650][T22012] dvmrp8: entered allmulticast mode [ 502.023143][ T45] dvmrp8: left allmulticast mode [ 502.280522][T22065] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7655'. [ 502.292247][ T35] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 502.309713][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 502.368184][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.786617][T22081] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7664'. [ 503.134440][T22095] block nbd4: not configured, cannot reconfigure [ 503.499447][T22107] netlink: 256 bytes leftover after parsing attributes in process `syz.2.7677'. [ 503.529878][T22107] netlink: 256 bytes leftover after parsing attributes in process `syz.2.7677'. [ 503.944439][T22128] netlink: 27 bytes leftover after parsing attributes in process `syz.4.7687'. [ 504.147224][T22136] netlink: 16215 bytes leftover after parsing attributes in process `syz.2.7690'. [ 504.372168][T22143] netlink: 27 bytes leftover after parsing attributes in process `syz.2.7693'. [ 504.924928][ T35] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 504.934481][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 505.013351][T22172] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7706'. [ 505.023715][T22172] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7706'. [ 505.034276][T22172] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7706'. [ 505.046810][T22172] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7706'. [ 505.279869][T22182] sctp: [Deprecated]: syz.0.7711 (pid 22182) Use of struct sctp_assoc_value in delayed_ack socket option. [ 505.279869][T22182] Use struct sctp_sack_info instead [ 505.567446][ T35] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 505.576402][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 506.210598][ T35] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 506.220881][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 506.498746][T22232] syzkaller1: entered promiscuous mode [ 506.516202][T22232] syzkaller1: entered allmulticast mode [ 506.662102][T22245] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 506.671270][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 508.779183][T22335] __nla_validate_parse: 3 callbacks suppressed [ 508.779207][T22335] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.7777'. [ 510.369204][T22399] netlink: 'syz.0.7804': attribute type 9 has an invalid length. [ 510.378881][T22399] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.7804'. [ 510.661797][T22409] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7809'. [ 510.687473][T22409] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7809'. [ 510.811957][T22415] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7812'. [ 511.024747][T22420] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7812'. [ 511.104911][T22420] nbd: device at index 64 is going down [ 511.220422][T22427] syzkaller1: entered promiscuous mode [ 511.245009][T22427] syzkaller1: entered allmulticast mode [ 511.291609][T22432] netlink: 212336 bytes leftover after parsing attributes in process `syz.3.7818'. [ 511.380347][ T5846] udevd[5846]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 511.708829][T22450] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7825'. [ 511.922151][T22455] macvtap1: entered promiscuous mode [ 511.944713][T22455] macvtap1: entered allmulticast mode [ 511.967091][T22455] veth1_vlan: entered allmulticast mode [ 512.092220][T22462] macvtap2: entered promiscuous mode [ 512.117054][T22462] macvtap2: entered allmulticast mode [ 512.383913][T22479] pim6reg1: entered promiscuous mode [ 512.425686][T22479] pim6reg1: entered allmulticast mode [ 512.494841][T22486] netlink: 'syz.4.7840': attribute type 17 has an invalid length. [ 512.513148][T22486] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7840'. [ 512.533355][T22486] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7840'. [ 512.916479][T22503] bond3: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 513.051928][T22503] bond3: (slave lo): Enslaving as an active interface with an up link [ 513.095888][T22503] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 514.038089][T22541] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7861'. [ 514.303237][T22548] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7864'. [ 514.345053][T22548] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7864'. [ 514.572179][T22562] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7869'. [ 514.749085][T22569] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7874'. [ 515.024397][T22581] netlink: 'syz.3.7876': attribute type 1 has an invalid length. [ 515.105559][T22581] bond2: entered promiscuous mode [ 515.111700][T22581] 8021q: adding VLAN 0 to HW filter on device bond2 [ 515.174688][T22588] bridge_slave_0: left allmulticast mode [ 515.190010][T22588] bridge_slave_0: left promiscuous mode [ 515.218461][T22588] bridge0: port 1(bridge_slave_0) entered disabled state [ 515.298745][T22588] bridge_slave_1: left allmulticast mode [ 515.355014][T22588] bridge_slave_1: left promiscuous mode [ 515.401993][T22588] bridge0: port 2(bridge_slave_1) entered disabled state [ 515.463470][T22588] bond0: (slave bond_slave_0): Releasing backup interface [ 515.490286][T22588] bond_slave_0: left allmulticast mode [ 515.607229][T22588] bond0: (slave bond_slave_1): Releasing backup interface [ 515.647521][T22588] bond_slave_1: left allmulticast mode [ 515.699762][T22588] team0: Port device team_slave_0 removed [ 515.788031][T22588] team0: Port device 26 removed [ 515.827974][T22588] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 515.839099][T22588] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 515.851600][T22588] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 515.907597][T22589] bond2: (slave bridge3): making interface the new active one [ 515.927624][T22589] bridge3: entered promiscuous mode [ 515.944078][T22589] bond2: (slave bridge3): Enslaving as an active interface with an up link [ 516.037457][ T5903] syz1: Port: 1 Link DOWN [ 516.516682][T22630] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7893'. [ 516.698487][T22638] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7896'. [ 516.719754][T22637] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 516.744295][T22638] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7896'. [ 516.775829][T22638] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7896'. [ 517.051453][T22652] netlink: 212348 bytes leftover after parsing attributes in process `syz.4.7901'. [ 517.114554][T22655] netlink: 'syz.0.7902': attribute type 4 has an invalid length. [ 517.174707][T22655] netlink: 'syz.0.7902': attribute type 4 has an invalid length. [ 517.833679][T22693] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 517.960233][T22701] netlink: 'syz.0.7921': attribute type 7 has an invalid length. [ 517.969785][T22701] netlink: 'syz.0.7921': attribute type 8 has an invalid length. [ 517.981216][T22700] A link change request failed with some changes committed already. Interface .` may have been left with an inconsistent configuration, please check. [ 519.305223][T22741] __nla_validate_parse: 4 callbacks suppressed [ 519.305305][T22741] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.7934'. [ 519.331660][T22741] netlink: Conntrack attr has 3 unknown bytes [ 520.514506][T22763] netlink: 207952 bytes leftover after parsing attributes in process `syz.2.7942'. [ 521.061532][T22796] netlink: 'syz.1.7946': attribute type 25 has an invalid length. [ 521.133168][T22796] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7946'. [ 521.246954][T22786] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 521.247328][T22796] netlink: 'syz.1.7946': attribute type 25 has an invalid length. [ 521.273464][T22796] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7946'. [ 521.300900][T22786] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 521.320262][T22786] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 521.331476][T22799] netlink: 'syz.0.7948': attribute type 4 has an invalid length. [ 521.365097][T22786] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 521.533936][T22805] netlink: 40 bytes leftover after parsing attributes in process `syz.0.7951'. [ 522.295677][T22830] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7960'. [ 522.359336][T22832] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.7961'. [ 522.663114][T22839] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 522.877905][T22847] vlan3: entered allmulticast mode [ 522.908775][T22847] bond0: entered allmulticast mode [ 522.909143][T22857] netlink: 14 bytes leftover after parsing attributes in process `syz.0.7968'. [ 522.946804][T22847] bond_slave_0: entered allmulticast mode [ 522.964287][T22847] bond_slave_1: entered allmulticast mode [ 523.119883][T22857] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 523.176187][T22857] bond_slave_0: left allmulticast mode [ 523.222222][T22857] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 523.246628][T22857] bond_slave_1: left allmulticast mode [ 523.260405][T22857] bond0 (unregistering): Released all slaves [ 523.491818][T22871] veth0: entered promiscuous mode [ 523.508419][T22871] veth0: left promiscuous mode [ 524.096271][T22897] netlink: 212344 bytes leftover after parsing attributes in process `syz.4.7986'. [ 524.456930][T22909] netlink: 212344 bytes leftover after parsing attributes in process `syz.0.7991'. [ 524.482578][T22910] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7992'. [ 524.614116][T22917] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 524.869563][T22927] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 525.577374][T22958] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.8012'. [ 525.667998][T22961] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8013'. [ 525.892474][T22968] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.8016'. [ 525.934657][T22968] netlink: Unknown conntrack attr (0) [ 526.042401][T22975] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8019'. [ 526.082855][T22975] netlink: 'syz.3.8019': attribute type 1 has an invalid length. [ 526.108549][T22975] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8019'. [ 526.137807][T22975] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8019'. [ 526.161145][T22975] netlink: 'syz.3.8019': attribute type 1 has an invalid length. [ 526.180809][T22975] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8019'. [ 526.511252][T22989] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8025'. [ 526.611692][ T35] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 526.635632][ T35] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 526.706456][ T35] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 526.775131][ T35] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 526.895252][T23003] netlink: 'syz.0.8030': attribute type 21 has an invalid length. [ 526.911101][T23003] netlink: 'syz.0.8030': attribute type 21 has an invalid length. [ 528.131139][T23032] netlink: 'syz.4.8040': attribute type 1 has an invalid length. [ 529.432908][T23076] netlink: 'syz.0.8055': attribute type 9 has an invalid length. [ 529.454906][T23076] netlink: 'syz.0.8055': attribute type 9 has an invalid length. [ 529.479372][T23078] __nla_validate_parse: 8 callbacks suppressed [ 529.479396][T23078] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8056'. [ 529.501021][T23076] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8055'. [ 529.526962][T23078] netlink: 'syz.2.8056': attribute type 18 has an invalid length. [ 529.553723][T23078] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8056'. [ 529.689386][T23078] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8056'. [ 529.691077][T22786] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 529.717153][T23078] netlink: 'syz.2.8056': attribute type 18 has an invalid length. [ 529.750621][T22786] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 529.761533][T23078] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8056'. [ 529.795470][T22786] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 529.827172][T22786] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 530.105147][T23099] netlink: 'syz.4.8064': attribute type 21 has an invalid length. [ 530.125366][T23099] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8064'. [ 530.280668][T23105] netlink: 1363 bytes leftover after parsing attributes in process `syz.2.8067'. [ 530.336761][T23108] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8069'. [ 530.555963][T23108] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8069'. [ 530.567534][T23116] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8072'. [ 531.911350][T23165] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 531.972087][T23165] bond0: (slave lo): Enslaving as an active interface with an up link [ 532.022371][T23165] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 532.369066][T23187] validate_nla: 6 callbacks suppressed [ 532.369090][T23187] netlink: 'syz.4.8102': attribute type 15 has an invalid length. [ 533.409323][T23232] ip6tnl2: entered promiscuous mode [ 534.864777][T23277] __nla_validate_parse: 9 callbacks suppressed [ 534.864799][T23277] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8123'. [ 534.865160][T23280] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.8124'. [ 534.883082][T23277] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8123'. [ 534.956869][T23277] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8123'. [ 535.249938][T23291] netlink: 240 bytes leftover after parsing attributes in process `syz.0.8126'. [ 535.359496][T23296] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.8131'. [ 535.454027][T23298] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8132'. [ 535.576509][T23298] ip6erspan0: entered promiscuous mode [ 535.597383][T23303] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8134'. [ 535.618863][T23305] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8135'. [ 535.661081][T23305] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8135'. [ 535.706402][T23305] netlink: 'syz.2.8135': attribute type 15 has an invalid length. [ 535.817481][T22790] netdevsim netdevsim2 netdevsim0: set [0, 1] type 1 family 0 port 256 - 0 [ 535.818962][T23305] netlink: 'syz.2.8135': attribute type 15 has an invalid length. [ 535.854917][T22790] netdevsim netdevsim2 netdevsim1: set [0, 1] type 1 family 0 port 256 - 0 [ 535.896030][T22790] netdevsim netdevsim2 netdevsim2: set [0, 1] type 1 family 0 port 256 - 0 [ 535.927867][T22790] netdevsim netdevsim2 netdevsim3: set [0, 1] type 1 family 0 port 256 - 0 [ 536.265482][T23322] syzkaller1: entered promiscuous mode [ 536.295195][T23322] syzkaller1: entered allmulticast mode [ 536.660734][T23339] netlink: 'syz.0.8147': attribute type 11 has an invalid length. [ 536.693532][T23339] netlink: 'syz.0.8147': attribute type 11 has an invalid length. [ 537.293552][T23350] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 537.344162][T23350] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 537.626303][T23374] vcan0: tx drop: invalid da for name 0x0000000000000008 [ 537.919627][T23350] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 537.947184][T23350] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 538.150951][T23350] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 538.186309][T23350] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 538.406322][T23350] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 538.433656][T23350] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 538.764983][T23406] syzkaller1: entered promiscuous mode [ 538.790970][T23406] syzkaller1: entered allmulticast mode [ 539.000355][ T1150] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 539.020417][ T1150] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.051015][ T1150] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 539.060166][ T1150] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.149276][T22790] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 539.169914][T22790] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.195994][T22790] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 539.209579][T22790] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.259157][T23421] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 539.665328][T23438] nbd: must specify at least one socket [ 539.685747][T23438] block nbd1: NBD_DISCONNECT [ 539.696736][T23438] block nbd1: Send disconnect failed -32 [ 539.712866][T23438] block nbd1: shutting down sockets [ 540.509155][T23470] netlink: 'syz.1.8192': attribute type 1 has an invalid length. [ 540.518078][T23470] __nla_validate_parse: 9 callbacks suppressed [ 540.518100][T23470] netlink: 96 bytes leftover after parsing attributes in process `syz.1.8192'. [ 540.536397][T23470] netlink: 1 bytes leftover after parsing attributes in process `syz.1.8192'. [ 540.981962][T23492] netlink: 'syz.0.8203': attribute type 12 has an invalid length. [ 540.992445][T23492] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8203'. [ 541.026196][T23492] netlink: 'syz.0.8203': attribute type 12 has an invalid length. [ 541.049183][T23492] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8203'. [ 541.514352][T23516] IPv6: sit1: Disabled Multicast RS [ 541.668799][ C1] vcan0: j1939_tp_rxtimer: 0xffff88802c7f0000: rx timeout, send abort [ 541.780514][T23532] gretap2: entered promiscuous mode [ 541.795126][T23532] batman_adv: batadv0: Adding interface: gretap2 [ 541.801987][T23532] batman_adv: batadv0: The MTU of interface gretap2 is too small (1462) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1500. [ 541.826910][T23532] batman_adv: batadv0: Not using interface gretap2 (retrying later): interface not active [ 542.034848][T23542] netlink: 'syz.3.8225': attribute type 29 has an invalid length. [ 542.047785][T23542] netlink: 'syz.3.8225': attribute type 29 has an invalid length. [ 542.060337][T23542] netlink: 500 bytes leftover after parsing attributes in process `syz.3.8225'. [ 542.180311][ C1] vcan0: j1939_tp_rxtimer: 0xffff88802c7f0000: abort rx timeout. Force session deactivation [ 542.252196][T23551] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8229'. [ 542.265773][T23551] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8229'. [ 542.356522][T23554] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8230'. [ 542.386743][T23554] 8021q: adding VLAN 0 to HW filter on device bond5 [ 543.138200][T23591] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8243'. [ 543.253889][T23593] nbd1: detected capacity change from 0 to 63 [ 543.288956][T23596] block nbd1: NBD_DISCONNECT [ 543.335078][T23596] block nbd1: Disconnected due to user request. [ 543.373966][ T5846] blk_print_req_error: 138 callbacks suppressed [ 543.373990][ T5846] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 543.396029][T23596] block nbd1: shutting down sockets [ 543.427486][ T5846] buffer_io_error: 138 callbacks suppressed [ 543.427509][ T5846] Buffer I/O error on dev nbd1, logical block 0, async page read [ 543.483518][ T1168] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 3 prio class 2 [ 543.501614][ T1168] Buffer I/O error on dev nbd1, logical block 1, async page read [ 543.511386][ T1168] Buffer I/O error on dev nbd1, logical block 2, async page read [ 543.519711][ T1168] Buffer I/O error on dev nbd1, logical block 3, async page read [ 543.529874][ T5846] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 543.539505][ T5846] Buffer I/O error on dev nbd1, logical block 0, async page read [ 543.548958][ T5846] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 543.559314][ T5846] Buffer I/O error on dev nbd1, logical block 1, async page read [ 543.569187][ T5846] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 543.579329][ T5846] Buffer I/O error on dev nbd1, logical block 2, async page read [ 543.588387][ T5846] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 543.598788][ T5846] Buffer I/O error on dev nbd1, logical block 3, async page read [ 543.609006][ T5846] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 543.618293][ T5846] Buffer I/O error on dev nbd1, logical block 0, async page read [ 543.627160][ T5846] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 543.636879][ T5846] Buffer I/O error on dev nbd1, logical block 1, async page read [ 543.645294][ T5846] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 543.655438][ T5846] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 543.698467][ T5846] ldm_validate_partition_table(): Disk read failed. [ 543.736073][ T5846] Dev nbd1: unable to read RDB block 0 [ 543.760474][ T5846] nbd1: unable to read partition table [ 543.802271][ T5846] ldm_validate_partition_table(): Disk read failed. [ 543.836960][ T5846] Dev nbd1: unable to read RDB block 0 [ 543.871908][ T5846] nbd1: unable to read partition table [ 543.915453][T23609] netlink: 140 bytes leftover after parsing attributes in process `syz.4.8250'. [ 545.461559][T23660] xt_hashlimit: size too large, truncated to 1048576 [ 546.944243][T23706] netlink: 'syz.2.8286': attribute type 1 has an invalid length. [ 547.298519][T23713] bond3: (slave gretap1): making interface the new active one [ 547.355738][T23713] bond3: (slave gretap1): Enslaving as an active interface with an up link [ 550.441955][T23731] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 553.807101][T23763] syzkaller0: entered promiscuous mode [ 553.837045][T23763] syzkaller0: entered allmulticast mode [ 558.823414][T23806] __nla_validate_parse: 2 callbacks suppressed [ 558.823442][T23806] netlink: 212344 bytes leftover after parsing attributes in process `syz.2.8311'. [ 559.331265][T23833] trusted_key: syz.3.8319 sent an empty control message without MSG_MORE. [ 559.492304][T23837] netlink: 'syz.1.8322': attribute type 1 has an invalid length. [ 559.595232][T23837] bond6: (slave ip6gretap2): making interface the new active one [ 559.607722][T23844] netlink: 212344 bytes leftover after parsing attributes in process `syz.3.8326'. [ 559.629043][T23837] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 559.662976][T23837] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 559.675384][T23837] bond6: (slave ip6gretap2): Enslaving as an active interface with an up link [ 559.831924][T23846] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0 [ 560.307451][T23866] netlink: 192 bytes leftover after parsing attributes in process `syz.0.8333'. [ 560.341642][T23866] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8333'. [ 560.920504][T23880] netlink: 184 bytes leftover after parsing attributes in process `syz.2.8339'. [ 561.430781][T23897] syzkaller1: entered promiscuous mode [ 561.447046][T23897] syzkaller1: entered allmulticast mode [ 561.954805][T23924] syzkaller1: entered promiscuous mode [ 561.962063][T23924] syzkaller1: entered allmulticast mode [ 562.265581][T23935] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8361'. [ 562.471685][T23944] netlink: 548 bytes leftover after parsing attributes in process `syz.3.8362'. [ 562.553816][T23935] team1: entered promiscuous mode [ 562.567027][T23935] team1: entered allmulticast mode [ 562.580242][T23939] netlink: 'syz.3.8362': attribute type 29 has an invalid length. [ 562.596478][T23947] bridge0: entered allmulticast mode [ 562.651323][T23941] netlink: 'syz.3.8362': attribute type 29 has an invalid length. [ 563.416461][T23970] syzkaller1: entered promiscuous mode [ 563.438845][T23970] syzkaller1: entered allmulticast mode [ 563.533864][T23986] netlink: 240 bytes leftover after parsing attributes in process `syz.0.8379'. [ 563.712597][T23993] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8383'. [ 563.808718][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.941400][T23993] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8383'. [ 564.383377][T24011] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 565.048399][T24042] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8402'. [ 565.123117][T24042] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8402'. [ 565.410468][T24052] netlink: 40 bytes leftover after parsing attributes in process `syz.0.8407'. [ 565.684694][T24066] netlink: 24 bytes leftover after parsing attributes in process `syz.0.8412'. [ 566.941466][T24113] syzkaller1: entered promiscuous mode [ 566.953524][T24113] syzkaller1: entered allmulticast mode [ 567.075639][T24118] netlink: 'syz.4.8433': attribute type 10 has an invalid length. [ 567.115833][T24118] netlink: 16154 bytes leftover after parsing attributes in process `syz.4.8433'. [ 567.825577][T24145] sock: sock_set_timeout: `syz.4.8444' (pid 24145) tries to set negative timeout [ 567.965685][T24121] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 568.282423][T24160] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.8451'. [ 568.414984][T24164] netlink: 'syz.2.8452': attribute type 16 has an invalid length. [ 568.435626][T24164] netlink: 'syz.2.8452': attribute type 17 has an invalid length. [ 568.498017][T24164] bond0: left allmulticast mode [ 568.508502][T24164] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 568.691860][T24172] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8456'. [ 568.736208][T24172] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8456'. [ 568.848363][T24176] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8458'. [ 569.184380][T24186] GUP no longer grows the stack in syz.2.8464 (24186): 200000003000-20000000a000 (200000001000) [ 569.201836][T24186] CPU: 0 UID: 0 PID: 24186 Comm: syz.2.8464 Not tainted syzkaller #0 PREEMPT(full) [ 569.201877][T24186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 569.201895][T24186] Call Trace: [ 569.201906][T24186] [ 569.201923][T24186] dump_stack_lvl+0xe8/0x150 [ 569.201974][T24186] __get_user_pages+0x2453/0x29d0 [ 569.202040][T24186] ? __gup_longterm_locked+0xc4e/0x1630 [ 569.202078][T24186] ? down_read_killable+0x1bb/0x340 [ 569.202116][T24186] ? try_get_folio+0xec/0x650 [ 569.202152][T24186] __gup_longterm_locked+0xdcf/0x1630 [ 569.202211][T24186] gup_fast_fallback+0x1d82/0x22e0 [ 569.202276][T24186] ? __pfx_gup_fast_fallback+0x10/0x10 [ 569.202308][T24186] ? is_valid_gup_args+0x11f/0x200 [ 569.202341][T24186] ? get_user_pages_fast+0x4d/0xb0 [ 569.202375][T24186] __iov_iter_get_pages_alloc+0x3b6/0xb10 [ 569.202411][T24186] ? __pfx_pipe_clear_nowait+0x10/0x10 [ 569.202454][T24186] iov_iter_get_pages2+0x5e/0xa0 [ 569.202482][T24186] __se_sys_vmsplice+0x7b3/0x1490 [ 569.202540][T24186] ? __pfx___se_sys_vmsplice+0x10/0x10 [ 569.202575][T24186] ? __pfx_futex_wait+0x10/0x10 [ 569.202613][T24186] ? lockdep_hardirqs_on+0x7a/0x110 [ 569.202714][T24186] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.202749][T24186] do_syscall_64+0x15f/0xf80 [ 569.202776][T24186] ? trace_irq_disable+0x3b/0x140 [ 569.202802][T24186] ? clear_bhb_loop+0x40/0x90 [ 569.202830][T24186] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.202854][T24186] RIP: 0033:0x7fecf019c819 [ 569.202877][T24186] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 569.202897][T24186] RSP: 002b:00007fecf0f72028 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 569.202926][T24186] RAX: ffffffffffffffda RBX: 00007fecf0415fa0 RCX: 00007fecf019c819 [ 569.202944][T24186] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000005 [ 569.202959][T24186] RBP: 00007fecf0232c91 R08: 0000000000000000 R09: 0000000000000000 [ 569.202975][T24186] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 569.202989][T24186] R13: 00007fecf0416038 R14: 00007fecf0415fa0 R15: 00007ffe27fd80b8 [ 569.203030][T24186] [ 569.597246][T24195] __nla_validate_parse: 3 callbacks suppressed [ 569.597274][T24195] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8467'. [ 570.185465][T24205] netlink: 'syz.3.8470': attribute type 5 has an invalid length. [ 570.554888][T24222] netlink: 'syz.2.8477': attribute type 1 has an invalid length. [ 570.623319][T24222] bond4: (slave geneve3): making interface the new active one [ 570.632201][T24222] bond4: (slave geneve3): Enslaving as an active interface with an up link [ 570.653137][ T132] netdevsim netdevsim2 netdevsim0: set [1, 2] type 2 family 0 port 20000 - 0 [ 570.701387][ T132] netdevsim netdevsim2 netdevsim1: set [1, 2] type 2 family 0 port 20000 - 0 [ 570.722039][T24229] netlink: 'syz.2.8480': attribute type 26 has an invalid length. [ 570.731292][T24229] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8480'. [ 570.750776][ T132] netdevsim netdevsim2 netdevsim2: set [1, 2] type 2 family 0 port 20000 - 0 [ 570.821082][T24229] netlink: 'syz.2.8480': attribute type 26 has an invalid length. [ 570.822090][ T132] netdevsim netdevsim2 netdevsim3: set [1, 2] type 2 family 0 port 20000 - 0 [ 570.849583][T24229] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8480'. [ 571.345482][T24243] syzkaller0: entered promiscuous mode [ 571.351991][T24249] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8486'. [ 571.362024][T24243] syzkaller0: entered allmulticast mode [ 576.145376][T24298] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 576.226308][T24303] veth1_to_bond: entered allmulticast mode [ 576.354477][T24303] veth1_to_bond: left allmulticast mode [ 576.557871][T24318] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8508'. [ 576.571026][T24318] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8508'. [ 577.198784][T24345] netlink: 'syz.4.8518': attribute type 4 has an invalid length. [ 577.281789][T24342] netlink: 'syz.4.8518': attribute type 4 has an invalid length. [ 578.179029][T24378] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8529'. [ 578.191346][T24378] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8529'. [ 578.309525][T24380] netlink: 'syz.4.8530': attribute type 1 has an invalid length. [ 578.559632][T24376] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 578.739615][T24380] bond4: entered promiscuous mode [ 578.768029][T24380] 8021q: adding VLAN 0 to HW filter on device bond4 [ 578.818270][T24382] 8021q: adding VLAN 0 to HW filter on device bond4 [ 578.830477][T24382] bond4: (slave ip6gre2): The slave device specified does not support setting the MAC address [ 578.847432][T24382] bond4: (slave ip6gre2): Setting fail_over_mac to active for active-backup mode [ 578.869791][T24382] bond4: (slave ip6gre2): making interface the new active one [ 578.882225][T24382] ip6gre2: entered promiscuous mode [ 578.897049][T24382] bond4: (slave ip6gre2): Enslaving as an active interface with an up link [ 578.905290][T24389] netlink: 'syz.3.8532': attribute type 1 has an invalid length. [ 579.069566][T24393] netlink: 24 bytes leftover after parsing attributes in process `syz.0.8535'. [ 579.230311][T24391] bond3: (slave bridge4): making interface the new active one [ 579.285957][T24391] bond3: (slave bridge4): Enslaving as an active interface with an up link [ 579.506267][T24410] netlink: 'syz.3.8540': attribute type 1 has an invalid length. [ 579.770706][T24410] bond4: entered promiscuous mode [ 579.804368][T24410] 8021q: adding VLAN 0 to HW filter on device bond4 [ 579.906049][T24415] bond4: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 579.958613][T24415] bond4: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 579.991372][T24415] bond4: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode [ 580.076003][T24417] syzkaller1: entered promiscuous mode [ 580.082239][T24417] syzkaller1: entered allmulticast mode [ 580.251486][T24434] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8548'. [ 580.638967][T24447] sctp: [Deprecated]: syz.1.8554 (pid 24447) Use of struct sctp_assoc_value in delayed_ack socket option. [ 580.638967][T24447] Use struct sctp_sack_info instead [ 580.820984][T24452] netlink: 24 bytes leftover after parsing attributes in process `syz.4.8556'. [ 581.560672][T24467] bond5: option lacp_rate: mode dependency failed, not supported in mode active-backup(1) [ 581.689447][T24467] bond5 (unregistering): Released all slaves [ 581.809463][T24473] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8563'. [ 581.893529][T24477] netlink: 24 bytes leftover after parsing attributes in process `syz.4.8565'. [ 582.141612][T24487] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8569'. [ 582.191954][T24490] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 582.200220][T24490] IPv6: NLM_F_CREATE should be set when creating new route [ 582.209651][T24487] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 582.227174][T24487] team0: Failed to send port change of device batadv2 via netlink (err -105) [ 582.240457][T24487] team0: Failed to send options change via netlink (err -105) [ 582.254702][T24487] team0: Port device batadv2 added [ 582.635430][T24506] netdevsim netdevsim0 : renamed from netdevsim0 [ 582.858670][T24512] sctp: [Deprecated]: syz.0.8578 (pid 24512) Use of int in maxseg socket option. [ 582.858670][T24512] Use struct sctp_assoc_value instead [ 584.898542][T24578] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8591'. [ 585.908523][T24603] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8602'. [ 585.974123][T24608] netlink: 16 bytes leftover after parsing attributes in process `syz.0.8604'. [ 586.628203][T24624] netlink: 'syz.2.8609': attribute type 4 has an invalid length. [ 587.349021][T24556] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 587.914727][T24650] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8620'. [ 587.916002][T24648] netlink: 24 bytes leftover after parsing attributes in process `syz.0.8618'. [ 587.954811][T24650] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8620'. [ 588.797723][T24681] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 588.857773][T24681] xt_hashlimit: size too large, truncated to 1048576 [ 588.896636][T24675] syzkaller1: entered promiscuous mode [ 588.914610][T24675] syzkaller1: entered allmulticast mode [ 589.501668][T24691] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8635'. [ 589.824725][T24693] netlink: 24 bytes leftover after parsing attributes in process `syz.4.8636'. [ 589.959071][T24704] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8640'. [ 589.995644][T24704] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8640'. [ 590.645667][T24717] bridge_slave_1: entered allmulticast mode [ 591.041228][T24729] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.8648'. [ 591.138664][T24732] netlink: 24 bytes leftover after parsing attributes in process `syz.0.8650'. [ 591.285211][T24736] netlink: 'syz.1.8651': attribute type 30 has an invalid length. [ 591.310719][T24736] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8651'. [ 591.957641][ C1] vcan0: j1939_tp_rxtimer: 0xffff888059f53800: rx timeout, send abort [ 592.467243][ C1] vcan0: j1939_tp_rxtimer: 0xffff888059f53800: abort rx timeout. Force session deactivation [ 592.922798][T24793] __nla_validate_parse: 5 callbacks suppressed [ 592.922826][T24793] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8673'. [ 593.121531][T24792] netlink: 92 bytes leftover after parsing attributes in process `syz.0.8670'. [ 593.173538][T24793] bond0: entered promiscuous mode [ 593.206197][T24793] bond_slave_0: entered promiscuous mode [ 593.238591][T24793] bond_slave_1: entered promiscuous mode [ 593.259099][T24793] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 593.282772][T24793] bridge_slave_1: entered promiscuous mode [ 593.309446][T24797] tipc: Can't bind to reserved service type 1 [ 593.336416][T24793] bond0: left promiscuous mode [ 593.350588][T24793] bond_slave_0: left promiscuous mode [ 593.369359][T24793] bond_slave_1: left promiscuous mode [ 593.388630][T24793] mac80211_hwsim hwsim3 wlan1: left promiscuous mode [ 593.415662][T24793] bridge_slave_1: left promiscuous mode [ 593.473667][T22790] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 593.766074][T24812] netlink: 24 bytes leftover after parsing attributes in process `syz.2.8679'. [ 594.371468][T22790] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 594.519069][ T12] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 594.537408][ T12] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 594.837758][T24822] A link change request failed with some changes committed already. Interface eth0 may have been left with an inconsistent configuration, please check. [ 595.176446][T24831] syzkaller1: entered promiscuous mode [ 595.203163][T24831] syzkaller1: entered allmulticast mode [ 595.825079][T24840] netlink: 'syz.1.8690': attribute type 39 has an invalid length. [ 596.028223][T24846] netlink: 24 bytes leftover after parsing attributes in process `syz.2.8692'. [ 597.487002][T24866] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8698'. [ 598.014811][T24880] netlink: 'syz.1.8704': attribute type 1 has an invalid length. [ 598.122219][T24880] 8021q: adding VLAN 0 to HW filter on device bond7 [ 598.165852][T24885] netlink: 224 bytes leftover after parsing attributes in process `syz.0.8706'. [ 598.198333][T24883] bond7: (slave syz_tun): Enslaving as a backup interface with an up link [ 598.818560][T24905] netlink: 'syz.3.8713': attribute type 1 has an invalid length. [ 598.924508][T24905] 8021q: adding VLAN 0 to HW filter on device bond5 [ 598.991048][T24911] 8021q: adding VLAN 0 to HW filter on device bond5 [ 599.049939][T24911] bond5: (slave vcan0): The slave device specified does not support setting the MAC address [ 599.100095][T24911] bond5: (slave vcan0): Error -95 calling set_mac_address [ 599.600340][T24930] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8719'. [ 599.681906][T24933] tipc: Failed to remove unknown binding: 66,1,1/0:3570536579/3570536581 [ 599.874272][T24944] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8724'. [ 599.955329][T24948] netlink: 'syz.4.8726': attribute type 1 has an invalid length. [ 600.070376][T24948] bond5: entered promiscuous mode [ 600.091218][T24948] 8021q: adding VLAN 0 to HW filter on device bond5 [ 600.168238][T24955] bond5: (slave bridge4): making interface the new active one [ 600.187466][T24955] bridge4: entered promiscuous mode [ 600.198577][T24955] bond5: (slave bridge4): Enslaving as an active interface with an up link [ 600.232110][T24954] syz_tun: entered allmulticast mode [ 600.502039][T24968] netlink: 'syz.2.8732': attribute type 1 has an invalid length. [ 600.547523][T24968] bond5: entered promiscuous mode [ 600.554159][T24968] 8021q: adding VLAN 0 to HW filter on device bond5 [ 600.564424][T24973] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8732'. [ 600.574111][T24973] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8732'. [ 600.685893][T24968] bond5: (slave bridge8): making interface the new active one [ 600.733853][T24968] bridge8: entered promiscuous mode [ 600.757435][T24968] bond5: (slave bridge8): Enslaving as an active interface with an up link [ 601.046703][T24982] netlink: 'syz.4.8737': attribute type 1 has an invalid length. [ 601.141414][T24982] 8021q: adding VLAN 0 to HW filter on device bond6 [ 601.188336][T24988] bond6: (slave veth0_to_bond): Enslaving as an active interface with a down link [ 601.326485][T24982] bond6: entered promiscuous mode [ 601.350858][T24982] bond6: entered allmulticast mode [ 601.436424][T25002] netlink: 156 bytes leftover after parsing attributes in process `syz.3.8744'. [ 601.449267][T25000] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8742'. [ 601.465837][T25002] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8744'. [ 601.691749][T25010] syzkaller1: entered promiscuous mode [ 601.698956][T25013] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8749'. [ 601.709323][T25010] syzkaller1: entered allmulticast mode [ 601.777998][T25014] netlink: 14544 bytes leftover after parsing attributes in process `syz.0.8747'. [ 608.844414][T25099] bond8: entered promiscuous mode [ 608.868816][T25099] macvlan2: entered promiscuous mode [ 608.875299][T25099] macvlan2: entered allmulticast mode [ 608.886775][T25099] bond8: (slave macvlan2): Opening slave failed [ 609.122185][T25102] : entered promiscuous mode [ 609.297708][T25121] netlink: 'syz.2.8782': attribute type 1 has an invalid length. [ 609.512560][T25123] bond6: (slave vxcan7): The slave device specified does not support setting the MAC address [ 609.555889][T25123] bond6: (slave vxcan7): Setting fail_over_mac to active for active-backup mode [ 609.594052][T25123] bond6: (slave vxcan7): making interface the new active one [ 609.620613][T25123] bond6: (slave vxcan7): Enslaving as an active interface with an up link [ 609.762023][T25121] bond6: (slave vxcan9): The slave device specified does not support setting the MAC address [ 609.780668][T25121] bond6: (slave vxcan9): Enslaving as a backup interface with an up link [ 610.504460][T25153] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8792'. [ 610.809207][T25158] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8796'. [ 611.266849][T25171] xt_hashlimit: size too large, truncated to 1048576 [ 612.102164][T25112] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 613.226192][T25209] syzkaller1: entered promiscuous mode [ 613.251240][T25209] syzkaller1: entered allmulticast mode [ 613.596061][T25226] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8820'. [ 614.339005][T25237] bond6: entered promiscuous mode [ 614.990146][T25262] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8833'. [ 615.536175][T25250] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 615.554339][T25250] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 615.811928][T25250] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 615.829557][T25250] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 615.954594][T25250] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 615.977085][T25250] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 616.021506][T25250] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 616.045531][T25250] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 618.772263][T25341] tipc: Started in network mode [ 618.805876][T25341] tipc: Node identity c6de031aa1de, cluster identity 4711 [ 618.849115][T25341] tipc: Enabled bearer , priority 0 [ 619.687447][T25344] syzkaller0: entered promiscuous mode [ 619.710109][T25344] syzkaller0: entered allmulticast mode [ 619.738776][T25344] tipc: Resetting bearer [ 619.793524][T25340] tipc: Resetting bearer [ 620.307486][T25377] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8857'. [ 624.838951][T25340] tipc: Disabling bearer [ 624.874128][ T24] tipc: Node number set to 1728054042 [ 624.881210][T25386] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 625.061652][T25407] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8861'. [ 625.161046][T25417] netlink: 64 bytes leftover after parsing attributes in process `syz.1.8865'. [ 625.179857][T25407] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8861'. [ 625.208382][T25417] syzkaller1: entered promiscuous mode [ 625.216747][T25417] syzkaller1: entered allmulticast mode [ 625.228056][T25407] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8861'. [ 625.251624][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 626.058436][T25447] 8021q: adding VLAN 0 to HW filter on device bond9 [ 626.175727][T25449] 8021q: adding VLAN 0 to HW filter on device bond9 [ 626.181048][T25454] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8874'. [ 626.212367][T25449] bond9: (slave xfrm1): The slave device specified does not support setting the MAC address [ 626.236209][T25454] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8874'. [ 626.275669][T25449] bond9: (slave xfrm1): Setting fail_over_mac to active for active-backup mode [ 626.336506][T25449] bond9: (slave xfrm1): making interface the new active one [ 626.373636][T25449] bond9: (slave xfrm1): Enslaving as an active interface with an up link [ 626.611708][ T24] IPVS: starting estimator thread 0... [ 626.654425][T25467] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8877'. [ 626.713400][T25466] IPVS: using max 26 ests per chain, 62400 per kthread [ 627.835334][T25521] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8895'. [ 627.849314][T25521] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8895'. [ 627.978775][T25526] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8897'. [ 628.478665][T25542] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8905'. [ 628.511237][T25540] tipc: Enabled bearer , priority 0 [ 628.589157][T25547] +: renamed from syzkaller0 [ 628.602076][T25547] tipc: Disabling bearer [ 628.637215][T25546] dvmrp0: entered allmulticast mode [ 629.491427][T25587] tipc: Failed to remove unknown binding: 66,0,0/10136234:2372363886/2372363887 [ 629.504977][T25586] netlink: 24 bytes leftover after parsing attributes in process `syz.4.8923'. [ 629.516637][T25587] tipc: Failed to remove unknown binding: 66,0,0/10136234:2372363886/2372363887 [ 629.612083][T25586] netlink: 40 bytes leftover after parsing attributes in process `syz.4.8923'. [ 629.645422][T25590] netlink: 76 bytes leftover after parsing attributes in process `syz.3.8926'. [ 629.912501][T25600] netlink: 'syz.3.8930': attribute type 1 has an invalid length. [ 631.351234][T25635] __nla_validate_parse: 4 callbacks suppressed [ 631.351436][T25635] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8943'. [ 631.898593][T25653] netlink: 64 bytes leftover after parsing attributes in process `syz.2.8949'. [ 631.991138][T25651] syzkaller1: entered promiscuous mode [ 632.003521][T25651] syzkaller1: entered allmulticast mode [ 632.386482][T25670] netlink: 24 bytes leftover after parsing attributes in process `syz.2.8955'. [ 634.136715][T25712] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8972'. [ 634.300708][T25712] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8972'. [ 634.484396][T25725] netlink: 'syz.4.8978': attribute type 1 has an invalid length. [ 634.615651][T25725] 8021q: adding VLAN 0 to HW filter on device bond7 [ 634.666119][T25733] netlink: 52 bytes leftover after parsing attributes in process `syz.1.8983'. [ 634.709316][T25729] bond7: (slave bridge7): making interface the new active one [ 634.719550][T25729] bond7: (slave bridge7): Enslaving as an active interface with an up link [ 634.731354][T25738] netlink: 76 bytes leftover after parsing attributes in process `syz.1.8983'. [ 634.859991][T25738] bridge0: port 1(bridge_slave_0) entered blocking state [ 634.868509][T25738] bridge0: port 1(bridge_slave_0) entered forwarding state [ 634.889756][T25738] netlink: 52 bytes leftover after parsing attributes in process `syz.1.8983'. [ 634.909786][T25738] bridge0: port 1(bridge_slave_0) entered disabled state [ 635.840754][T25763] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8989'. [ 639.767026][T25744] gre0: entered promiscuous mode [ 639.772820][T25744] gre0: entered allmulticast mode [ 640.164867][T25780] lec:lec_vcc_attach: copy from user failed for 28 bytes [ 642.631491][T25835] lec:lec_atm_close: lec0: Shut down! [ 642.831893][T25842] lec:lec_atm_close: lec0: Shut down! [ 643.038892][T25875] netlink: 'syz.3.9015': attribute type 1 has an invalid length. [ 643.243591][T25883] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.9016'. [ 643.429133][T25888] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9019'. [ 643.491463][T25895] tipc: Failed to remove unknown binding: 66,0,0/1:1373249881/1373249882 [ 643.527558][T25895] tipc: Failed to remove unknown binding: 66,0,0/1:1373249881/1373249882 [ 643.851531][T25907] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9026'. [ 643.977666][T25912] netlink: 'syz.2.9026': attribute type 5 has an invalid length. [ 644.008081][T25912] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9026'. [ 644.274606][ T5895] lec:lec_start_xmit: lec0:No lecd attached [ 644.480188][T25886] infiniband syz0: set active [ 644.499657][T25886] infiniband syz0: added veth0_vlan [ 644.590616][T25886] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR [ 644.614464][T25886] infiniband syz0: Couldn't open port 1 [ 644.622255][T25922] netlink: 'syz.0.9028': attribute type 1 has an invalid length. [ 644.737504][T25922] 8021q: adding VLAN 0 to HW filter on device bond3 [ 644.869127][T25922] netlink: 14 bytes leftover after parsing attributes in process `syz.0.9028'. [ 645.097271][T25886] RDS/IB: syz0: added [ 645.196949][T25886] smc: adding ib device syz0 with port count 1 [ 645.231892][T25886] smc: ib device syz0 port 1 has no pnetid [ 645.457755][T25930] bond3: (slave veth9): Enslaving as an active interface with a down link [ 645.476320][T25952] netlink: 24 bytes leftover after parsing attributes in process `syz.3.9032'. [ 645.590943][T25922] team0: Port device H removed [ 646.652341][T25983] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 646.866851][T25984] syz_tun: entered allmulticast mode [ 647.504095][T25994] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9041'. [ 647.769539][T26001] syzkaller0: entered promiscuous mode [ 647.814364][T26001] syzkaller0: entered allmulticast mode [ 648.169532][T25996] lec:lec_atm_close: lec0: Shut down! [ 648.318317][T26017] bond0: entered promiscuous mode [ 648.330904][T26017] batadv0: entered promiscuous mode [ 648.345013][T26017] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network [ 648.363684][T26017] hsr1: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network [ 648.378539][T26017] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 648.394417][T26017] bond0: left promiscuous mode [ 648.413186][T26017] batadv0: left promiscuous mode [ 648.859084][T26023] netlink: 'syz.2.9049': attribute type 1 has an invalid length. [ 648.985492][T26027] bond7: (slave bridge11): Enslaving as a backup interface with an up link [ 649.002098][T26026] netlink: 220 bytes leftover after parsing attributes in process `syz.4.9050'. [ 649.025473][T26026] netlink: 220 bytes leftover after parsing attributes in process `syz.4.9050'. [ 649.104632][T26023] bond7: (slave bridge12): Enslaving as a backup interface with a down link [ 650.269339][T26014] infiniband sy1: set down [ 650.298738][T26014] infiniband sy1: added bond0 [ 650.442321][T26014] RDS/IB: sy1: added [ 650.448565][T26014] smc: adding ib device sy1 with port count 1 [ 650.456978][T26014] smc: ib device sy1 port 1 has no pnetid [ 650.548094][T26058] netlink: 'syz.0.9061': attribute type 3 has an invalid length. [ 650.561773][T26058] netlink: 'syz.0.9061': attribute type 3 has an invalid length. [ 650.646411][T26065] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 650.664487][T26065] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 651.981504][T26103] syzkaller0: entered promiscuous mode [ 651.999167][T26103] syzkaller0: entered allmulticast mode [ 652.202979][T26090] lec:lec_atm_close: lec0: Shut down! [ 653.335910][T26132] netlink: 24 bytes leftover after parsing attributes in process `syz.1.9080'. [ 653.548699][T26135] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9080'. [ 657.369170][T26118] tipc: Started in network mode [ 657.377253][T26118] tipc: Node identity 16bd03fb9c9f, cluster identity 4711 [ 657.386220][T26118] tipc: Enabled bearer , priority 0 [ 657.569430][T26121] syzkaller0: entered promiscuous mode [ 657.592914][T26121] syzkaller0: entered allmulticast mode [ 657.614019][T26121] tipc: Resetting bearer [ 657.722719][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5540 ms [ 657.738938][ C1] lec:lec_tx_timeout: lec0 [ 657.746539][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 657.821749][T26116] tipc: Resetting bearer [ 658.367728][T26136] lec:lec_atm_close: lec0: Shut down! [ 663.346234][T26116] tipc: Disabling bearer [ 663.366675][ T24] tipc: Node number set to 2317485051 [ 663.722624][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5360 ms [ 663.731680][ C1] lec:lec_tx_timeout: lec0 [ 663.738444][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 663.825948][T26182] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9093'. [ 663.852469][T26175] syzkaller0: entered promiscuous mode [ 663.863270][T26175] syzkaller0: entered allmulticast mode [ 664.017916][T26186] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9095'. [ 664.112045][ T5832] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 664.139208][ T5832] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 664.151916][ T5832] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 664.172734][ T5832] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 664.188192][ T5832] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 664.346615][ T50] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 664.363135][ T50] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 664.389573][ T50] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 664.418431][ T50] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 664.445354][ T50] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 665.730021][T26225] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9102'. [ 666.148382][T26244] netlink: 'syz.4.9107': attribute type 10 has an invalid length. [ 666.523492][ T5832] Bluetooth: hci5: command tx timeout [ 666.542540][T26250] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9108'. [ 666.613256][T26250] team1 (uninitialized): Failed to send options change via netlink (err -105) [ 666.730315][T26255] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9109'. [ 666.875602][T26250] team1: entered promiscuous mode [ 666.891051][T26250] team1: entered allmulticast mode [ 667.257528][T26270] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9112'. [ 667.372868][T26260] 8021q: adding VLAN 0 to HW filter on device bond11 [ 667.553307][T26260] bond11 (unregistering): Released all slaves [ 668.108978][T26275] syzkaller0: entered promiscuous mode [ 668.119319][T26275] syzkaller0: entered allmulticast mode [ 668.135493][T26278] syzkaller0: entered promiscuous mode [ 668.143583][T26278] syzkaller0: entered allmulticast mode [ 668.604630][ T5832] Bluetooth: hci5: command tx timeout [ 668.762793][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms [ 668.773998][ C1] lec:lec_tx_timeout: lec0 [ 668.780197][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 669.399796][T26314] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9126'. [ 670.179489][T26324] block nbd2: NBD_DISCONNECT [ 670.184763][T26324] block nbd2: Send disconnect failed -32 [ 670.192045][T26324] block nbd2: shutting down sockets [ 670.685054][ T5832] Bluetooth: hci5: command tx timeout [ 671.186275][T26333] netlink: 24 bytes leftover after parsing attributes in process `syz.2.9129'. [ 672.763285][ T5832] Bluetooth: hci5: command tx timeout [ 673.759316][T22782] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 673.792636][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 673.801408][ C1] lec:lec_tx_timeout: lec0 [ 673.806872][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 673.835657][T26314] workqueue: Failed to create a rescuer kthread for wq "bond8": -EINTR [ 673.860732][T26338] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9130'. [ 674.109297][T26338] 8021q: adding VLAN 0 to HW filter on device bond4 [ 674.154338][T26348] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9133'. [ 674.199099][T22782] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.239897][T26339] macvlan4: entered promiscuous mode [ 674.247087][T26339] macvlan4: entered allmulticast mode [ 674.269243][T26340] bond4: (slave vti0): refused to change device type [ 674.431606][T22782] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.448745][T26355] bond8: entered promiscuous mode [ 674.457963][T26355] bond8: entered allmulticast mode [ 674.666867][T22782] .`: (slave ): Releasing backup interface [ 674.682529][T22782] netdevsim netdevsim3  (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.986818][T26183] chnl_net:caif_netlink_parms(): no params data found [ 675.563795][T26183] bridge0: port 1(bridge_slave_0) entered blocking state [ 675.589521][T26183] bridge0: port 1(bridge_slave_0) entered disabled state [ 675.617762][T26183] bridge_slave_0: entered allmulticast mode [ 675.649435][T26183] bridge_slave_0: entered promiscuous mode [ 675.761969][T26183] bridge0: port 2(bridge_slave_1) entered blocking state [ 675.780083][T26387] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9140'. [ 675.794722][T26183] bridge0: port 2(bridge_slave_1) entered disabled state [ 675.827628][T26183] bridge_slave_1: entered allmulticast mode [ 675.854596][T26183] bridge_slave_1: entered promiscuous mode [ 676.126446][T22782] bridge_slave_1: left allmulticast mode [ 676.151225][T22782] bridge0: port 2(bridge_slave_1) entered disabled state [ 676.210767][T22782] bridge_slave_0: left allmulticast mode [ 676.232893][T22782] bridge_slave_0: left promiscuous mode [ 676.251885][T22782] bridge0: port 1(bridge_slave_0) entered disabled state [ 676.370738][T22782] dvmrp0: left allmulticast mode [ 676.385332][T22782] vlan1: left allmulticast mode [ 676.395865][T22782] veth0_vlan: left allmulticast mode [ 677.697385][T26439] netlink: 'syz.0.9151': attribute type 1 has an invalid length. [ 678.141988][T22782] bond2 (unregistering): (slave bridge3): Releasing backup interface [ 678.152123][T22782] bridge3 (unregistering): left promiscuous mode [ 678.179184][T22782] bond3 (unregistering): (slave bridge4): Releasing active interface [ 678.338825][T22782] .` (unregistering): (slave bond_slave_0): Releasing backup interface [ 678.352481][T22782] .` (unregistering): (slave bond_slave_1): Releasing backup interface [ 678.363498][T22782] .` (unregistering): Released all slaves [ 678.377115][T22782] bond1 (unregistering): Released all slaves [ 678.403030][T22782]  (unregistering): Released all slaves [ 678.424083][T22782] bond0 (unregistering): Released all slaves [ 678.460148][T22782] bond2 (unregistering): Released all slaves [ 678.471053][ T58] smc: removing ib device sy1 [ 678.486601][T22782] bond3 (unregistering): Released all slaves [ 678.509268][T22782] bond4 (unregistering): Released all slaves [ 678.527411][T22782] bond5 (unregistering): Released all slaves [ 678.543438][T22782] bond6 (unregistering): Released all slaves [ 678.591260][T26183] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 678.608611][T26395] syzkaller0: entered promiscuous mode [ 678.614763][T26395] syzkaller0: entered allmulticast mode [ 678.638093][ T5489] 8021q: adding VLAN 0 to HW filter on device eth1 [ 678.753808][T26439] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR [ 678.822688][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 678.840177][ C1] lec:lec_tx_timeout: lec0 [ 678.846156][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 678.931824][T26183] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 679.047144][T26444] netlink: 'syz.2.9152': attribute type 9 has an invalid length. [ 679.207017][T26450] netlink: 'syz.4.9153': attribute type 1 has an invalid length. [ 679.431452][T26457] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9153'. [ 679.458909][T26183] team0: Port device team_slave_0 added [ 679.728442][T26450] 8021q: adding VLAN 0 to HW filter on device bond9 [ 679.760376][T26451] bond6: (slave veth0_to_bond): Releasing active interface [ 679.812547][T26451] bond9: (slave veth0_to_bond): Enslaving as an active interface with a down link [ 679.833595][T26454] bond9: entered promiscuous mode [ 679.839205][T26454] bond9: entered allmulticast mode [ 679.863432][T26457] 8021q: adding VLAN 0 to HW filter on device bond9 [ 679.903502][T26183] team0: Port device team_slave_1 added [ 680.139741][T26453] syzkaller0: entered promiscuous mode [ 680.151099][T26474] netlink: 'syz.4.9156': attribute type 1 has an invalid length. [ 680.175513][T26453] syzkaller0: entered allmulticast mode [ 680.229993][T26476] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9156'. [ 680.681976][T26474] 8021q: adding VLAN 0 to HW filter on device bond10 [ 680.697963][T26476] bond10: up delay (136) is not a multiple of miimon (100), value rounded to 100 ms [ 680.727620][T26476] bond10: entered allmulticast mode [ 680.885540][T26477] bond10: (slave ip6gretap2): Enslaving as an active interface with an up link [ 681.065772][T26183] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 681.096952][T26183] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 681.156620][T26183] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 681.445228][T26183] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 681.479907][T26183] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 681.607516][T26183] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 682.174385][T26517] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9161'. [ 682.278245][T26183] hsr_slave_0: entered promiscuous mode [ 682.301917][T26183] hsr_slave_1: entered promiscuous mode [ 682.317827][T26523] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9162'. [ 682.342843][T26183] debugfs: 'hsr0' already exists in 'hsr' [ 682.363391][T26183] Cannot create hsr debugfs directory [ 682.709067][T26523] 8021q: adding VLAN 0 to HW filter on device bond8 [ 682.768295][T26525] bond8: entered promiscuous mode [ 682.802514][T26525] bond8: entered allmulticast mode [ 682.844914][T26525] 8021q: adding VLAN 0 to HW filter on device bond8 [ 682.929380][T26525] team0: Port device bond8 added [ 683.051157][T26526] vxcan11: entered promiscuous mode [ 683.082018][T26526] bond8: (slave vxcan11): refused to change device type [ 683.145610][T26537] lec:lec_vcc_attach: copy from user failed for 28 bytes [ 683.322966][ T5489] 8021q: adding VLAN 0 to HW filter on device eth2 [ 683.505776][T22782] 9: left promiscuous mode [ 683.862627][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 683.871404][ C1] lec:lec_tx_timeout: lec0 [ 683.877160][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 683.894058][T26544] syzkaller0: entered promiscuous mode [ 683.900027][T26544] syzkaller0: entered allmulticast mode [ 683.908960][T22782] tipc: Left network mode [ 684.087232][T26556] syzkaller0: entered promiscuous mode [ 684.093970][T26556] syzkaller0: entered allmulticast mode [ 686.692501][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 688.909165][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms [ 688.917873][ C1] lec:lec_tx_timeout: lec0 [ 688.922784][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 689.732949][ T50] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 689.788644][ T50] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 689.801890][ T50] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 689.854416][ T50] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 689.905401][ T50] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 691.973028][ T5832] Bluetooth: hci4: command tx timeout [ 692.479877][T26572] tipc: Enabling of bearer rejected, failed to enable media [ 692.791642][T26582] syzkaller0: entered promiscuous mode [ 692.813628][T26582] syzkaller0: entered allmulticast mode [ 693.932706][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 693.941472][ C1] lec:lec_tx_timeout: lec0 [ 693.947520][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 693.972000][T26183] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 694.010852][T26183] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 694.038667][T26183] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 694.046378][ T5832] Bluetooth: hci4: command tx timeout [ 694.184790][T26183] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 694.223334][T26183] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 694.270730][T26183] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 694.307343][T26183] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 694.379262][T26183] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 694.421473][T26616] ipt_REJECT: TCP_RESET invalid for non-tcp [ 694.488411][T26353] syz_tun (unregistering): left allmulticast mode [ 694.524857][T26353] bond7: (slave syz_tun): Removing an active aggregator [ 694.545863][T19120] bond7: Warning: Found an uninitialized port [ 694.565964][T26353] bond7: (slave syz_tun): Releasing backup interface [ 694.742497][ T5489] 8021q: adding VLAN 0 to HW filter on device eth3 [ 695.178619][T22782] hsr_slave_0: left promiscuous mode [ 695.187507][T22782] hsr_slave_1: left promiscuous mode [ 695.219945][T22782] veth1_macvtap: left promiscuous mode [ 695.229923][T22782] veth1_vlan: left promiscuous mode [ 695.732087][T22782] team0 (unregistering): Port device team_slave_1 removed [ 695.759886][T22782] team0 (unregistering): Port device team_slave_0 removed [ 696.038854][T26638] syzkaller0: entered promiscuous mode [ 696.050293][T26638] syzkaller0: entered allmulticast mode [ 696.122839][ T5832] Bluetooth: hci4: command tx timeout [ 696.650844][T26183] 8021q: adding VLAN 0 to HW filter on device bond0 [ 696.784699][T26183] 8021q: adding VLAN 0 to HW filter on device team0 [ 696.884232][T26565] chnl_net:caif_netlink_parms(): no params data found [ 696.907577][ T132] bridge0: port 1(bridge_slave_0) entered blocking state [ 696.916030][ T132] bridge0: port 1(bridge_slave_0) entered forwarding state [ 697.014375][T22790] bridge0: port 2(bridge_slave_1) entered blocking state [ 697.023174][T22790] bridge0: port 2(bridge_slave_1) entered forwarding state [ 697.150510][T22782] IPVS: stop unused estimator thread 0... [ 697.534127][T26565] bridge0: port 1(bridge_slave_0) entered blocking state [ 697.545923][T26565] bridge0: port 1(bridge_slave_0) entered disabled state [ 697.557860][T26565] bridge_slave_0: entered allmulticast mode [ 697.569773][T26565] bridge_slave_0: entered promiscuous mode [ 697.580771][T26565] bridge0: port 2(bridge_slave_1) entered blocking state [ 697.590682][T26565] bridge0: port 2(bridge_slave_1) entered disabled state [ 697.601022][T26565] bridge_slave_1: entered allmulticast mode [ 697.611459][T26565] bridge_slave_1: entered promiscuous mode [ 697.689295][T26565] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 697.728228][T26565] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 697.968908][T26565] team0: Port device team_slave_0 added [ 697.984164][T26565] team0: Port device team_slave_1 added [ 698.203584][ T5832] Bluetooth: hci4: command tx timeout [ 698.299195][T26565] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 698.322037][T26676] lec:lec_atm_close: lec0: Shut down! [ 698.330718][T26565] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 698.383619][T26565] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 698.414618][T26696] ip6_vti0: entered promiscuous mode [ 698.449790][T26696] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9190'. [ 698.477173][ T5489] 8021q: adding VLAN 0 to HW filter on device eth4 [ 698.501617][T26565] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 698.529483][T26565] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 698.593580][T26565] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 698.735869][T26709] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9192'. [ 698.967792][T26565] hsr_slave_0: entered promiscuous mode [ 698.975999][T26565] hsr_slave_1: entered promiscuous mode [ 698.985586][T26565] debugfs: 'hsr0' already exists in 'hsr' [ 698.992080][T26565] Cannot create hsr debugfs directory [ 699.661749][T26183] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 700.500789][T26761] syzkaller0: entered promiscuous mode [ 700.512078][T26761] syzkaller0: entered allmulticast mode [ 700.770107][T26762] syzkaller0: entered promiscuous mode [ 700.777533][T26762] syzkaller0: entered allmulticast mode [ 700.802502][T26565] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 700.830912][T26565] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 700.930778][T26773] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9209'. [ 700.960543][T26565] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 700.976553][T26565] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 700.988384][T26565] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 701.000590][T26565] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 701.078318][T26773] bond9: entered promiscuous mode [ 701.098316][T26773] 8021q: adding VLAN 0 to HW filter on device bond9 [ 701.137400][T26783] netlink: 32 bytes leftover after parsing attributes in process `syz.0.9211'. [ 701.208920][T26776] bridge14: entered promiscuous mode [ 701.250929][T26776] bond9: (slave bridge14): Enslaving as an active interface with an up link [ 701.264714][T26565] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 701.336028][T26565] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 701.376180][T26779] macvlan3: entered promiscuous mode [ 701.391003][T26779] macvlan3: entered allmulticast mode [ 701.398934][T26779] bond9: (slave macvlan3): Error -98 calling set_mac_address [ 701.436752][T26790] IPVS: sed: FWM 3 0x00000003 - no destination available [ 701.537885][T26786] syzkaller0: entered promiscuous mode [ 701.553123][T26786] syzkaller0: entered allmulticast mode [ 703.733885][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5420 ms [ 703.742372][ C1] lec:lec_tx_timeout: lec0 [ 703.748258][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 706.557676][T26183] veth0_vlan: entered promiscuous mode [ 706.643478][T26183] veth1_vlan: entered promiscuous mode [ 706.721985][T26824] netlink: 'syz.2.9217': attribute type 1 has an invalid length. [ 706.798884][T26824] bond10: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 706.823801][T26825] tipc: Enabled bearer , priority 0 [ 706.832037][T26824] netlink: 28 bytes leftover after parsing attributes in process `syz.2.9217'. [ 706.845556][T26821] syzkaller0: entered promiscuous mode [ 706.852375][T26821] syzkaller0: entered allmulticast mode [ 706.864967][T26565] 8021q: adding VLAN 0 to HW filter on device bond0 [ 706.877550][T26824] 8021q: adding VLAN 0 to HW filter on device bond10 [ 706.889073][ T132] bond10: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 706.903548][T26825] syzkaller0: entered promiscuous mode [ 706.915814][T26825] syzkaller0: entered allmulticast mode [ 707.031801][T22790] bond10: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 707.054794][T26825] tipc: Resetting bearer [ 707.085337][T26822] tipc: Resetting bearer [ 707.119547][T26822] tipc: Disabling bearer [ 707.139419][T26829] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9218'. [ 707.151668][T26183] veth0_macvtap: entered promiscuous mode [ 707.165277][T26565] 8021q: adding VLAN 0 to HW filter on device team0 [ 707.180514][T26183] veth1_macvtap: entered promiscuous mode [ 707.244420][T22782] bridge0: port 1(bridge_slave_0) entered blocking state [ 707.253095][T22782] bridge0: port 1(bridge_slave_0) entered forwarding state [ 707.416921][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 707.424552][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 707.440848][T26838] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9221'. [ 707.484951][T26183] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 707.549704][T26183] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 707.635801][ T132] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 707.657577][ T132] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 707.674999][ T132] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 707.702094][ T132] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 708.309243][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 708.350553][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 708.523736][T26854] syzkaller0: entered promiscuous mode [ 708.538158][T26854] syzkaller0: entered allmulticast mode [ 708.575790][T22793] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 708.595845][T22793] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 708.762778][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 708.773278][ C1] lec:lec_tx_timeout: lec0 [ 708.780547][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 708.834669][T26565] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 709.066856][T26866] syzkaller0: entered promiscuous mode [ 709.078599][T26866] syzkaller0: entered allmulticast mode [ 709.125541][T26871] syzkaller0: entered allmulticast mode [ 709.135755][T26869] syzkaller0: entered promiscuous mode [ 709.153541][T26869] syzkaller0: entered allmulticast mode [ 709.285183][T26869] sch_tbf: burst 256 is lower than device syzkaller0 mtu (1500) ! [ 709.407357][T26879] netlink: 'syz.0.9231': attribute type 1 has an invalid length. [ 709.530777][T26886] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9233'. [ 709.606494][T26879] bond5: entered promiscuous mode [ 709.625084][T26879] 8021q: adding VLAN 0 to HW filter on device bond5 [ 709.706406][T26884] ipvlan1: entered allmulticast mode [ 709.725807][T26884] bond5: entered allmulticast mode [ 709.797595][T26887] ipvlan2: entered allmulticast mode [ 709.835566][T26905] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9233'. [ 710.077618][T26894] bond5: (slave bridge8): making interface the new active one [ 710.105209][T26894] bridge8: entered promiscuous mode [ 710.121677][T26894] bridge8: entered allmulticast mode [ 710.159194][T26894] bond5: (slave bridge8): Enslaving as an active interface with an up link [ 710.467521][T26908] syzkaller0: entered promiscuous mode [ 710.473644][T26908] syzkaller0: entered allmulticast mode [ 710.636168][T26916] syzkaller0: entered promiscuous mode [ 710.642367][T26916] syzkaller0: entered allmulticast mode [ 713.797119][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 713.806175][ C1] lec:lec_tx_timeout: lec0 [ 713.813421][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 715.898333][T26929] bridge0: port 1(bridge_slave_0) entered disabled state [ 715.913181][T26929] bridge_slave_0 (unregistering): left allmulticast mode [ 715.921623][T26929] bridge_slave_0 (unregistering): left promiscuous mode [ 715.930586][T26929] bridge0: port 1(bridge_slave_0) entered disabled state [ 718.822814][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 718.832629][ C1] lec:lec_tx_timeout: lec0 [ 718.839456][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 721.706548][T26565] veth0_vlan: entered promiscuous mode [ 721.838603][T26565] veth1_vlan: entered promiscuous mode [ 722.022026][T26565] veth0_macvtap: entered promiscuous mode [ 722.041908][T26565] veth1_macvtap: entered promiscuous mode [ 722.078146][T26978] syzkaller0: entered promiscuous mode [ 722.095665][T26978] syzkaller0: entered allmulticast mode [ 722.112023][T26565] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 722.291417][T26565] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 722.335973][ T58] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 722.435238][T26969] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 722.439909][T26994] syzkaller0: entered promiscuous mode [ 722.482733][T26994] syzkaller0: entered allmulticast mode [ 722.542234][ T58] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 722.618849][ T58] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 722.694717][ T58] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 723.010861][T27000] syzkaller0: entered promiscuous mode [ 723.025120][T27000] syzkaller0: entered allmulticast mode [ 723.852795][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 723.861432][ C1] lec:lec_tx_timeout: lec0 [ 723.866836][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 727.986647][T22790] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 727.989492][T27033] syzkaller0: entered promiscuous mode [ 728.009355][T27033] syzkaller0: entered allmulticast mode [ 728.018507][T22790] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 728.043983][T27038] bridge15: entered promiscuous mode [ 728.050355][T27038] bridge15: entered allmulticast mode [ 728.068565][T27038] team0: Port device bridge15 added [ 728.144595][T27039] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9253'. [ 728.198402][T27043] bridge0: port 1(team0) entered blocking state [ 728.209000][T27043] bridge0: port 1(team0) entered disabled state [ 728.216488][T27043] team0: entered allmulticast mode [ 728.236040][T27043] team0: entered promiscuous mode [ 728.341761][T27039] team0 (unregistering): Port device team_slave_0 removed [ 728.390296][T27039] team0 (unregistering): Port device team_slave_1 removed [ 728.554710][T27052] syzkaller0: entered promiscuous mode [ 728.570859][T27052] syzkaller0: entered allmulticast mode [ 728.647015][T27059] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9256'. [ 728.661275][T27031] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 728.684310][T27058] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9257'. [ 728.696705][T27058] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9257'. [ 728.760698][T19120] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 728.772814][T19120] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 728.882650][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 728.891593][ C1] lec:lec_tx_timeout: lec0 [ 728.897100][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 729.080773][T27066] syzkaller0: entered promiscuous mode [ 729.091130][T27066] syzkaller0: entered allmulticast mode [ 729.109884][T27066] netlink: 24 bytes leftover after parsing attributes in process `syz.4.9259'. [ 729.131742][T27066] netlink: 24 bytes leftover after parsing attributes in process `syz.4.9259'. [ 729.174231][T27069] netlink: 'syz.6.9170': attribute type 83 has an invalid length. [ 729.410747][T27074] syzkaller0: entered promiscuous mode [ 729.432052][T27074] syzkaller0: entered allmulticast mode [ 729.611190][T27088] syzkaller0: entered promiscuous mode [ 729.631733][T27088] syzkaller0: entered allmulticast mode [ 729.824599][T27094] netlink: 'syz.2.9265': attribute type 2 has an invalid length. [ 733.847032][T27193] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9295'. [ 733.912753][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 733.921098][ C1] lec:lec_tx_timeout: lec0 [ 733.926786][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 735.014997][T27242] netlink: 104 bytes leftover after parsing attributes in process `syz.4.9316'. [ 735.259417][T27250] syzkaller0: entered promiscuous mode [ 735.272945][T27250] syzkaller0: entered allmulticast mode [ 736.182938][T27260] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 736.479950][T27296] Cannot find del_set index 1 as target [ 736.502312][T27293] syzkaller0: entered promiscuous mode [ 736.526762][T27293] syzkaller0: entered allmulticast mode [ 736.696909][T27304] netlink: 8 bytes leftover after parsing attributes in process `syz.5.9340'. [ 736.719671][T27306] block nbd6: not configured, cannot reconfigure [ 737.577473][T27345] syzkaller0: entered promiscuous mode [ 737.590646][T27345] syzkaller0: entered allmulticast mode [ 737.801198][T27316] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 738.268038][T27360] netlink: 'syz.4.9363': attribute type 14 has an invalid length. [ 738.648106][T27370] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 738.821594][T27374] syzkaller0: entered promiscuous mode [ 738.838347][T27374] syzkaller0: entered allmulticast mode [ 738.942696][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 738.951629][ C1] lec:lec_tx_timeout: lec0 [ 738.956753][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 739.294466][T27387] syzkaller0: entered promiscuous mode [ 739.304597][T27387] syzkaller0: entered allmulticast mode [ 739.675612][T27411] netlink: 'syz.6.9379': attribute type 1 has an invalid length. [ 739.853018][T27421] tipc: Started in network mode [ 739.865504][T27421] tipc: Node identity ac14140f, cluster identity 4711 [ 739.877199][T27421] tipc: New replicast peer: 255.255.255.255 [ 739.885441][T27421] tipc: Enabled bearer , priority 10 [ 740.418409][T27437] syzkaller0: entered promiscuous mode [ 740.458813][T27437] syzkaller0: entered allmulticast mode [ 740.610804][T27449] netlink: 220 bytes leftover after parsing attributes in process `syz.0.9394'. [ 740.629801][T27449] netlink: 'syz.0.9394': attribute type 2 has an invalid length. [ 740.883289][ T1212] tipc: Node number set to 2886997007 [ 741.581345][ T5833] IPVS: starting estimator thread 0... [ 741.703839][T27491] IPVS: using max 30 ests per chain, 72000 per kthread [ 741.750006][T27497] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 741.878345][T27501] netlink: 12 bytes leftover after parsing attributes in process `syz.6.9413'. [ 742.431468][T27529] netlink: 168 bytes leftover after parsing attributes in process `syz.0.9423'. [ 743.687951][T27575] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.9441'. [ 743.929941][T27571] syzkaller0: entered promiscuous mode [ 743.961715][T27571] syzkaller0: entered allmulticast mode [ 744.323735][T27596] netlink: 596 bytes leftover after parsing attributes in process `syz.0.9446'. [ 744.352319][T27597] netlink: 24 bytes leftover after parsing attributes in process `syz.4.9448'. [ 744.924252][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5960 ms [ 744.933444][ C1] lec:lec_tx_timeout: lec0 [ 744.940175][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 748.165880][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.192676][ T1303] clip:clip_start_xmit: skb_dst(skb) == NULL [ 750.778030][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5830 ms [ 750.788429][ C1] lec:lec_tx_timeout: lec0 [ 750.795691][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 750.834932][T27588] netlink: 'syz.0.9446': attribute type 29 has an invalid length. [ 750.853274][T27613] syzkaller1: entered promiscuous mode [ 750.876166][T27613] syzkaller1: entered allmulticast mode [ 751.235366][T27635] netlink: 16 bytes leftover after parsing attributes in process `syz.6.9455'. [ 751.267844][T27635] netlink: 6 bytes leftover after parsing attributes in process `syz.6.9455'. [ 751.552480][T27645] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9459'. [ 753.569217][T27727] netlink: 'syz.4.9492': attribute type 10 has an invalid length. [ 753.585324][T27727] bridge_slave_1: left allmulticast mode [ 753.595354][T27727] bridge_slave_1: left promiscuous mode [ 753.603550][T27727] bridge0: port 2(bridge_slave_1) entered disabled state [ 753.621160][T27727] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 754.064952][T27737] netlink: 24 bytes leftover after parsing attributes in process `syz.4.9496'. [ 754.224374][T27744] syzkaller0: entered promiscuous mode [ 754.240793][T27744] syzkaller0: entered allmulticast mode [ 754.494970][T27751] syzkaller1: entered promiscuous mode [ 754.511363][T27751] syzkaller1: entered allmulticast mode [ 754.695328][T27758] xt_hashlimit: size too large, truncated to 1048576 [ 755.150120][T27771] xt_hashlimit: size too large, truncated to 1048576 [ 755.303599][T27778] netlink: 8 bytes leftover after parsing attributes in process `syz.6.9511'. [ 755.812700][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 755.823718][ C1] lec:lec_tx_timeout: lec0 [ 755.829201][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 755.901468][T27796] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9518'. [ 755.998106][T27798] netlink: 32 bytes leftover after parsing attributes in process `syz.0.9518'. [ 756.103640][T27798] ip6erspan0: entered promiscuous mode [ 756.389028][T27813] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9523'. [ 756.531606][T27815] netlink: 20 bytes leftover after parsing attributes in process `syz.5.9524'. [ 756.652505][T27818] syzkaller0: entered promiscuous mode [ 756.670096][T27818] syzkaller0: entered allmulticast mode [ 757.419437][T27836] syzkaller1: entered promiscuous mode [ 757.439637][T27836] syzkaller1: entered allmulticast mode [ 757.878961][T27857] syzkaller0: entered promiscuous mode [ 757.887690][T27857] syzkaller0: entered allmulticast mode [ 758.312118][ T1150] nci: nci_extract_activation_params_iso_dep: unsupported activation_rf_tech_and_mode 0x2 [ 759.259252][T27904] syzkaller0: entered promiscuous mode [ 759.278628][T27904] syzkaller0: entered allmulticast mode [ 759.441653][T27899] syzkaller1: entered promiscuous mode [ 759.469414][T27899] syzkaller1: entered allmulticast mode [ 759.885438][T27930] netlink: 'syz.2.9561': attribute type 12 has an invalid length. [ 760.093936][T27938] netlink: 'syz.5.9564': attribute type 19 has an invalid length. [ 760.108662][T27938] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9564'. [ 760.156970][ T58] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 760.167772][T27938] netlink: 'syz.5.9564': attribute type 19 has an invalid length. [ 760.191747][T27938] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9564'. [ 760.203596][ T58] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 760.219216][ T58] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 760.229665][ T58] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 760.624724][T27949] syzkaller0: entered promiscuous mode [ 760.631045][T27949] syzkaller0: entered allmulticast mode [ 760.847880][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 760.856991][ C1] lec:lec_tx_timeout: lec0 [ 760.862056][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 762.025793][T27985] syzkaller0: entered promiscuous mode [ 762.056752][T27985] syzkaller0: entered allmulticast mode [ 762.590314][T27999] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 762.613591][T27999] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0 [ 762.639889][T27999] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 762.651620][T27999] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0 [ 762.664437][T27999] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 2] type 2 family 0 port 20000 - 0 [ 763.262985][T27999] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 763.279822][T27999] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0 [ 763.292015][T27999] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 763.326256][T27999] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0 [ 763.352707][T27999] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 2] type 2 family 0 port 20000 - 0 [ 763.666207][T27999] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 763.707761][T27999] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0 [ 763.726882][T27999] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 763.744273][T27999] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0 [ 763.769258][T27999] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 2] type 2 family 0 port 20000 - 0 [ 764.849309][T28044] syzkaller0: entered promiscuous mode [ 764.855514][T28044] syzkaller0: entered allmulticast mode [ 765.872799][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 765.881099][ C1] lec:lec_tx_timeout: lec0 [ 765.887462][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 770.168878][T27999] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 770.180400][T27999] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0 [ 770.194984][T27999] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 770.209525][T27999] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0 [ 770.226442][T27999] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 2] type 2 family 0 port 20000 - 0 [ 770.535700][T28087] netlink: 4 bytes leftover after parsing attributes in process `syz.6.9608'. [ 770.721748][ T12] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 770.735278][ T12] netdevsim netdevsim2 eth0: set [0, 1] type 1 family 0 port 256 - 0 [ 770.744397][ T12] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 770.754907][ T12] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 19999 - 0 [ 770.766096][ T12] netdevsim netdevsim2 eth0: set [1, 2] type 2 family 0 port 6081 - 0 [ 770.902789][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 770.912002][ C1] lec:lec_tx_timeout: lec0 [ 770.918445][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 770.947690][ T1150] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 770.972435][ T1150] netdevsim netdevsim2 eth1: set [0, 1] type 1 family 0 port 256 - 0 [ 771.002919][ T1150] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 771.023911][ T1150] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 19999 - 0 [ 771.045384][ T1150] netdevsim netdevsim2 eth1: set [1, 2] type 2 family 0 port 6081 - 0 [ 771.082486][ T1150] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 771.097881][ T1150] netdevsim netdevsim2 eth2: set [0, 1] type 1 family 0 port 256 - 0 [ 771.107466][ T1150] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 771.117225][ T1150] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 19999 - 0 [ 771.128280][ T1150] netdevsim netdevsim2 eth2: set [1, 2] type 2 family 0 port 6081 - 0 [ 771.266514][T22790] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 771.275769][T22790] netdevsim netdevsim2 eth3: set [0, 1] type 1 family 0 port 256 - 0 [ 771.287537][T22790] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 771.297407][T22790] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 19999 - 0 [ 771.307215][T22790] netdevsim netdevsim2 eth3: set [1, 2] type 2 family 0 port 6081 - 0 [ 772.714834][T28142] syzkaller0: entered promiscuous mode [ 772.737992][T28142] syzkaller0: entered allmulticast mode [ 772.923834][T28145] syzkaller1: entered promiscuous mode [ 772.962740][T28145] syzkaller1: entered allmulticast mode [ 774.557588][T28180] netlink: 12 bytes leftover after parsing attributes in process `syz.5.9632'. [ 774.568112][T28180] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9632'. [ 774.578610][T28180] netlink: 12 bytes leftover after parsing attributes in process `syz.5.9632'. [ 774.589412][T28180] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9632'. [ 774.846071][T28190] netlink: 8 bytes leftover after parsing attributes in process `syz.5.9635'. [ 775.178701][T28197] netlink: 4 bytes leftover after parsing attributes in process `syz.6.9638'. [ 775.508396][T28199] netlink: 212348 bytes leftover after parsing attributes in process `syz.4.9639'. [ 775.531189][T28199] netlink: Conntrack attr type has unexpected length (type=2, length=0, expected=2) [ 775.932635][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 775.941601][ C1] lec:lec_tx_timeout: lec0 [ 775.948338][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 778.005130][T28243] netlink: 8 bytes leftover after parsing attributes in process `syz.5.9653'. [ 778.794059][T28249] syzkaller1: entered promiscuous mode [ 778.800494][T28249] syzkaller1: entered allmulticast mode [ 779.314317][T28272] netlink: 'syz.2.9663': attribute type 29 has an invalid length. [ 779.374707][T28272] netlink: 'syz.2.9663': attribute type 29 has an invalid length. [ 779.409935][T28272] netlink: 'syz.2.9663': attribute type 32 has an invalid length. [ 779.442905][T28272] netlink: 500 bytes leftover after parsing attributes in process `syz.2.9663'. [ 779.703727][T28278] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9665'. [ 781.177937][T28302] lec:lec_atm_close: lec0: Shut down! [ 781.849633][T28347] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9686'. [ 781.941441][T28349] ip6erspan0: entered promiscuous mode [ 782.069625][T28355] bridge16: entered promiscuous mode [ 782.095590][T28355] bridge16: entered allmulticast mode [ 782.115713][T28355] team0: Port device bridge16 added [ 782.546040][T28365] syzkaller0: entered promiscuous mode [ 782.557884][T28365] syzkaller0: entered allmulticast mode [ 782.962933][T28376] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 786.762690][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5590 ms [ 786.774727][ C1] lec:lec_tx_timeout: lec0 [ 786.781652][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 789.915842][T28448] xt_hashlimit: size too large, truncated to 1048576 [ 791.168371][ T50] Bluetooth: hci5: command 0x0406 tx timeout [ 791.792585][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 791.801222][ C1] lec:lec_tx_timeout: lec0 [ 791.806919][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 791.860776][T28492] syzkaller0: entered promiscuous mode [ 791.877279][T28492] syzkaller0: entered allmulticast mode [ 792.347551][T28506] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9732'. [ 793.045355][T28509] mpoa:mpoad_close: () going down [ 793.995377][T28557] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9743'. [ 794.050664][T28557] sch_tbf: burst 12 is lower than device bridge8 mtu (1514) ! [ 794.242879][T28559] netlink: 'syz.4.9744': attribute type 1 has an invalid length. [ 794.491077][T28565] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9746'. [ 794.880012][T28573] netlink: 'syz.2.9750': attribute type 1 has an invalid length. [ 794.970817][T28573] 8021q: adding VLAN 0 to HW filter on device bond11 [ 795.062094][T28579] bond11: (slave veth15): Enslaving as an active interface with a down link [ 795.075740][T28579] netlink: 14 bytes leftover after parsing attributes in process `syz.2.9750'. [ 795.470475][T28515] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 795.493981][T25975] ================================================================== [ 795.502673][T25975] BUG: KASAN: slab-use-after-free in sock_def_readable+0x1cb/0x550 [ 795.511198][T25975] Read of size 8 at addr ffff8880468430c0 by task dhcpcd/25975 [ 795.519368][T25975] [ 795.521850][T25975] CPU: 0 UID: 101 PID: 25975 Comm: dhcpcd Not tainted syzkaller #0 PREEMPT(full) [ 795.521885][T25975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 795.521901][T25975] Call Trace: [ 795.521910][T25975] [ 795.521920][T25975] dump_stack_lvl+0xe8/0x150 [ 795.521959][T25975] print_report+0xba/0x230 [ 795.521986][T25975] ? sock_def_readable+0x1cb/0x550 [ 795.522012][T25975] kasan_report+0x117/0x150 [ 795.522036][T25975] ? sock_def_readable+0x1cb/0x550 [ 795.522066][T25975] sock_def_readable+0x1cb/0x550 [ 795.522090][T25975] ? sock_def_readable+0xae/0x550 [ 795.522114][T25975] ? send_to_lecd+0x26d/0x830 [ 795.522141][T25975] send_to_lecd+0x3e7/0x830 [ 795.522171][T25975] lec_start_xmit+0xe52/0x2890 [ 795.522206][T25975] dev_hard_start_xmit+0x2cd/0x830 [ 795.522248][T25975] sch_direct_xmit+0x251/0x4c0 [ 795.522282][T25975] ? __pfx_sch_direct_xmit+0x10/0x10 [ 795.522314][T25975] __qdisc_run+0xa83/0x1560 [ 795.522354][T25975] __dev_queue_xmit+0x1021/0x3950 [ 795.522382][T25975] ? __dev_queue_xmit+0x2b6/0x3950 [ 795.522409][T25975] ? _copy_from_iter+0x5d4/0x1670 [ 795.522444][T25975] ? __pfx___dev_queue_xmit+0x10/0x10 [ 795.522477][T25975] ? __pfx__copy_from_iter+0x10/0x10 [ 795.522517][T25975] ? __pfx_packet_parse_headers+0x10/0x10 [ 795.522642][T25975] ? packet_xmit+0x68/0x320 [ 795.522673][T25975] packet_sendmsg+0x3ebc/0x50f0 [ 795.522705][T25975] ? shmem_acquire_dquot+0x80/0x640 [ 795.522735][T25975] ? do_syscall_64+0x15f/0xf80 [ 795.522762][T25975] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.522802][T25975] ? aa_sk_perm+0x6d5/0x900 [ 795.522828][T25975] ? __pfx_packet_sendmsg+0x10/0x10 [ 795.522856][T25975] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 795.522890][T25975] ? aa_sock_msg_perm+0xf1/0x1b0 [ 795.522920][T25975] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 795.522956][T25975] ? __pfx_packet_sendmsg+0x10/0x10 [ 795.522978][T25975] sock_write_iter+0x49b/0x4f0 [ 795.523005][T25975] ? __pfx_sock_write_iter+0x10/0x10 [ 795.523027][T25975] ? aa_file_perm+0x192/0x15e0 [ 795.523063][T25975] ? aa_sock_msg_perm+0xda/0x1b0 [ 795.523096][T25975] do_iter_readv_writev+0x619/0x8c0 [ 795.523133][T25975] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 795.523170][T25975] ? bpf_lsm_file_permission+0x9/0x20 [ 795.523189][T25975] ? security_file_permission+0x75/0x260 [ 795.523215][T25975] ? rw_verify_area+0x255/0x4d0 [ 795.523249][T25975] vfs_writev+0x33c/0x990 [ 795.523391][T25975] ? bpf_lsm_file_permission+0x9/0x20 [ 795.523421][T25975] ? __pfx_vfs_writev+0x10/0x10 [ 795.523453][T25975] ? __pfx_set_user_sigmask+0x10/0x10 [ 795.523497][T25975] do_writev+0x154/0x2e0 [ 795.523522][T25975] ? __pfx_do_writev+0x10/0x10 [ 795.523552][T25975] ? __secure_computing+0xe1/0x2a0 [ 795.523582][T25975] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.523605][T25975] do_syscall_64+0x15f/0xf80 [ 795.523632][T25975] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.523655][T25975] ? clear_bhb_loop+0x40/0x90 [ 795.523681][T25975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.523704][T25975] RIP: 0033:0x7f52a3aa0407 [ 795.523729][T25975] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 795.523751][T25975] RSP: 002b:00007fff37e4e9d0 EFLAGS: 00000202 ORIG_RAX: 0000000000000014 [ 795.523780][T25975] RAX: ffffffffffffffda RBX: 00007f52a3a16780 RCX: 00007f52a3aa0407 [ 795.523797][T25975] RDX: 0000000000000002 RSI: 00007fff37e4ea30 RDI: 0000000000000003 [ 795.523811][T25975] RBP: 0000000000000188 R08: 0000000000000000 R09: 0000000000000000 [ 795.523825][T25975] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff37e4ea70 [ 795.523841][T25975] R13: 0000559ef90c3ed0 R14: 00007fff37e4eac0 R15: 00007fff37e5ec90 [ 795.523868][T25975] [ 795.523877][T25975] [ 795.949074][T25975] Allocated by task 28510: [ 795.954048][T25975] kasan_save_track+0x3e/0x80 [ 795.959095][T25975] __kasan_slab_alloc+0x6c/0x80 [ 795.964532][T25975] kmem_cache_alloc_lru_noprof+0x2b8/0x640 [ 795.970983][T25975] sock_alloc_inode+0x2c/0x190 [ 795.976593][T25975] alloc_inode+0x6a/0x1b0 [ 795.981964][T25975] __sock_create+0x12d/0x9d0 [ 795.987987][T25975] __sys_socket+0xd6/0x1b0 [ 795.992798][T25975] __x64_sys_socket+0x7a/0x90 [ 795.998275][T25975] do_syscall_64+0x15f/0xf80 [ 796.004057][T25975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.011904][T25975] [ 796.015153][T25975] Freed by task 28509: [ 796.020527][T25975] kasan_save_track+0x3e/0x80 [ 796.026767][T25975] kasan_save_free_info+0x46/0x50 [ 796.032548][T25975] __kasan_slab_free+0x5c/0x80 [ 796.037809][T25975] kmem_cache_free+0x180/0x630 [ 796.043853][T25975] rcu_core+0x7cd/0x1070 [ 796.049081][T25975] handle_softirqs+0x22a/0x840 [ 796.054861][T25975] __irq_exit_rcu+0xca/0x220 [ 796.060466][T25975] irq_exit_rcu+0x9/0x30 [ 796.065486][T25975] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 796.072095][T25975] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 796.079004][T25975] [ 796.081345][T25975] Last potentially related work creation: [ 796.087336][T25975] kasan_save_stack+0x3e/0x60 [ 796.092244][T25975] kasan_record_aux_stack+0xbd/0xd0 [ 796.097864][T25975] call_rcu+0xee/0x890 [ 796.102338][T25975] evict+0x95b/0xb10 [ 796.107402][T25975] __dentry_kill+0x1a2/0x5e0 [ 796.112132][T25975] finish_dput+0xc9/0x480 [ 796.116795][T25975] __fput+0x691/0xa60 [ 796.121037][T25975] task_work_run+0x1d9/0x270 [ 796.125853][T25975] exit_to_user_mode_loop+0xed/0x480 [ 796.131359][T25975] do_syscall_64+0x33e/0xf80 [ 796.136273][T25975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.142626][T25975] [ 796.145025][T25975] The buggy address belongs to the object at ffff888046843000 [ 796.145025][T25975] which belongs to the cache sock_inode_cache of size 1408 [ 796.160953][T25975] The buggy address is located 192 bytes inside of [ 796.160953][T25975] freed 1408-byte region [ffff888046843000, ffff888046843580) [ 796.179601][T25975] [ 796.182046][T25975] The buggy address belongs to the physical page: [ 796.190400][T25975] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888046844200 pfn:0x46840 [ 796.205078][T25975] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 796.217565][T25975] memcg:ffff888046847e01 [ 796.222865][T25975] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 796.234009][T25975] page_type: f5(slab) [ 796.238820][T25975] raw: 00fff00000000240 ffff88801f286c80 ffffea0001dc5210 ffffea00011a0010 [ 796.247860][T25975] raw: ffff888046844200 000000080015000e 00000000f5000000 ffff888046847e01 [ 796.258496][T25975] head: 00fff00000000240 ffff88801f286c80 ffffea0001dc5210 ffffea00011a0010 [ 796.269309][T25975] head: ffff888046844200 000000080015000e 00000000f5000000 ffff888046847e01 [ 796.279667][T25975] head: 00fff00000000003 ffffea00011a1001 00000000ffffffff 00000000ffffffff [ 796.290363][T25975] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 796.301268][T25975] page dumped because: kasan: bad access detected [ 796.309496][T25975] page_owner tracks the page as allocated [ 796.316570][T25975] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 25090, tgid 25084 (syz.0.8774), ts 603998282328, free_ts 403066040008 [ 796.342871][T25975] post_alloc_hook+0x231/0x280 [ 796.348037][T25975] get_page_from_freelist+0x24dc/0x2580 [ 796.353625][T25975] __alloc_frozen_pages_noprof+0x18d/0x380 [ 796.359742][T25975] allocate_slab+0x77/0x660 [ 796.364382][T25975] refill_objects+0x331/0x3c0 [ 796.369297][T25975] __pcs_replace_empty_main+0x2e6/0x730 [ 796.375102][T25975] kmem_cache_alloc_lru_noprof+0x37c/0x640 [ 796.381447][T25975] sock_alloc_inode+0x2c/0x190 [ 796.386526][T25975] alloc_inode+0x6a/0x1b0 [ 796.390968][T25975] __sock_create+0x12d/0x9d0 [ 796.396026][T25975] __sys_socket+0xd6/0x1b0 [ 796.400571][T25975] __x64_sys_socket+0x7a/0x90 [ 796.405797][T25975] do_syscall_64+0x15f/0xf80 [ 796.411281][T25975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.417819][T25975] page last free pid 18054 tgid 18053 stack trace: [ 796.424717][T25975] __free_frozen_pages+0xc2b/0xdb0 [ 796.429880][T25975] generic_map_update_batch+0x862/0x990 [ 796.435860][T25975] bpf_map_do_batch+0x39b/0x630 [ 796.441475][T25975] __sys_bpf+0x7c1/0x950 [ 796.446462][T25975] __x64_sys_bpf+0x7c/0x90 [ 796.451481][T25975] do_syscall_64+0x15f/0xf80 [ 796.456551][T25975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.463375][T25975] [ 796.465912][T25975] Memory state around the buggy address: [ 796.472836][T25975] ffff888046842f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 796.482349][T25975] ffff888046843000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 796.492052][T25975] >ffff888046843080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 796.501449][T25975] ^ [ 796.508484][T25975] ffff888046843100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 796.517816][T25975] ffff888046843180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 796.526873][T25975] ================================================================== [ 796.535553][T25975] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 796.543679][T25975] CPU: 0 UID: 101 PID: 25975 Comm: dhcpcd Not tainted syzkaller #0 PREEMPT(full) [ 796.553685][T25975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 796.564045][T25975] Call Trace: [ 796.567883][T25975] [ 796.571358][T25975] vpanic+0x56c/0xa60 [ 796.575405][T25975] ? __pfx_vpanic+0x10/0x10 [ 796.580393][T25975] panic+0xc5/0xd0 [ 796.584431][T25975] ? __pfx_panic+0x10/0x10 [ 796.589219][T25975] ? sock_def_readable+0x1cb/0x550 [ 796.594624][T25975] ? rcu_is_watching+0x15/0xb0 [ 796.599685][T25975] ? sock_def_readable+0x1cb/0x550 [ 796.605017][T25975] ? sock_def_readable+0x1cb/0x550 [ 796.610341][T25975] check_panic_on_warn+0x89/0xb0 [ 796.615605][T25975] ? sock_def_readable+0x1cb/0x550 [ 796.620845][T25975] end_report+0x73/0x170 [ 796.625578][T25975] ? sock_def_readable+0x1cb/0x550 [ 796.631053][T25975] kasan_report+0x128/0x150 [ 796.635870][T25975] ? sock_def_readable+0x1cb/0x550 [ 796.641283][T25975] sock_def_readable+0x1cb/0x550 [ 796.646734][T25975] ? sock_def_readable+0xae/0x550 [ 796.652013][T25975] ? send_to_lecd+0x26d/0x830 [ 796.656918][T25975] send_to_lecd+0x3e7/0x830 [ 796.661611][T25975] lec_start_xmit+0xe52/0x2890 [ 796.666644][T25975] dev_hard_start_xmit+0x2cd/0x830 [ 796.671987][T25975] sch_direct_xmit+0x251/0x4c0 [ 796.677327][T25975] ? __pfx_sch_direct_xmit+0x10/0x10 [ 796.683193][T25975] __qdisc_run+0xa83/0x1560 [ 796.688304][T25975] __dev_queue_xmit+0x1021/0x3950 [ 796.694818][T25975] ? __dev_queue_xmit+0x2b6/0x3950 [ 796.701961][T25975] ? _copy_from_iter+0x5d4/0x1670 [ 796.708344][T25975] ? __pfx___dev_queue_xmit+0x10/0x10 [ 796.716449][T25975] ? __pfx__copy_from_iter+0x10/0x10 [ 796.722767][T25975] ? __pfx_packet_parse_headers+0x10/0x10 [ 796.728951][T25975] ? packet_xmit+0x68/0x320 [ 796.733781][T25975] packet_sendmsg+0x3ebc/0x50f0 [ 796.739505][T25975] ? shmem_acquire_dquot+0x80/0x640 [ 796.745669][T25975] ? do_syscall_64+0x15f/0xf80 [ 796.751349][T25975] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.759560][T25975] ? aa_sk_perm+0x6d5/0x900 [ 796.764494][T25975] ? __pfx_packet_sendmsg+0x10/0x10 [ 796.770532][T25975] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 796.778001][T25975] ? aa_sock_msg_perm+0xf1/0x1b0 [ 796.783830][T25975] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 796.789878][T25975] ? __pfx_packet_sendmsg+0x10/0x10 [ 796.796595][T25975] sock_write_iter+0x49b/0x4f0 [ 796.801980][T25975] ? __pfx_sock_write_iter+0x10/0x10 [ 796.808119][T25975] ? aa_file_perm+0x192/0x15e0 [ 796.813662][T25975] ? aa_sock_msg_perm+0xda/0x1b0 [ 796.819562][T25975] do_iter_readv_writev+0x619/0x8c0 [ 796.824996][T25975] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 796.832184][T25975] ? bpf_lsm_file_permission+0x9/0x20 [ 796.837780][T25975] ? security_file_permission+0x75/0x260 [ 796.843464][T25975] ? rw_verify_area+0x255/0x4d0 [ 796.848993][T25975] vfs_writev+0x33c/0x990 [ 796.853631][T25975] ? bpf_lsm_file_permission+0x9/0x20 [ 796.859570][T25975] ? __pfx_vfs_writev+0x10/0x10 [ 796.864777][T25975] ? __pfx_set_user_sigmask+0x10/0x10 [ 796.870472][T25975] do_writev+0x154/0x2e0 [ 796.875159][T25975] ? __pfx_do_writev+0x10/0x10 [ 796.879982][T25975] ? __secure_computing+0xe1/0x2a0 [ 796.885666][T25975] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.891805][T25975] do_syscall_64+0x15f/0xf80 [ 796.897037][T25975] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.903613][T25975] ? clear_bhb_loop+0x40/0x90 [ 796.909032][T25975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.915864][T25975] RIP: 0033:0x7f52a3aa0407 [ 796.920852][T25975] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 796.943950][T25975] RSP: 002b:00007fff37e4e9d0 EFLAGS: 00000202 ORIG_RAX: 0000000000000014 [ 796.956279][T25975] RAX: ffffffffffffffda RBX: 00007f52a3a16780 RCX: 00007f52a3aa0407 [ 796.964579][T25975] RDX: 0000000000000002 RSI: 00007fff37e4ea30 RDI: 0000000000000003 [ 796.972694][T25975] RBP: 0000000000000188 R08: 0000000000000000 R09: 0000000000000000 [ 796.983420][T25975] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff37e4ea70 [ 796.994582][T25975] R13: 0000559ef90c3ed0 R14: 00007fff37e4eac0 R15: 00007fff37e5ec90 [ 797.004840][T25975] [ 798.164373][T25975] Shutting down cpus with NMI [ 798.170990][T25975] Kernel Offset: disabled [ 798.176486][T25975] Rebooting in 86400 seconds..