last executing test programs: 3.581097619s ago: executing program 1 (id=10701): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2}, 0x10) sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000010000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0xfc}}, 0x0) write$tun(r0, &(0x7f0000000480)={@val={0x0, 0x884c}, @void, @eth={@empty, @multicast, @val={@val={0x88a8, 0x5, 0x1, 0x4}, {0x8100, 0x6, 0x0, 0x6}}, {@ipv6={0x86dd, @gre_packet={0xa, 0x6, "12e2e7", 0x44, 0x2f, 0xff, @local, @private1={0xfc, 0x1, '\x00', 0x1}, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x0, 0x2}, {0x1}, {0x0, 0x0, 0x1}, {0x8, 0x88be, 0x3, {{0x2, 0x1, 0x2, 0x2, 0x1, 0x2, 0x5, 0xff}, 0x1, {0x8}}}, {0x8, 0x22eb, 0x3, {{0x7, 0x2, 0xa5, 0x1, 0x1, 0x2, 0x3, 0x8}, 0x2, {0x6, 0xffff, 0x1, 0x14, 0x1, 0x1, 0x0, 0x1}}}, {0x8, 0x6558, 0x4}}}}}}}}, 0x86) 3.15654313s ago: executing program 4 (id=10704): recvmsg(0xffffffffffffffff, 0x0, 0x80) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_int(r1, 0x6, 0x1e, &(0x7f0000000000)=0x400000001, 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000140)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000240)={0xa, 0x4e23, 0x27bf, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xa}}, 0x3}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='[', 0x1, 0xc0, 0x0, 0x0) 3.065759959s ago: executing program 1 (id=10705): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) write$tun(r1, &(0x7f0000000400)=ANY=[@ANYBLOB="000086dd0001110004000000a60c6eec00be00442ffffe8000000000000000000000d178000000aaff0200000000000000000000000000010420"], 0xfdef) 3.017335258s ago: executing program 4 (id=10707): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1, 0x0, {}, 0xfd}, 0x18) connect$can_j1939(r0, &(0x7f0000000080)={0x1d, r1, 0x0, {0x0, 0x0, 0x2}, 0xfe}, 0x18) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2800000010005fba00"/20, @ANYRES32=0x0, @ANYBLOB="80000200e180001a08001b"], 0x28}}, 0x800) sendmsg$can_j1939(r0, &(0x7f0000000180)={0x0, 0xf5, &(0x7f00000001c0)={&(0x7f0000000300)='.', 0x1a000}}, 0x0) 2.706687211s ago: executing program 1 (id=10708): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0xa}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4e20, 0xeb, @remote, 0x4}, 0x1c) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd63"], 0xfdef) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x44, 0x2c, 0xf3f, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xb, 0xfff3}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x14, 0x2, [@TCA_BASIC_EMATCHES={0x10, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_LIST={0x4}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20041090}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000001100000000000a20000000000a01010000000000000000050000080900010073797a30000000005c000000030a03000000000000000000050000000900010073797a30000000000900030073797a300000000008000c40000000032800048008000240000000120800014000000000140004"], 0xa4}}, 0x0) 2.485295364s ago: executing program 2 (id=10711): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty, 0x3}, 0x1c) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) setsockopt$inet6_udp_encap(r1, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) write$tun(r0, &(0x7f0000000300)={@val={0x8, 0x800}, @val={0x0, 0x3, 0x6, 0x1, 0x2f, 0x40}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x28, 0x1c, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010104, @dev={0xac, 0x14, 0x14, 0x26}}, {0x4e26, 0x4e20, 0x8}}}, 0x2a) 2.29339561s ago: executing program 3 (id=10713): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000100)=0x8) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$tun(r1, &(0x7f0000000000)=ANY=[], 0x38) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x401c5820, &(0x7f0000000080)) 2.179273343s ago: executing program 1 (id=10714): r0 = socket$inet(0x2, 0x3, 0x8d) setsockopt$inet_msfilter(r0, 0x0, 0x8, &(0x7f0000000340)=ANY=[@ANYRES32], 0x1) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={@private1={0xfc, 0x1, '\x00', 0x1}, 0x3a}) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8916, &(0x7f0000000000)) ioctl(r1, 0x8936, &(0x7f0000000000)) 2.089088948s ago: executing program 0 (id=10715): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_WOWLAN(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x30}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="380000001000050700bbc0000000010007000000", @ANYRES32=r3, @ANYBLOB="00000000000000001800120008000100736974000c0002000800020006"], 0x38}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="50000000100001002dbd7000fedbdf2500000000", @ANYRES32=r4, @ANYBLOB="00000000000000003000128008000100736974002400028006000f0002073f01af4552069b230000080014"], 0x50}}, 0x0) 1.887758911s ago: executing program 4 (id=10716): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$sock_int(r0, 0x1, 0x23, &(0x7f00000000c0)=0x3, 0x4) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000000)=0xfffffffa, 0x4) recvmmsg(r0, &(0x7f0000003ec0)=[{{0x0, 0x0, 0x0}, 0x8000}], 0x1, 0x100, 0x0) 1.851187884s ago: executing program 3 (id=10717): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee9, 0x8031, r0, 0x215eb000) r1 = socket(0x14, 0x2, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x61d0, 0x0) ioctl$sock_TIOCINQ(r1, 0x61d8, 0x0) 1.828201329s ago: executing program 1 (id=10718): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000980)={0x1f, 0x1}, 0x6) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xc, &(0x7f0000000040)=0xffffff01, 0x4) write$bt_hci(r0, &(0x7f0000000040)=ANY=[], 0x6) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4000000) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$cgroup_int(r1, 0x0, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0xffffffff000) 1.749803367s ago: executing program 4 (id=10719): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000003c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x80000) syz_genetlink_get_family_id$fou(&(0x7f0000000040), r1) sendmsg$alg(r1, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x80}, 0x4004080) r2 = syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)={0x34, r2, 0x2, 0x70bd26, 0x25dfdbfd, {{}, {}, {0x18, 0x18, {0x6fd9, @bearer=@l2={'ib', 0x3a, 'veth1_vlan\x00'}}}}}, 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x44004) 1.689775728s ago: executing program 0 (id=10720): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="034886dd010000000000140000006000000000280600fe88a43de1a400000000000000027d01ff020000000000000000000000000001000088bed2868a1610e8f515ab", @ANYRESOCT=r0], 0xfdef) 1.650692435s ago: executing program 1 (id=10721): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000007c0)=ANY=[@ANYBLOB="1c0000000306010200000000000000000700000a0500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40814) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="580000000206030000000000000000000300000705000100070000000900020073797a31000000000c00078008001240000000050500050002000000050004000100000011000300686173683a69702c706f727400"], 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070088000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80) 1.537321484s ago: executing program 2 (id=10722): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xb, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00'}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000300)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20) sendmmsg$inet6(r0, &(0x7f0000002000)=[{{0x0, 0x0, &(0x7f0000000180), 0x1}}, {{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000009c0)='.', 0xc400}], 0x7}}], 0x44, 0x0) 1.388944331s ago: executing program 2 (id=10723): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0f000000040000000800000001"], 0x37) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000340)=ANY=[@ANYBLOB="12000000020000000800000002"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000400)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r0}, &(0x7f0000000000), &(0x7f0000000080)=r1}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001540)={{r2}, &(0x7f00000014c0), &(0x7f0000001500)=r1}, 0x20) 1.219133117s ago: executing program 4 (id=10724): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x200) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x170bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe5, 0x10}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0xfffd}}}]}, 0x38}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@newtfilter={0x88, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r2, {0x0, 0x2}, {}, {0x8, 0x10}}, [@filter_kind_options=@f_flow={{0x9}, {0x58, 0x2, [@TCA_FLOW_ACT={0x54, 0x9, 0x0, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0xffffffff, 0x4000004, 0x20000001, 0x4, 0x2}, 0x1, r2}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}]}, 0x88}}, 0x0) 1.17782859s ago: executing program 2 (id=10725): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'ip6gre0\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xc, 0xf, &(0x7f00000005c0)=ANY=[@ANYRES64=r1], 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f00000004c0)={0x0, 0x3, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x29}}, 0x10) 1.067017796s ago: executing program 0 (id=10726): r0 = socket$inet(0x2, 0x3, 0x8d) setsockopt$inet_msfilter(r0, 0x0, 0x8, &(0x7f0000000340)=ANY=[@ANYRES32], 0x1) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f00000000c0)={0x0, @local, @local}, &(0x7f0000000140)=0xc) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={@private1={0xfc, 0x1, '\x00', 0x1}, 0x3a, r1}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8916, &(0x7f0000000000)) ioctl(r2, 0x8936, &(0x7f0000000000)) 957.296453ms ago: executing program 2 (id=10727): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0xe4) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd63"], 0xcfa4) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="24040000040801"], 0x24}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4000000) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000068000000060a010400000000000000000100000008000b4000000000400004802800018007000100637400001c000280080001400000000108000240000000090500030000000000140001800a0001007265646972000000040002800900010073797a30"], 0xdc}, 0x1, 0x0, 0x0, 0x15}, 0x4000000) 941.044801ms ago: executing program 4 (id=10728): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x21) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x2003}, 0x94) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1d19cb307b3472ab9cdb042d2", "643fcbb2c5a57df67d074af6e8dafe09"}}}}}}}, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000500)=0x6, 0x4) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000007300)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000006200)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) recvmmsg(r0, &(0x7f0000000400)=[{{0x0, 0x0, 0x0}, 0xb}], 0x1, 0x40000021, 0x0) 842.722275ms ago: executing program 0 (id=10729): r0 = socket$inet(0x2, 0x3, 0x8d) setsockopt$inet_msfilter(r0, 0x0, 0x8, &(0x7f0000000340)=ANY=[@ANYRES32], 0x1) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={@private1={0xfc, 0x1, '\x00', 0x1}, 0x3a}) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8916, &(0x7f0000000000)) ioctl(r1, 0x8936, &(0x7f0000000000)) 730.11573ms ago: executing program 3 (id=10730): ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454ca, &(0x7f0000000100)=ANY=[@ANYBLOB='..']) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/uts\x00') openat$cgroup_ro(r1, &(0x7f0000000000)='blkio.throttle.io_service_bytes_recursive\x00', 0x0, 0x0) 670.51413ms ago: executing program 0 (id=10731): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="40000000210a018800000000000000000a0000010900020073797a31000000000900010073797a310000000014000380100000800c000180060001"], 0x40}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000) 578.274173ms ago: executing program 3 (id=10732): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x30, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe33, 0x0, 0x0, 0x0}, 0x40) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000200)={0x0, 0x0}, 0x8) r3 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f00000002c0)=r2, 0x4) bpf$LINK_DETACH(0x22, &(0x7f0000000340)=r3, 0x4) r4 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000)=r2, 0x4) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000500)={r4, r1, 0x4, r1}, 0x10) 207.614751ms ago: executing program 0 (id=10733): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @private1}, 0x1c) r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r1, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) connect$inet6(r1, &(0x7f0000000300)={0xa, 0x4e22, 0x2, @private1, 0x5}, 0x1c) 189.797286ms ago: executing program 3 (id=10734): r0 = socket$kcm(0x29, 0x2, 0x0) close(r0) r1 = socket$kcm(0x2b, 0x1, 0x0) close(r1) r2 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r2, &(0x7f0000000000)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004040) setsockopt$sock_attach_bpf(r0, 0x1, 0xd, &(0x7f0000000080), 0x2cb) close(r1) 75.946545ms ago: executing program 3 (id=10735): r0 = socket(0x2, 0x80805, 0x0) close(0x3) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001"], 0xb8}}, 0x0) r2 = epoll_create1(0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40088a01, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000580)={0x40000008}) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[], 0x30}], 0x1, 0x0) 0s ago: executing program 2 (id=10736): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x80800) setsockopt$sock_int(r1, 0x1, 0x20, &(0x7f0000000940)=0x1000008, 0x4) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) close(r1) kernel console output (not intermixed with test programs): 255.960025][T15337] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 256.133372][T15349] IPVS: length: 239 != 24 [ 256.814102][T15393] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4566'. [ 257.456930][T15427] netlink: 'syz.3.4583': attribute type 1 has an invalid length. [ 257.867406][T15448] bridge5: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms) [ 258.174637][T15466] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 258.359200][T15477] netlink: 'syz.0.4607': attribute type 75 has an invalid length. [ 258.772901][T15497] lo speed is unknown, defaulting to 1000 [ 258.818549][T15497] lo speed is unknown, defaulting to 1000 [ 258.837139][T15497] lo speed is unknown, defaulting to 1000 [ 258.910225][T15497] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 258.989963][T15497] lo speed is unknown, defaulting to 1000 [ 258.999379][T15497] lo speed is unknown, defaulting to 1000 [ 259.007785][T15497] lo speed is unknown, defaulting to 1000 [ 259.017442][T15497] lo speed is unknown, defaulting to 1000 [ 259.029555][T15497] lo speed is unknown, defaulting to 1000 [ 259.439874][T15528] netlink: 'syz.0.4631': attribute type 11 has an invalid length. [ 260.221233][T15572] netlink: 'syz.1.4654': attribute type 21 has an invalid length. [ 260.295420][T15572] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4654'. [ 260.825478][T15610] IPv6: NLM_F_CREATE should be specified when creating new route [ 260.902090][T15616] netlink: 56 bytes leftover after parsing attributes in process `syz.3.4676'. [ 260.984155][T15618] ipt_REJECT: ECHOREPLY no longer supported. [ 261.322968][T15640] bond0: left allmulticast mode [ 261.328159][ T1075] bond0: (slave bond_slave_0): interface is now down [ 261.335679][T15642] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 261.348247][ T1075] bond0: (slave bond_slave_1): interface is now down [ 261.371902][T15640] bond_slave_0: left allmulticast mode [ 261.406809][T15640] bond_slave_1: left allmulticast mode [ 261.486376][T15648] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4692'. [ 261.629323][T15657] netlink: 'syz.0.4695': attribute type 1 has an invalid length. [ 261.651932][T15657] bridge0: port 1(1¾x9ÿ) entered disabled state [ 261.938466][T15675] netlink: 288 bytes leftover after parsing attributes in process `syz.4.4705'. [ 261.955388][T15676] netlink: 404 bytes leftover after parsing attributes in process `syz.0.4706'. [ 261.977979][T15679] IPVS: set_ctl: invalid protocol: 58 0.0.0.0:20000 [ 261.984136][T15676] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4706'. [ 262.051017][T15676] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4706'. [ 262.077575][T15676] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4706'. [ 262.291558][T15695] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 262.548530][T15712] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 263.076424][T15744] netlink: 'syz.4.4741': attribute type 2 has an invalid length. [ 263.134855][T15744] netlink: 'syz.4.4741': attribute type 11 has an invalid length. [ 263.157957][T15744] netlink: 132 bytes leftover after parsing attributes in process `syz.4.4741'. [ 263.419857][T15761] bond1: Unable to set up delay as MII monitoring is disabled [ 263.429712][T15761] bond1 (unregistering): Released all slaves [ 263.755337][T15785] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4758'. [ 263.873077][T15792] tc_dump_action: action bad kind [ 263.891831][ T1075] bond0: (slave bond_slave_0): interface is now down [ 263.925711][ T1075] bond0: (slave bond_slave_1): interface is now down [ 263.954746][ T1075] bond0: now running without any active interface! [ 264.005139][T15799] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4767'. [ 264.129567][T15807] netlink: 'syz.3.4771': attribute type 30 has an invalid length. [ 264.234009][T15809] bond2: option arp_all_targets: invalid value (18446744073709551613) [ 264.249068][T15809] bond2 (unregistering): Released all slaves [ 264.537318][T15829] xt_ecn: cannot match TCP bits for non-tcp packets [ 264.904552][T15853] openvswitch: netlink: Unknown nsh attribute 0 [ 265.002106][T15861] netlink: 'syz.1.4797': attribute type 21 has an invalid length. [ 266.008263][T15921] netlink: 'syz.3.4827': attribute type 1 has an invalid length. [ 266.283008][T15939] __nla_validate_parse: 7 callbacks suppressed [ 266.283027][T15939] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4836'. [ 266.487390][T15947] netlink: 'syz.2.4840': attribute type 1 has an invalid length. [ 266.948673][T15971] netlink: 'syz.3.4852': attribute type 7 has an invalid length. [ 267.015693][T15974] rdma_rxe: rxe_newlink: failed to add vxcan1 [ 267.684538][T16019] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4876'. [ 268.746138][T16084] netlink: 1 bytes leftover after parsing attributes in process `syz.2.4907'. [ 268.780970][T16084] xt_policy: neither incoming nor outgoing policy selected [ 268.963274][T16096] netlink: 'syz.2.4910': attribute type 5 has an invalid length. [ 269.538209][T16123] netlink: 60 bytes leftover after parsing attributes in process `syz.4.4923'. [ 269.651467][T16127] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 269.761155][T16134] Cannot find del_set index 49151 as target [ 270.277504][T16155] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 270.323360][T16157] netlink: 516 bytes leftover after parsing attributes in process `syz.2.4940'. [ 270.469846][T16163] netlink: 65039 bytes leftover after parsing attributes in process `syz.0.4943'. [ 270.529943][T16169] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4946'. [ 270.806789][T16184] Zero length message leads to an empty skb [ 271.059183][T16197] xt_policy: too many policy elements [ 271.550030][T16227] netlink: 64 bytes leftover after parsing attributes in process `syz.3.4974'. [ 271.849169][T16244] bridge0: port 2(veth0_to_bridge) entered blocking state [ 271.873855][T16244] bridge0: port 2(veth0_to_bridge) entered disabled state [ 271.893981][T16244] veth0_to_bridge: entered allmulticast mode [ 271.924818][T16244] veth0_to_bridge: entered promiscuous mode [ 271.944488][T16244] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 271.989766][T16244] bridge0: port 2(veth0_to_bridge) entered blocking state [ 271.998200][T16244] bridge0: port 2(veth0_to_bridge) entered forwarding state [ 272.035864][T16248] netlink: 64 bytes leftover after parsing attributes in process `syz.2.4985'. [ 272.356584][T16264] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4992'. [ 272.382941][T16264] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4992'. [ 272.917265][T16294] netlink: 'syz.1.5008': attribute type 3 has an invalid length. [ 273.125410][T16307] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5012'. [ 273.139036][T16305] IPVS: Error connecting to the multicast addr [ 273.614850][T16339] Bluetooth: MGMT ver 1.23 [ 273.926030][T16354] netlink: 216 bytes leftover after parsing attributes in process `syz.4.5035'. [ 273.963341][T16354] netlink: 'syz.4.5035': attribute type 2 has an invalid length. [ 274.167236][T16367] netlink: 'syz.1.5042': attribute type 11 has an invalid length. [ 274.201149][T16367] netlink: 'syz.1.5042': attribute type 4 has an invalid length. [ 274.219897][T16367] netlink: 199768 bytes leftover after parsing attributes in process `syz.1.5042'. [ 274.295465][T16373] block nbd4: not configured, cannot reconfigure [ 274.661235][T16395] IPVS: length: 8 != 1152 [ 275.074564][T16420] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5069'. [ 275.474943][T16445] openvswitch: netlink: Missing valid actions attribute. [ 275.499736][T16445] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 275.569942][T16449] smc: net device team0 applied user defined pnetid SYZ2 [ 276.228481][T16489] nftables ruleset with unbound set [ 276.309250][T16495] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5105'. [ 276.338562][T16495] veth1_to_team: default FDB implementation only supports local addresses [ 276.737208][T16510] syz.0.5110 (16510) used greatest stack depth: 16864 bytes left [ 277.182496][T16541] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 277.193693][ T794] IPVS: starting estimator thread 0... [ 277.202124][T16541] team0: Device macvlan2 is already an upper device of the team interface [ 277.218746][T16550] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5130'. [ 277.290642][T16547] IPVS: using max 37 ests per chain, 88800 per kthread [ 277.627906][T16571] tipc: Enabling of bearer rejected, media not registered [ 278.817611][T16648] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 279.193523][T16671] Bluetooth: MGMT ver 1.23 [ 279.466409][T16687] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5197'. [ 279.563799][T16689] tipc: Invalid UDP bearer configuration [ 279.563848][T16689] tipc: Enabling of bearer rejected, failed to enable media [ 280.046571][T16717] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5211'. [ 280.469534][T16741] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.5223'. [ 280.862765][T16762] smc: ib device syz2 ibport 1 applied user defined pnetid SYZ1 [ 280.893624][T16765] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5233'. [ 280.930982][T16765] netlink: 56 bytes leftover after parsing attributes in process `syz.2.5233'. [ 280.967097][T16765] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5233'. [ 282.314356][T16856] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5279'. [ 282.495703][T16866] ieee802154 phy1 wpan1: encryption failed: -22 [ 282.643133][T16872] Bluetooth: MGMT ver 1.23 [ 283.654654][T16919] lo speed is unknown, defaulting to 1000 [ 283.958772][T16947] netlink: 'syz.4.5324': attribute type 1 has an invalid length. [ 283.983052][T16947] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5324'. [ 284.005310][T16947] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5324'. [ 284.015138][T16947] netlink: 'syz.4.5324': attribute type 2 has an invalid length. [ 284.028100][T16947] netlink: 'syz.4.5324': attribute type 2 has an invalid length. [ 284.062531][T16947] netlink: 'syz.4.5324': attribute type 2 has an invalid length. [ 284.555927][T16919] lo speed is unknown, defaulting to 1000 [ 284.692052][ T50] Bluetooth: hci0: command 0x0406 tx timeout [ 284.774675][T16986] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5339'. [ 285.754376][T17031] netlink: 'syz.0.5363': attribute type 11 has an invalid length. [ 286.155899][T17048] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5373'. [ 287.048570][T17102] netlink: 'syz.4.5395': attribute type 11 has an invalid length. [ 287.057708][T17102] netlink: 199820 bytes leftover after parsing attributes in process `syz.4.5395'. [ 287.093568][T17105] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5396'. [ 287.126771][T17105] netlink: 'syz.1.5396': attribute type 3 has an invalid length. [ 287.267392][T17115] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5399'. [ 287.296400][T17115] openvswitch: netlink: IPv4 frag type 127 is out of range max 2 [ 287.465375][T17126] netlink: 'syz.3.5406': attribute type 1 has an invalid length. [ 287.473795][T17126] netlink: 236 bytes leftover after parsing attributes in process `syz.3.5406'. [ 287.813337][T17145] netlink: 52 bytes leftover after parsing attributes in process `syz.1.5414'. [ 288.548341][T17186] netlink: 'syz.3.5435': attribute type 1 has an invalid length. [ 288.565519][T17186] netlink: 'syz.3.5435': attribute type 2 has an invalid length. [ 288.586630][T17186] netlink: 'syz.3.5435': attribute type 1 has an invalid length. [ 288.599818][T17186] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5435'. [ 288.748365][ T5986] IPVS: starting estimator thread 0... [ 288.758065][T17196] netlink: 'syz.4.5439': attribute type 3 has an invalid length. [ 288.773715][T17199] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5440'. [ 288.783702][T17199] netlink: 658 bytes leftover after parsing attributes in process `syz.0.5440'. [ 288.811346][T17201] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5441'. [ 288.860599][T17197] IPVS: using max 37 ests per chain, 88800 per kthread [ 289.092793][T17217] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5449'. [ 289.154744][T17220] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5450'. [ 289.265840][T17225] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5453'. [ 289.394428][T17233] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5457'. [ 289.483220][T17239] xt_hashlimit: size too large, truncated to 1048576 [ 290.736516][ T13] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 290.772544][ T13] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 290.804320][ T13] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 290.831706][ T13] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 292.673183][T17420] __nla_validate_parse: 1 callbacks suppressed [ 292.673200][T17420] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5540'. [ 292.705616][T17420] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5540'. [ 292.715123][T17420] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5540'. [ 293.092797][T17444] xt_limit: Overflow, try lower: 271964/0 [ 293.185490][T17450] validate_nla: 2 callbacks suppressed [ 293.185509][T17450] netlink: 'syz.2.5556': attribute type 62 has an invalid length. [ 293.256213][T17454] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5558'. [ 293.428696][T17464] netlink: 104 bytes leftover after parsing attributes in process `syz.2.5562'. [ 293.490635][ T5826] Bluetooth: hci4: command 0x0406 tx timeout [ 293.691566][T17480] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5570'. [ 294.209986][T17514] netlink: 'syz.1.5587': attribute type 18 has an invalid length. [ 294.259215][ T13] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 294.310066][ T13] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 294.337520][ T13] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 294.483984][T17528] xt_HMARK: proto mask must be zero with L3 mode [ 294.945850][T17554] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5605'. [ 295.148043][T17570] sock: sock_timestamping_bind_phc: sock not bind to device [ 295.343739][T17583] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5619'. [ 297.272249][T17691] macvlan0: entered promiscuous mode [ 297.303553][T17694] tipc: Enabling not permitted [ 297.310582][T17694] tipc: Enabling of bearer rejected, failed to enable media [ 297.562487][T17713] netlink: 'syz.0.5678': attribute type 29 has an invalid length. [ 297.582269][T17713] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5678'. [ 297.608505][T17713] netlink: 'syz.0.5678': attribute type 29 has an invalid length. [ 297.628044][T17713] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5678'. [ 297.769958][T17725] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5685'. [ 298.078365][T17743] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5694'. [ 298.263131][T17753] netlink: 'syz.4.5698': attribute type 3 has an invalid length. [ 298.391729][T17761] RDS: rds_bind could not find a transport for 400:0:1200:0:1030:0:ffff:ffff, load rds_tcp or rds_rdma? [ 298.505856][T17768] tipc: Started in network mode [ 298.517322][T17768] tipc: Node identity , cluster identity 4711 [ 298.532952][T17768] tipc: Failed to set node id, please configure manually [ 298.544747][T17768] tipc: Enabling of bearer rejected, failed to enable media [ 299.197252][T17808] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5725'. [ 299.685586][T17842] netlink: 'syz.4.5742': attribute type 1 has an invalid length. [ 299.701798][T17841] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5741'. [ 299.714482][T17842] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 299.721793][T17842] IPv6: NLM_F_CREATE should be set when creating new route [ 300.406526][T17885] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5763'. [ 300.514707][T17885] bond3: Invalid ad_actor_system MAC address. [ 300.527268][T17885] bond3: option ad_actor_system: invalid value (1) [ 300.553149][T17885] bond3 (unregistering): Released all slaves [ 301.141200][T17930] netlink: 'syz.4.5785': attribute type 3 has an invalid length. [ 301.418148][T17946] Bluetooth: MGMT ver 1.23 [ 301.444841][T17939] bond5: (slave bond_slave_1): Device is not our slave [ 301.488039][T17939] bond5: option active_slave: invalid value (bond_slave_1) [ 301.505567][T17939] bond5 (unregistering): Released all slaves [ 301.547332][T17951] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5793'. [ 301.912462][T17972] netlink: 'syz.1.5804': attribute type 1 has an invalid length. [ 302.229783][T17991] netlink: 100 bytes leftover after parsing attributes in process `syz.2.5813'. [ 302.514017][T18008] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5822'. [ 302.524498][T18008] tipc: Invalid UDP bearer configuration [ 302.532799][T18008] tipc: Enabling of bearer rejected, failed to enable media [ 302.704872][T18014] bridge0: port 3(gretap0) entered disabled state [ 302.763422][T18014] bridge0: port 2(bridge_slave_1) entered disabled state [ 302.771140][T18014] bridge0: port 1(0¾x9ÿ) entered disabled state [ 302.824279][T18014] bond0: left allmulticast mode [ 302.836602][T18014] bond_slave_0: left allmulticast mode [ 302.852109][T18014] bond_slave_1: left allmulticast mode [ 302.857838][T18014] mac80211_hwsim hwsim7 wlan1: left allmulticast mode [ 302.960206][T18014] A link change request failed with some changes committed already. Interface 0¾x9ÿ may have been left with an inconsistent configuration, please check. [ 302.983044][ T5904] lo speed is unknown, defaulting to 1000 [ 303.007408][ T5904] syz2: Port: 1 Link DOWN [ 303.028168][ T5904] lo speed is unknown, defaulting to 1000 [ 303.083250][T18028] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5831'. [ 303.306676][T18040] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 304.792886][T18108] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5868'. [ 304.835414][T18108] netlink: 43 bytes leftover after parsing attributes in process `syz.0.5868'. [ 304.877070][T18108] netlink: 'syz.0.5868': attribute type 6 has an invalid length. [ 304.920652][T18108] netlink: 'syz.0.5868': attribute type 5 has an invalid length. [ 304.947514][T18108] netlink: 43 bytes leftover after parsing attributes in process `syz.0.5868'. [ 305.028500][T18122] netlink: 4768 bytes leftover after parsing attributes in process `syz.4.5876'. [ 305.064948][T18122] netlink: 4768 bytes leftover after parsing attributes in process `syz.4.5876'. [ 305.187208][T18129] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 305.199442][T18130] netlink: 'syz.3.5879': attribute type 2 has an invalid length. [ 305.308309][T18137] batadv0: entered promiscuous mode [ 305.314953][T18137] macsec1: entered promiscuous mode [ 305.339187][T18137] 8021q: adding VLAN 0 to HW filter on device macsec1 [ 305.393460][T18137] batadv0: left promiscuous mode [ 305.570247][T18152] netlink: 'syz.2.5890': attribute type 2 has an invalid length. [ 305.693448][T18158] sock: sock_set_timeout: `syz.2.5893' (pid 18158) tries to set negative timeout [ 306.013439][T18177] tipc: Failed to obtain node identity [ 306.028488][T18177] tipc: Enabling of bearer rejected, failed to enable media [ 306.549379][T18209] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5916'. [ 307.387828][T18261] netlink: 96 bytes leftover after parsing attributes in process `syz.3.5944'. [ 308.509255][T18325] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5976'. [ 308.695396][T18334] pim6reg: entered allmulticast mode [ 308.713746][T18334] pim6reg: left allmulticast mode [ 309.181222][T18365] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 309.721809][T18396] sctp: [Deprecated]: syz.0.6009 (pid 18396) Use of int in max_burst socket option deprecated. [ 309.721809][T18396] Use struct sctp_assoc_value instead [ 310.627204][T18448] tipc: Enabling of bearer rejected, failed to enable media [ 310.804473][T18460] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.6041'. [ 311.041562][T18473] netlink: 'syz.4.6046': attribute type 1 has an invalid length. [ 311.198103][T18482] netlink: 'syz.3.6051': attribute type 23 has an invalid length. [ 311.942929][T18531] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6075'. [ 312.014328][T18535] netlink: 'syz.0.6077': attribute type 10 has an invalid length. [ 312.057418][T18535] team0: Device vxcan1 is of different type [ 312.242152][T18546] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6084'. [ 312.258888][T18546] veth0_virt_wifi: entered promiscuous mode [ 312.426004][T18557] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6087'. [ 312.442105][T18557] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6087'. [ 314.291232][T18670] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6141'. [ 314.298399][T18667] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6140'. [ 314.513036][T18685] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 314.734813][T18697] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6153'. [ 315.954856][T18771] lo: entered allmulticast mode [ 316.147434][T18783] netlink: 'syz.0.6195': attribute type 2 has an invalid length. [ 316.353985][T18794] netlink: 220 bytes leftover after parsing attributes in process `syz.4.6202'. [ 316.378206][T18794] netlink: 'syz.4.6202': attribute type 2 has an invalid length. [ 316.393552][T18795] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6203'. [ 316.395016][T18791] bridge6: entered promiscuous mode [ 316.428466][T18791] bridge6: entered allmulticast mode [ 316.447793][T18791] team0: Port device bridge6 added [ 316.998412][ T794] IPVS: starting estimator thread 0... [ 317.021781][T18831] IPVS: ip_vs_edit_dest(): server weight less than zero [ 317.130809][T18832] IPVS: using max 30 ests per chain, 72000 per kthread [ 317.182970][T18842] netlink: 'syz.1.6225': attribute type 3 has an invalid length. [ 317.255462][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.469680][T18858] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 317.575077][T18862] pimreg3: entered allmulticast mode [ 317.867190][T18881] netlink: 'syz.3.6244': attribute type 29 has an invalid length. [ 317.886087][T18881] netlink: 'syz.3.6244': attribute type 29 has an invalid length. [ 318.534465][T18915] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6261'. [ 318.572484][T18915] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6261'. [ 318.603291][T18920] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6263'. [ 318.615506][T18920] IPVS: Error connecting to the multicast addr [ 318.967901][T18941] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6269'. [ 318.981285][T18940] netlink: 'syz.0.6273': attribute type 1 has an invalid length. [ 318.997555][T18941] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6269'. [ 319.027727][T18943] netlink: 'syz.3.6275': attribute type 13 has an invalid length. [ 319.032046][T18940] netlink: 'syz.0.6273': attribute type 3 has an invalid length. [ 319.063691][T18940] NCSI netlink: No device for ifindex 813332851 [ 319.070095][T18943] veth0_macvtap: left promiscuous mode [ 319.092491][T18943] macvtap0: entered allmulticast mode [ 319.114639][T18943] macvtap0: refused to change device tx_queue_len [ 319.488046][T18968] netlink: 'syz.4.6286': attribute type 25 has an invalid length. [ 319.504704][T18970] __nla_validate_parse: 3 callbacks suppressed [ 319.504723][T18970] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6287'. [ 319.664818][T18978] netlink: 'syz.4.6291': attribute type 33 has an invalid length. [ 320.367231][T19019] pimreg: entered allmulticast mode [ 320.374108][T19023] tipc: Enabling of bearer rejected, failed to enable media [ 321.203632][T19071] raw_sendmsg: syz.4.6337 forgot to set AF_INET. Fix it! [ 321.675311][T19103] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 322.502118][T19141] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6371'. [ 322.544782][T19141] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6371'. [ 322.564312][T19145] xt_hashlimit: size too large, truncated to 1048576 [ 322.836827][T19164] netlink: 348 bytes leftover after parsing attributes in process `syz.1.6380'. [ 322.977012][T19168] netlink: 256 bytes leftover after parsing attributes in process `syz.1.6382'. [ 323.070771][T19170] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 324.865972][T19276] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6433'. [ 324.873365][T19274] netlink: 60 bytes leftover after parsing attributes in process `syz.1.6434'. [ 324.897860][T19276] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 325.538024][T19313] netlink: 104 bytes leftover after parsing attributes in process `syz.0.6452'. [ 326.039559][T19342] validate_nla: 3 callbacks suppressed [ 326.039577][T19342] netlink: 'syz.2.6467': attribute type 32 has an invalid length. [ 326.070592][T19342] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6467'. [ 326.236790][T19342] bond3: Setting coupled_control to off (0) [ 327.524485][T19430] : entered promiscuous mode [ 327.767505][T19438] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6510'. [ 327.866600][T19442] netlink: 76 bytes leftover after parsing attributes in process `syz.3.6513'. [ 327.896023][T19442] nbd: illegal input index -8454144 [ 328.158027][T19455] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 328.568197][T19479] netlink: 104 bytes leftover after parsing attributes in process `syz.1.6529'. [ 328.803904][T19492] netlink: 'syz.0.6535': attribute type 3 has an invalid length. [ 328.818196][T19492] netlink: 'syz.0.6535': attribute type 1 has an invalid length. [ 328.829262][T19492] netlink: 204 bytes leftover after parsing attributes in process `syz.0.6535'. [ 328.838895][T19494] netlink: 'syz.3.6536': attribute type 11 has an invalid length. [ 329.169882][T19513] netlink: 'syz.1.6545': attribute type 1 has an invalid length. [ 329.406871][T19527] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6552'. [ 329.467023][T19530] xt_l2tp: missing protocol rule (udp|l2tpip) [ 329.723859][T19543] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 329.752013][T19543] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 329.887000][T19553] tipc: Started in network mode [ 329.897393][T19553] tipc: Node identity 0104000000000000cc, cluster identity 4711 [ 330.404870][T19584] netlink: 'syz.2.6580': attribute type 10 has an invalid length. [ 330.437713][T19586] Cannot find add_set index 46338 as target [ 330.563511][T19592] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6583'. [ 330.679312][T19599] sctp: [Deprecated]: syz.0.6588 (pid 19599) Use of struct sctp_assoc_value in delayed_ack socket option. [ 330.679312][T19599] Use struct sctp_sack_info instead [ 330.699106][T19599] sctp: [Deprecated]: syz.0.6588 (pid 19599) Use of struct sctp_assoc_value in delayed_ack socket option. [ 330.699106][T19599] Use struct sctp_sack_info instead [ 331.218499][T19626] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6601'. [ 331.549405][ T57] tipc: Subscription rejected, illegal request [ 331.890182][T19668] vlan1: entered promiscuous mode [ 331.905537][T19668] gretap0: entered promiscuous mode [ 332.701844][T19714] netlink: 'syz.3.6643': attribute type 2 has an invalid length. [ 332.768330][T19720] netlink: 52 bytes leftover after parsing attributes in process `syz.1.6646'. [ 332.792167][T19720] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6646'. [ 332.807250][T19720] netlink: 52 bytes leftover after parsing attributes in process `syz.1.6646'. [ 332.825479][T19720] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6646'. [ 332.838667][T19722] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6647'. [ 332.848004][T19720] netlink: 52 bytes leftover after parsing attributes in process `syz.1.6646'. [ 333.519068][T19760] netlink: 132 bytes leftover after parsing attributes in process `syz.4.6664'. [ 335.059920][T19851] nbd: must specify a device to reconfigure [ 335.226489][T19863] sctp: [Deprecated]: syz.3.6715 (pid 19863) Use of int in max_burst socket option. [ 335.226489][T19863] Use struct sctp_assoc_value instead [ 335.336286][T19867] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6717'. [ 336.038821][T19907] netlink: 'syz.0.6735': attribute type 4 has an invalid length. [ 336.068915][T19911] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 336.137633][T19915] tipc: Enabling of bearer rejected, failed to enable media [ 336.554381][T19939] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 336.752309][T19952] __nla_validate_parse: 1 callbacks suppressed [ 336.752327][T19952] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6760'. [ 337.119464][T19971] netlink: 'syz.0.6769': attribute type 1 has an invalid length. [ 337.225233][T19979] netlink: 'syz.2.6773': attribute type 1 has an invalid length. [ 338.157699][T20030] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6797'. [ 338.173988][T20032] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6799'. [ 338.519285][T20048] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6809'. [ 338.585763][T20054] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6810'. [ 338.615723][T20056] tipc: MTU too low for tipc bearer [ 338.686460][ T77] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 338.714923][ T5904] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 338.724931][ T77] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 338.777768][T20068] netlink: 'syz.1.6815': attribute type 3 has an invalid length. [ 338.876342][T20075] netlink: 32 bytes leftover after parsing attributes in process `syz.3.6817'. [ 339.161839][T20090] IPVS: set_ctl: invalid protocol: 135 255.255.255.255:20001 [ 339.184137][T20091] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6824'. [ 339.491159][ T5904] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 339.571679][ T5904] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 340.016323][T20136] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0' [ 341.768660][T20231] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6880'. [ 342.017378][T20246] netlink: 100 bytes leftover after parsing attributes in process `syz.0.6887'. [ 342.172541][T20253] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6889'. [ 342.263763][T20256] netlink: 32 bytes leftover after parsing attributes in process `syz.4.6891'. [ 342.436075][T20265] tipc: Started in network mode [ 342.441539][T20265] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 342.450747][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 342.459500][T20265] tipc: Enabling of bearer rejected, failed to enable media [ 343.648213][T20335] sctp: [Deprecated]: syz.3.6929 (pid 20335) Use of int in maxseg socket option. [ 343.648213][T20335] Use struct sctp_assoc_value instead [ 343.892201][ T50] Bluetooth: hci4: command 0x0406 tx timeout [ 345.204385][ T1331] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 345.216575][T20430] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 345.241039][ T1331] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 345.275702][ T1331] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 345.295890][ T1331] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 345.885714][T20469] netlink: 'syz.3.6994': attribute type 2 has an invalid length. [ 346.367794][T20498] netlink: 256 bytes leftover after parsing attributes in process `syz.0.7007'. [ 346.408674][T20500] bridge0: port 2(bridge_slave_1) entered blocking state [ 346.415915][T20500] bridge0: port 2(bridge_slave_1) entered forwarding state [ 346.783080][T20521] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 347.181265][T20543] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7028'. [ 347.615470][T20564] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7037'. [ 348.114576][T20594] netlink: 'syz.4.7052': attribute type 3 has an invalid length. [ 348.207849][T20589] "syz.2.7051" (20589) uses obsolete ecb(arc4) skcipher [ 348.494079][T20618] netlink: 'syz.2.7063': attribute type 1 has an invalid length. [ 348.502113][T20618] netlink: 'syz.2.7063': attribute type 1 has an invalid length. [ 349.044987][T20636] netlink: 32 bytes leftover after parsing attributes in process `syz.2.7071'. [ 349.066753][T20636] netlink: 32 bytes leftover after parsing attributes in process `syz.2.7071'. [ 349.229684][T20648] atomic_op ffff88807f035998 conn xmit_atomic 0000000000000000 [ 349.408676][T20656] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7080'. [ 349.459757][T20660] vlan2: entered allmulticast mode [ 349.484360][T20660] bond0: entered allmulticast mode [ 349.516214][T20660] bond_slave_0: entered allmulticast mode [ 349.529256][T20660] bond_slave_1: entered allmulticast mode [ 349.611565][T20667] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7087'. [ 349.644453][T20668] tipc: Enabled bearer , priority 24 [ 349.890596][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 350.316200][T20708] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 350.762922][ T5904] tipc: Node number set to 1 [ 351.166124][T20747] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7125'. [ 351.182200][T20747] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7125'. [ 351.284372][T20752] netlink: 'syz.3.7127': attribute type 58 has an invalid length. [ 351.296806][T20752] netlink: 20 bytes leftover after parsing attributes in process `syz.3.7127'. [ 351.964719][T20780] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7140'. [ 352.332101][T20805] __nla_validate_parse: 1 callbacks suppressed [ 352.332121][T20805] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.7153'. [ 352.470775][T20812] netlink: 44 bytes leftover after parsing attributes in process `syz.4.7158'. [ 352.499762][T20812] netlink: 43 bytes leftover after parsing attributes in process `syz.4.7158'. [ 352.519931][T20812] netlink: 'syz.4.7158': attribute type 5 has an invalid length. [ 352.528287][T20812] netlink: 43 bytes leftover after parsing attributes in process `syz.4.7158'. [ 352.846088][T20833] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7166'. [ 353.067855][T20847] nbd: socks must be embedded in a SOCK_ITEM attr [ 353.568659][T20877] veth1_macvtap: left promiscuous mode [ 353.586636][T20877] macsec0: entered promiscuous mode [ 353.597448][T20877] macsec0: entered allmulticast mode [ 353.626502][T20877] veth1_macvtap: entered promiscuous mode [ 353.643316][T20877] veth1_macvtap: entered allmulticast mode [ 353.660330][T20877] macsec0: left promiscuous mode [ 353.679446][T20877] macsec0: left allmulticast mode [ 353.692459][T20877] veth1_macvtap: left allmulticast mode [ 353.794906][T20887] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7195'. [ 354.888876][T20952] netlink: 'syz.0.7227': attribute type 4 has an invalid length. [ 355.159061][T20970] netlink: 11562 bytes leftover after parsing attributes in process `syz.2.7235'. [ 355.266793][T20974] netlink: 88 bytes leftover after parsing attributes in process `syz.3.7237'. [ 355.298848][T20974] netem: invalid attributes len -24 [ 355.314448][T20974] netem: change failed [ 355.786584][T20998] nbd0: detected capacity change from 0 to 127 [ 355.804998][ T5826] block nbd0: Receive control failed (result -32) [ 355.828657][ T5818] block nbd0: Dead connection, failed to find a fallback [ 355.867261][ T5818] block nbd0: shutting down sockets [ 355.874735][ T5818] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 355.887108][ T5818] Buffer I/O error on dev nbd0, logical block 0, async page read [ 355.895647][ T5818] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 355.908370][ T5818] Buffer I/O error on dev nbd0, logical block 1, async page read [ 355.933255][ T5818] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 355.950765][ T5818] Buffer I/O error on dev nbd0, logical block 2, async page read [ 355.970185][ T5818] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 356.005747][ T5818] Buffer I/O error on dev nbd0, logical block 3, async page read [ 356.033461][ T5818] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 356.058148][ T5818] Buffer I/O error on dev nbd0, logical block 0, async page read [ 356.093427][ T5818] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 356.114743][ T5818] Buffer I/O error on dev nbd0, logical block 1, async page read [ 356.136654][ T5818] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 356.176907][ T5818] Buffer I/O error on dev nbd0, logical block 2, async page read [ 356.200276][ T5818] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 356.215646][ T5818] Buffer I/O error on dev nbd0, logical block 3, async page read [ 356.224830][ T5818] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 356.252721][ T5818] Buffer I/O error on dev nbd0, logical block 0, async page read [ 356.280385][ T5818] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 356.316506][ T5818] Buffer I/O error on dev nbd0, logical block 1, async page read [ 356.344686][ T5818] ldm_validate_partition_table(): Disk read failed. [ 356.397396][ T5818] Dev nbd0: unable to read RDB block 0 [ 356.408511][ T5818] nbd0: unable to read partition table [ 356.449515][T21032] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7263'. [ 356.480842][ T5818] ldm_validate_partition_table(): Disk read failed. [ 356.510001][ T5818] Dev nbd0: unable to read RDB block 0 [ 356.535090][ T5818] nbd0: unable to read partition table [ 357.059192][T21055] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7274'. [ 358.299916][T21127] netlink: 'syz.4.7307': attribute type 4 has an invalid length. [ 358.329075][T21127] __nla_validate_parse: 1 callbacks suppressed [ 358.329093][T21127] netlink: 17 bytes leftover after parsing attributes in process `syz.4.7307'. [ 358.408865][T21127] netlink: 14601 bytes leftover after parsing attributes in process `syz.4.7307'. [ 358.884336][T21145] netlink: 248 bytes leftover after parsing attributes in process `syz.0.7315'. [ 359.259262][T21164] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7323'. [ 359.307027][T21164] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7323'. [ 359.455914][T21174] netlink: 16 bytes leftover after parsing attributes in process `syz.0.7327'. [ 359.544026][T21177] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7329'. [ 359.574920][T21177] hsr_slave_0: left promiscuous mode [ 359.597154][T21177] hsr_slave_1: left promiscuous mode [ 360.233515][T21208] netlink: 'syz.2.7343': attribute type 10 has an invalid length. [ 360.284449][T21208] tipc: Resetting bearer [ 360.373729][T21208] veth0_vlan: left promiscuous mode [ 360.399861][T21208] veth0_vlan: entered promiscuous mode [ 360.423775][T21208] team0: Device veth0_vlan failed to register rx_handler [ 360.448074][T21208] tipc: Resetting bearer [ 361.170132][T21259] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7367'. [ 361.203074][T21259] netlink: 60 bytes leftover after parsing attributes in process `syz.0.7367'. [ 361.237860][T21259] netlink: 16 bytes leftover after parsing attributes in process `syz.0.7367'. [ 361.829679][T21295] bond0: entered promiscuous mode [ 361.836029][T21295] bond_slave_0: entered promiscuous mode [ 361.844434][T21295] bond_slave_1: entered promiscuous mode [ 361.853684][T21295] bond0: left promiscuous mode [ 361.858707][T21295] bond_slave_0: left promiscuous mode [ 361.865024][T21295] bond_slave_1: left promiscuous mode [ 361.924934][T21304] netlink: 'syz.3.7389': attribute type 28 has an invalid length. [ 361.936403][T21304] netlink: 'syz.3.7389': attribute type 3 has an invalid length. [ 362.225573][T21318] netlink: 'syz.2.7396': attribute type 1 has an invalid length. [ 362.261663][T21318] netlink: 'syz.2.7396': attribute type 7 has an invalid length. [ 362.295602][T21318] netlink: 'syz.2.7396': attribute type 8 has an invalid length. [ 362.330678][T21318] NCSI netlink: No device for ifindex 65584 [ 362.387422][T21329] netlink: 'syz.1.7401': attribute type 2 has an invalid length. [ 362.708787][T21346] ipvlan2: entered allmulticast mode [ 362.723502][T21346] syz_tun: entered allmulticast mode [ 363.621169][T21403] __nla_validate_parse: 6 callbacks suppressed [ 363.621190][T21403] netlink: 64 bytes leftover after parsing attributes in process `syz.0.7435'. [ 363.798921][T21413] netlink: 'syz.0.7439': attribute type 83 has an invalid length. [ 363.848466][T21417] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7442'. [ 364.037018][T21427] netlink: 27 bytes leftover after parsing attributes in process `syz.3.7447'. [ 364.372114][T21445] vcan0: tx address claim with dest, not broadcast [ 364.866290][T21474] sctp: [Deprecated]: syz.2.7470 (pid 21474) Use of struct sctp_assoc_value in delayed_ack socket option. [ 364.866290][T21474] Use struct sctp_sack_info instead [ 365.250715][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 365.593083][T21514] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7489'. [ 365.619972][T21514] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7489'. [ 365.674179][T21521] sctp: [Deprecated]: syz.2.7493 (pid 21521) Use of struct sctp_assoc_value in delayed_ack socket option. [ 365.674179][T21521] Use struct sctp_sack_info instead [ 365.753498][T21525] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7494'. [ 365.783541][T21525] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7494'. [ 366.748113][T21585] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7522'. [ 366.775928][T21585] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7522'. [ 366.919149][T21592] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7525'. [ 367.123966][T21603] netlink: 'syz.4.7535': attribute type 1 has an invalid length. [ 367.132512][T21603] netlink: 'syz.4.7535': attribute type 1 has an invalid length. [ 367.140307][T21603] netlink: 'syz.4.7535': attribute type 8 has an invalid length. [ 368.069435][T21659] vlan1: entered allmulticast mode [ 368.088933][T21659] mac80211_hwsim hwsim3 wlan0: entered allmulticast mode [ 368.894874][T21706] __nla_validate_parse: 5 callbacks suppressed [ 368.894897][T21706] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7578'. [ 370.020371][T21765] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7606'. [ 370.061657][T21770] tipc: New replicast peer: 255.255.255.255 [ 370.068329][T21770] tipc: Enabled bearer , priority 10 [ 371.155895][T21836] smc: ib device syz2 ibport 1 erased user defined pnetid SYZ1 [ 371.181108][ T794] tipc: Node number set to 3439591424 [ 371.425724][T21850] netlink: 168 bytes leftover after parsing attributes in process `syz.0.7646'. [ 371.962107][T21881] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7662'. [ 372.802103][T21926] block nbd2: not configured, cannot reconfigure [ 372.869037][T21929] netlink: 64 bytes leftover after parsing attributes in process `syz.0.7684'. [ 373.362703][T21957] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7698'. [ 373.375952][T21957] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7698'. [ 374.182197][T22008] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7722'. [ 374.253287][T22014] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7725'. [ 374.357911][T22018] xt_hashlimit: size too large, truncated to 1048576 [ 374.442378][T22024] –: renamed from vxcan1 [ 374.850315][T22042] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7738'. [ 375.037613][T22042] macvtap1: entered promiscuous mode [ 375.049638][T22042] vlan0: entered promiscuous mode [ 375.058149][T22042] macvtap1: entered allmulticast mode [ 375.064810][T22042] vlan0: entered allmulticast mode [ 375.071735][T22042] veth0_vlan: entered allmulticast mode [ 375.225240][T22060] netlink: 'syz.2.7746': attribute type 8 has an invalid length. [ 376.260225][T22124] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7776'. [ 376.282119][T22126] IPv6: Can't replace route, no match found [ 376.298881][T22126] IPv6: Can't replace route, no match found [ 376.659719][T22146] netlink: 220 bytes leftover after parsing attributes in process `syz.2.7787'. [ 376.707042][T22150] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7789'. [ 377.503504][T22196] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.7811'. [ 377.554716][T22198] block nbd1: Unsupported socket: should be TCP or UNIX. [ 377.977546][T22223] netlink: 112 bytes leftover after parsing attributes in process `syz.1.7823'. [ 377.988557][T22224] netlink: 20 bytes leftover after parsing attributes in process `syz.3.7824'. [ 378.725109][T22249] netlink: 'syz.0.7837': attribute type 1 has an invalid length. [ 378.741760][T22249] netlink: 96 bytes leftover after parsing attributes in process `syz.0.7837'. [ 378.759139][T22249] netlink: 'syz.0.7837': attribute type 1 has an invalid length. [ 378.784788][T22249] netlink: 'syz.0.7837': attribute type 8 has an invalid length. [ 378.949462][T22261] veth0: entered promiscuous mode [ 378.972233][T22260] veth0: left promiscuous mode [ 379.378053][T22288] tipc: Started in network mode [ 379.391309][T22288] tipc: Node identity ac14140f, cluster identity 5 [ 379.411463][T22288] tipc: New replicast peer: 255.255.255.255 [ 379.463793][T22288] tipc: Enabled bearer , priority 10 [ 379.531107][T22298] __nla_validate_parse: 3 callbacks suppressed [ 379.531126][T22298] netlink: 16 bytes leftover after parsing attributes in process `syz.0.7857'. [ 379.598131][T22300] tap0: tun_chr_ioctl cmd 1074025676 [ 379.627258][T22300] tap0: owner set to 0 [ 380.560585][ T794] tipc: Node number set to 2886997007 [ 381.518020][T22389] netlink: 36 bytes leftover after parsing attributes in process `syz.1.7899'. [ 381.770272][T22403] netlink: 'syz.2.7906': attribute type 4 has an invalid length. [ 381.997151][T22418] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7912'. [ 382.035871][T22418] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7912'. [ 382.689196][T22461] netlink: 'syz.1.7932': attribute type 83 has an invalid length. [ 382.979254][T22477] netlink: 'syz.3.7942': attribute type 1 has an invalid length. [ 382.997925][T22477] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7942'. [ 383.290981][T22495] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7947'. [ 383.347234][T22495] hsr0: entered promiscuous mode [ 383.358115][T22495] macvlan2: entered allmulticast mode [ 383.382121][T22495] hsr0: entered allmulticast mode [ 383.402268][T22495] hsr_slave_0: entered allmulticast mode [ 383.420844][T22495] hsr_slave_1: entered allmulticast mode [ 383.447334][T22506] netlink: 1044 bytes leftover after parsing attributes in process `syz.0.7952'. [ 383.594075][T22509] netlink: 'syz.3.7953': attribute type 1 has an invalid length. [ 383.627185][T22509] netlink: 'syz.3.7953': attribute type 2 has an invalid length. [ 383.660577][T22509] netlink: 'syz.3.7953': attribute type 1 has an invalid length. [ 383.680597][T22509] netlink: 'syz.3.7953': attribute type 3 has an invalid length. [ 383.698419][T22509] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7953'. [ 384.670282][T22568] netlink: 'syz.3.7982': attribute type 3 has an invalid length. [ 384.729274][T22572] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7981'. [ 385.039639][T22582] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 385.064982][T22582] syzkaller1: linktype set to 823 [ 385.070308][T22584] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7989'. [ 385.089175][T22584] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7989'. [ 385.413260][T22605] sch_tbf: peakrate 5 is lower than or equals to rate 16783679728848008391 ! [ 385.583209][T22613] netlink: 88 bytes leftover after parsing attributes in process `syz.2.8003'. [ 386.225467][T22658] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8023'. [ 386.495093][T22673] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8031'. [ 386.542097][T22677] tap0: tun_chr_ioctl cmd 1074025672 [ 386.547432][T22677] tap0: ignored: set checksum disabled [ 386.607008][T22680] netlink: 'syz.3.8034': attribute type 5 has an invalid length. [ 386.928493][T22696] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8043'. [ 387.401772][T22723] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8055'. [ 387.458223][T22727] IPv6: NLM_F_CREATE should be specified when creating new route [ 388.155694][T22771] netlink: 40 bytes leftover after parsing attributes in process `syz.0.8079'. [ 388.873514][T22814] netlink: 'syz.3.8100': attribute type 1 has an invalid length. [ 388.897137][T22814] netlink: 'syz.3.8100': attribute type 2 has an invalid length. [ 388.924867][T22814] netlink: 'syz.3.8100': attribute type 1 has an invalid length. [ 388.960659][T22814] netlink: 'syz.3.8100': attribute type 3 has an invalid length. [ 388.986436][T22814] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8100'. [ 390.672721][T22917] netlink: 'syz.0.8147': attribute type 4 has an invalid length. [ 391.526201][T22959] netlink: 'syz.3.8169': attribute type 1 has an invalid length. [ 391.545649][T22959] netlink: 96 bytes leftover after parsing attributes in process `syz.3.8169'. [ 391.580594][T22959] netlink: 1 bytes leftover after parsing attributes in process `syz.3.8169'. [ 391.595881][T22959] netlink: 'syz.3.8169': attribute type 1 has an invalid length. [ 391.604922][T22959] netlink: 'syz.3.8169': attribute type 8 has an invalid length. [ 391.628954][T22959] netlink: 582 bytes leftover after parsing attributes in process `syz.3.8169'. [ 392.007105][T22989] netlink: 16 bytes leftover after parsing attributes in process `syz.0.8182'. [ 392.348632][T23005] tipc: Enabling of bearer rejected, already enabled [ 392.366558][T23005] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8190'. [ 392.755734][T23027] macvtap1: entered allmulticast mode [ 392.770756][T23027] veth0_macvtap: entered allmulticast mode [ 393.236753][T23058] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8217'. [ 393.853887][T23097] netlink: 36 bytes leftover after parsing attributes in process `syz.0.8231'. [ 394.158976][T23116] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8239'. [ 394.180593][T23116] netlink: 176 bytes leftover after parsing attributes in process `syz.2.8239'. [ 394.207573][T23116] netlink: 24 bytes leftover after parsing attributes in process `syz.2.8239'. [ 395.650010][T23206] tipc: Enabling of bearer rejected, already enabled [ 395.795652][T23214] netlink: 'syz.0.8283': attribute type 21 has an invalid length. [ 395.804228][T23214] netlink: 'syz.0.8283': attribute type 4 has an invalid length. [ 395.813134][T23214] netlink: 'syz.0.8283': attribute type 5 has an invalid length. [ 395.830837][T23214] netlink: 'syz.0.8283': attribute type 21 has an invalid length. [ 395.842568][T23214] netlink: 'syz.0.8283': attribute type 4 has an invalid length. [ 395.859726][T23214] netlink: 'syz.0.8283': attribute type 5 has an invalid length. [ 395.970575][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 396.448674][T23244] ip6gre0: Master is either lo or non-ether device [ 396.681959][T23256] netlink: 'syz.0.8305': attribute type 21 has an invalid length. [ 396.724112][T23256] __nla_validate_parse: 8 callbacks suppressed [ 396.724132][T23256] netlink: 152 bytes leftover after parsing attributes in process `syz.0.8305'. [ 396.954982][T23269] netlink: 'syz.1.8312': attribute type 8 has an invalid length. [ 396.999498][T23269] sch_fq: defrate 0 ignored. [ 397.067112][T23279] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8314'. [ 397.190017][T23281] veth1_macvtap: left promiscuous mode [ 398.018594][T23332] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8340'. [ 398.029315][T23332] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8340'. [ 398.764683][T23362] netlink: 'syz.0.8354': attribute type 83 has an invalid length. [ 398.858254][T23367] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8357'. [ 398.906359][T23370] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8359'. [ 399.709568][T23423] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 399.746533][T23423] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 400.033306][T23437] netem: incorrect gi model size [ 400.056422][T23437] netem: change failed [ 400.243500][T23451] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8394'. [ 400.339594][T23457] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8396'. [ 400.370806][T23457] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8396'. [ 400.403596][T23457] netlink: 2 bytes leftover after parsing attributes in process `syz.1.8396'. [ 401.780526][T23531] __nla_validate_parse: 9 callbacks suppressed [ 401.780547][T23531] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8431'. [ 401.911399][T23537] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8435'. [ 402.003810][T23539] bond0: entered promiscuous mode [ 402.016960][T23539] bond_slave_0: entered promiscuous mode [ 402.023775][T23539] bond_slave_1: entered promiscuous mode [ 402.033983][T23539] batadv0: entered promiscuous mode [ 402.049007][T23539] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network [ 402.060361][T23543] netlink: 232 bytes leftover after parsing attributes in process `syz.0.8438'. [ 402.071407][T23539] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 402.081357][T23539] bond0: left promiscuous mode [ 402.086235][T23539] bond_slave_0: left promiscuous mode [ 402.100835][T23539] bond_slave_1: left promiscuous mode [ 402.116606][T23539] batadv0: left promiscuous mode [ 402.363868][T23555] block nbd1: Unsupported socket: should be TCP or UNIX. [ 402.399460][T23557] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8446'. [ 402.434667][T23559] sctp: [Deprecated]: syz.3.8445 (pid 23559) Use of int in max_burst socket option deprecated. [ 402.434667][T23559] Use struct sctp_assoc_value instead [ 402.596027][T23568] netlink: 190972 bytes leftover after parsing attributes in process `syz.3.8450'. [ 403.089121][T23597] netlink: 'syz.4.8461': attribute type 83 has an invalid length. [ 403.216078][T23609] netlink: 'syz.1.8467': attribute type 2 has an invalid length. [ 403.242657][T23609] netlink: 100 bytes leftover after parsing attributes in process `syz.1.8467'. [ 403.245776][T23612] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8468'. [ 403.307625][T23614] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8469'. [ 403.413133][T23618] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8472'. [ 403.472462][T23620] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8471'. [ 404.180759][T23663] veth0: entered promiscuous mode [ 404.189921][T23663] veth0: left promiscuous mode [ 404.942071][T23703] ip6erspan1: entered allmulticast mode [ 405.732886][T23757] openvswitch: netlink: Port 167772160 exceeds max allowable 65535 [ 406.579508][T23808] netlink: zone id is out of range [ 406.595736][T23808] netlink: zone id is out of range [ 406.722151][T23802] netlink: set zone limit has 4 unknown bytes [ 406.995088][T23823] netlink: 'syz.4.8570': attribute type 83 has an invalid length. [ 407.100418][T23827] bridge0: port 2(bridge_slave_1) entered disabled state [ 407.797179][T23860] __nla_validate_parse: 9 callbacks suppressed [ 407.797199][T23860] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8587'. [ 407.861514][T23860] netlink: 24 bytes leftover after parsing attributes in process `syz.2.8587'. [ 408.240633][T23884] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8599'. [ 408.250029][T23884] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8599'. [ 408.261269][T23883] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8597'. [ 408.281134][T23883] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8597'. [ 408.384734][T23889] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.8600'. [ 409.730290][T23965] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8634'. [ 410.572948][T24014] netlink: 766 bytes leftover after parsing attributes in process `syz.0.8658'. [ 410.602351][T24016] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check. [ 410.909930][T24033] netlink: 'syz.2.8668': attribute type 10 has an invalid length. [ 410.940206][T24033] team0: Port device dummy0 added [ 412.297601][T24114] netlink: 207952 bytes leftover after parsing attributes in process `syz.2.8704'. [ 412.812924][T24141] syz.3.8715: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 412.874272][T24141] CPU: 1 UID: 0 PID: 24141 Comm: syz.3.8715 Not tainted syzkaller #0 PREEMPT(full) [ 412.874326][T24141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 412.874358][T24141] Call Trace: [ 412.874366][T24141] [ 412.874375][T24141] dump_stack_lvl+0xe8/0x150 [ 412.874409][T24141] warn_alloc+0x249/0x340 [ 412.874440][T24141] ? stack_trace_save+0xa9/0x100 [ 412.874467][T24141] ? __pfx_warn_alloc+0x10/0x10 [ 412.874509][T24141] ? kasan_save_track+0x4f/0x80 [ 412.874535][T24141] ? kasan_save_track+0x3e/0x80 [ 412.874557][T24141] ? __kasan_kmalloc+0x93/0xb0 [ 412.874573][T24141] ? __kmalloc_cache_noprof+0x31c/0x660 [ 412.874598][T24141] ? xskq_create+0x56/0x170 [ 412.874617][T24141] ? xsk_setsockopt+0x54c/0x990 [ 412.874635][T24141] ? do_sock_setsockopt+0x17c/0x1b0 [ 412.874663][T24141] ? __x64_sys_setsockopt+0x13d/0x1b0 [ 412.874690][T24141] ? do_syscall_64+0x15f/0xf80 [ 412.874720][T24141] __vmalloc_node_range_noprof+0x132/0x1730 [ 412.874785][T24141] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 412.874823][T24141] ? __kasan_kmalloc+0x93/0xb0 [ 412.874849][T24141] vmalloc_user_noprof+0xad/0xe0 [ 412.874879][T24141] ? xskq_create+0xbf/0x170 [ 412.874901][T24141] xskq_create+0xbf/0x170 [ 412.874926][T24141] xsk_init_queue+0x8a/0xe0 [ 412.874950][T24141] xsk_setsockopt+0x54c/0x990 [ 412.874973][T24141] ? __pfx_xsk_setsockopt+0x10/0x10 [ 412.874993][T24141] ? __pfx_aa_sk_perm+0x10/0x10 [ 412.875025][T24141] ? aa_sock_opt_perm+0xff/0x1a0 [ 412.875056][T24141] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 412.875086][T24141] ? __pfx_xsk_setsockopt+0x10/0x10 [ 412.875108][T24141] do_sock_setsockopt+0x17c/0x1b0 [ 412.875141][T24141] __x64_sys_setsockopt+0x13d/0x1b0 [ 412.875173][T24141] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.875196][T24141] do_syscall_64+0x15f/0xf80 [ 412.875219][T24141] ? trace_irq_disable+0x3b/0x140 [ 412.875241][T24141] ? clear_bhb_loop+0x40/0x90 [ 412.875265][T24141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.875291][T24141] RIP: 0033:0x7f2c07b9c819 [ 412.875312][T24141] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 412.875330][T24141] RSP: 002b:00007f2c0898e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 412.875353][T24141] RAX: ffffffffffffffda RBX: 00007f2c07e15fa0 RCX: 00007f2c07b9c819 [ 412.875369][T24141] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 412.875382][T24141] RBP: 00007f2c07c32c91 R08: 0000000000000004 R09: 0000000000000000 [ 412.875395][T24141] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 412.875409][T24141] R13: 00007f2c07e16038 R14: 00007f2c07e15fa0 R15: 00007ffe6e23ca28 [ 412.875443][T24141] [ 412.875455][T24141] Mem-Info: [ 413.007695][T24152] netlink: 156 bytes leftover after parsing attributes in process `syz.4.8718'. [ 413.057639][T24141] active_anon:5965 inactive_anon:5 isolated_anon:0 [ 413.057639][T24141] active_file:2821 inactive_file:40416 isolated_file:0 [ 413.057639][T24141] unevictable:768 dirty:193 writeback:0 [ 413.057639][T24141] slab_reclaimable:10952 slab_unreclaimable:105181 [ 413.057639][T24141] mapped:29311 shmem:1357 pagetables:1284 [ 413.057639][T24141] sec_pagetables:0 bounce:0 [ 413.057639][T24141] kernel_misc_reclaimable:0 [ 413.057639][T24141] free:1312644 free_pcp:12818 free_cma:0 [ 413.256320][T24141] Node 0 active_anon:23852kB inactive_anon:20kB active_file:11284kB inactive_file:161460kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:117388kB dirty:836kB writeback:0kB shmem:3888kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12144kB pagetables:4856kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 413.288779][T24141] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 413.319014][T24141] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 413.351126][T24141] lowmem_reserve[]: 0 2491 2492 2492 2492 [ 413.356993][T24141] Node 0 DMA32 free:1291336kB boost:0kB min:34184kB low:42728kB high:51272kB reserved_highatomic:0KB free_highatomic:0KB active_anon:23752kB inactive_anon:20kB active_file:11284kB inactive_file:161460kB unevictable:1536kB writepending:836kB zspages:0kB present:3129332kB managed:2551528kB mlocked:0kB bounce:0kB free_pcp:49432kB local_pcp:21016kB free_cma:0kB [ 413.391467][T24141] lowmem_reserve[]: 0 0 0 0 0 [ 413.428173][T24141] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:612kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB [ 413.485325][T24165] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.8726'. [ 413.502818][T24141] lowmem_reserve[]: 0 0 0 0 0 [ 413.525695][T24141] Node 1 Normal free:3946536kB boost:0kB min:55708kB low:69632kB high:83556kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 413.588697][T24141] lowmem_reserve[]: 0 0 0 0 0 [ 413.595775][T24141] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 413.609500][T24141] Node 0 DMA32: 5009*4kB (UM) 3121*8kB (UME) 1602*16kB (UME) 167*32kB (UME) 50*64kB (UM) 139*128kB (UME) 226*256kB (UE) 148*512kB (UME) 102*1024kB (UME) 51*2048kB (UME) 208*4096kB (UM) = 1291468kB [ 413.659470][T24141] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 413.714895][T24141] Node 1 Normal: 2*4kB (UM) 6*8kB (UM) 7*16kB (UM) 8*32kB (UM) 6*64kB (UM) 6*128kB (UM) 4*256kB (UM) 5*512kB (UM) 3*1024kB (UM) 1*2048kB (U) 961*4096kB (UM) = 3946536kB [ 413.766685][T24141] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 413.780726][T24141] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 413.792540][T24141] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 413.806672][T24141] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 413.823019][T24181] netlink: 104 bytes leftover after parsing attributes in process `syz.1.8732'. [ 413.835268][T24141] 44589 total pagecache pages [ 413.863885][T24141] 0 pages in swap cache [ 413.875695][T24141] Free swap = 124996kB [ 413.888171][T24141] Total swap = 124996kB [ 413.915406][T24141] 2097051 pages RAM [ 413.929246][T24141] 0 pages HighMem/MovableOnly [ 413.943393][T24141] 427401 pages reserved [ 413.958485][T24141] 0 pages cma reserved [ 414.080042][T24191] tipc: Enabling of bearer rejected, already enabled [ 414.116135][T24193] netlink: 212348 bytes leftover after parsing attributes in process `syz.4.8737'. [ 414.443108][T24212] gretap0: left allmulticast mode [ 414.457611][T24212] gretap0: left promiscuous mode [ 414.479020][T24212] bridge0: port 3(gretap0) entered disabled state [ 414.514045][T24212] ¾x9ÿ: left allmulticast mode [ 414.519921][T24212] ¾x9ÿ: left promiscuous mode [ 414.526666][T24212] bridge0: port 1(0¾x9ÿ) entered disabled state [ 414.547431][T24212] bridge_slave_1: left allmulticast mode [ 414.557089][T24212] bridge_slave_1: left promiscuous mode [ 414.566610][T24212] bridge0: port 2(bridge_slave_1) entered disabled state [ 414.581434][T24212] bond0: (slave bond_slave_0): Releasing backup interface [ 414.608402][T24212] bond0: (slave bond_slave_1): Releasing backup interface [ 414.636667][T24212] team0: Port device team_slave_0 removed [ 414.659911][T24212] team0: Port device team_slave_1 removed [ 414.682463][T24212] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 414.710944][T24212] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 414.722243][T24212] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 414.729746][T24212] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 414.743127][T24212] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 415.018428][T24237] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 415.083298][T24239] block nbd4: NBD_DISCONNECT [ 415.241716][T24244] netlink: 207952 bytes leftover after parsing attributes in process `syz.4.8757'. [ 415.645369][T24267] syzkaller1: entered promiscuous mode [ 415.660843][T24267] syzkaller1: entered allmulticast mode [ 415.878012][T24281] xt_hashlimit: size too large, truncated to 1048576 [ 415.905885][T24284] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 415.916547][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 416.315044][T24306] sctp: [Deprecated]: syz.0.8786 (pid 24306) Use of struct sctp_assoc_value in delayed_ack socket option. [ 416.315044][T24306] Use struct sctp_sack_info instead [ 416.400006][T24309] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8788'. [ 416.436872][T24309] netlink: 'syz.2.8788': attribute type 7 has an invalid length. [ 416.445202][T24309] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8788'. [ 416.663753][T24327] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8795'. [ 416.815361][T24332] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8797'. [ 416.844631][T24332] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8797'. [ 417.107210][T24345] bond0: ARP target 8.4.0.0 is already present [ 417.128693][T24345] bond0: option arp_ip_target: invalid value (1032) [ 417.618281][T24374] smc: removing net device team0 with user defined pnetid SYZ2 [ 417.645897][T24374] team0 (unregistering): Port device team_slave_0 removed [ 417.660499][T24374] team0 (unregistering): Port device team_slave_1 removed [ 417.676239][T24374] team0 (unregistering): Port device dummy0 removed [ 417.703946][T24380] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 40 [ 417.850116][T24385] netlink: 'syz.0.8822': attribute type 1 has an invalid length. [ 418.252605][T24406] __nla_validate_parse: 4 callbacks suppressed [ 418.252626][T24406] netlink: 14560 bytes leftover after parsing attributes in process `syz.0.8831'. [ 419.430075][T24463] pim6reg1: entered promiscuous mode [ 419.441534][T24463] pim6reg1: entered allmulticast mode [ 419.650632][ T50] Bluetooth: hci4: command 0x0406 tx timeout [ 419.896196][T24491] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8876'. [ 419.906447][T24495] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.8877'. [ 420.042906][T24499] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8879'. [ 420.094338][T24507] netlink: 7 bytes leftover after parsing attributes in process `syz.2.8882'. [ 420.286709][T24509] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8879'. [ 420.342566][T24509] nbd: device at index 64 is going down [ 420.410223][T24523] netlink: 212324 bytes leftover after parsing attributes in process `syz.2.8888'. [ 420.588350][T24533] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8892'. [ 420.716034][ T5818] udevd[5818]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 420.928640][T24544] syzkaller1: entered promiscuous mode [ 420.947764][T24544] syzkaller1: entered allmulticast mode [ 422.022356][T24613] veth0: entered promiscuous mode [ 422.041414][T24611] veth0: left promiscuous mode [ 422.447496][T24636] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8936'. [ 422.462327][T24636] netlink: 'syz.4.8936': attribute type 1 has an invalid length. [ 422.471871][T24636] netlink: 'syz.4.8936': attribute type 2 has an invalid length. [ 423.253121][T24674] netlink: 'syz.3.8953': attribute type 11 has an invalid length. [ 423.362546][T24677] syzkaller1: entered promiscuous mode [ 423.378065][T24677] syzkaller1: entered allmulticast mode [ 423.408265][T24677] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 324 [ 423.683509][T24696] syzkaller1: entered promiscuous mode [ 423.693367][T24696] syzkaller1: entered allmulticast mode [ 423.702567][T24698] netlink: 'syz.0.8963': attribute type 4 has an invalid length. [ 423.835475][ T5986] lo speed is unknown, defaulting to 1000 [ 424.941890][T24751] syzkaller1: entered promiscuous mode [ 424.972998][T24751] syzkaller1: entered allmulticast mode [ 425.186254][T24763] syzkaller1: entered promiscuous mode [ 425.217966][T24763] syzkaller1: entered allmulticast mode [ 425.415879][T24779] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 425.616328][T24793] macvlan0: entered promiscuous mode [ 426.010159][T24818] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9015'. [ 426.060084][T24820] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 426.075291][T24820] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 426.557122][T24842] syzkaller1: entered promiscuous mode [ 426.583026][T24842] syzkaller1: entered allmulticast mode [ 427.118756][ T29] audit: type=1800 audit(1776280975.594:3): pid=24872 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.9036" name="memory.events" dev="tmpfs" ino=8798 res=0 errno=0 [ 427.627576][T24910] syzkaller1: entered promiscuous mode [ 427.641112][T24910] syzkaller1: entered allmulticast mode [ 428.576888][ T5904] IPVS: starting estimator thread 0... [ 428.576915][T24962] netlink: 28 bytes leftover after parsing attributes in process `syz.0.9073'. [ 428.587282][T24956] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 428.599378][T24962] netlink: 28 bytes leftover after parsing attributes in process `syz.0.9073'. [ 428.609916][T24959] netlink: 'syz.3.9072': attribute type 1 has an invalid length. [ 428.668377][T24962] erspan0: entered promiscuous mode [ 428.691595][T24962] gretap0: entered promiscuous mode [ 428.711040][T24963] IPVS: using max 39 ests per chain, 93600 per kthread [ 428.982467][T24982] netlink: 27 bytes leftover after parsing attributes in process `syz.3.9082'. [ 429.147091][T24991] vcan0: tx address claim with different name [ 429.207687][T24995] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9088'. [ 429.388743][T24999] syzkaller1: entered promiscuous mode [ 429.394728][T24999] syzkaller1: entered allmulticast mode [ 429.750146][T25023] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9101'. [ 429.844089][T25029] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9104'. [ 429.883484][T25029] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9104'. [ 429.915274][T25034] Bluetooth: hci1: expected 19 bytes, got 2 bytes [ 430.601204][T25070] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9124'. [ 430.733211][T25076] netlink: 16215 bytes leftover after parsing attributes in process `syz.1.9127'. [ 430.898870][T25084] netlink: 'syz.1.9130': attribute type 1 has an invalid length. [ 431.154839][T25101] __nla_validate_parse: 1 callbacks suppressed [ 431.154860][T25101] netlink: 27 bytes leftover after parsing attributes in process `syz.0.9137'. [ 431.320125][T25112] macvlan0: entered promiscuous mode [ 431.506081][T25116] macvtap1: entered promiscuous mode [ 431.531483][T25116] macvtap1: entered allmulticast mode [ 431.553640][T25116] veth1_vlan: entered allmulticast mode [ 431.609205][T25122] macvtap2: entered promiscuous mode [ 431.628239][T25122] macvtap2: entered allmulticast mode [ 431.807260][T25143] netlink: 16 bytes leftover after parsing attributes in process `syz.2.9154'. [ 432.676980][T25186] syzkaller1: entered promiscuous mode [ 432.704919][T25186] syzkaller1: entered allmulticast mode [ 432.749350][T25190] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9176'. [ 433.061456][T25204] sctp: [Deprecated]: syz.1.9181 (pid 25204) Use of int in max_burst socket option deprecated. [ 433.061456][T25204] Use struct sctp_assoc_value instead [ 434.133975][T25248] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9200'. [ 434.143983][T25248] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9200'. [ 434.173402][T25252] macvlan0: left promiscuous mode [ 434.188793][T25252] netlink: 'syz.2.9201': attribute type 2 has an invalid length. [ 434.903858][T25296] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.9223'. [ 435.499675][T25333] geneve2: entered promiscuous mode [ 435.516161][ T1075] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 57258 - 0 [ 435.527378][ T1075] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 57258 - 0 [ 435.547890][ T1075] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 57258 - 0 [ 435.573838][ T1075] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 57258 - 0 [ 435.660981][T25338] netlink: 16 bytes leftover after parsing attributes in process `syz.3.9245'. [ 435.855916][ T5986] IPVS: starting estimator thread 0... [ 435.963018][T25349] IPVS: using max 31 ests per chain, 74400 per kthread [ 435.999027][T25354] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.9250'. [ 436.318441][T25375] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9260'. [ 436.621720][T25390] netlink: 'syz.3.9267': attribute type 29 has an invalid length. [ 436.646195][T25390] netlink: 'syz.3.9267': attribute type 29 has an invalid length. [ 436.660661][T25390] netlink: 500 bytes leftover after parsing attributes in process `syz.3.9267'. [ 436.670307][T25390] unsupported nla_type 58 [ 436.683727][T25396] netlink: 24 bytes leftover after parsing attributes in process `syz.1.9270'. [ 437.446148][T25427] netlink: 'syz.3.9284': attribute type 10 has an invalid length. [ 437.478670][T25427] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 438.101036][T25468] netlink: 16 bytes leftover after parsing attributes in process `syz.2.9304'. [ 438.130220][T25468] netlink: 16 bytes leftover after parsing attributes in process `syz.2.9304'. [ 438.444443][T25486] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.9312'. [ 438.513619][T25491] netlink: 'syz.2.9314': attribute type 4 has an invalid length. [ 439.604005][T25553] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9333'. [ 439.952489][T25568] block nbd1: server does not support multiple connections per device. [ 439.987522][T25568] block nbd1: shutting down sockets [ 440.207753][T25583] netlink: 512 bytes leftover after parsing attributes in process `syz.0.9345'. [ 440.501806][T25601] veth0: entered promiscuous mode [ 440.517615][T25601] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9354'. [ 440.603368][T25603] syzkaller1: entered promiscuous mode [ 440.619425][T25603] syzkaller1: entered allmulticast mode [ 440.939790][T25624] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9364'. [ 441.420982][T25653] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 441.451096][T25656] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9376'. [ 441.837641][T25680] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9384'. [ 442.003447][T25682] nbd: must specify at least one socket [ 442.049066][T25684] syzkaller1: entered promiscuous mode [ 442.062056][T25684] syzkaller1: entered allmulticast mode [ 442.168769][T25695] netlink: 240 bytes leftover after parsing attributes in process `syz.0.9387'. [ 442.505238][T25715] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9394'. [ 442.514631][T25715] netlink: 'syz.0.9394': attribute type 1 has an invalid length. [ 442.524436][T25715] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9394'. [ 442.535711][T25715] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9394'. [ 442.546947][T25715] netlink: 'syz.0.9394': attribute type 1 has an invalid length. [ 442.569625][T25715] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9394'. [ 442.654615][T25720] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9397'. [ 442.702358][T25720] chnl_net:caif_netlink_parms(): no params data found [ 443.045749][T25737] netlink: 'syz.1.9404': attribute type 1 has an invalid length. [ 443.420154][T25762] atomic_op ffff888030c5e198 conn xmit_atomic 0000000000000000 [ 443.587392][T25769] netlink: 27 bytes leftover after parsing attributes in process `syz.0.9418'. [ 443.676347][T25774] gretap3: entered promiscuous mode [ 443.696795][T25774] batman_adv: batadv0: Adding interface: gretap3 [ 443.718018][T25774] batman_adv: batadv0: The MTU of interface gretap3 is too small (1462) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1500. [ 443.762266][T25774] batman_adv: batadv0: Not using interface gretap3 (retrying later): interface not active [ 443.803715][T25779] bridge_slave_0: invalid flags given to default FDB implementation [ 443.947572][T25787] netlink: 'syz.3.9424': attribute type 15 has an invalid length. [ 443.961892][T25787] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9424'. [ 443.996090][ T1331] netdevsim netdevsim3 netdevsim0: set [0, 1] type 1 family 0 port 2816 - 0 [ 444.005559][T25787] netlink: 'syz.3.9424': attribute type 15 has an invalid length. [ 444.014472][ T1331] netdevsim netdevsim3 netdevsim1: set [0, 1] type 1 family 0 port 2816 - 0 [ 444.031260][ T1331] netdevsim netdevsim3 netdevsim2: set [0, 1] type 1 family 0 port 2816 - 0 [ 444.063361][ T1331] netdevsim netdevsim3 netdevsim3: set [0, 1] type 1 family 0 port 2816 - 0 [ 444.514013][T25820] netlink: 'syz.0.9437': attribute type 19 has an invalid length. [ 444.575320][T25820] netlink: 'syz.0.9437': attribute type 19 has an invalid length. [ 444.575536][ T34] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 444.607392][ T34] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 444.627080][ T34] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 444.648848][ T34] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 444.706138][T25829] trusted_key: syz.2.9440 sent an empty control message without MSG_MORE. [ 444.717727][T25824] lo speed is unknown, defaulting to 1000 [ 444.896818][T25837] netlink: 'syz.0.9444': attribute type 21 has an invalid length. [ 444.924742][T25839] xt_hashlimit: size too large, truncated to 1048576 [ 444.940714][T25837] netlink: 'syz.0.9444': attribute type 21 has an invalid length. [ 445.359701][T25827] dvmrp8: entered allmulticast mode [ 445.528309][T25824] lo speed is unknown, defaulting to 1000 [ 447.178794][T25932] __nla_validate_parse: 9 callbacks suppressed [ 447.178813][T25932] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9483'. [ 447.210659][T25932] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9483'. [ 447.244576][T25932] netlink: 'syz.1.9483': attribute type 15 has an invalid length. [ 447.273711][T25932] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9483'. [ 447.287665][T25932] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9483'. [ 447.358328][ T1075] netdevsim netdevsim1 netdevsim1: set [0, 1] type 1 family 0 port 256 - 0 [ 447.377377][ T1075] netdevsim netdevsim1 netdevsim2: set [0, 1] type 1 family 0 port 256 - 0 [ 447.388369][T25946] netlink: 16215 bytes leftover after parsing attributes in process `syz.4.9489'. [ 447.427267][ T57] netdevsim netdevsim1 netdevsim3: set [0, 1] type 1 family 0 port 256 - 0 [ 451.145349][T26029] validate_nla: 1 callbacks suppressed [ 451.145368][T26029] netlink: 'syz.2.9520': attribute type 11 has an invalid length. [ 451.161306][T26029] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9520'. [ 451.213812][ T77] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 451.226220][ T77] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 451.236254][T26029] netlink: 'syz.2.9520': attribute type 11 has an invalid length. [ 451.251992][ T77] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 451.261835][T26029] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9520'. [ 451.291472][ T77] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 451.813050][T26061] netlink: 'syz.1.9535': attribute type 1 has an invalid length. [ 451.854959][T26061] netlink: 224 bytes leftover after parsing attributes in process `syz.1.9535'. [ 452.208049][T26087] netlink: 24 bytes leftover after parsing attributes in process `syz.1.9545'. [ 452.760255][T26118] netlink: 'syz.0.9559': attribute type 7 has an invalid length. [ 452.774405][T26118] netlink: 'syz.0.9559': attribute type 7 has an invalid length. [ 452.997497][T26132] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 453.003887][T26132] syzkaller1: Refused to change device type [ 453.196748][T26146] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9571'. [ 453.388388][T26154] syzkaller1: entered promiscuous mode [ 453.398646][T26154] syzkaller1: entered allmulticast mode [ 453.697228][T26169] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 453.710638][T26169] syzkaller1: Linktype set failed because interface is up [ 453.720728][ T5973] syzkaller1: tun_net_xmit 90 [ 453.754498][T26129] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 453.782125][T26129] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 454.002865][T26183] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9589'. [ 454.248582][T26196] netlink: 'syz.2.9595': attribute type 12 has an invalid length. [ 454.294317][T26199] netlink: 'syz.0.9596': attribute type 14 has an invalid length. [ 454.305568][T26196] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9595'. [ 454.319558][T26199] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9596'. [ 454.339423][T26199] netlink: 'syz.0.9596': attribute type 14 has an invalid length. [ 454.349615][T26196] netlink: 'syz.2.9595': attribute type 12 has an invalid length. [ 454.353108][T26202] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.9598'. [ 454.363991][T26199] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9596'. [ 454.385121][T26196] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9595'. [ 455.490601][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 456.143202][T26256] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9612'. [ 456.185521][T26260] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9614'. [ 456.191493][T26259] netlink: 'syz.4.9613': attribute type 1 has an invalid length. [ 456.332751][T26259] 8021q: adding VLAN 0 to HW filter on device bond1 [ 456.558480][T26268] bridge_slave_0: left allmulticast mode [ 456.586640][T26268] bridge_slave_0: left promiscuous mode [ 456.606937][T26268] bridge0: port 1(bridge_slave_0) entered disabled state [ 456.669600][T26268] bridge_slave_1: left allmulticast mode [ 456.688636][T26268] bridge_slave_1: left promiscuous mode [ 456.717577][T26268] bridge0: port 2(bridge_slave_1) entered disabled state [ 456.756764][T26268] bond0: (slave bond_slave_0): Releasing backup interface [ 456.805709][T26268] bond0: (slave bond_slave_1): Releasing backup interface [ 456.842806][T26268] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 456.874299][T26268] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 456.906472][T26268] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 456.926795][T26268] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 456.955899][T26268] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 457.266380][T26292] netlink: 'syz.2.9625': attribute type 12 has an invalid length. [ 458.185076][T26324] netlink: 'syz.2.9639': attribute type 1 has an invalid length. [ 458.542999][T26349] netlink: 212344 bytes leftover after parsing attributes in process `syz.2.9651'. [ 459.459568][T26395] netdevsim netdevsim1 netdevsim0: left promiscuous mode [ 459.473804][T26395] bridge6: left promiscuous mode [ 459.506483][ T13] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 459.516286][ T13] netdevsim netdevsim1 netdevsim1: unset [0, 1] type 1 family 0 port 256 - 0 [ 459.528957][ T13] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 459.538516][ T13] netdevsim netdevsim1 netdevsim2: unset [0, 1] type 1 family 0 port 256 - 0 [ 459.560299][ T13] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 459.580133][ T13] netdevsim netdevsim1 netdevsim3: unset [0, 1] type 1 family 0 port 256 - 0 [ 460.337075][T26433] netlink: 28 bytes leftover after parsing attributes in process `syz.1.9690'. [ 460.358865][T26435] netlink: 212328 bytes leftover after parsing attributes in process `syz.0.9691'. [ 460.369957][T26433] netlink: 28 bytes leftover after parsing attributes in process `syz.1.9690'. [ 460.410603][T26435] netlink: Unknown conntrack attr (type=2304, max=9) [ 460.483903][T26439] netlink: 24 bytes leftover after parsing attributes in process `syz.2.9693'. [ 460.520502][T26441] netlink: 212344 bytes leftover after parsing attributes in process `syz.1.9694'. [ 460.574368][T26443] netlink: 32 bytes leftover after parsing attributes in process `syz.0.9695'. [ 460.862039][T26455] netlink: 'syz.1.9699': attribute type 8 has an invalid length. [ 460.876910][T26455] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9699'. [ 460.912416][T26455] bond0: entered promiscuous mode [ 460.939180][T26455] bond_slave_0: entered promiscuous mode [ 460.965965][T26455] bond_slave_1: entered promiscuous mode [ 461.010824][T26455] bond0: left promiscuous mode [ 461.028830][T26455] bond_slave_0: left promiscuous mode [ 461.051100][T26455] bond_slave_1: left promiscuous mode [ 461.216930][T26471] netlink: 33 bytes leftover after parsing attributes in process `syz.2.9705'. [ 461.232339][T26471] netlink: 140 bytes leftover after parsing attributes in process `syz.2.9705'. [ 461.982267][T26499] 8021q: adding VLAN 0 to HW filter on device bond5 [ 461.996093][T26499] bridge0: port 1(bond5) entered blocking state [ 462.004935][T26499] bridge0: port 1(bond5) entered disabled state [ 462.015066][T26499] bond5: entered allmulticast mode [ 462.041253][T26499] bond5: entered promiscuous mode [ 462.059050][T26499] bridge0: port 1(bond5) entered blocking state [ 462.065528][T26499] bridge0: port 1(bond5) entered forwarding state [ 462.086891][T26498] bond6: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 462.114514][T26498] bond6: (slave lo): Enslaving as an active interface with an up link [ 462.127281][T26498] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 462.150138][ T1331] bridge0: port 1(bond5) entered disabled state [ 462.323621][T26522] netlink: 'syz.1.9727': attribute type 4 has an invalid length. [ 462.539142][T26535] netlink: 'syz.0.9733': attribute type 15 has an invalid length. [ 463.854297][T26615] netlink: 'syz.4.9766': attribute type 13 has an invalid length. [ 463.882710][T26615] __nla_validate_parse: 1 callbacks suppressed [ 463.882727][T26615] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9766'. [ 463.923307][T26615] netlink: 'syz.4.9766': attribute type 13 has an invalid length. [ 463.942006][T26615] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9766'. [ 463.962311][T26617] syzkaller1: entered promiscuous mode [ 463.979403][T26617] syzkaller1: entered allmulticast mode [ 464.207475][T26632] netlink: 'syz.1.9775': attribute type 1 has an invalid length. [ 464.297339][T26636] bond2: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 464.328900][T26636] bond2: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode [ 464.365522][T26636] bond2: (slave ip6gre1): making interface the new active one [ 464.382307][T26636] bond2: (slave ip6gre1): Enslaving as an active interface with an up link [ 464.418138][T26644] ip6tnl3: entered promiscuous mode [ 464.507227][T26648] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.9780'. [ 464.717053][T26658] netlink: 'syz.3.9786': attribute type 22 has an invalid length. [ 464.728261][T26658] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9786'. [ 464.739325][T26658] netlink: 'syz.3.9786': attribute type 22 has an invalid length. [ 464.747811][T26658] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9786'. [ 464.857020][T26665] netlink: 'syz.0.9789': attribute type 16 has an invalid length. [ 464.863632][T26666] netlink: 20 bytes leftover after parsing attributes in process `syz.3.9790'. [ 464.866170][T26665] netlink: 20 bytes leftover after parsing attributes in process `syz.0.9789'. [ 465.199488][T26684] netlink: 'syz.4.9797': attribute type 9 has an invalid length. [ 465.227612][T26684] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9797'. [ 465.253258][T26684] netlink: 'syz.4.9797': attribute type 9 has an invalid length. [ 465.273402][T26684] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9797'. [ 465.551778][T26697] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9803'. [ 466.254806][T26730] syzkaller1: entered promiscuous mode [ 466.261780][T26730] syzkaller1: entered allmulticast mode [ 466.509924][T26743] 8021q: adding VLAN 0 to HW filter on device bond7 [ 466.567673][T26743] bond7: (slave geneve3): making interface the new active one [ 466.603522][T26743] bond7: (slave geneve3): Enslaving as an active interface with an up link [ 466.866428][T26763] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 467.389555][T26784] vlan1: entered allmulticast mode [ 467.402332][T26784] bond0: entered allmulticast mode [ 467.487592][T26785] bond0 (unregistering): Released all slaves [ 468.167864][T26814] vcan0: tx drop: invalid da for name 0x0000000000000008 [ 468.374367][T26825] validate_nla: 4 callbacks suppressed [ 468.374386][T26825] netlink: 'syz.0.9857': attribute type 7 has an invalid length. [ 468.627921][T26836] netlink: 'syz.1.9863': attribute type 11 has an invalid length. [ 468.889882][T26844] IPv6: sit1: Disabled Multicast RS [ 469.185051][T26858] __nla_validate_parse: 13 callbacks suppressed [ 469.185074][T26858] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9874'. [ 469.298858][T26862] netlink: 'syz.1.9876': attribute type 22 has an invalid length. [ 469.317128][T26862] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9876'. [ 469.338901][T26862] netlink: 'syz.1.9876': attribute type 22 has an invalid length. [ 469.358481][T26862] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9876'. [ 469.933317][T26891] netlink: 'syz.4.9888': attribute type 51 has an invalid length. [ 469.986310][T26891] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 470.018730][T26891] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 470.060988][T26899] netlink: 'syz.1.9893': attribute type 7 has an invalid length. [ 470.175392][T26891] batman_adv: batadv0: Removing interface: gretap3 [ 470.227801][T26899] netlink: 'syz.1.9893': attribute type 7 has an invalid length. [ 470.239987][ T1075] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 470.256711][ T1075] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 470.277344][ T1075] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 470.527052][T26919] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9901'. [ 470.621461][T26928] netlink: 28 bytes leftover after parsing attributes in process `syz.4.9905'. [ 470.896419][T26938] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9908'. [ 470.992509][T26944] netlink: 'syz.0.9912': attribute type 1 has an invalid length. [ 471.117590][T26944] bond8: entered promiscuous mode [ 471.143785][T26944] 8021q: adding VLAN 0 to HW filter on device bond8 [ 471.179613][T26959] netlink: 140 bytes leftover after parsing attributes in process `syz.1.9917'. [ 471.212569][T26950] bond8: (slave bridge3): making interface the new active one [ 471.220676][T26950] bridge3: entered promiscuous mode [ 471.247489][T26950] bond8: (slave bridge3): Enslaving as an active interface with an up link [ 471.249233][T26963] netlink: 'syz.1.9918': attribute type 1 has an invalid length. [ 471.265096][T26963] netlink: 16179 bytes leftover after parsing attributes in process `syz.1.9918'. [ 471.398437][T26967] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 471.638545][T26986] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9928'. [ 471.848683][T26994] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.9930'. [ 471.858718][T26995] netlink: 'syz.1.9931': attribute type 1 has an invalid length. [ 471.908864][T26995] bond3: entered promiscuous mode [ 471.914628][T26995] 8021q: adding VLAN 0 to HW filter on device bond3 [ 471.953819][T26995] 8021q: adding VLAN 0 to HW filter on device bond3 [ 471.962032][T26995] bond3: (slave ip6gre2): The slave device specified does not support setting the MAC address [ 471.974714][T26995] bond3: (slave ip6gre2): Setting fail_over_mac to active for active-backup mode [ 471.992685][T26995] bond3: (slave ip6gre2): making interface the new active one [ 472.013418][T26995] ip6gre2: entered promiscuous mode [ 472.024279][T26995] bond3: (slave ip6gre2): Enslaving as an active interface with an up link [ 473.015710][T27047] sock: sock_set_timeout: `syz.3.9949' (pid 27047) tries to set negative timeout [ 473.528404][T27078] syzkaller1: entered promiscuous mode [ 473.563484][T27078] syzkaller1: entered allmulticast mode [ 474.068628][T27101] vlan0: left allmulticast mode [ 474.074267][T27101] veth0_vlan: left allmulticast mode [ 474.079592][T27101] vlan0: left promiscuous mode [ 474.105007][T27099] syzkaller1: entered promiscuous mode [ 474.111574][T27099] syzkaller1: entered allmulticast mode [ 474.119939][ T34] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 474.129625][ T34] netdevsim netdevsim3 netdevsim0: unset [0, 1] type 1 family 0 port 2816 - 0 [ 474.139264][ T34] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.241958][ T34] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 474.279934][ T34] netdevsim netdevsim3 netdevsim1: unset [0, 1] type 1 family 0 port 2816 - 0 [ 474.314473][ T34] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.346877][ T34] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 474.355870][T27121] __nla_validate_parse: 2 callbacks suppressed [ 474.355890][T27121] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9969'. [ 474.370705][ T34] netdevsim netdevsim3 netdevsim2: unset [0, 1] type 1 family 0 port 2816 - 0 [ 474.381330][ T34] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.443100][T27121] team1: entered promiscuous mode [ 474.448186][T27121] team1: entered allmulticast mode [ 474.478190][ T34] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 474.500564][ T34] netdevsim netdevsim3 netdevsim3: unset [0, 1] type 1 family 0 port 2816 - 0 [ 474.520966][ T34] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.594999][T27123] netlink: 64 bytes leftover after parsing attributes in process `syz.0.9970'. [ 475.093253][T27115] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 476.202094][T27161] smc: ib device syz2 ibport 1 applied user defined pnetid SYZ1 [ 476.337863][T27163] netlink: 24 bytes leftover after parsing attributes in process `syz.0.9981'. [ 476.405602][T27163] netlink: 24 bytes leftover after parsing attributes in process `syz.0.9981'. [ 478.014465][T27197] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9992'. [ 478.676665][T27216] netlink: 28 bytes leftover after parsing attributes in process `syz.0.10002'. [ 478.698981][T27215] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10001'. [ 478.711252][T27216] netlink: 'syz.0.10002': attribute type 7 has an invalid length. [ 478.724099][T27215] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10001'. [ 478.739562][T27216] netlink: 'syz.0.10002': attribute type 8 has an invalid length. [ 478.760586][T27216] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10002'. [ 479.038895][T27232] netlink: 'syz.0.10008': attribute type 1 has an invalid length. [ 479.047617][T27232] netlink: 96 bytes leftover after parsing attributes in process `syz.0.10008'. [ 479.413268][T27241] __nla_validate_parse: 3 callbacks suppressed [ 479.413286][T27241] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10011'. [ 479.844352][T27227] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 480.036818][T27252] GUP no longer grows the stack in syz.3.10015 (27252): 200000003000-20000000a000 (200000001000) [ 480.079450][T27252] CPU: 1 UID: 0 PID: 27252 Comm: syz.3.10015 Not tainted syzkaller #0 PREEMPT(full) [ 480.079481][T27252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 480.079495][T27252] Call Trace: [ 480.079504][T27252] [ 480.079512][T27252] dump_stack_lvl+0xe8/0x150 [ 480.079549][T27252] __get_user_pages+0x2453/0x29d0 [ 480.079600][T27252] ? __gup_longterm_locked+0xc4e/0x1630 [ 480.079628][T27252] ? down_read_killable+0x1bb/0x340 [ 480.079655][T27252] ? try_get_folio+0xec/0x650 [ 480.079686][T27252] __gup_longterm_locked+0xdcf/0x1630 [ 480.079740][T27252] gup_fast_fallback+0x1d82/0x22e0 [ 480.079801][T27252] ? __pfx_gup_fast_fallback+0x10/0x10 [ 480.079829][T27252] ? is_valid_gup_args+0x11f/0x200 [ 480.079857][T27252] ? get_user_pages_fast+0x4d/0xb0 [ 480.079885][T27252] __iov_iter_get_pages_alloc+0x3b6/0xb10 [ 480.079915][T27252] ? __pfx_pipe_clear_nowait+0x10/0x10 [ 480.079951][T27252] iov_iter_get_pages2+0x5e/0xa0 [ 480.079975][T27252] __se_sys_vmsplice+0x7b3/0x1490 [ 480.080025][T27252] ? __pfx___se_sys_vmsplice+0x10/0x10 [ 480.080054][T27252] ? __pfx_futex_wait+0x10/0x10 [ 480.080110][T27252] ? lockdep_hardirqs_on+0x7a/0x110 [ 480.080186][T27252] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 480.080209][T27252] do_syscall_64+0x15f/0xf80 [ 480.080233][T27252] ? trace_irq_disable+0x3b/0x140 [ 480.080255][T27252] ? clear_bhb_loop+0x40/0x90 [ 480.080280][T27252] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 480.080300][T27252] RIP: 0033:0x7f2c07b9c819 [ 480.080319][T27252] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 480.080337][T27252] RSP: 002b:00007f2c0898e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 480.080361][T27252] RAX: ffffffffffffffda RBX: 00007f2c07e15fa0 RCX: 00007f2c07b9c819 [ 480.080375][T27252] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000005 [ 480.080387][T27252] RBP: 00007f2c07c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 480.080398][T27252] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 480.080410][T27252] R13: 00007f2c07e16038 R14: 00007f2c07e15fa0 R15: 00007ffe6e23ca28 [ 480.080439][T27252] [ 480.086022][T27258] netlink: 'syz.4.10019': attribute type 4 has an invalid length. [ 480.283528][T27264] netlink: 'syz.4.10019': attribute type 4 has an invalid length. [ 480.494729][T27272] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 481.323947][T27312] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10042'. [ 481.446674][T27314] netlink: 40 bytes leftover after parsing attributes in process `syz.0.10041'. [ 481.553020][T27312] ipvlan2: entered allmulticast mode [ 482.369825][T27353] netlink: 'syz.3.10054': attribute type 1 has an invalid length. [ 482.514426][T27359] bond4: (slave bridge6): making interface the new active one [ 482.536133][T27359] bond4: (slave bridge6): Enslaving as an active interface with an up link [ 482.987397][T27377] netlink: 9 bytes leftover after parsing attributes in process `syz.2.10064'. [ 483.645232][T27402] syzkaller1: entered promiscuous mode [ 483.664000][T27402] syzkaller1: entered allmulticast mode [ 484.032936][T27421] A link change request failed with some changes committed already. Interface vlan2 may have been left with an inconsistent configuration, please check. [ 484.189000][T27427] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.10085'. [ 484.231242][T27431] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.10087'. [ 484.244986][T27431] netlink: Conntrack attr type has unexpected length (type=2, length=0, expected=2) [ 484.752636][T27456] netlink: 16 bytes leftover after parsing attributes in process `syz.2.10099'. [ 484.992892][T27471] netlink: 'syz.4.10106': attribute type 1 has an invalid length. [ 485.000937][T27471] netlink: 'syz.4.10106': attribute type 4 has an invalid length. [ 485.008880][T27471] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.10106'. [ 485.751505][T27504] syzkaller1: entered promiscuous mode [ 485.773715][T27504] syzkaller1: entered allmulticast mode [ 486.805968][T27560] lo: Caught tx_queue_len zero misconfig [ 486.816152][T27561] netlink: 12 bytes leftover after parsing attributes in process `syz.4.10143'. [ 486.827091][T27561] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10143'. [ 486.915777][T27561] netlink: 12 bytes leftover after parsing attributes in process `syz.4.10143'. [ 486.938670][T27561] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10143'. [ 487.121854][T27563] syzkaller0: entered promiscuous mode [ 487.127969][T27563] syzkaller0: entered allmulticast mode [ 489.725382][T27608] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.10159'. [ 490.619920][T27652] netlink: 'syz.4.10177': attribute type 1 has an invalid length. [ 490.796841][T27657] bond2: (slave gretap4): making interface the new active one [ 490.827187][T27657] bond2: (slave gretap4): Enslaving as an active interface with an up link [ 490.898564][T27670] netlink: 'syz.1.10183': attribute type 1 has an invalid length. [ 491.101086][T27672] bond4: (slave geneve3): making interface the new active one [ 491.137199][T27672] bond4: (slave geneve3): Enslaving as an active interface with an up link [ 491.218362][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 20004 - 0 [ 491.238478][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 20004 - 0 [ 491.264892][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 20004 - 0 [ 491.480657][T27693] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10193'. [ 491.515291][T27693] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10193'. [ 493.283226][T27746] syzkaller1: entered promiscuous mode [ 493.302745][T27746] syzkaller1: entered allmulticast mode [ 494.007042][T27792] netlink: 212344 bytes leftover after parsing attributes in process `syz.1.10239'. [ 494.042862][T27795] netlink: 24 bytes leftover after parsing attributes in process `syz.0.10236'. [ 494.051372][T27797] ip6gre1: entered promiscuous mode [ 494.057446][T27797] ip6gre1: entered allmulticast mode [ 494.184851][T27802] netlink: 16 bytes leftover after parsing attributes in process `syz.2.10241'. [ 494.225996][T27802] netlink: 16 bytes leftover after parsing attributes in process `syz.2.10241'. [ 494.263837][T27804] syzkaller1: entered promiscuous mode [ 494.298987][T27804] syzkaller1: entered allmulticast mode [ 494.605806][T27823] netlink: 'syz.4.10252': attribute type 1 has an invalid length. [ 494.638178][T27823] netlink: 'syz.4.10252': attribute type 4 has an invalid length. [ 494.671585][T27823] netlink: 9422 bytes leftover after parsing attributes in process `syz.4.10252'. [ 494.717538][T27829] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10253'. [ 494.802244][T27829] macvtap1: entered promiscuous mode [ 494.839207][T27829] erspan0: entered promiscuous mode [ 494.855167][T27829] macvtap1: entered allmulticast mode [ 494.867534][T27829] erspan0: entered allmulticast mode [ 495.484103][T27874] netlink: 12 bytes leftover after parsing attributes in process `syz.4.10268'. [ 495.494910][T27874] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10268'. [ 495.676351][T27885] sctp: [Deprecated]: syz.2.10272 (pid 27885) Use of int in maxseg socket option. [ 495.676351][T27885] Use struct sctp_assoc_value instead [ 496.114797][T27902] netlink: 'syz.4.10280': attribute type 1 has an invalid length. [ 496.298494][T27905] bond3: (slave ip6gretap1): making interface the new active one [ 496.336123][T27905] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 496.371962][T27905] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 496.380283][T27905] bond3: (slave ip6gretap1): Enslaving as an active interface with an up link [ 496.561152][T27910] __nla_validate_parse: 4 callbacks suppressed [ 496.561173][T27910] netlink: 28 bytes leftover after parsing attributes in process `syz.4.10282'. [ 496.595735][T27910] netlink: 28 bytes leftover after parsing attributes in process `syz.4.10282'. [ 496.805865][T27916] netlink: 208 bytes leftover after parsing attributes in process `syz.1.10286'. [ 497.911663][T27962] syzkaller1: entered promiscuous mode [ 497.939071][T27962] syzkaller1: entered allmulticast mode [ 498.148778][T27977] netlink: 212360 bytes leftover after parsing attributes in process `syz.0.10312'. [ 499.649107][T28037] netlink: 32 bytes leftover after parsing attributes in process `syz.4.10333'. [ 499.684151][T28037] bridge: RTM_NEWNEIGH with invalid ether address [ 499.714368][T28042] netlink: 32 bytes leftover after parsing attributes in process `syz.4.10333'. [ 499.737490][T28042] bridge: RTM_NEWNEIGH with invalid ether address [ 499.762959][T28045] netlink: 24 bytes leftover after parsing attributes in process `syz.0.10336'. [ 499.858146][T28041] clip:clip_setentry: non-CLIP VCC [ 499.905690][T28048] lo speed is unknown, defaulting to 1000 [ 499.933846][T28053] geneve2: entered promiscuous mode [ 500.045796][T28057] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10340'. [ 500.153807][T28063] xt_CT: You must specify a L4 protocol and not use inversions on it [ 500.534098][T28069] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 500.602249][T28048] lo speed is unknown, defaulting to 1000 [ 500.819177][T28093] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10353'. [ 501.016751][T28093] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10353'. [ 501.764502][T28118] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10362'. [ 502.044674][T28130] lo speed is unknown, defaulting to 1000 [ 502.179984][T28140] netlink: 'syz.2.10371': attribute type 16 has an invalid length. [ 502.224777][T28140] netlink: 'syz.2.10371': attribute type 17 has an invalid length. [ 502.285471][T28147] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10373'. [ 502.320202][T28140] tunl0: left promiscuous mode [ 502.342546][T28140] gre0: left promiscuous mode [ 502.447604][T28151] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10375'. [ 502.471911][T28140] gretap0: left promiscuous mode [ 502.491998][T28140] erspan0: left allmulticast mode [ 502.509983][T28140] ip_vti0: left promiscuous mode [ 502.542778][T28140] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 502.627036][T28142] syzkaller1: entered promiscuous mode [ 502.640125][T28142] syzkaller1: entered allmulticast mode [ 502.648558][T28130] lo speed is unknown, defaulting to 1000 [ 502.802767][T28155] lo speed is unknown, defaulting to 1000 [ 502.913393][T28162] only policy match revision 0 supported [ 502.913413][T28162] unable to load match [ 503.382600][T28155] lo speed is unknown, defaulting to 1000 [ 503.551905][T28183] netlink: 16 bytes leftover after parsing attributes in process `syz.1.10385'. [ 503.563182][T28188] netlink: 240 bytes leftover after parsing attributes in process `syz.2.10387'. [ 505.023759][T28252] netlink: 320 bytes leftover after parsing attributes in process `syz.1.10413'. [ 505.334801][T28262] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0 [ 505.420312][T28264] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 505.638663][T28280] netlink: 'syz.1.10423': attribute type 1 has an invalid length. [ 505.820821][T28280] bond5: entered promiscuous mode [ 505.826901][T28280] 8021q: adding VLAN 0 to HW filter on device bond5 [ 505.880127][T28293] 8021q: adding VLAN 0 to HW filter on device bond5 [ 505.887679][T28293] bond5: (slave vti1): The slave device specified does not support setting the MAC address [ 505.904384][T28293] bond5: (slave vti1): Setting fail_over_mac to active for active-backup mode [ 505.948786][T28293] bond5: (slave vti1): making interface the new active one [ 505.956652][T28293] vti1: entered promiscuous mode [ 505.965296][T28293] bond5: (slave vti1): Enslaving as an active interface with an up link [ 506.328709][T28315] netlink: 40 bytes leftover after parsing attributes in process `syz.3.10436'. [ 506.407172][T28319] netlink: 'syz.1.10438': attribute type 1 has an invalid length. [ 506.486276][T28319] bond6: (slave gretap2): making interface the new active one [ 506.497374][T28319] bond6: (slave gretap2): Enslaving as an active interface with an up link [ 506.559453][T28324] syzkaller1: entered promiscuous mode [ 506.565558][T28324] syzkaller1: entered allmulticast mode [ 506.696877][T28331] netlink: 52 bytes leftover after parsing attributes in process `syz.1.10443'. [ 506.739388][T28332] netlink: 12 bytes leftover after parsing attributes in process `syz.3.10442'. [ 506.740015][T28331] netlink: 52 bytes leftover after parsing attributes in process `syz.1.10443'. [ 506.823552][T28336] netlink: 20 bytes leftover after parsing attributes in process `syz.4.10446'. [ 507.092977][T28351] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10451'. [ 507.133377][T28351] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10451'. [ 507.324690][T28358] netlink: 'syz.1.10454': attribute type 18 has an invalid length. [ 507.333547][T28358] netlink: 'syz.1.10454': attribute type 18 has an invalid length. [ 508.086104][T28391] netlink: 92 bytes leftover after parsing attributes in process `syz.3.10468'. [ 508.293618][T28399] bond5: option lacp_rate: mode dependency failed, not supported in mode active-backup(1) [ 508.304676][T28399] bond5 (unregistering): Released all slaves [ 508.322675][T28269] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 508.719779][T28411] syzkaller0: entered allmulticast mode [ 509.130235][T28425] netlink: 'syz.0.10483': attribute type 2 has an invalid length. [ 509.801921][T28457] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10498'. [ 509.823079][T28461] netlink: 212344 bytes leftover after parsing attributes in process `syz.2.10500'. [ 509.986607][T28469] netlink: 16 bytes leftover after parsing attributes in process `syz.4.10503'. [ 510.031065][T28472] netlink: 12 bytes leftover after parsing attributes in process `syz.3.10506'. [ 510.079363][T28475] netlink: 24 bytes leftover after parsing attributes in process `syz.1.10507'. [ 510.591225][T28498] netlink: 144 bytes leftover after parsing attributes in process `syz.0.10513'. [ 511.364567][T28541] syzkaller1: entered promiscuous mode [ 511.379218][T28541] syzkaller1: entered allmulticast mode [ 511.557835][T28550] netlink: 'syz.2.10531': attribute type 30 has an invalid length. [ 511.752967][T28564] bridge0: entered allmulticast mode [ 512.815082][T28608] netlink: 'syz.0.10555': attribute type 4 has an invalid length. [ 512.857931][T28608] netlink: 'syz.0.10555': attribute type 4 has an invalid length. [ 513.174899][T28616] syzkaller0: entered promiscuous mode [ 513.191301][T28616] syzkaller0: entered allmulticast mode [ 513.395075][T28626] __nla_validate_parse: 1 callbacks suppressed [ 513.395094][T28626] netlink: 24 bytes leftover after parsing attributes in process `syz.1.10562'. [ 513.792094][T28635] netlink: 'syz.3.10565': attribute type 39 has an invalid length. [ 514.199972][T28637] netlink: 27 bytes leftover after parsing attributes in process `syz.4.10566'. [ 514.772149][T28652] netlink: 24 bytes leftover after parsing attributes in process `syz.2.10572'. [ 516.160319][T28658] netlink: 16 bytes leftover after parsing attributes in process `syz.1.10573'. [ 516.256836][T28664] netlink: 12 bytes leftover after parsing attributes in process `syz.4.10577'. [ 516.324087][T28664] netlink: 'syz.4.10577': attribute type 1 has an invalid length. [ 516.405587][T28675] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10580'. [ 516.446247][T28675] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10580'. [ 516.447403][T28678] netdevsim netdevsim4 : renamed from netdevsim0 (while UP) [ 517.019965][T28697] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10589'. [ 517.019964][T28696] vcan0: tx drop: invalid sa for name 0x0000000000000002 [ 517.054922][T28700] netlink: 'syz.3.10590': attribute type 1 has an invalid length. [ 517.088916][T28701] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 517.237193][T28700] 8021q: adding VLAN 0 to HW filter on device bond5 [ 517.264576][T28707] netlink: 24 bytes leftover after parsing attributes in process `syz.4.10593'. [ 517.383046][T28702] bond5: (slave geneve3): making interface the new active one [ 517.400040][T28702] bond5: (slave geneve3): Enslaving as an active interface with an up link [ 517.410195][ T1331] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 517.429698][ T1331] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 517.481677][ T1331] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 517.521377][ T34] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 517.611406][T28729] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10601'. [ 517.779961][T28737] netlink: 'syz.4.10602': attribute type 1 has an invalid length. [ 517.852983][T28737] 8021q: adding VLAN 0 to HW filter on device bond4 [ 517.984528][T28744] bond4: (slave veth0_to_bond): making interface the new active one [ 517.996509][T28744] bond4: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 518.072335][T28737] bond4: entered promiscuous mode [ 518.096910][T28737] veth0_to_bond: entered promiscuous mode [ 518.120288][T28737] bond4: entered allmulticast mode [ 518.132449][T28737] veth0_to_bond: entered allmulticast mode [ 518.278693][T28753] syzkaller1: entered promiscuous mode [ 518.290669][T28753] syzkaller1: entered allmulticast mode [ 518.637828][T28769] syzkaller0: entered promiscuous mode [ 518.643687][T28769] syzkaller0: entered allmulticast mode [ 518.652188][T28769] PF_CAN: dropped non conform CAN FD skbuff: dev type 280, len 65487 [ 518.805188][T28775] __nla_validate_parse: 1 callbacks suppressed [ 518.805201][T28775] netlink: 24 bytes leftover after parsing attributes in process `syz.1.10615'. [ 518.909668][T28778] lo speed is unknown, defaulting to 1000 [ 519.076236][T28778] lo speed is unknown, defaulting to 1000 [ 519.193868][T28790] netlink: 11562 bytes leftover after parsing attributes in process `syz.3.10617'. [ 519.797606][T28797] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10620'. [ 519.812344][T28797] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10620'. [ 519.899583][T28799] netlink: 'syz.1.10621': attribute type 1 has an invalid length. [ 519.930522][T28799] 8021q: adding VLAN 0 to HW filter on device bond7 [ 519.957765][T28799] bond7: (slave syz_tun): Enslaving as a backup interface with an up link [ 520.042534][ T1331] bond7: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 520.170653][ T34] bond7: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 520.297227][T28714] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 520.886500][T28835] bond5: entered allmulticast mode [ 520.901808][T28835] vti1: entered allmulticast mode [ 520.987521][T28838] netlink: 24 bytes leftover after parsing attributes in process `syz.0.10637'. [ 521.135004][T28823] A link change request failed with some changes committed already. Interface eth0 may have been left with an inconsistent configuration, please check. [ 521.659408][T28869] netlink: 20 bytes leftover after parsing attributes in process `syz.1.10648'. [ 522.083701][T28853] lec:lec_atm_close: lec0: Shut down! [ 522.385765][T28891] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10652'. [ 522.675071][T28898] netlink: 92 bytes leftover after parsing attributes in process `syz.2.10652'. [ 522.852762][T28908] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10655'. [ 522.910746][T28920] netlink: 224 bytes leftover after parsing attributes in process `syz.2.10659'. [ 522.991759][ T5986] lec:lec_start_xmit: lec0:No lecd attached [ 523.982647][T28962] __nla_validate_parse: 3 callbacks suppressed [ 523.982666][T28962] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10671'. [ 524.062275][T28962] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 524.093075][T28962] team0: Failed to send port change of device batadv0 via netlink (err -105) [ 524.110709][T28962] team0: Failed to send options change via netlink (err -105) [ 524.144304][T28962] team0: Port device batadv0 added [ 524.688169][T28984] lo speed is unknown, defaulting to 1000 [ 524.694837][T28987] netlink: 16 bytes leftover after parsing attributes in process `syz.0.10678'. [ 524.719973][T28989] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.10679'. [ 524.723282][T28987] bond0: entered promiscuous mode [ 524.748200][T28987] bond_slave_0: entered promiscuous mode [ 524.765484][T28987] bond_slave_1: entered promiscuous mode [ 524.803371][T28987] bond0: left promiscuous mode [ 524.808334][T28987] bond_slave_0: left promiscuous mode [ 524.819335][T28987] bond_slave_1: left promiscuous mode [ 524.934614][T28991] netlink: 24 bytes leftover after parsing attributes in process `syz.4.10680'. [ 525.151334][T28996] syzkaller1: entered promiscuous mode [ 525.166468][T28996] syzkaller1: entered allmulticast mode [ 525.193870][T28996] af_packet: tpacket_rcv: packet too big, clamped from 64993 to 3944. macoff=96 [ 525.210763][T28984] lo speed is unknown, defaulting to 1000 [ 525.334201][T29000] netlink: 'syz.3.10683': attribute type 29 has an invalid length. [ 525.348121][T29002] netlink: 'syz.3.10683': attribute type 29 has an invalid length. [ 525.364619][T29000] netlink: 'syz.3.10683': attribute type 32 has an invalid length. [ 525.381182][T29000] netlink: 500 bytes leftover after parsing attributes in process `syz.3.10683'. [ 525.401508][T29001] netlink: 14544 bytes leftover after parsing attributes in process `syz.4.10682'. [ 526.182541][T29032] netlink: 'syz.2.10695': attribute type 1 has an invalid length. [ 526.212473][T29032] netlink: 'syz.2.10695': attribute type 4 has an invalid length. [ 526.230502][T29032] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.10695'. [ 526.556532][T29048] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10701'. [ 527.625075][T29066] bridge0: port 2(veth0_to_bridge) entered disabled state [ 527.632642][T29066] bridge0: port 3(dummy0) entered disabled state [ 527.639291][T29066] bridge0: port 1(bridge_slave_0) entered disabled state [ 528.046722][T29066] veth1_vlan: left allmulticast mode [ 528.113703][T29092] netlink: 24 bytes leftover after parsing attributes in process `syz.0.10715'. [ 528.236183][ T1331] netdevsim netdevsim4 : unset [0, 0] type 1 family 0 port 8472 - 0 [ 528.269877][ T1331] netdevsim netdevsim4 : unset [1, 0] type 2 family 0 port 6081 - 0 [ 528.293916][ T1331] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 528.315875][ T1331] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 528.347593][ T1331] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 528.378967][ T1331] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 528.415052][ T1331] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 528.450371][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5460 ms [ 528.452982][ T1331] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 528.458913][ C1] lec:lec_tx_timeout: lec0 [ 528.460497][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 529.047653][T29095] mpoa:mpoad_close: () going down [ 530.052222][ C0] ================================================================== [ 530.060340][ C0] BUG: KASAN: slab-use-after-free in sock_def_readable+0x1cb/0x550 [ 530.068241][ C0] Read of size 8 at addr ffff888059e624c0 by task syz.4.10728/29136 [ 530.076224][ C0] [ 530.078540][ C0] CPU: 0 UID: 0 PID: 29136 Comm: syz.4.10728 Not tainted syzkaller #0 PREEMPT(full) [ 530.078569][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 530.078584][ C0] Call Trace: [ 530.078591][ C0] [ 530.078599][ C0] dump_stack_lvl+0xe8/0x150 [ 530.078625][ C0] print_report+0xba/0x230 [ 530.078644][ C0] ? sock_def_readable+0x1cb/0x550 [ 530.078661][ C0] kasan_report+0x117/0x150 [ 530.078678][ C0] ? sock_def_readable+0x1cb/0x550 [ 530.078699][ C0] sock_def_readable+0x1cb/0x550 [ 530.078715][ C0] ? sock_def_readable+0xae/0x550 [ 530.078732][ C0] ? send_to_lecd+0x26d/0x830 [ 530.078752][ C0] send_to_lecd+0x3e7/0x830 [ 530.078773][ C0] lec_arp_expire_arp+0x150/0x280 [ 530.078795][ C0] call_timer_fn+0x192/0x5e0 [ 530.078816][ C0] ? __pfx_lec_arp_expire_arp+0x10/0x10 [ 530.078834][ C0] ? call_timer_fn+0xd4/0x5e0 [ 530.078854][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 530.078880][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 530.078896][ C0] ? __pfx_lec_arp_expire_arp+0x10/0x10 [ 530.078916][ C0] __run_timer_base+0x652/0x8b0 [ 530.078935][ C0] ? ktime_get+0x45/0x220 [ 530.078958][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 530.078984][ C0] run_timer_softirq+0xb7/0x170 [ 530.079004][ C0] handle_softirqs+0x22a/0x840 [ 530.079026][ C0] ? __irq_exit_rcu+0xca/0x220 [ 530.079050][ C0] __irq_exit_rcu+0xca/0x220 [ 530.079071][ C0] irq_exit_rcu+0x9/0x30 [ 530.079090][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 530.079109][ C0] [ 530.079114][ C0] [ 530.079120][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 530.079138][ C0] RIP: 0010:finish_task_switch+0x427/0xbe0 [ 530.079171][ C0] Code: 41 c7 84 24 e0 0d 00 00 00 00 00 00 0f 1f 44 00 00 49 83 c4 48 4c 89 e7 e8 86 f4 20 0a e8 21 6d 38 00 fb 49 8d bd a8 16 00 00 <48> 89 f8 48 c1 e8 03 42 0f b6 04 38 84 c0 0f 85 7b 03 00 00 41 80 [ 530.079185][ C0] RSP: 0018:ffffc90004af7090 EFLAGS: 00000206 [ 530.079208][ C0] RAX: 0000000000000177 RBX: 1ffff110170c7784 RCX: 0000000080000001 [ 530.079219][ C0] RDX: 0000000000000007 RSI: ffffffff8dfb65fa RDI: ffff888029683568 [ 530.079230][ C0] RBP: ffffc90004af70f0 R08: ffffffff903215b7 R09: 1ffffffff20642b6 [ 530.079242][ C0] R10: dffffc0000000000 R11: fffffbfff20642b7 R12: ffff8880b863ae88 [ 530.079253][ C0] R13: ffff888029681ec0 R14: ffff8880277c8000 R15: dffffc0000000000 [ 530.079277][ C0] __schedule+0x17bc/0x5680 [ 530.079306][ C0] ? do_raw_spin_lock+0x12b/0x2f0 [ 530.079322][ C0] ? __pfx___schedule+0x10/0x10 [ 530.079344][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 530.079361][ C0] preempt_schedule_common+0x82/0xd0 [ 530.079379][ C0] preempt_schedule_thunk+0x16/0x30 [ 530.079398][ C0] _raw_spin_unlock+0x3f/0x50 [ 530.079413][ C0] unmap_page_range+0x3b71/0x48f0 [ 530.079449][ C0] ? __pfx_unmap_page_range+0x10/0x10 [ 530.079468][ C0] ? mas_find+0xb0e/0xd30 [ 530.079485][ C0] ? unmap_vmas+0x1c4/0x6a0 [ 530.079500][ C0] unmap_vmas+0x48f/0x6a0 [ 530.079519][ C0] ? __pfx_unmap_vmas+0x10/0x10 [ 530.079544][ C0] exit_mmap+0x280/0x9e0 [ 530.079566][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 530.079592][ C0] ? uprobe_clear_state+0x53/0x290 [ 530.079611][ C0] ? __pfx_exit_aio+0x10/0x10 [ 530.079636][ C0] ? uprobe_clear_state+0x27c/0x290 [ 530.079652][ C0] __mmput+0x118/0x430 [ 530.079673][ C0] exit_mm+0x18e/0x250 [ 530.079690][ C0] do_exit+0x6a2/0x23c0 [ 530.079708][ C0] ? __pfx_do_exit+0x10/0x10 [ 530.079724][ C0] ? do_raw_spin_lock+0x12b/0x2f0 [ 530.079744][ C0] do_group_exit+0x21b/0x2d0 [ 530.079759][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 530.079777][ C0] get_signal+0x1284/0x1330 [ 530.079805][ C0] arch_do_signal_or_restart+0xbc/0x830 [ 530.079825][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 530.079847][ C0] ? __x64_sys_recvmmsg+0x198/0x250 [ 530.079865][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 530.079881][ C0] exit_to_user_mode_loop+0x86/0x480 [ 530.079899][ C0] ? rcu_is_watching+0x15/0xb0 [ 530.079921][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 530.079936][ C0] do_syscall_64+0x33e/0xf80 [ 530.079956][ C0] ? trace_irq_disable+0x3b/0x140 [ 530.079972][ C0] ? clear_bhb_loop+0x40/0x90 [ 530.079990][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 530.080005][ C0] RIP: 0033:0x7f401859c819 [ 530.080018][ C0] Code: Unable to access opcode bytes at 0x7f401859c7ef. [ 530.080026][ C0] RSP: 002b:00007f4019444028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 530.080042][ C0] RAX: fffffffffffffe00 RBX: 00007f4018816090 RCX: 00007f401859c819 [ 530.080053][ C0] RDX: 0000000000000001 RSI: 0000200000000400 RDI: 0000000000000003 [ 530.080063][ C0] RBP: 00007f4018632c91 R08: 0000000000000000 R09: 0000000000000000 [ 530.080073][ C0] R10: 0000000040000021 R11: 0000000000000246 R12: 0000000000000000 [ 530.080082][ C0] R13: 00007f4018816128 R14: 00007f4018816090 R15: 00007ffdbdfb7d58 [ 530.080101][ C0] [ 530.080106][ C0] [ 530.558814][ C0] Allocated by task 29096: [ 530.563213][ C0] kasan_save_track+0x3e/0x80 [ 530.567891][ C0] __kasan_slab_alloc+0x6c/0x80 [ 530.572738][ C0] kmem_cache_alloc_lru_noprof+0x2b8/0x640 [ 530.578539][ C0] sock_alloc_inode+0x2c/0x190 [ 530.583318][ C0] alloc_inode+0x6a/0x1b0 [ 530.587741][ C0] __sock_create+0x12d/0x9d0 [ 530.592327][ C0] __sys_socket+0xd6/0x1b0 [ 530.596734][ C0] __x64_sys_socket+0x7a/0x90 [ 530.601498][ C0] do_syscall_64+0x15f/0xf80 [ 530.606122][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 530.612004][ C0] [ 530.614315][ C0] Freed by task 29110: [ 530.618365][ C0] kasan_save_track+0x3e/0x80 [ 530.623040][ C0] kasan_save_free_info+0x46/0x50 [ 530.628082][ C0] __kasan_slab_free+0x5c/0x80 [ 530.632853][ C0] kmem_cache_free+0x180/0x630 [ 530.637616][ C0] rcu_core+0x7cd/0x1070 [ 530.641849][ C0] handle_softirqs+0x22a/0x840 [ 530.646608][ C0] do_softirq+0x76/0xd0 [ 530.650757][ C0] __local_bh_enable_ip+0xf8/0x130 [ 530.655922][ C0] hash_ipport4_add+0x154c/0x2130 [ 530.660942][ C0] hash_ipport4_uadt+0xaaf/0xde0 [ 530.665872][ C0] call_ad+0x398/0xb60 [ 530.669935][ C0] ip_set_ad+0x824/0x9d0 [ 530.674166][ C0] nfnetlink_rcv_msg+0xc03/0x12c0 [ 530.679182][ C0] netlink_rcv_skb+0x232/0x4b0 [ 530.683937][ C0] nfnetlink_rcv+0x2c0/0x27b0 [ 530.688793][ C0] netlink_unicast+0x75c/0x8e0 [ 530.693545][ C0] netlink_sendmsg+0x813/0xb40 [ 530.698309][ C0] ____sys_sendmsg+0x972/0x9f0 [ 530.703065][ C0] ___sys_sendmsg+0x2a5/0x360 [ 530.707737][ C0] __x64_sys_sendmsg+0x1bd/0x2a0 [ 530.712687][ C0] do_syscall_64+0x15f/0xf80 [ 530.717275][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 530.723164][ C0] [ 530.725508][ C0] Last potentially related work creation: [ 530.731294][ C0] kasan_save_stack+0x3e/0x60 [ 530.735971][ C0] kasan_record_aux_stack+0xbd/0xd0 [ 530.741173][ C0] call_rcu+0xee/0x890 [ 530.745234][ C0] evict+0x95b/0xb10 [ 530.749200][ C0] __dentry_kill+0x1a2/0x5e0 [ 530.753785][ C0] finish_dput+0xc9/0x480 [ 530.758103][ C0] __fput+0x691/0xa60 [ 530.762097][ C0] task_work_run+0x1d9/0x270 [ 530.766675][ C0] exit_to_user_mode_loop+0xed/0x480 [ 530.771951][ C0] do_syscall_64+0x33e/0xf80 [ 530.776539][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 530.782593][ C0] [ 530.784915][ C0] The buggy address belongs to the object at ffff888059e62400 [ 530.784915][ C0] which belongs to the cache sock_inode_cache of size 1408 [ 530.799483][ C0] The buggy address is located 192 bytes inside of [ 530.799483][ C0] freed 1408-byte region [ffff888059e62400, ffff888059e62980) [ 530.813375][ C0] [ 530.815711][ C0] The buggy address belongs to the physical page: [ 530.822561][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888059e60600 pfn:0x59e60 [ 530.832633][ C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 530.841153][ C0] memcg:ffff888059e67e01 [ 530.845380][ C0] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 530.853973][ C0] page_type: f5(slab) [ 530.858153][ C0] raw: 00fff00000000240 ffff888140ec0c80 ffffea0001e2cc10 ffffea0001e2ce10 [ 530.867045][ C0] raw: ffff888059e60600 0000000800150013 00000000f5000000 ffff888059e67e01 [ 530.875639][ C0] head: 00fff00000000240 ffff888140ec0c80 ffffea0001e2cc10 ffffea0001e2ce10 [ 530.884565][ C0] head: ffff888059e60600 0000000800150013 00000000f5000000 ffff888059e67e01 [ 530.893485][ C0] head: 00fff00000000003 ffffea0001679801 00000000ffffffff 00000000ffffffff [ 530.902234][ C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 530.910898][ C0] page dumped because: kasan: bad access detected [ 530.917392][ C0] page_owner tracks the page as allocated [ 530.923102][ C0] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5829, tgid 5829 (syz-executor), ts 79361223706, free_ts 22652567333 [ 530.946279][ C0] post_alloc_hook+0x231/0x280 [ 530.951133][ C0] get_page_from_freelist+0x24dc/0x2580 [ 530.956672][ C0] __alloc_frozen_pages_noprof+0x18d/0x380 [ 530.962577][ C0] allocate_slab+0x77/0x660 [ 530.967070][ C0] refill_objects+0x331/0x3c0 [ 530.971734][ C0] __pcs_replace_empty_main+0x2e6/0x730 [ 530.977442][ C0] kmem_cache_alloc_lru_noprof+0x37c/0x640 [ 530.983263][ C0] sock_alloc_inode+0x2c/0x190 [ 530.988152][ C0] alloc_inode+0x6a/0x1b0 [ 530.992486][ C0] __sock_create+0x12d/0x9d0 [ 530.997261][ C0] __sys_socket+0xd6/0x1b0 [ 531.001675][ C0] __x64_sys_socket+0x7a/0x90 [ 531.006384][ C0] do_syscall_64+0x15f/0xf80 [ 531.010971][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.016882][ C0] page last free pid 1 tgid 1 stack trace: [ 531.022751][ C0] __free_frozen_pages+0xc2b/0xdb0 [ 531.027898][ C0] free_contig_range+0xbb/0x170 [ 531.032832][ C0] destroy_args+0x4e5/0x570 [ 531.037330][ C0] debug_vm_pgtable+0x3f8/0x410 [ 531.042205][ C0] do_one_initcall+0x250/0x870 [ 531.046962][ C0] do_initcall_level+0x104/0x190 [ 531.051977][ C0] do_initcalls+0x59/0xa0 [ 531.056303][ C0] kernel_init_freeable+0x2a6/0x3e0 [ 531.061504][ C0] kernel_init+0x1d/0x1d0 [ 531.065925][ C0] ret_from_fork+0x514/0xb70 [ 531.070685][ C0] ret_from_fork_asm+0x1a/0x30 [ 531.075445][ C0] [ 531.077754][ C0] Memory state around the buggy address: [ 531.083377][ C0] ffff888059e62380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 531.091507][ C0] ffff888059e62400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 531.099637][ C0] >ffff888059e62480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 531.107677][ C0] ^ [ 531.113984][ C0] ffff888059e62500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 531.122029][ C0] ffff888059e62580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 531.130161][ C0] ================================================================== [ 531.138434][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 531.145726][ C0] CPU: 0 UID: 0 PID: 29136 Comm: syz.4.10728 Not tainted syzkaller #0 PREEMPT(full) [ 531.155197][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 531.165258][ C0] Call Trace: [ 531.168540][ C0] [ 531.171563][ C0] vpanic+0x56c/0xa60 [ 531.175573][ C0] ? __pfx_vpanic+0x10/0x10 [ 531.180107][ C0] ? irqentry_exit+0x218/0x730 [ 531.184895][ C0] panic+0xc5/0xd0 [ 531.188633][ C0] ? __pfx_panic+0x10/0x10 [ 531.193082][ C0] ? sock_def_readable+0x1cb/0x550 [ 531.198237][ C0] ? sock_def_readable+0x1cb/0x550 [ 531.203367][ C0] check_panic_on_warn+0x89/0xb0 [ 531.208312][ C0] ? sock_def_readable+0x1cb/0x550 [ 531.213428][ C0] end_report+0x73/0x170 [ 531.218025][ C0] ? sock_def_readable+0x1cb/0x550 [ 531.223145][ C0] kasan_report+0x128/0x150 [ 531.227656][ C0] ? sock_def_readable+0x1cb/0x550 [ 531.232954][ C0] sock_def_readable+0x1cb/0x550 [ 531.237967][ C0] ? sock_def_readable+0xae/0x550 [ 531.243082][ C0] ? send_to_lecd+0x26d/0x830 [ 531.247858][ C0] send_to_lecd+0x3e7/0x830 [ 531.252400][ C0] lec_arp_expire_arp+0x150/0x280 [ 531.257535][ C0] call_timer_fn+0x192/0x5e0 [ 531.262328][ C0] ? __pfx_lec_arp_expire_arp+0x10/0x10 [ 531.267935][ C0] ? call_timer_fn+0xd4/0x5e0 [ 531.272637][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 531.277784][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 531.283009][ C0] ? __pfx_lec_arp_expire_arp+0x10/0x10 [ 531.288599][ C0] __run_timer_base+0x652/0x8b0 [ 531.293476][ C0] ? ktime_get+0x45/0x220 [ 531.297831][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 531.303254][ C0] run_timer_softirq+0xb7/0x170 [ 531.308137][ C0] handle_softirqs+0x22a/0x840 [ 531.312933][ C0] ? __irq_exit_rcu+0xca/0x220 [ 531.317822][ C0] __irq_exit_rcu+0xca/0x220 [ 531.322445][ C0] irq_exit_rcu+0x9/0x30 [ 531.326731][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 531.332394][ C0] [ 531.335355][ C0] [ 531.338301][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 531.344309][ C0] RIP: 0010:finish_task_switch+0x427/0xbe0 [ 531.350324][ C0] Code: 41 c7 84 24 e0 0d 00 00 00 00 00 00 0f 1f 44 00 00 49 83 c4 48 4c 89 e7 e8 86 f4 20 0a e8 21 6d 38 00 fb 49 8d bd a8 16 00 00 <48> 89 f8 48 c1 e8 03 42 0f b6 04 38 84 c0 0f 85 7b 03 00 00 41 80 [ 531.370035][ C0] RSP: 0018:ffffc90004af7090 EFLAGS: 00000206 [ 531.376190][ C0] RAX: 0000000000000177 RBX: 1ffff110170c7784 RCX: 0000000080000001 [ 531.384180][ C0] RDX: 0000000000000007 RSI: ffffffff8dfb65fa RDI: ffff888029683568 [ 531.392160][ C0] RBP: ffffc90004af70f0 R08: ffffffff903215b7 R09: 1ffffffff20642b6 [ 531.400216][ C0] R10: dffffc0000000000 R11: fffffbfff20642b7 R12: ffff8880b863ae88 [ 531.408180][ C0] R13: ffff888029681ec0 R14: ffff8880277c8000 R15: dffffc0000000000 [ 531.416244][ C0] __schedule+0x17bc/0x5680 [ 531.420757][ C0] ? do_raw_spin_lock+0x12b/0x2f0 [ 531.425863][ C0] ? __pfx___schedule+0x10/0x10 [ 531.430717][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 531.436129][ C0] preempt_schedule_common+0x82/0xd0 [ 531.441430][ C0] preempt_schedule_thunk+0x16/0x30 [ 531.446631][ C0] _raw_spin_unlock+0x3f/0x50 [ 531.451309][ C0] unmap_page_range+0x3b71/0x48f0 [ 531.456349][ C0] ? __pfx_unmap_page_range+0x10/0x10 [ 531.461804][ C0] ? mas_find+0xb0e/0xd30 [ 531.466131][ C0] ? unmap_vmas+0x1c4/0x6a0 [ 531.470623][ C0] unmap_vmas+0x48f/0x6a0 [ 531.474945][ C0] ? __pfx_unmap_vmas+0x10/0x10 [ 531.479800][ C0] exit_mmap+0x280/0x9e0 [ 531.484044][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 531.488814][ C0] ? uprobe_clear_state+0x53/0x290 [ 531.493922][ C0] ? __pfx_exit_aio+0x10/0x10 [ 531.498605][ C0] ? uprobe_clear_state+0x27c/0x290 [ 531.503801][ C0] __mmput+0x118/0x430 [ 531.507868][ C0] exit_mm+0x18e/0x250 [ 531.511932][ C0] do_exit+0x6a2/0x23c0 [ 531.516082][ C0] ? __pfx_do_exit+0x10/0x10 [ 531.520672][ C0] ? do_raw_spin_lock+0x12b/0x2f0 [ 531.525714][ C0] do_group_exit+0x21b/0x2d0 [ 531.530316][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 531.535554][ C0] get_signal+0x1284/0x1330 [ 531.540065][ C0] arch_do_signal_or_restart+0xbc/0x830 [ 531.545607][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 531.551758][ C0] ? __x64_sys_recvmmsg+0x198/0x250 [ 531.556955][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.563096][ C0] exit_to_user_mode_loop+0x86/0x480 [ 531.568374][ C0] ? rcu_is_watching+0x15/0xb0 [ 531.573136][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.579193][ C0] do_syscall_64+0x33e/0xf80 [ 531.583778][ C0] ? trace_irq_disable+0x3b/0x140 [ 531.588802][ C0] ? clear_bhb_loop+0x40/0x90 [ 531.593479][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.599369][ C0] RIP: 0033:0x7f401859c819 [ 531.603925][ C0] Code: Unable to access opcode bytes at 0x7f401859c7ef. [ 531.610929][ C0] RSP: 002b:00007f4019444028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 531.619342][ C0] RAX: fffffffffffffe00 RBX: 00007f4018816090 RCX: 00007f401859c819 [ 531.627418][ C0] RDX: 0000000000000001 RSI: 0000200000000400 RDI: 0000000000000003 [ 531.635381][ C0] RBP: 00007f4018632c91 R08: 0000000000000000 R09: 0000000000000000 [ 531.643344][ C0] R10: 0000000040000021 R11: 0000000000000246 R12: 0000000000000000 [ 531.651307][ C0] R13: 00007f4018816128 R14: 00007f4018816090 R15: 00007ffdbdfb7d58 [ 531.659365][ C0] [ 531.662736][ C0] Kernel Offset: disabled [ 531.667052][ C0] Rebooting in 86400 seconds..