last executing test programs: 5.193806528s ago: executing program 0 (id=2596): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x4c02}) bpf$PROG_LOAD(0x5, 0x0, 0x0) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x10}], 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x59, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local}) 4.937853849s ago: executing program 0 (id=2602): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x20000000, '\x00', 0x0, 0x0}, 0x50) (async) r1 = socket$inet_tcp(0x2, 0x1, 0x0) socket$netlink(0x10, 0x3, 0x0) (async) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x2044854) (async) recvmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x2, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'dummy0\x00', 0x0}) (async) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000040000000000000000000000850000002c000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000340)={r3, r2, 0x25, 0x4, @void}, 0x10) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf090000000000004e090100000000009500000000000000b7020000000000007baaf8ff00000000b5090800000000107baaf0ff00000000bf8700000000000007070000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004600000076000000bf98000000000000b5080000000000008500000007000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 4.708367328s ago: executing program 0 (id=2607): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x9}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x3, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000800000000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) r2 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={r1, r1, 0x2f, 0x0, @void}, 0x10) bpf$LINK_DETACH(0x22, &(0x7f0000000140)=r2, 0x4) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="0000000000004a641c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000200)={r2, r1, 0x4, r0}, 0x10) 4.476426298s ago: executing program 0 (id=2613): r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000080)=@req3={0x7f, 0x62c, 0x5, 0xfef7, 0x7ff, 0x7, 0x9}, 0x1c) recvmmsg(r0, &(0x7f00000028c0)=[{{0x0, 0x0, &(0x7f00000003c0)}, 0x81}], 0x1, 0x2000, 0x0) sendmmsg(r0, &(0x7f0000000ec0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000700)="1041cbf36bb387e0ddfa22cce68bf9574eeb419a3d15316f2849d142893b5620c02954b482ba266e3f34cb073c915bcd5cbfcd564daa9abd2cb32f2a601b8724f992d8fa5bbd25c10a72f39a1f4d1ebbbfc030f6986fac9d68426a567896e47d11db774d50422ec8d0b97bb7c5016fedd4a26aa5f290103cf42877dc44290aaa76ded4a58d085ea5d4ebd2e9fe03aa8b55d0ef15d889fc9754288bbd8cdeb6a0d5b0377211347d213d8f72de999132627a808b684a444e06dae04da7923e5b80f11d10ae79", 0xc5}], 0x1}}, {{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f00000004c0)="dcb6f1e0ea556c3b9e9bbb3488ca9e76d0021b9979b612ffb1226bf22419ea31cbc7ebfe5108fbbe37a8d2a944bea8591dee9bacb0560134137ba83501cc0f4fba6e1a7f1a4967", 0x47}, {&(0x7f0000000600)="5fa7f014fd506d6e738aea33a65098ecbc7489195914abc9c9905061bf1713438dca5524319295b3b51a1e4cbd35d10173f5034c4cd2a0286da49933b7d80cf9cae5fb770e36c939a9e4966d47796c68d8070586fdff97b4f32d885495cc8b7953caadff66334a", 0x67}, {&(0x7f0000000680)="c952d2189916044b0ce657abdebec14c72a420097d655cc768d5bae6b2dbcaba0502a2", 0x23}, {&(0x7f00000006c0)="d8683575e2a856eb851e", 0xa}], 0x4, &(0x7f0000000840)=[{0xa8, 0x1, 0x7, "95e9c34cce79289e0af650088eea1cc6887352b1adc1415ce3e761d6f7cb897d5a26e20410bc5aeb019ae1846eb51ced0aabb71b49009773c50afd126aa57f7ef0d5c463f3b3e5aacf56e237663b90e2c70a313333897185c37e015b569287f69c6daa779835f1fa868cd47f189a16065ec7120f087f138d451a99dcc196e0740cda9ff9402b7bedb94bf515ffff762cd91c"}, {0x80, 0x10c, 0x164, "9e86b366fbe81ef872490ffb5423c0df785275000457979b2eee22ff7644bbc807d3464efae5146223d923ed88dab2955eab3cbf48c3e4ab13f5d3290c16594b45fe0be007316451ff16d50865d018253d2a72ae3716dd1905954d0730062e5d601cecf50cb3a98dffc6f62970f466"}], 0x128}}, {{&(0x7f0000000980)=@nl=@proc={0x10, 0x0, 0x25dfdbfe}, 0x80, &(0x7f0000000e00)=[{&(0x7f0000001080)="8c1ddd077db157346de4f82b2057470a38dd37414be17fdb425f03c2fe28fa879cde1995c98bffbd0a5803ed4af326112e31445510c394232847c20ed86561533c989fee7b7c5f1f8df1a9f99e6e3ee77d5800e3d4d48db5bb159f1e8e6a1822f841c822073135f9373eb2c6f361a75f0b2ba8f4ff6224c0628fb3bd0d6b65c785cc3b2074a104d172b6c7e43001deb906cdb0631a6860d2f1ff1051732e4eebdd6034aaa72f88ea63ab19cf586692d06497b0bafc27a6b0a37811b96d484813c55b0c05f8", 0xc5}, {&(0x7f0000000b00)="ead77559e9fa73b2a3a513be09714acafcd0807306e15ee70e081b7f904a81dd9d528d2e05c612534a754aa17f34075291a328d628b1e7aafa894640db4664d2771f3b4e88587bc811fec2fe10fb17b3fbd5bab312d23212c43edfd9f990ec584378d4e56a55137fa67ae53def9df119f10a965282dd8910d47bffbe7eaecd8a7431d5ad2b9f", 0x86}, {&(0x7f0000000bc0)="ee45612fd760478164e974831cc964ca8169bd3dc0d627973f83553a7c75c4da138ac8b97bf740f64aa8574572527d236f1e5bdaa9327ba399f6ef4df0336ff9b8ffc491fa6483d2cd0d596b269d4c647d66e65414efeca77118aa687a8d15fdec68b3be3474a283406dafb0cc736c705ed7db35eae1f2a5b82c5f30992165f7e49b9a8f21f46181bfb8bcc9878026199f8d31b77cbb5ac650f341537f34d4e7135fb21abe", 0xa5}, {&(0x7f0000000c80)="139749f70d9959a2455a5e03a20e2b40197edb6c865c246a434c2bebee3b38fc84369499ce5687a81830264f1011ecbc61a6d3d850fca4c0fc54bcf3fe263960747e0342ca71ff75b22d8ecbee63e74261fffd19f5b44804423eac0c4cdae1df6a0e4f6a31647af283f5c312860ccd2b798f09cbca26024101c2b49ebd9b19869a02817d340311a2f4a85354b9380198fa37f34a6c8380ae67c52f1e6ecd5bc365a8cf54af43700898a67b41f11af1747bc6abc8a90e1aa565603bbbe2caab01468fa614809c8556c60f6fe4f42eace035066010572b7e981853d63e", 0xdc}, {&(0x7f0000000d80)="8259763aca9660a6313204103b94f2661849a4e8bda74187f4c902a79a174fac5ad6a2676fa16b11341bbe06e2a2a99c4ff5e3efaf89ddfef052ff5786aa52b1a351d2", 0x43}], 0x5, &(0x7f0000000e80)=[{0x38, 0x1, 0x2, "1071dd1f8e0c81fa2cbbd73a989ada0dbd3cd5acb437370baddc7be40675dbc38ceea284c9"}], 0x38}}], 0x3, 0x9200000000000000) bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x3, {0x40}}, 0x10) unshare(0x5d330f1f15592d08) unshare(0x10060400) r1 = socket$rds(0x15, 0x5, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000f80)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="100026bd7000fedbdf251300000008000300", @ANYRES32=0x0, @ANYBLOB="19f2711f52011ab897a7e6f97679b48106be293a08a3e62da2dbfedcea4020dbbb448b16de925b7f6dd690b4aa8c873198f045d2290b2f4cbad1d37d58fcae2643deecf9418c9912d36e4283e95e4ef9d653a1389b555ef049c7920ed89c0e229dfb920961ea859cca238a457799e08fc8eadb3424f6898d4cd262d54fedb7742d8070d54edd7849c32afd05595e31f7960ba017c43425a30f0f5bf4a5045ab057bc8a04f61d72800ae1fc"], 0x24}, 0x1, 0x0, 0x0, 0x20004000}, 0x4001) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="30000000200025a729bd7000fddbdf250a0000cdfe0000010200010008000600fe7f00000c0014"], 0x30}, 0x1, 0x0, 0x0, 0x20008005}, 0x44) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000000c0)=0xffffffffffffffe7) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000040)={r4, 0x2}, 0x8) syz_emit_ethernet(0x3e, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000008004500003000000000000190780a010101ac1414aa030590780300060045000000000000bf1a5e0d00ffffffffe0"], 0x0) socketpair(0x1, 0x1, 0x0, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000006180)={0x0, 0x0, &(0x7f0000006140)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16, @ANYBLOB="110026bd7000fddbdf2507002600"/26, @ANYRES32, @ANYBLOB="0c009900fb"], 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x20004014) r5 = socket$l2tp(0x2, 0x2, 0x73) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{}], 0x1, 0x40800) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r6, &(0x7f0000000000)=ANY=[], 0x32600) r7 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x25, &(0x7f0000000200)=0x6fdc, 0x4) bind$inet(r7, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r7, &(0x7f0000000480)={0x2, 0x4e22, @multicast1}, 0x10) sendmmsg(r7, &(0x7f0000007fc0), 0x800001d, 0x0) recvmmsg(r7, &(0x7f0000007080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000005a40)=""/25, 0x19}, 0x5}], 0x1, 0x45833af92e4b39ff, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r6, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x3c8, 0x298, 0x168, 0x0, 0x0, 0x200, 0x370, 0x370, 0x370, 0x370, 0x370, 0x6, 0x0, {[{{@ip={@multicast1, @dev={0xac, 0x14, 0x14, 0x13}, 0xff, 0xff000000, 'pim6reg1\x00', 'bridge_slave_0\x00', {}, {0xff}, 0x88, 0x3}, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x298}}, {{@ip={@private=0xa010100, @local, 0x0, 0x0, 'vcan0\x00', 'veth0_virt_wifi\x00', {}, {0xff}}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{}, {0x0, [0x0, 0x0, 0x0, 0x2, 0x4, 0x11000000]}}}}, {{@uncond, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@private=0xa010102, @multicast1, 0x0, 0xffffff00, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@remote, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x428) setsockopt$RDS_GET_MR(r1, 0x114, 0x2, 0x0, 0x0) 2.273854564s ago: executing program 1 (id=2628): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'veth0_virt_wifi\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001400b59500000000000000000a000000", @ANYRES32=r2, @ANYBLOB="14000200fe8000000000000000000000000000aa080009003f0c0000140001"], 0x48}}, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8000002) sendmmsg(r3, 0x0, 0x0, 0xfc) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000000c0)={0x7, &(0x7f0000000000)=[{0x8, 0x3, 0x2, 0x5}, {0xce7, 0xff, 0xdc, 0x1000}, {0x8, 0x2, 0xc0, 0x8}, {0x9, 0x2c, 0x0, 0x1}, {0x8a7d, 0x5, 0xb, 0x10000}, {0x8, 0x0, 0x47, 0x8}, {0x7, 0x57, 0x3, 0x1}]}, 0x10) 2.123264544s ago: executing program 1 (id=2630): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$tun(r0, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) bind$llc(r1, &(0x7f0000000140)={0x1a, 0x0, 0x0, 0xff, 0x2, 0x9}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000000), 0xffffff6a) sendfile(r1, r2, 0x0, 0x8000) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) ioctl$XFS_IOC_START_COMMIT(r3, 0x80585882, &(0x7f0000000340)={0xffffffffffffffff}) sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@delneigh={0x30, 0x1d, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r4, 0x40, 0x10, 0x4}, [@NDA_LLADDR={0xa, 0x2, @remote}, @NDA_VLAN={0x6, 0x5, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) ppoll(&(0x7f0000000080)=[{r0, 0x20}, {r1, 0x28}, {r2, 0x120c}, {r2, 0x10}, {r3, 0x1000}], 0x5, &(0x7f0000000100)={r6, r7+60000000}, &(0x7f0000000180)={[0x3]}, 0x8) recvmmsg(r1, &(0x7f0000000640)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000b00)=""/225, 0xe1}], 0x1}, 0xffffffff}], 0x1, 0x0, 0x0) ioctl$int_in(r1, 0x73, &(0x7f00000001c0)=0x4) socket$nl_generic(0x10, 0x3, 0x10) 1.479976366s ago: executing program 3 (id=2634): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000140)={0x1f, 0xffff, 0x3}, 0x6) write(r1, &(0x7f00000000c0)="519703000000", 0x6) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_udp_int(r2, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) setsockopt$inet6_udp_encap(r2, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) r4 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$sock_buf(r4, 0x1, 0x37, &(0x7f0000000380)=""/120, &(0x7f0000000400)=0x78) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'dummy0\x00', 0x0}) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="3c0000002600000227bd7000fcdbdf25190000000400420090c49f9660af96ee428a9adb39dfd772e3ce3a448a00"/60], 0x3c}, 0x1, 0x0, 0x0, 0x60080}, 0x4040000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x94, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0x19, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x64, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0xd, 0x1, 0x40], 0x0, [0x8, 0x6, 0x3c, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x8, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x2]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x8, 0x2, 0x0, 0x1, [{0x4}]}]}}]}, 0x94}}, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="200000006a000100fefdffffffdbef25000000150000000008"], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x20008040) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4044882}, 0x20040084) sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=@newqdisc={0x3c, 0x28, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffdfc, {0x0, 0x0, 0x0, r6, {0x3}, {0xd}, {0xa, 0xfff1}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x0, 0x204000}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20008091}, 0x4000000) socket$nl_generic(0x10, 0x3, 0x10) r9 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r9, &(0x7f0000000100)={0xa, 0x4e24, 0x0, @rand_addr, 0x1}, 0x1c) sendmmsg(r9, &(0x7f00000092c0), 0x4ff, 0x0) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r10, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x68, r11, 0x1, 0x0, 0x0, {{}, {}, {0x9, 0x18, {0x0, @link='broadcast-link\x00'}}}}, 0x68}}, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(r7, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80018800}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x2c, r11, 0x10, 0x70bd2b, 0x25dfdbfc, {{}, {}, {0x10, 0x13, @udp='udp:syz1\x00'}}, ["", ""]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4080) 1.305791424s ago: executing program 4 (id=2636): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$kcm(0x1e, 0x4, 0x0) unshare(0x22020400) r2 = socket(0x10, 0x803, 0x0) sendto(r2, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400}) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r3 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r4 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r4, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$inet_tcp(0x2, 0x1, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000008c0), r5) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000e00)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_CQM(r5, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010029bd7000fedbdf253f00000008000300", @ANYRES32=r8, @ANYBLOB="20005e8008000600c7f20000040001000800050022000020080007"], 0x3c}, 0x1, 0x0, 0x0, 0x80c0}, 0x4) write$cgroup_subtree(r4, &(0x7f0000000040)=ANY=[], 0xfdef) close(r4) recvmsg(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000002a80)=""/4096, 0xfdef}], 0x1}, 0x10021) r9 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000001fc0)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0ab0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000050000006a0a00fe00000000850000000a000000b70000000000000095000000000000009cc6b3fcd62c061c6238975d43a4505f80e39c9f3c530cf08e467b592f868ee3caa435df0a0e8c1bf176db2a6b2feb4b77d3d5707bfd2d84aaa3b1d4e984c46ea7e2b347a36f5662403e1b2be4284322a4908ad10b97163c066d0e196bf02f46c7953ab1abdaf9de9ca3c00cb9bf4e418d076feafa22f0610a70f2bdf4000200000066b60d00b0c2c1254f0963f63223b7b80197aa3161f45346b100000000000000000089e399f6609876b5887437a172ebc02a740694298b79dc194e533583412dff048fc21f28bdd3e26a1a8a0481e9f0da43bb6ca66e2f55a9ff19ffcafe3e64be033c9d2f972cc93c1c13caec04a367c24a9fb2a6991ddb737d527d6acb15426415b6e8b14f822e86067a5e991c3b404984e1a2c6e94bd0339454c13ad3c328a182c15dc760a3000000005dc2ed0e0b29e98fa883c71949a34d84030323e3d54f45b29d27643453ad9211e3550ee5520211d9370175133f260c6882a146880b9387f1beb5418618bc83a3becf9bb57da7ba8b913c685fc6700848dc6665d73248c1f74e08ad04ce903eaf32706e0000249a028044ede964362cfb7830a246c3b2f60000fc4deb8eda1368b0960b8d69bd99c64893d44f962526528e7e541c903869d96989b9a986620cb2c95c83f2a082c52764f49e51188f9418b01bcd8ae164acdac95318ec8b2c6feacdcf4b528e5e582160ed048c46e1dccca85bfa1d67c83795eae2d31968c055d325a9c794ef88b30c2de4a274878b73c05ffa88b7033be648b12bb1fee58b58d6a6f31bfe568215dfbde59dad00008a73b40f09cf018cd496b36050d70c28f76749262e33e16429a6da35ceb1a989de81c3f8b8bc3a4763948a1cbc10348ef2ac3781b847611fcb0a26acafdd6d9ab05865fcf7c493d8f8cd344a1d470ca0d6f16ab0293774b5509fb0e7113936d59d5a60dbd84a938476adeebab9ff44f531bb81c53f16d80f51006cbc71570a5e272b223425e09dc6b6cc1fbc455a64fd449284f71761092a0342000000000000008a05d36fd9b814b4292745418c92d944763a4bf5e138d810e29a31f08f7dea7762d28484e15dc4320e4f85c16a8fbffadf8214d6d24cabe17ad4135d8872935ce0e6a468fd20fa4461d1d600234feac6eb4f046f2acc1b0efb4438abddcabb4e4e72a450aab72b589bec83bbb688e659fb426cb43d0ee993516fd4e867232cde69b6ffad447dcd92e0ef8234ff850ec3948dd1fa7afb77d951fe4abf618121b7894c1044ef221973432ccc7e62b151eb898a01010a7ec5acd0a5dcb2de443880ada682515d1da9a3048744acb44384d1591df789883c0560495cb0cb32283529926d25e5c7f4815237c3aa356217738898a16ba603439f6eaad8e70b"], 0x0, 0xc, 0x0, 0x0, 0x0, 0x40}, 0x94) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xa, 0x4, 0xa, 0x80, 0x140}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000540), &(0x7f0000000080), 0x619, r10}, 0x38) sendmsg$nl_generic(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="3400000040000701feffffff00000000017c9ffd5b81f561890000040042800c00018006000600800a00001000028009001480295b09d3802eca18c46246a20bc25bb246f4e4c0f2"], 0x34}, 0x1, 0x0, 0x0, 0x48815}, 0xc000) r11 = socket$nl_rdma(0x10, 0x3, 0x14) r12 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001a80)={r12, &(0x7f00000018c0), 0x0}, 0x20) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000011140100000000000000000008004a446c8a4400080006"], 0x20}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000900)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4805}, 0x20000050) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a03020000000000000000020000000900020073797a30000000000900010073797a3000000000140003800800014000000000080002400000000014000000110001"], 0x68}}, 0x0) 1.113460907s ago: executing program 1 (id=2638): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYRES8=r0], 0x30}, 0x1, 0x0, 0x0, 0x81}, 0x40084) 967.050672ms ago: executing program 0 (id=2639): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x7}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40004}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0x801, 0x70bd27, 0x8000000, {0x0, 0x0, 0x0, 0x0, 0x0, 0x20421}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x4040040}, 0x8024) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_DELETE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="40000042111df8e4274bf0ee72062c23e27bde00", @ANYRES16=r3, @ANYBLOB="010028bd70004000000005000000080009000200000008000c00a80a0000060001000800000008000b00020000000c0016000800000000000000"], 0x40}, 0x1, 0x0, 0x0, 0x4800}, 0x4) (async) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, r3, 0x200, 0x70bd2c, 0x25dfdbff, {}, [@L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @local}]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x48001) r4 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, 0x0, 0x0) (async) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = syz_genetlink_get_family_id$fou(&(0x7f0000000380), r5) sendmsg$FOU_CMD_ADD(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x24, r6, 0x2, 0x70bd28, 0x25dfdbfb, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @local}, @FOU_ATTR_PEER_V4={0x8, 0x8, @rand_addr=0x64010102}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x40) (async) sendmsg$nl_route_sched(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x6, 0x0, 0x8100, 0x0, {0xc3}, {}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x0, 0xfe}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0) 836.952785ms ago: executing program 1 (id=2641): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), r0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-aes-aesni\x00'}, 0x58) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000300)={'vxcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000380)={0x1d, r3, 0x10, {0x2, 0xf0, 0x2}, 0x1}, 0x18) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f000000b500), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) r8 = socket(0x1e, 0x4, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r8, 0x10f, 0x81, &(0x7f0000000480), 0x4) recvmmsg(r8, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001e40)=""/174, 0xae}], 0x1, &(0x7f0000001fc0)=""/65, 0x41}, 0x1}], 0x1, 0x40002122, 0x0) sendmsg$tipc(r8, &(0x7f0000000100)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x1, {0x1, 0x1, 0x3}}, 0x10, &(0x7f0000000200)=[{&(0x7f00000000c0)="17", 0x1}], 0x1, 0x0, 0x0, 0x8008001}, 0x20048851) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000800)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_COMPAT={0x4c, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x87}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x8906}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x2e}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x9200}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x8808}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xa0}}, 0x0) sendmsg$NL80211_CMD_SET_TID_CONFIG(r5, &(0x7f000000d040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x2c, r4, 0x8de13c6b70ae92c3, 0x41003, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x12}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20000150) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000680)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000640)={&(0x7f0000000540)={0x60, r4, 0x20, 0x70bd2d, 0x25dfdc01, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x0, 0x72}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_LOCAL_MESH_POWER_MODE={0x8, 0xa4, 0x1}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0xe, 0xbd, [0x8, 0x8, 0x40, 0x7, 0x40]}, @NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_MAC={0xa}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000001}, 0x20008000) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r10 = accept4(r2, 0x0, 0x0, 0x800) sendmsg$NL80211_CMD_NEW_INTERFACE(r10, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)={0x80, r4, 0x8, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8}, @void, @val={0xc, 0x99, {0x7f8, 0x1a}}}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_4ADDR={0x5}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_4ADDR={0x5}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xa}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}], @NL80211_ATTR_IFNAME={0x14, 0x4, 'pim6reg0\x00'}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x80}, 0x1, 0x0, 0x0, 0x4040000}, 0x20008084) sendmsg$NL80211_CMD_TDLS_OPER(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x14, 0x0, 0x200, 0x70bd29, 0x25dfdbff, {{}, {@void, @void}}}, 0x4b}, 0x1, 0x0, 0x0, 0x20040084}, 0x10) socket$kcm(0x29, 0x2, 0x0) recvmsg(r10, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000140)=""/82, 0x52}], 0x1}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) r11 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_ifreq(r11, 0x8923, &(0x7f00000000c0)={'bond0\x00', @ifru_names='bond0\x00'}) 825.562079ms ago: executing program 2 (id=2642): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x6, &(0x7f0000000180)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x4}, @exit, @initr0, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}], &(0x7f00000000c0)='GPL\x00'}, 0x90) r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vxcan0\x00', 0x0}) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r2, 0x8936, &(0x7f0000000080)={@private1={0xfc, 0x1, '\x00', 0x1}, 0x79, r1}) r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000100)={'ip6_vti0\x00'}) 692.192968ms ago: executing program 0 (id=2643): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a0b040000000000000000020000002400048020000180070001006374000014000280080002400000000f08000140000000020900010073797a30000000000900020073797a320000000014000000110001"], 0x78}}, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0xb, @empty}, 0x1c) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x39}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty, 0xfffffffe}}, 0x80000, 0x0, 0x0, 0x0, 0xb3550aa4ba878396}, 0x9c) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'tunl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_PLIMIT={0x8, 0x1, 0xff}, @TCA_FQ_FLOW_PLIMIT={0x8, 0x2, 0x9}]}}]}, 0x40}}, 0x4800) 565.769937ms ago: executing program 2 (id=2644): ppoll(&(0x7f0000000740), 0x2000000000000219, &(0x7f0000000900)={0x77359400}, &(0x7f0000000940)={[0x4]}, 0x8) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x13, r0, 0x7ca8e000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001700)={0x18, 0x1, &(0x7f00000014c0)=@raw=[@jmp={0x5, 0x1, 0x6, 0x4, 0x7, 0x0, 0xfffffffffffffffc}], &(0x7f0000001500)='syzkaller\x00', 0x6, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd}, 0x94) 538.941504ms ago: executing program 3 (id=2645): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000800)=@newlink={0x5c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_GENEVE_LABEL={0x8, 0xb, 0x1, 0x0, 0x7}, @IFLA_GENEVE_COLLECT_METADATA={0x4}, @IFLA_GENEVE_UDP_ZERO_CSUM6_TX={0x5, 0x9, 0x1}, @IFLA_GENEVE_REMOTE6={0x14, 0x7, @private1}]}}}]}, 0x5c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) unshare(0x2c020400) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1d, 0x5c, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005100000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a100000095b01188bbf49338ca32925e22515599a02502e6f1da1d1aaf8c7fd23c56c3fe92c2bc0929d168638dc5105c5e4a9a8916e2da"], &(0x7f0000000000)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x5d, '\x00', 0x0, @fallback=0x25, r2, 0x0, 0x0, 0xffffffffffffff52, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) close(0x3) r3 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000080)=0x6f89c659e9b3087f) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) unshare(0x6020400) close(0x3) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6000000002060103000000000000000300007ffd0e0003006269746d61703a697000000005000400000000000900020073797a31000000001800078005000300f00000000c0001800800010000ffffff05000500020000000500010006"], 0x60}}, 0x0) 485.869568ms ago: executing program 1 (id=2646): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000b00)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x20008041}, 0xc040841) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_256={{0x304, 0x36}, '\x00', "8b3de2aabceef22f1d9e59f3000000000400000000020000000010000000ff01", '\x00', '\x00\x00\x00-S\x00'}, 0x38) 485.583294ms ago: executing program 2 (id=2647): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x11, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000400008500000061000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7020000080000001823000004879e39eb58542f55c3e7e67323a29f3001a161368ea0b74daf0578eeeea5592a76d3283a51d1a9c60dcb2d543d9a2fc9ed1ec9cb6d41ea5ce12d34e116a28356d3b67f4f9218a61c259d521facad8a29e7eaa111d8f51ab3383abf53d82634e749d5d438e02e5a433c27248b5cad27593d2b67079f2209394e3ebe2362533b338589e3749d48d3723915f1a6a41123a7cfeb78350e8259fc7d09a1593c7fd34f871166dc5428b77523dcec71a8f2f87ef1a471dc2e5160ca4149cb5d58ff9d5d756252cad6f892e1351d11ad96df", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x9ab2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x18000000000002a0, 0x1, 0x0, &(0x7f0000000040)="86dd", 0x0, 0x1, 0x60000000, 0xfffffffffffffe97, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4c}, 0x50) ioctl$F2FS_IOC_SET_COMPRESS_OPTION(r1, 0x4002f516, &(0x7f0000000000)={0x7f, 0xa}) 473.435712ms ago: executing program 1 (id=2648): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000400)="cd", 0x1, 0x8010, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback, 0xfffffffe}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYRESOCT=r0], 0x9) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f00000001c0)={0x0, 0x6}, 0x8) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000080)={0x0, 0x6}, 0x8) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYRES16=0x0, @ANYRESDEC=r1, @ANYBLOB="4060000002400000140012800800010067726500080002800400120008001f00ff000000"], 0x3c}, 0x1, 0x0, 0x0, 0x40c0000}, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) (async) setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) (async) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) (async) sendto$inet6(r0, &(0x7f0000000400)="cd", 0x1, 0x8010, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback, 0xfffffffe}, 0x1c) (async) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYRESOCT=r0], 0x9) (async) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f00000001c0)={0x0, 0x6}, 0x8) (async) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000080)={0x0, 0x6}, 0x8) (async) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYRES16=0x0, @ANYRESDEC=r1, @ANYBLOB="4060000002400000140012800800010067726500080002800400120008001f00ff000000"], 0x3c}, 0x1, 0x0, 0x0, 0x40c0000}, 0x0) (async) 455.386243ms ago: executing program 3 (id=2649): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}, 0xfffffffc}, [@mark={0xc, 0x15, {0x35075a, 0x2}}]}, 0xc4}}, 0x4004) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="b8000000190001000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000000ff8000000a00000029"], 0xb8}, 0x1, 0x0, 0x0, 0x40}, 0x10) 369.714061ms ago: executing program 2 (id=2650): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000840)={@val={0x8, 0x800}, @val={0x6, 0x0, 0x6, 0x8, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x2, 0x2, 0x14, 0x66, 0x0, 0xb, 0x4, 0x0, @rand_addr=0x64010101, @broadcast}}}, 0x22) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x200000c, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x10, &(0x7f0000000600)=@framed={{}, [@snprintf]}, &(0x7f0000000300)='GPL\x00', 0x8, 0xff8, &(0x7f0000001e00)=""/4088}, 0x90) 368.972851ms ago: executing program 4 (id=2651): socket$nl_xfrm(0x10, 0x3, 0x6) (async) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x4, &(0x7f0000001440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, [@call={0x85, 0x0, 0x0, 0x6b}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x59, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'tunl0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x148, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffe, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0xffff, 0xffff}, {0x16}}, [@qdisc_kind_options=@q_red={{0x8}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "09000020000000008f29d158039b90627d7b60f0d5ca47f33eed46409b7c8722ce020df6b24c2e6ac7b97dc04d01be2092874115214b1ebb764511f69cd1e9f6263346363d2c639c76000067af25166c2f0f85f36aa8867406119c010400002e31dea98204000000d560eae59ea49ef95d73202a6e3b5e1eb38244e694e7410d33bc92794ad27031f2a19698b5142ddf36e2a876a4fc871207bf12a84f1d4d132f5bb7edcf2d08d677e6a7268e106b6ced3c7f53df24092ddb9e0fac6a1153c3fc88bfd1404fef22cf3e825a6e19c6a48a5444eabb459ac3ec9a278df4011773d2f2e6529ed0ad424b47ec67522477f979360b76d1008000"}, @TCA_RED_PARMS={0x14, 0x1, {0x3f26, 0x7, 0x81, 0xc, 0xb, 0x14, 0x5}}]}}]}, 0x148}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000640)=ANY=[@ANYBLOB="5c0000001400050000000000fbdbdf25ac1efd01000000000000000000000000ff02000000000000000000000000000100000080000700000000000032000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\f\x00\b\x00R'], 0x5c}}, 0x4004040) (async) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000640)=ANY=[@ANYBLOB="5c0000001400050000000000fbdbdf25ac1efd01000000000000000000000000ff02000000000000000000000000000100000080000700000000000032000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\f\x00\b\x00R'], 0x5c}}, 0x4004040) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="021800001b000000000000000000000005000600000000000a000000000000000000000000000000000000000000000000000000000000000800120000000000000000000000000006000000000000000000000000000000ac1e0001000000000000000000000000e000000200000000000000000000000005000500000000000a00000000000000fc000000000000000000000000000000000000000000000007001900000000000a"], 0xd8}}, 0x0) 367.894796ms ago: executing program 3 (id=2652): socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0xfca804a0, 0x0, 0x8, 0x0, &(0x7f0000000300)=""/8, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x2, 0xc, 0x1400}, 0x48) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={r2, 0x68, &(0x7f0000000200)}, 0x10) sendmmsg$inet(r0, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) close(r1) 335.28763ms ago: executing program 4 (id=2653): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0a000000060000000800000008"], 0x50) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@ipv6_newrule={0x30, 0x20, 0x1, 0xffffffff, 0x0, {0xa, 0x0, 0x40, 0x4, 0x20, 0x0, 0x0, 0x6}, [@FRA_SRC={0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}]}, 0x30}, 0x1, 0x0, 0x0, 0xc011}, 0x40000) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x5c, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @private2}]}}}]}, 0x5c}}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r4}, 0xc) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r6 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r6, 0x6, 0x1d, &(0x7f00000000c0), &(0x7f0000000140)=0x14) ioctl$HCIINQUIRY(r5, 0x400448e3, &(0x7f0000000100)={0x0, 0x4000, '\x00', 0x2}) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000300)=ANY=[@ANYBLOB="78010000", @ANYRES16=r1, @ANYBLOB="0100000000000000800001000000140002007767310000000000000000000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb542080005000000000024010880f04d"], 0x178}, 0x1, 0x0, 0x0, 0x4084}, 0x20000010) r7 = socket(0x2, 0x3, 0xff) bind$inet(r7, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) sendmsg$rds(r7, &(0x7f00000001c0)={&(0x7f0000000240)={0x2, 0x4e24, @multicast1}, 0x10, &(0x7f0000000440)=[{0x0}, {&(0x7f0000000540)=""/210, 0xd2}], 0x2, 0x0, 0x0, 0x4c880}, 0x48800) getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f0000000000), &(0x7f0000000080)=0x68) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff) (async) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0a000000060000000800000008"], 0x50) (async) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@ipv6_newrule={0x30, 0x20, 0x1, 0xffffffff, 0x0, {0xa, 0x0, 0x40, 0x4, 0x20, 0x0, 0x0, 0x6}, [@FRA_SRC={0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}]}, 0x30}, 0x1, 0x0, 0x0, 0xc011}, 0x40000) (async) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x5c, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @private2}]}}}]}, 0x5c}}, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r4}, 0xc) (async) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async) socket$inet_tcp(0x2, 0x1, 0x0) (async) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r6, 0x6, 0x1d, &(0x7f00000000c0), &(0x7f0000000140)=0x14) (async) ioctl$HCIINQUIRY(r5, 0x400448e3, &(0x7f0000000100)={0x0, 0x4000, '\x00', 0x2}) (async) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000300)=ANY=[@ANYBLOB="78010000", @ANYRES16=r1, @ANYBLOB="0100000000000000800001000000140002007767310000000000000000000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb542080005000000000024010880f04d"], 0x178}, 0x1, 0x0, 0x0, 0x4084}, 0x20000010) (async) socket(0x2, 0x3, 0xff) (async) bind$inet(r7, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) (async) sendmsg$rds(r7, &(0x7f00000001c0)={&(0x7f0000000240)={0x2, 0x4e24, @multicast1}, 0x10, &(0x7f0000000440)=[{0x0}, {&(0x7f0000000540)=""/210, 0xd2}], 0x2, 0x0, 0x0, 0x4c880}, 0x48800) (async) getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f0000000000), &(0x7f0000000080)=0x68) (async) 210.007303ms ago: executing program 4 (id=2654): r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, &(0x7f00000000c0)={@none, 0x4d10, 0x9, 0x0, 0x9, 0x4, "1b666ea71d4eae5f3ba28681ec6a8ab76a795e25d58939ace128071dbc3faff91399d8cc5cc49f436183844326734ffbba2c14e1f387b5ba3f8451741cc59ad0a9bd670d38420232facae106978e9acec73cd5b5f8c1ac0018e118fcea8f2b1c33ffbd9bfc0ed270b96e777f0477ded1afe3f6296853a952e34f25776b32e433"}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010400000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000100001000000007b5c289d00aa28f10a64000000060a0b0400000000000000000200000938000480340001800b00010065787468647200002400028008000740000000170800064000000001050002000000000008000340000000010900010073797a30000000000900020073797a3200000000000000000000000a"], 0x8c}}, 0x0) 161.648055ms ago: executing program 3 (id=2655): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x44004000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000c40)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DIR={0x5, 0x3, 0x1}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0xc}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x84}, 0x1, 0x0, 0x0, 0x40008d0}, 0x24040850) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000180)={@random="0f539af21094", @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "1200b0", 0x38, 0x3a, 0x0, @empty, @mcast2, {[], @time_exceed={0x3, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "7a1d79", 0x0, 0x89, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, [], "cd1724a1ae97901c"}}}}}}}, 0x0) (async) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000007c0)=@newlink={0x50, 0x10, 0xffffffffffffffff, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x2017, 0x2021}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x20, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR_DATA={0x10, 0x5, 0x0, 0x1, [{0xa}]}, @IFLA_MACVLAN_MACADDR={0xa, 0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x42}}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000001}, 0x8000002) 158.816547ms ago: executing program 2 (id=2656): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendto$inet(0xffffffffffffffff, &(0x7f0000000000)="b1c8f4ed3922c6b86654d2c5a148ed92a8d054ca5eda1bed4e6c483809e116c8284f624a019b7d8934ac78c56130e7359cee05c764a5529c1a9a09fadd1338ee6ab009122cc796b8be9ab89b1a83c7d48379a628ebbfaa59700653c54d9dade56875e65d1c151793d319d8019f731c98c266b57a592386a4ebfc5bdbd5df1d9532c8d15a3f355cc03eecf7a6cc4f", 0x8e, 0x80, &(0x7f00000000c0)={0x2, 0x4e23, @broadcast}, 0x10) ioctl$XFS_IOC_START_COMMIT(r0, 0x80585882, &(0x7f0000000100)={0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000180)={0x0, 0xfffffffe}, &(0x7f00000001c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000200)={0x9, 0x201, 0x9, 0x9, r2}, 0x10) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f0000000240)={r2, @in6={{0xa, 0x4e23, 0x1, @local, 0xfffffff7}}, 0x5, 0x4, 0xd83f, 0x4}, &(0x7f0000000300)=0x98) socket$nl_netfilter(0x10, 0x3, 0xc) openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) recvmsg$can_raw(r1, &(0x7f0000000a40)={&(0x7f0000000380)=@hci, 0x80, &(0x7f0000000900)=[{&(0x7f0000000400)=""/225, 0xe1}, {&(0x7f0000000500)=""/205, 0xcd}, {&(0x7f0000000600)=""/236, 0xec}, {&(0x7f0000000700)=""/248, 0xf8}, {&(0x7f0000000800)=""/215, 0xd7}], 0x5, &(0x7f0000000980)=""/172, 0xac}, 0x2000) r4 = socket$rds(0x15, 0x5, 0x0) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r4, 0x114, 0xa, &(0x7f0000000a80)={0x3, "4eb4fe"}, 0x4) setsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000ac0)={r2, 0xb, 0x7, 0x8001, 0x5, 0x800}, 0x14) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000b00)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x7, 0x0, 0x0, 0x8, 0x8000, 0x1}, 0x20) sendmsg$inet6(r1, &(0x7f0000000d00)={&(0x7f0000000b40)={0xa, 0x4e20, 0x9, @local, 0x7fffffff}, 0x1c, &(0x7f0000000cc0)=[{&(0x7f0000000b80)="af7d639f8c451c09dd04d436f84dd52d80803ae77dc8a7d50014d70910a6ac6b80a73f30968dfc76c4cc8f3cc190f0ae02f8ec89fcb4f2abcb8f65b0b6b11b9ce446984fe461285e1d0ae6a4774d648fd9f9d2818d412865f5b44a6c8d07350381e0f09215f28068b5bffd547ceb491dccbd7bb17c8c5e9c6fd5dccd5a5c8e1b6ab93b622a7b65536d77a57da18faf96a386c4e35c33612b487b28e9faa46e79a8fa23ea5ef667f064d459aa99bada5b3e36ce6a4fc13014a48023cf2f6f4daed45ce6ba199743ae275f17bc4d8ab23eebe57f1b1e", 0xd5}, {&(0x7f0000000c80)="9bf62989f653ab5d9a84713c5d18295cbedac00b87b99b6a9b4b4b6487", 0x1d}], 0x2}, 0x20000884) sendto$phonet(r1, &(0x7f0000000d40)="2fef0f361ad8d8ca6db72513a2a2c38eacb589ccd417bad59e639ee2eb191369e43bb4", 0x23, 0x91, &(0x7f0000000d80)={0x23, 0x0, 0x4, 0x80}, 0x10) getsockopt$EBT_SO_GET_ENTRIES(r1, 0x0, 0x81, &(0x7f0000000f00)={'nat\x00', 0x0, 0x4, 0xf6, [0x4, 0x8, 0x6, 0x100000000, 0xb88, 0x100000000], 0x3, &(0x7f0000000dc0)=[{}, {}, {}], &(0x7f0000000e00)=""/246}, &(0x7f0000000f80)=0x78) r5 = socket$inet(0x2, 0x4, 0xfffffffb) setsockopt$inet_mreq(r5, 0x0, 0x23, &(0x7f0000000fc0)={@empty, @multicast1}, 0x8) unshare(0x8000080) getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x42, &(0x7f0000001000), &(0x7f0000001040)=0x10) r6 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_FLUSH(r6, 0x0, 0xd4, &(0x7f0000001080)=0x6, 0x4) r7 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$F2FS_IOC_DEFRAGMENT(r7, 0xc010f508, &(0x7f00000010c0)={0x1, 0x6}) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r5, 0x89fb, &(0x7f0000001140)={'sit0\x00', &(0x7f0000001100)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @local, 0x1b, 0xf}}) accept(r0, &(0x7f0000001180)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, &(0x7f0000001200)=0x80) socket$inet6(0xa, 0x6, 0x40) socket$nl_netfilter(0x10, 0x3, 0xc) 151.450488ms ago: executing program 4 (id=2657): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000180)=[@in={0x2, 0x800, @broadcast}], 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha512\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56", 0x2) 127.685384ms ago: executing program 3 (id=2658): unshare(0x2c020400) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) r0 = getpid() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000005c0)={0x38, 0x0, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x2}, @NL802154_ATTR_PID={0x8, 0x1c, r0}, @NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x38}, 0x1, 0x0, 0x0, 0x20040000}, 0x10) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000003540)=0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000003580)={0x0, 0x0, 0x0}, &(0x7f00000035c0)=0xc) sendmsg$unix(0xffffffffffffffff, &(0x7f0000003680)={&(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f00000034c0)=[{&(0x7f0000000400)="022f39d9547872f6b1d4dbeff678cfd78d15885492f19fd074e29d50d051068e2c234d4f6aff356951472267747fba08dc7bef7d9fdbb04cc9f78f6a94af8f4e487d7a159a20e96c249bd41d329d94059f31a13dfda720bffb9c095274be0ce366d3c19e561764f068529799a65216f1d87440c920e02055ae58915cdf0d1dab5ec1029e5781c444a85164b412c48b57f11edf2719aec78af3772c7c52924f4fe77dce4c137493a7be35ccd2116ca7aac3172bef41a9d9fda98f9899c68f8ef545bf1f755247ef959ecaeedf6583a0f4b4a1356d2d176c400ea038dbe894a2dc211c6b1ef2a2b6f8977576d24d0ae612be4841136c775d5d9a24ea084876", 0xfe}, {0x0}, {&(0x7f0000002300)="4d52766886e1cd8ce6a604bfa6ff22d3c8ca6ea1381639d4682899032d9ec72bf4e24d25df436628b1d96706a845927dd55a7bd55d60a25d9444fdf4b15766ba59a468a3680caf84a5aaba73dc9f53ed2bbd59b2de5b3935b9ae510d8c2d7704e244bdb1c09a303aa093c5204d9d9df664bf92569689982e0058bf6ba1343e08e8a827d2b1182a25d9613ad21cf98d3905bb0cdf09c65814364d1106847bfb1fe113e191fd490977b0728f8652cc02d172b71a4fad4933375cdd4354b7ba687e5eb822508c009fc1bde9ffb8544078fda786e9d1085a11fa27edc243e1cca4e0216adbecaff5d1", 0xe7}, {&(0x7f0000002400)="57df4876e8fd68a5b3a4d2285c99abfeb455d13905ec675fb82cbe66d908e7febac71f8169476d284a0a41b36a0e865832e94297a0c7df293c9d39ace6320f4facdae8ea90dec01e3727adb994a96879ee6b845fbcb03c3852e2f341f9c3616f621efaf201d1fb0f758c9e7cee3036e0d86ce11b5bebcf3749d2c9c29d4402e58e6191e727ae0043b3bc449fce94aa77e940d7e923b6cf206eeab72b8ef1955b37938a05cbd155df6952e9ec9047ba7a424a34913d49505bdd7e849a8fc21c052f0e1d28d61dc0835294afbc2539f3fb39912d84b21fe4d97f6ded97a635486d7c51c8938a956670a2207d2ec31a78dc4c98a2ac85630c3eeb54431b46183551292aafce41f01bd651f8c0e7115f851d75efe02618dad864fec1f025fb93ae7955cc3bbab1340b4b8313702867dde1eded4f47b4a0a3efafdc5907fb11e808a09e92a6ffc75f851b0fb88f0b089f61a518fbd232e7a871fab1c1693bba7141aa5c45d7bd13b2fe8eaebb69d50e86a9077322c5fa15d49ac67e17c5b5b6c3995f7adb997fe287dfb1846fb20c28c6f6db4d940ad67aa5845bbe891aa5422b28ee74def22f4fde0f74891253c3db12963f15ab6f2958b9fd12381b304425c60068cb50d76208422b94188e3e1ecaca62b0cb4f5cbac5cc827f16a82b3854543a4bbaa43361c3bb078c01511f06c2cb0eaaa74e6ec221c49b227c82294486d750c6ed521d1ea7a4451f207c518d25bec8a8e0b07c7cd11362d2f1a0a60a1a49bc6261caa69a8f973991864f4df0c5bc5197780d217b32afdb9234551bcb396205cfb03130135980c55a8bc909fcccb1172473f97ab2cff0ab32f90fc59eafb755b8846071ba30504d249f84e9c6d46670f5ff2e7eddaa7a11b7ba6d2142ddf68564cf92a42e4282fde4d1c0ca2fc33c1ccc48bc733a47c2b11c4fbe1b983f3815a2b5357f9ab53ac3bb836b42ae4eaaa5165af83daee08c1662577d534c873c81f95e109d71fa54c9739fd6971f755ca6d8d5ad6b334dd8797467e250dc63ccb0f0115c378368c610363c5b48f9cdfecc248c928e571892dc7576b87daef75726463d32533a9376a30474656eba8b4151931022e35b67f800229da416e14f41c3f7b6fdd9539a9197b567a05ccc440e44f5f38e4e59ba7370b8fe74e6f3250d2acee840a1ab10991f7eb2b183dfe5b23e526753ddb67765bfb1aecee44f150202414e23c7bca2eac7fc2abaf7d6fd35d5caa864868a9508b54be68fa9e55a82dfc5c13be82f11b6c594cb2b968920bee473b4164745d23232d93ed8bbdb18ccddbb5eeebb3b99ccddc0d4dfc92338a0dd2d9d886867422635757ceda6fd1f8f55025c31b65160de1ac41dc05262d33144f51c230bb246951a478a648c4ee30ebb20b46f2c4eba2d89fee419ef79a25aa8fd851c33b128ec22cebf56008a24f6ed40027fc1de3528066587ca7c58c08e973cf1ad5babf39089dc1fa5a994818caa1de4e784ec9e938d19b0dcc3e1abb1f28e4712b89f201d11ad5e92d9b1207f5afe9a27f01215c1ff72091e7aa8be34b8d11c5703c370acbb9b00dcf60ab736782ca48571855bbc84df2e005b0a0edeaae2f1cba099cf05bdb89cd1c41220ba9736954fff1521ce9a3c9a33806fa1ab1958d3e3b71adeec48fae9e6f6d0ec258d94a4e52aa1c5978cbda348d4878c2ff051b4d9a18b2c44fed6d09a7d79db8d58618e0f4398b88f4bd5f966b47b648f855530da0f61cb7196d5323f022f5958961488c1524d34437aeb075494508bffda04dc28a974106c49d9bcffb22eb1b8fd5e3304b6e8ebeca8a63a02044e34ca0d4839402ea26a4b8b5ee2db1704944287f64c8e1e56ffbd0329b3b7c51ff127657fca4f1bd2c41808f4fb01b927ae5ca103eb7e95216530544d08a68ca6b0eca3e791297e09a5f137762b86cc7200e57af5037092973a14b02f016f97814b08ca894f88e1d97d5bde228445e1ab4cd1d661e0ca1e3b2b66bb2558f99d092164b08bc5e3a8b989928799b08126a57dcb790299758ec7b3fe6afbac6dc6dc822b77f5e8829ba20685493b8c8798e98a8f703f757b954476f3402990c8707baeb05801c6149ad9a16ddb3164a34b0efd44554790190a201791066101c8c923ee3dcb4a2bd006247f671db8c3c330ac1c68ba38f298634240ee2d1eb88623ebce8ee69ae69b6bf90f21612594e10024de89cc697af0918e818510a91e343eea35d938a419574164eb1a048e8d3f05a82dac481aeff79ed5ff4e16ec0eea7a5b815659261f1f2fbe0d88ff13a40930b09d9e2da6675207b331ac57bf41a8df8d0097216ca25f1c8528c4f0d0d5ab03180ef526ae71d4757f6c0b748fff48268d5c3e601d7398693e583c1419b731abbd887b634ab2b6f6be7b890590b72b2ae5da359d96599c38ff746f996bd8a2787d13fb571c7b5a07f75e8b65773be792a6c83472620a1615654a33abddfb55da913546e7ed50c52abba73ba97665e412ecba169c282a4734e90d608bf048f798b5487cd26f2f5571cbbc0b24c001984bbddc0cba6e1294248f873fc5feb835fffe7927f074aa2a3323895af65b8b485c65b463defc4489515d00175b43e820649742cbedc1656ca575a865050ce2228f91a707b02542986bae424827d3ebc0192c147fb48d2ad6081baab62f3916a857657baae667e695f472ffbc0a3a9a58ac74d0888d6efbc1b61c422beda3879acaf4407375f0fe8ca63a9774007091b86fd4eafd414b9b09b9cf6fad8a1dbf43d85baa2c63f47331bf9bafb2003017839d2aca552aa106eb337313249e9ada6f24c386dd84a7a55c3385533daee9bc1d93de789e95522c295140cc055804d7985ffcf5e5d2add1f97fb44e2fd45af78b8a90b83419369db80fe8e7775b385e0ed41be0c072baf2cbf877510546b0489982d54c4d4c2feaa7d89a82c86956c629b1aeafd128b6884403d491648c5bffd7565aaa09aa6f154fa969ee07785c0cb14352d40d1618916b9124ddc61ec9d012cfabfa6140a3bda5dbab9d6f67e0590face7bbfa199b2896d0173d0cdbc31b17cd36ef47146057772476f71065286fd942e14d082ca7c63c25a13647b97be28d42f7a1888d64e89c62a688ae600e5b0b14f12b4424616bcbc7c7586ec02e26f0f476f9d8d2ca477be5f047077141d8f7109dc2ecc1cd0023715b3703f47446de8832b9ac8bf67b1adc9f90c7ccae32e3aaef1cd8bb09eb9668aa7de01f10368256e87759308463c7b7fa3d53bf8c85217164c555ca73d2d6b7835781e334dad68ce71638dded14fac25603b67d8298da404a09beaf5746ff0d22ce2ea664aba1bae6f496bf787cb300aa103bdaf13f12c411714732d4b64939b6ca7af7c053a5678ccea77d466e02374e30018620621bcfacb8b4cf5237e13563eb626d1f16580d250fab6ec4c55cba59723467670b787c8199ce4359e9a9d5248d53534e49d37085ad3ac991146bb2ce073c549c9d721fe9ff52adcffd534ba4eeb0814ccf74382870dfd14f3873e7717e87a8d7d77d556f20df3fb9603cede4ad51420c99856be0254f5abc8eb63fb48724a77c0e10d3c8a62e9d8a822255731390385d67a1b794ed5e245712a565d75707fdde540fde0014db4ea4b6226267ac3d84d70f234b3cb9f0f6d15f0649cba7f61cbda3ff9912c49bdf824a477f1593b1a0399f2bb8b8e89f11dc80973fd92827337dfc0b9db0ccc6449072fb674edae495d27dcaa27c458a7dd08dc631212e25b255cf28c0484d40617011667a885477b2cfbae4f11cf905e4bafa107cb82b54b83348c706bcf73762f708c8314bbeff8f663e62d2268b433d59a89213c32c05af5f008d264593c4535bfca5908f94260625af6d1d194a40f56b75d9ffe8135591da5b7b5cf3238a7afae5088b257d594ac3eea4b344b73540973184b2e5f41379b1e5dc67b8e951f720f9b45875fc419f890a5007745133938526e4c8de21739f93697b93e3d811c08f23da6dbe46183523cf4985d7d9e7a6961f9b13a96e1e7f5dcf20c00e287bbdf7f4d06181ce9c6a629b2c3153bf50915b9d26e710dd6060d21c4a1ad591a4a8fd72e942bcba4737690052f31509fd4ba75829f6a4a299701bf3ee2f67d20ffd4fa6454988a2115a8d2b5b0fd7802a2e766ad4bd7e3fd1f94aa9fa2ffbdba95c2ab907334ae7d1b964d502aefb53b7b0dfaa0873418799f0cf780273436dbd18f4a3e149dd3e23c603046819f5ec110ac25e34f4c1901a4668407f19d6ce1a932d4dab3cea4a8175a73369a16b9e914e4056a062fe59e5c0563b6a264d13fb8e294006a940384862c285566214f3b3e30c8cab8260b251de3dfb293a07c7ff0390d87189b78ea2c06e07a1a404c3aa60f8030b4ceb45eef00da124b8a6b718a106d30d80c0fbb02b19e23a01e65d83384bad3385e9a6751978726ef5d7815dda147df299faa116bec774d4df0733b5fbbaa3d8c199c4b7268b79de5308f058a101c9bb90a3e22771803e3f2be857c8e05c55f010f17fbfcffe8dc56ed37360ad78bde9ea5130df0b997662b3179aed85ddc2f9e15b711a4fb66f72b27ac1974823db12574d261c6b6e991b7fb8ceea8ea5bad5027803f179952bc5b067364e811c29d9bd483842e9014c329b12dbb2d48d3ec963673f03b5bd6e3a2699a30188570888ec20fde84cfeb90e91b190505437bc54cad545e8a8624fab9cf5d8470ee0b11c3b1686b8768daa19438547bd6a7969d75a9d0d207d1bea6395c78f3ea446018f30ca4590b1deb2556970dbf7b0d28b86f375d4746211f549f2ea3855a431ff06a9822a45ff24c97ae3460b15e201f846d0bb6e40a9284307b7b719f3451f95119607b2fadbf5d4feb52cef97efc19ddc65ffc1628441a0ff4d546415bfd52db772df8de9226b2abe182d2405bc4b9ea4fac8b190b227e3913744bb42ebf8c604b69ba3a9844f086287bc780c3fa04cd1b7fae797375f5dc88251c8cc3a35eb035ea5895d7ea5f13a9d309164c4ebf0e657fc19328d93fb7c2d76bb38dd8e9571144a39f8678ac01c35795054e033607bca73b9eeb7c5012d52fe6fa944f819063108f90cecacca69a18906e3096d14a5ddcc31cd20b70cc3f0119fdaeab824a6c2a51e82c7b0858ccf3459dd7efbe6638d89af05e7ed49d8a27c6b6a21f0d834c62cbd3636e768585ee69e1c6130dd81665bd30883fb4d0381aa450fa5bb7382fd5f5e2eafb1cae80c7a6279eb492ae1fddcf5a2077d198da46d45909dc2ce1d9d60b0ed7b667ba2e5abd79c606d09b3a01855a76195d91f969a8aff19393e389f9bde705826fcc2986afab7fd8fd1879e7a53c934fd2d5c6b7815190e095bdd7499215918759f88b1da1aa9298f26fbf5dd65595b0c6a5f0e10913fdd82d5db3788dc24cb03f5ae93c76441159f8876cd856488aed6fd7297f6119877bb45b8c8f08f255c50e081e520e8fe4effcd1b7e34f972a218727ad0d7d787ff3246d2ee160e1bcf6de9a7d6ccc374682881870e01a8d43f36eaab257235e2358684d2838a72fc04a1fbda8a33cdbfa1de45a20a0c1465998693044d372dadfc134d1898ed144a962d159188c967b0880f93cd1f0a80db4a99155fb09bb806bfecd85bab426da781b9d383fe8065f5632848c29272d413fe71af6e8c1e017cce6073b335cb5e55cb2b10bd66a1af6d00127f0ff40edb88989b2eb37ab25d3fd792a0688e50742fbf09fce3895a0f04dbabe5c0dd36fca59ab874eddc15f0da7e564798db83c687c485ca838d33154d8a", 0xfff}, {&(0x7f0000003400)="e9188e4caf942cf34f0a4f3adba43e12702ee9d8b739842f0f035138c38dfcb2af88c785b91963d2aeec223339022bc10792781793530fab623b9b73f0189ece07489caecae9161e9204a103fe9a95d247fa0f5e00521f2575c6161595014e463d7929c105ce4dd8f9dd12b8bae476aa0318011264ef348e531a361a11b92be4c9bb3402a2f005a228a45268adb555723d8c478ccf25e49309793602a64f65e45b485494", 0xa4}], 0x5, &(0x7f0000002080)=ANY=[@ANYBLOB="28000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="000000b9b911fc009f6500"], 0x48, 0x4004000}, 0x4000080) r3 = socket(0x40000000015, 0x805, 0x0) getsockopt(r3, 0x114, 0x5, 0x0, &(0x7f00000000c0)) 1.978553ms ago: executing program 4 (id=2659): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)={0x28, 0x10, 0x1, 0x0, 0x0, "", [@nested={0xffffffffffffff85, 0x0, 0x0, 0x0, [@typed={0x3f, 0x0, 0x0, 0x0, @u64}, @typed={0x8, 0x1c, 0x0, 0x0, @u32=0xc9}]}]}, 0x28}], 0x1, 0x0, 0x0, 0xb305e06d8ab48277}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x10000, 0x0) mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000380), 0x40241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r5 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r10, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0xffffff1f}}, 0x20) sendmsg$NL80211_CMD_SET_MCAST_RATE(r9, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002cbd7000fedbdf255c00000008000300", @ANYRES32=r8, @ANYBLOB="08006b003c0000ce0e"], 0x24}, 0x1, 0x0, 0x0, 0x20004000}, 0x40000) writev(r4, &(0x7f00000001c0)=[{&(0x7f0000000080)="2e9b3d0007e03dd65193dfb6c575963f86ddf0fd26d4eef23248000000f858dbb8a19052343f", 0x26}, {&(0x7f0000000580)="051a00000e80006558f2878f0200000000000020", 0x14}, {&(0x7f0000000100)="67b422a47cad9184", 0x8}], 0x3) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0xedc623580215bdcd, 0x12, r2, 0x0) recvmsg$kcm(r5, &(0x7f0000001880)={&(0x7f0000000280)=@x25={0x9, @remote}, 0x80, &(0x7f0000001780)=[{&(0x7f0000000780)=""/4096, 0x1000}], 0x1, &(0x7f00000017c0)=""/170, 0xaa}, 0x42) mmap(&(0x7f0000196000/0x4000)=nil, 0x4000, 0xffffffffefffffff, 0x8032, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x402, 0x0) ioctl$BTRFS_IOC_LOGICAL_INO(r3, 0xc0389424, &(0x7f0000000200)={0x7, 0x20, '\x00', 0x0, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0]}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4000557d1ada6848d489000071730000000097fa9481884dc95c4ca467f3103c368de24b10a86ee573029a540e53402bcef158658f101a2d7eab06621aba5dda4800228f102bf52cf87186967545dc15d81091789e6e86ce01b50accbdfd391f9022296f1c1e1daa6d10a0a747d85d88dc5322f8044f97f7e55a272670423ca1da01af65436ef14406f4649053918ed4f83f8595ffc44fc72e8ef627ad250e330b8e87320f762204feaf780c58921f03b01edde7382bdc60cb9232b4fb0e61bea0ec75d39b750b194697a37bad63010f656e130622dc75bed947090cc45fe8be1091cff5e1205a3e06063a09017531ef46ae13bbaa", @ANYRES32=0x0, @ANYBLOB="41040000015001001800128008000100677470000c00028008000100", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r11, @ANYBLOB], 0x40}}, 0x0) 0s ago: executing program 2 (id=2660): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$bt_hci(r0, &(0x7f0000000000)=ANY=[], 0x6) r1 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$CAN_RAW_JOIN_FILTERS(r1, 0x65, 0x6, &(0x7f0000000100), &(0x7f0000000140)=0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x5}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x28012, r0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000180)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f00000002c0)='./cgroup/cgroup.procs\x00', &(0x7f0000000300)=[0x0], 0x0, 0x0, 0x1}}, 0x40) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): 31] ? clear_bhb_loop+0x40/0x90 [ 179.859913][T10231] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.859930][T10231] RIP: 0033:0x7fc58e99c819 [ 179.859947][T10231] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 179.859961][T10231] RSP: 002b:00007fc58f79b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 179.859981][T10231] RAX: ffffffffffffffda RBX: 00007fc58ec15fa0 RCX: 00007fc58e99c819 [ 179.859994][T10231] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000005 [ 179.860005][T10231] RBP: 00007fc58f79b090 R08: 0000000000000000 R09: 0000000000000000 [ 179.860016][T10231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 179.860026][T10231] R13: 00007fc58ec16038 R14: 00007fc58ec15fa0 R15: 00007ffe971eb4b8 [ 179.860054][T10231] [ 180.383769][T10240] netlink: 'syz.2.1116': attribute type 21 has an invalid length. [ 180.390162][T10241] netlink: 'syz.2.1116': attribute type 21 has an invalid length. [ 180.392020][T10240] IPv6: NLM_F_CREATE should be specified when creating new route [ 180.402878][T10241] IPv6: NLM_F_CREATE should be specified when creating new route [ 180.415949][T10241] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 180.423479][T10241] IPv6: NLM_F_CREATE should be set when creating new route [ 180.430824][T10241] IPv6: NLM_F_CREATE should be set when creating new route [ 180.438101][T10241] IPv6: NLM_F_CREATE should be set when creating new route [ 180.452061][T10240] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 180.971571][T10288] __nla_validate_parse: 9 callbacks suppressed [ 180.971588][T10288] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1129'. [ 181.417476][T10320] bridge_slave_0: left allmulticast mode [ 181.423465][T10320] bridge_slave_0: left promiscuous mode [ 181.429329][T10320] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.455846][T10320] bridge_slave_1: left allmulticast mode [ 181.461538][T10320] bridge_slave_1: left promiscuous mode [ 181.502824][T10320] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.522850][T10320] bond0: (slave bond_slave_0): Releasing backup interface [ 181.547792][T10320] bond0: (slave bond_slave_1): Releasing backup interface [ 181.564961][T10327] block nbd0: Unsupported socket: should be TCP or UNIX. [ 181.586198][T10320] team0: Port device team_slave_0 removed [ 181.594641][T10320] team0: Port device team_slave_1 removed [ 181.602969][T10320] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 181.611019][T10320] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 181.641398][T10320] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 181.826000][T10315] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1139'. [ 181.877527][T10332] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1139'. [ 181.908409][T10343] netlink: 'syz.4.1146': attribute type 14 has an invalid length. [ 182.044372][T10349] dummy0: entered promiscuous mode [ 182.049996][T10349] vlan5: entered promiscuous mode [ 182.110355][T10352] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1149'. [ 182.123161][T10353] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1149'. [ 182.175323][T10349] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1148'. [ 182.394046][T10371] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1157'. [ 182.494355][T10374] ip6tnl2: entered promiscuous mode [ 182.665998][T10388] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1162'. [ 182.947717][T10406] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1167'. [ 183.044938][T10409] syzkaller0: entered promiscuous mode [ 183.052104][T10409] syzkaller0: entered allmulticast mode [ 183.141204][T10416] netlink: 'syz.2.1171': attribute type 61 has an invalid length. [ 183.154106][T10416] netlink: 'syz.2.1171': attribute type 62 has an invalid length. [ 183.402686][T10422] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1172'. [ 183.430232][T10422] netlink: 'syz.4.1172': attribute type 13 has an invalid length. [ 183.444030][T10423] 8021q: VLANs not supported on ip6_vti0 [ 183.449944][T10422] netlink: 'syz.4.1172': attribute type 17 has an invalid length. [ 183.499593][T10422] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 183.520644][T10424] geneve1: entered promiscuous mode [ 183.529918][ T6824] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.552383][ T6824] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.581291][ T6824] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.602505][ T6824] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.302043][ C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 185.846719][ T29] audit: type=1800 audit(1776072686.719:3): pid=10506 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1195" name=20202020202020203B206672616D65313A2052313D307832303230323030303235373832303230205231303D6670302066702D383D3078323032303230303032353738323032300A31333A2028626629207231203D207231302020202020202020202020202020202020202020203B206672616D65313A2052313D667030205231303D6670300A31343A2028303729207231202B3D202D382020202020202020202020202020202020202020203B206672616D65313A2052313D66702D380A3135 dev="tmpfs" ino=1267 res=0 errno=0 [ 185.935144][T10512] netlink: 'syz.1.1197': attribute type 1 has an invalid length. [ 186.403412][T10532] IPVS: set_ctl: invalid protocol: 4 100.1.1.1:20004 [ 186.697452][T10538] __nla_validate_parse: 2 callbacks suppressed [ 186.697472][T10538] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1205'. [ 186.729379][ T6834] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 186.742430][ T6834] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 186.751566][T10538] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1205'. [ 186.767169][ T6834] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 186.775923][ T6834] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 187.316448][T10563] Bluetooth: MGMT ver 1.23 [ 188.183322][T10585] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 188.729788][T10602] syzkaller1: entered promiscuous mode [ 188.738566][T10602] syzkaller1: entered allmulticast mode [ 188.746053][T10606] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1226'. [ 188.762287][T10606] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 188.932467][T10610] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1226'. [ 189.045842][T10619] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1229'. [ 189.187356][T10626] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1231'. [ 189.230411][T10626] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -107 0 [ 189.693168][T10650] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1241'. [ 189.767491][T10653] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1242'. [ 189.784078][T10653] netlink: 'syz.2.1242': attribute type 3 has an invalid length. [ 189.804082][T10653] netlink: 'syz.2.1242': attribute type 1 has an invalid length. [ 189.813897][T10653] netlink: 192 bytes leftover after parsing attributes in process `syz.2.1242'. [ 189.841029][T10657] bond2: option lp_interval: invalid value (0) [ 189.858037][T10653] NCSI netlink: No device for ifindex 813332851 [ 189.865698][T10660] netlink: 'syz.1.1243': attribute type 1 has an invalid length. [ 189.893634][T10657] bond2: option lp_interval: allowed values 1 - 2147483647 [ 189.915676][T10660] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 189.946143][T10657] bond2 (unregistering): Released all slaves [ 190.300273][T10673] netlink: 'syz.1.1247': attribute type 29 has an invalid length. [ 190.308924][T10673] netlink: 'syz.1.1247': attribute type 29 has an invalid length. [ 190.317733][T10673] netlink: 500 bytes leftover after parsing attributes in process `syz.1.1247'. [ 190.331464][T10673] sctp: [Deprecated]: syz.1.1247 (pid 10673) Use of int in max_burst socket option deprecated. [ 190.331464][T10673] Use struct sctp_assoc_value instead [ 190.761120][T10701] netlink: 'syz.2.1254': attribute type 1 has an invalid length. [ 190.811340][T10708] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 191.210576][T10714] syzkaller0: entered promiscuous mode [ 191.219588][T10714] syzkaller0: entered allmulticast mode [ 191.525816][T10722] xt_l2tp: invalid flags combination: 8 [ 191.760462][T10731] pim6reg: entered allmulticast mode [ 192.064792][T10740] __nla_validate_parse: 4 callbacks suppressed [ 192.064812][T10740] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1263'. [ 192.483870][T10749] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1266'. [ 193.443732][T10732] pim6reg: left allmulticast mode [ 193.615744][T10766] xt_recent: Unsupported userspace flags (000000b1) [ 193.842937][T10778] m1Ie5nè‹Ò: entered promiscuous mode [ 193.874657][T10778] sctp: [Deprecated]: syz.1.1275 (pid 10778) Use of struct sctp_assoc_value in delayed_ack socket option. [ 193.874657][T10778] Use struct sctp_sack_info instead [ 193.891536][T10788] xt_TCPMSS: Only works on TCP SYN packets [ 193.947738][T10792] netlink: 'syz.2.1280': attribute type 3 has an invalid length. [ 193.962148][T10792] netlink: 'syz.2.1280': attribute type 3 has an invalid length. [ 194.070473][T10800] hsr0: entered promiscuous mode [ 194.089617][T10800] hsr0: entered allmulticast mode [ 194.102014][T10800] hsr_slave_0: entered allmulticast mode [ 194.112880][T10800] hsr_slave_1: entered allmulticast mode [ 194.140673][T10804] netlink: 'syz.2.1284': attribute type 21 has an invalid length. [ 194.171748][T10802] A link change request failed with some changes committed already. Interface veth1_vlan may have been left with an inconsistent configuration, please check. [ 194.257690][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.290456][T10812] netlink: 'syz.4.1288': attribute type 10 has an invalid length. [ 194.292940][T10808] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1285'. [ 194.302332][T10812] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 194.316688][T10808] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1285'. [ 194.324749][T10815] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1287'. [ 194.475647][T10825] netlink: 200 bytes leftover after parsing attributes in process `syz.3.1291'. [ 194.508792][T10825] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1291'. [ 194.534141][T10831] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1294'. [ 194.546311][T10831] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1294'. [ 194.579548][T10833] netlink: 212348 bytes leftover after parsing attributes in process `syz.4.1295'. [ 195.176289][T10880] netlink: 'syz.2.1311': attribute type 12 has an invalid length. [ 195.187810][T10880] openvswitch: netlink: nsh attr 16383 is out of range max 3 [ 195.373782][T10889] lo: Caught tx_queue_len zero misconfig [ 195.403933][T10893] FAULT_INJECTION: forcing a failure. [ 195.403933][T10893] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 195.426605][T10893] CPU: 1 UID: 0 PID: 10893 Comm: syz.3.1314 Not tainted syzkaller #0 PREEMPT(full) [ 195.426630][T10893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 195.426640][T10893] Call Trace: [ 195.426647][T10893] [ 195.426654][T10893] dump_stack_lvl+0xe8/0x150 [ 195.426682][T10893] should_fail_ex+0x412/0x560 [ 195.426713][T10893] _copy_from_iter+0x1d3/0x1670 [ 195.426733][T10893] ? rcu_is_watching+0x15/0xb0 [ 195.426761][T10893] ? __pfx__copy_from_iter+0x10/0x10 [ 195.426786][T10893] ? netlink_sendmsg+0x650/0xb40 [ 195.426818][T10893] ? skb_put+0x11b/0x210 [ 195.426844][T10893] netlink_sendmsg+0x6c0/0xb40 [ 195.426873][T10893] ? __pfx_netlink_sendmsg+0x10/0x10 [ 195.426899][T10893] ? aa_sock_msg_perm+0xf1/0x1b0 [ 195.426919][T10893] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 195.426941][T10893] ____sys_sendmsg+0x972/0x9f0 [ 195.426962][T10893] ? __lock_acquire+0x6b5/0x2cf0 [ 195.426991][T10893] ? __pfx_____sys_sendmsg+0x10/0x10 [ 195.427022][T10893] ? import_iovec+0x73/0xa0 [ 195.427045][T10893] ___sys_sendmsg+0x2a5/0x360 [ 195.427074][T10893] ? __pfx____sys_sendmsg+0x10/0x10 [ 195.427104][T10893] ? kstrtouint+0x6e/0xe0 [ 195.427153][T10893] ? __fget_files+0x2a/0x420 [ 195.427169][T10893] ? __fget_files+0x3a0/0x420 [ 195.427195][T10893] __sys_sendmmsg+0x27c/0x4e0 [ 195.427226][T10893] ? __pfx___sys_sendmmsg+0x10/0x10 [ 195.427252][T10893] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 195.427299][T10893] ? ksys_write+0x242/0x270 [ 195.427321][T10893] ? __pfx_ksys_write+0x10/0x10 [ 195.427347][T10893] __x64_sys_sendmmsg+0xa0/0xc0 [ 195.427375][T10893] do_syscall_64+0x14d/0xf80 [ 195.427393][T10893] ? trace_irq_disable+0x3b/0x150 [ 195.427410][T10893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.427428][T10893] ? clear_bhb_loop+0x40/0x90 [ 195.427450][T10893] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.427468][T10893] RIP: 0033:0x7f9d91d9c819 [ 195.427485][T10893] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 195.427501][T10893] RSP: 002b:00007f9d92c38028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 195.427522][T10893] RAX: ffffffffffffffda RBX: 00007f9d92015fa0 RCX: 00007f9d91d9c819 [ 195.427535][T10893] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000005 [ 195.427548][T10893] RBP: 00007f9d92c38090 R08: 0000000000000000 R09: 0000000000000000 [ 195.427559][T10893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 195.427570][T10893] R13: 00007f9d92016038 R14: 00007f9d92015fa0 R15: 00007ffe0f916f08 [ 195.427599][T10893] [ 195.889013][T10904] IPVS: Error connecting to the multicast addr [ 195.910651][T10914] netlink: 'syz.1.1320': attribute type 39 has an invalid length. [ 195.979695][T10917] netlink: 'syz.3.1316': attribute type 1 has an invalid length. [ 196.025618][T10920] netlink: 'syz.4.1323': attribute type 9 has an invalid length. [ 196.033203][T10917] bond2: (slave gtp2): The slave device specified does not support setting the MAC address [ 196.044479][T10917] bond2: (slave gtp2): Error -95 calling set_mac_address [ 196.401222][T10948] FAULT_INJECTION: forcing a failure. [ 196.401222][T10948] name failslab, interval 1, probability 0, space 0, times 0 [ 196.415436][T10948] CPU: 0 UID: 0 PID: 10948 Comm: syz.0.1327 Not tainted syzkaller #0 PREEMPT(full) [ 196.415460][T10948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 196.415471][T10948] Call Trace: [ 196.415477][T10948] [ 196.415485][T10948] dump_stack_lvl+0xe8/0x150 [ 196.415514][T10948] should_fail_ex+0x412/0x560 [ 196.415548][T10948] should_failslab+0xa8/0x100 [ 196.415571][T10948] ? skb_clone+0x212/0x3a0 [ 196.415595][T10948] kmem_cache_alloc_noprof+0x87/0x650 [ 196.415619][T10948] ? __netlink_lookup+0xc6/0x8b0 [ 196.415647][T10948] skb_clone+0x212/0x3a0 [ 196.415675][T10948] __netlink_deliver_tap+0x404/0x850 [ 196.415713][T10948] ? netlink_deliver_tap+0x2e/0x1b0 [ 196.415737][T10948] netlink_deliver_tap+0x19c/0x1b0 [ 196.415768][T10948] netlink_unicast+0x730/0x8e0 [ 196.415799][T10948] netlink_sendmsg+0x813/0xb40 [ 196.415831][T10948] ? __pfx_netlink_sendmsg+0x10/0x10 [ 196.415855][T10948] ? aa_sock_msg_perm+0xf1/0x1b0 [ 196.415873][T10948] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 196.415894][T10948] ____sys_sendmsg+0x972/0x9f0 [ 196.415917][T10948] ? __lock_acquire+0x6b5/0x2cf0 [ 196.415947][T10948] ? __pfx_____sys_sendmsg+0x10/0x10 [ 196.415980][T10948] ? import_iovec+0x73/0xa0 [ 196.416003][T10948] ___sys_sendmsg+0x2a5/0x360 [ 196.416032][T10948] ? __pfx____sys_sendmsg+0x10/0x10 [ 196.416061][T10948] ? kstrtouint+0x6e/0xe0 [ 196.416111][T10948] ? __fget_files+0x2a/0x420 [ 196.416127][T10948] ? __fget_files+0x3a0/0x420 [ 196.416153][T10948] __sys_sendmmsg+0x27c/0x4e0 [ 196.416183][T10948] ? __pfx___sys_sendmmsg+0x10/0x10 [ 196.416206][T10948] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 196.416250][T10948] ? ksys_write+0x242/0x270 [ 196.416269][T10948] ? __pfx_ksys_write+0x10/0x10 [ 196.416295][T10948] __x64_sys_sendmmsg+0xa0/0xc0 [ 196.416320][T10948] do_syscall_64+0x14d/0xf80 [ 196.416339][T10948] ? trace_irq_disable+0x3b/0x150 [ 196.416354][T10948] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.416372][T10948] ? clear_bhb_loop+0x40/0x90 [ 196.416393][T10948] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.416410][T10948] RIP: 0033:0x7f3f1119c819 [ 196.416427][T10948] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 196.416440][T10948] RSP: 002b:00007f3f12130028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 196.416461][T10948] RAX: ffffffffffffffda RBX: 00007f3f11415fa0 RCX: 00007f3f1119c819 [ 196.416473][T10948] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000005 [ 196.416485][T10948] RBP: 00007f3f12130090 R08: 0000000000000000 R09: 0000000000000000 [ 196.416495][T10948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 196.416505][T10948] R13: 00007f3f11416038 R14: 00007f3f11415fa0 R15: 00007ffee28eccb8 [ 196.416533][T10948] [ 196.774005][T10958] netlink: 'syz.4.1329': attribute type 1 has an invalid length. [ 196.853219][T10958] 8021q: adding VLAN 0 to HW filter on device bond3 [ 196.945580][T10954] bond3: (slave veth3): Enslaving as an active interface with a down link [ 197.122671][T10954] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 197.139413][T10954] bond3: (slave batadv1): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open [ 197.206800][T10991] netlink: 'syz.0.1339': attribute type 1 has an invalid length. [ 197.258192][T10997] FAULT_INJECTION: forcing a failure. [ 197.258192][T10997] name failslab, interval 1, probability 0, space 0, times 0 [ 197.273282][T10991] 8021q: adding VLAN 0 to HW filter on device bond6 [ 197.273361][T10997] CPU: 0 UID: 0 PID: 10997 Comm: syz.2.1341 Not tainted syzkaller #0 PREEMPT(full) [ 197.273382][T10997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 197.273393][T10997] Call Trace: [ 197.273400][T10997] [ 197.273407][T10997] dump_stack_lvl+0xe8/0x150 [ 197.273438][T10997] should_fail_ex+0x412/0x560 [ 197.273469][T10997] should_failslab+0xa8/0x100 [ 197.273491][T10997] ? skb_clone+0x212/0x3a0 [ 197.273516][T10997] kmem_cache_alloc_noprof+0x87/0x650 [ 197.273537][T10997] ? __netlink_lookup+0xc6/0x8b0 [ 197.273565][T10997] skb_clone+0x212/0x3a0 [ 197.273592][T10997] __netlink_deliver_tap+0x404/0x850 [ 197.273625][T10997] ? netlink_deliver_tap+0x2e/0x1b0 [ 197.273648][T10997] netlink_deliver_tap+0x19c/0x1b0 [ 197.273671][T10997] netlink_unicast+0x730/0x8e0 [ 197.273701][T10997] netlink_sendmsg+0x813/0xb40 [ 197.273739][T10997] ? __pfx_netlink_sendmsg+0x10/0x10 [ 197.273765][T10997] ? aa_sock_msg_perm+0xf1/0x1b0 [ 197.273783][T10997] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 197.273806][T10997] ____sys_sendmsg+0x972/0x9f0 [ 197.273828][T10997] ? __lock_acquire+0x6b5/0x2cf0 [ 197.273858][T10997] ? __pfx_____sys_sendmsg+0x10/0x10 [ 197.273890][T10997] ? import_iovec+0x73/0xa0 [ 197.273913][T10997] ___sys_sendmsg+0x2a5/0x360 [ 197.273942][T10997] ? __pfx____sys_sendmsg+0x10/0x10 [ 197.273969][T10997] ? kstrtouint+0x6e/0xe0 [ 197.274017][T10997] ? __fget_files+0x2a/0x420 [ 197.274032][T10997] ? __fget_files+0x3a0/0x420 [ 197.274057][T10997] __sys_sendmmsg+0x27c/0x4e0 [ 197.274087][T10997] ? __pfx___sys_sendmmsg+0x10/0x10 [ 197.274109][T10997] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 197.274153][T10997] ? ksys_write+0x242/0x270 [ 197.274174][T10997] ? __pfx_ksys_write+0x10/0x10 [ 197.274199][T10997] __x64_sys_sendmmsg+0xa0/0xc0 [ 197.274225][T10997] do_syscall_64+0x14d/0xf80 [ 197.274242][T10997] ? trace_irq_disable+0x3b/0x150 [ 197.274258][T10997] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.274275][T10997] ? clear_bhb_loop+0x40/0x90 [ 197.274296][T10997] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.274313][T10997] RIP: 0033:0x7fc58e99c819 [ 197.274330][T10997] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 197.274344][T10997] RSP: 002b:00007fc58f79b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 197.274364][T10997] RAX: ffffffffffffffda RBX: 00007fc58ec15fa0 RCX: 00007fc58e99c819 [ 197.274377][T10997] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000005 [ 197.274388][T10997] RBP: 00007fc58f79b090 R08: 0000000000000000 R09: 0000000000000000 [ 197.274399][T10997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 197.274408][T10997] R13: 00007fc58ec16038 R14: 00007fc58ec15fa0 R15: 00007ffe971eb4b8 [ 197.274436][T10997] [ 197.274487][T10997] __nla_validate_parse: 23 callbacks suppressed [ 197.274497][T10997] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1341'. [ 197.612958][T10997] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1341'. [ 197.762798][T11013] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1344'. [ 197.779245][T11013] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1344'. [ 197.793591][T11013] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1344'. [ 197.874215][T11025] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1347'. [ 197.944518][ T5825] Bluetooth: hci4: command 0x0405 tx timeout [ 197.960688][T11026] bridge_slave_0: left allmulticast mode [ 197.978915][T11026] bridge_slave_0: left promiscuous mode [ 197.987677][T11026] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.003789][T11026] bridge_slave_1: left allmulticast mode [ 198.006468][T11032] netlink: 'syz.0.1350': attribute type 1 has an invalid length. [ 198.012001][T11026] bridge_slave_1: left promiscuous mode [ 198.024514][T11026] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.072842][T11026] bond0: (slave bond_slave_0): Releasing backup interface [ 198.085819][T11026] bond0: (slave bond_slave_1): Releasing backup interface [ 198.098969][T11026] team0: Port device team_slave_0 removed [ 198.108785][T11026] team0: Port device team_slave_1 removed [ 198.116485][T11026] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 198.125069][T11026] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 198.135279][T11026] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 198.143193][T11026] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 198.151669][T11026] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 198.181554][T11033] geneve3: entered promiscuous mode [ 198.187275][T11033] geneve3: entered allmulticast mode [ 198.194151][T11034] dummy0: mtu less than device minimum [ 198.214915][ T3000] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 198.243063][ T3000] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 198.274059][ T3000] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 198.293940][ T3000] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 198.322170][T11044] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1355'. [ 198.331391][T11041] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1353'. [ 198.331604][T11044] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1355'. [ 198.353514][T11041] netlink: 'syz.1.1353': attribute type 15 has an invalid length. [ 198.370648][T11041] netlink: 'syz.1.1353': attribute type 25 has an invalid length. [ 198.391013][T11041] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1353'. [ 198.418570][T11048] erspan0: entered promiscuous mode [ 198.718927][T11070] netlink: 'syz.4.1361': attribute type 21 has an invalid length. [ 199.466033][T11107] IPVS: set_ctl: invalid protocol: 136 172.20.20.170:20001 [ 200.012172][ C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 201.454761][ T5832] Bluetooth: hci1: command 0x0406 tx timeout [ 201.460828][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 201.467525][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 201.467596][ T5835] Bluetooth: hci3: command 0x0406 tx timeout [ 201.610356][T11064] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 201.887960][T11123] netlink: 'syz.2.1377': attribute type 3 has an invalid length. [ 201.926483][T11127] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 201.999923][T11127] ip6erspan0: entered promiscuous mode [ 202.065871][T11127] ip6erspan0: entered allmulticast mode [ 202.140141][T11143] gre1: entered allmulticast mode [ 202.246072][T11155] IPVS: set_ctl: invalid protocol: 163 172.20.20.170:20004 [ 202.351720][T11166] __nla_validate_parse: 11 callbacks suppressed [ 202.351739][T11166] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1391'. [ 202.362764][T11164] syzkaller0: entered promiscuous mode [ 202.382160][T11164] syzkaller0: entered allmulticast mode [ 202.398193][T11168] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1390'. [ 202.468929][T11168] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1390'. [ 202.574518][T11177] FAULT_INJECTION: forcing a failure. [ 202.574518][T11177] name failslab, interval 1, probability 0, space 0, times 0 [ 202.605144][T11177] CPU: 1 UID: 0 PID: 11177 Comm: syz.2.1393 Not tainted syzkaller #0 PREEMPT(full) [ 202.605168][T11177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 202.605179][T11177] Call Trace: [ 202.605194][T11177] [ 202.605201][T11177] dump_stack_lvl+0xe8/0x150 [ 202.605230][T11177] should_fail_ex+0x412/0x560 [ 202.605262][T11177] should_failslab+0xa8/0x100 [ 202.605286][T11177] __kmalloc_cache_noprof+0x88/0x660 [ 202.605308][T11177] ? tcp_sendmsg_fastopen+0x1de/0x5e0 [ 202.605332][T11177] tcp_sendmsg_fastopen+0x1de/0x5e0 [ 202.605359][T11177] tcp_sendmsg_locked+0x4b9f/0x5480 [ 202.605380][T11177] ? aa_file_perm+0x192/0x15e0 [ 202.605397][T11177] ? tcp_sendmsg_locked+0x361/0x5480 [ 202.605413][T11177] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 202.605439][T11177] ? __lock_acquire+0x6b5/0x2cf0 [ 202.605471][T11177] ? __lock_acquire+0x6b5/0x2cf0 [ 202.605514][T11177] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 202.605539][T11177] ? tcp_sendmsg+0x21/0x50 [ 202.605559][T11177] ? __local_bh_enable_ip+0xd0/0x130 [ 202.605582][T11177] ? __pfx_inet6_sendmsg+0x10/0x10 [ 202.605601][T11177] tcp_sendmsg+0x2f/0x50 [ 202.605619][T11177] __sys_sendto+0x4a3/0x710 [ 202.605644][T11177] ? __pfx___sys_sendto+0x10/0x10 [ 202.605664][T11177] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 202.605696][T11177] ? __fget_files+0x3a0/0x420 [ 202.605720][T11177] ? ksys_write+0x242/0x270 [ 202.605740][T11177] ? __pfx_ksys_write+0x10/0x10 [ 202.605764][T11177] __x64_sys_sendto+0xde/0x100 [ 202.605787][T11177] do_syscall_64+0x14d/0xf80 [ 202.605805][T11177] ? trace_irq_disable+0x3b/0x150 [ 202.605820][T11177] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.605836][T11177] ? clear_bhb_loop+0x40/0x90 [ 202.605856][T11177] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.605872][T11177] RIP: 0033:0x7fc58e99c819 [ 202.605888][T11177] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 202.605902][T11177] RSP: 002b:00007fc58f79b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 202.605922][T11177] RAX: ffffffffffffffda RBX: 00007fc58ec15fa0 RCX: 00007fc58e99c819 [ 202.605933][T11177] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 202.605943][T11177] RBP: 00007fc58f79b090 R08: 0000200000000380 R09: 000000000000001c [ 202.605954][T11177] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001 [ 202.605964][T11177] R13: 00007fc58ec16038 R14: 00007fc58ec15fa0 R15: 00007ffe971eb4b8 [ 202.605992][T11177] [ 202.629217][T11162] syzkaller0: entered promiscuous mode [ 202.870247][T11162] syzkaller0: entered allmulticast mode [ 202.995954][T11193] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1401'. [ 204.299225][T11220] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1404'. [ 204.518492][T11227] syzkaller1: entered promiscuous mode [ 204.525143][T11227] syzkaller1: entered allmulticast mode [ 204.583827][T11233] FAULT_INJECTION: forcing a failure. [ 204.583827][T11233] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 204.599043][T11233] CPU: 0 UID: 0 PID: 11233 Comm: syz.1.1408 Not tainted syzkaller #0 PREEMPT(full) [ 204.599068][T11233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 204.599079][T11233] Call Trace: [ 204.599087][T11233] [ 204.599095][T11233] dump_stack_lvl+0xe8/0x150 [ 204.599124][T11233] should_fail_ex+0x412/0x560 [ 204.599155][T11233] _copy_to_user+0x31/0xb0 [ 204.599180][T11233] simple_read_from_buffer+0xe1/0x170 [ 204.599209][T11233] proc_fail_nth_read+0x1bb/0x230 [ 204.599236][T11233] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 204.599263][T11233] ? rw_verify_area+0x2a6/0x4d0 [ 204.599281][T11233] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 204.599307][T11233] vfs_read+0x20c/0xa70 [ 204.599325][T11233] ? fdget_pos+0x246/0x320 [ 204.599346][T11233] ? __pfx___mutex_lock+0x10/0x10 [ 204.599367][T11233] ? __pfx_vfs_read+0x10/0x10 [ 204.599389][T11233] ? __fget_files+0x2a/0x420 [ 204.599409][T11233] ? __fget_files+0x3a0/0x420 [ 204.599425][T11233] ? __fget_files+0x2a/0x420 [ 204.599450][T11233] ksys_read+0x150/0x270 [ 204.599471][T11233] ? __pfx_ksys_read+0x10/0x10 [ 204.599501][T11233] do_syscall_64+0x14d/0xf80 [ 204.599520][T11233] ? trace_irq_disable+0x3b/0x150 [ 204.599536][T11233] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.599555][T11233] ? clear_bhb_loop+0x40/0x90 [ 204.599580][T11233] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.599598][T11233] RIP: 0033:0x7f71e6d5d04e [ 204.599614][T11233] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 204.599629][T11233] RSP: 002b:00007f71e7c7ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 204.599650][T11233] RAX: ffffffffffffffda RBX: 00007f71e7c806c0 RCX: 00007f71e6d5d04e [ 204.599663][T11233] RDX: 000000000000000f RSI: 00007f71e7c800a0 RDI: 0000000000000004 [ 204.599674][T11233] RBP: 00007f71e7c80090 R08: 0000000000000000 R09: 0000000000000000 [ 204.599686][T11233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 204.599696][T11233] R13: 00007f71e7016038 R14: 00007f71e7015fa0 R15: 00007ffc7f44f508 [ 204.599725][T11233] [ 204.825045][T11235] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1409'. [ 204.903187][T11237] netlink: 124 bytes leftover after parsing attributes in process `syz.4.1411'. [ 204.936145][T11239] netlink: 1 bytes leftover after parsing attributes in process `syz.1.1413'. [ 205.093596][T11254] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1417'. [ 205.356416][T11276] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1420'. [ 205.712101][T11301] tc_dump_action: action bad kind [ 205.997732][T11313] gretap1: entered promiscuous mode [ 206.014144][T11313] batman_adv: batadv0: Adding interface: gretap1 [ 206.020921][T11313] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 206.052368][T11313] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active [ 208.009218][T11255] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 208.137671][T11323] xt_TPROXY: Can be used only with -p tcp or -p udp [ 208.201273][T11327] netlink: 'syz.0.1430': attribute type 11 has an invalid length. [ 208.476196][T11340] syzkaller0: entered promiscuous mode [ 208.509086][T11340] syzkaller0: entered allmulticast mode [ 208.628127][T11354] __nla_validate_parse: 5 callbacks suppressed [ 208.628146][T11354] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1439'. [ 208.704304][T11354] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1439'. [ 208.785149][T11360] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1442'. [ 209.483033][T11402] mac80211_hwsim hwsim8 syzkaller0: entered promiscuous mode [ 209.492707][T11402] mac80211_hwsim hwsim8 syzkaller0: entered allmulticast mode [ 209.523307][T11406] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1451'. [ 209.552632][T11408] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1451'. [ 209.728721][T11428] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1455'. [ 209.879261][T11436] x_tables: duplicate underflow at hook 1 [ 209.927684][T11435] netlink: 'syz.1.1457': attribute type 3 has an invalid length. [ 209.936805][T11435] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 209.938724][T11438] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1458'. [ 210.164895][T11442] pimreg: entered allmulticast mode [ 210.186281][T11442] pimreg: left allmulticast mode [ 210.218631][T11444] netlink: 'syz.3.1460': attribute type 10 has an invalid length. [ 210.240795][T11444] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 210.421538][T11456] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1464'. [ 210.433392][T11456] netlink: 211856 bytes leftover after parsing attributes in process `syz.1.1464'. [ 210.446881][T11455] delete_channel: no stack [ 210.456265][T11418] netlink: 'syz.2.1453': attribute type 10 has an invalid length. [ 210.498125][T11418] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1453'. [ 210.877317][T11476] netlink: 'syz.2.1472': attribute type 14 has an invalid length. [ 210.885256][T11476] netlink: 'syz.2.1472': attribute type 11 has an invalid length. [ 211.100990][T11481] bond7 (unregistering): Released all slaves [ 211.250060][T11488] syzkaller0: entered promiscuous mode [ 211.255837][T11488] syzkaller0: entered allmulticast mode [ 211.267623][T11491] tipc: Started in network mode [ 211.273162][T11491] tipc: Node identity 080211000001, cluster identity 4711 [ 211.283252][T11491] tipc: Enabled bearer , priority 0 [ 211.293991][T11491] tipc: Resetting bearer [ 211.750988][T11513] bridge_slave_1: left allmulticast mode [ 211.756896][T11513] bridge_slave_1: left promiscuous mode [ 211.765576][T11513] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.807735][T11513] bridge_slave_0: left allmulticast mode [ 211.813553][T11513] bridge_slave_0: left promiscuous mode [ 211.819508][T11513] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.945768][T11529] netlink: 'syz.4.1486': attribute type 10 has an invalid length. [ 212.093064][T11535] FAULT_INJECTION: forcing a failure. [ 212.093064][T11535] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 212.109406][T11535] CPU: 1 UID: 0 PID: 11535 Comm: syz.4.1488 Not tainted syzkaller #0 PREEMPT(full) [ 212.109432][T11535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 212.109442][T11535] Call Trace: [ 212.109449][T11535] [ 212.109457][T11535] dump_stack_lvl+0xe8/0x150 [ 212.109487][T11535] should_fail_ex+0x412/0x560 [ 212.109524][T11535] _copy_from_user+0x2d/0xb0 [ 212.109546][T11535] ___sys_sendmsg+0x1c6/0x360 [ 212.109576][T11535] ? __pfx____sys_sendmsg+0x10/0x10 [ 212.109627][T11535] ? __fget_files+0x2a/0x420 [ 212.109643][T11535] ? __fget_files+0x3a0/0x420 [ 212.109668][T11535] __x64_sys_sendmsg+0x1bd/0x2a0 [ 212.109695][T11535] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 212.109726][T11535] ? __pfx_ksys_write+0x10/0x10 [ 212.109757][T11535] do_syscall_64+0x14d/0xf80 [ 212.109774][T11535] ? trace_irq_disable+0x3b/0x150 [ 212.109790][T11535] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.109808][T11535] ? clear_bhb_loop+0x40/0x90 [ 212.109829][T11535] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.109846][T11535] RIP: 0033:0x7f9e5679c819 [ 212.109864][T11535] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 212.109880][T11535] RSP: 002b:00007f9e5765a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 212.109901][T11535] RAX: ffffffffffffffda RBX: 00007f9e56a15fa0 RCX: 00007f9e5679c819 [ 212.109914][T11535] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000003 [ 212.109925][T11535] RBP: 00007f9e5765a090 R08: 0000000000000000 R09: 0000000000000000 [ 212.109936][T11535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 212.109947][T11535] R13: 00007f9e56a16038 R14: 00007f9e56a15fa0 R15: 00007fff08ebdee8 [ 212.109974][T11535] [ 212.297049][ T10] tipc: Node number set to 134418688 [ 212.393025][T11546] syzkaller0: entered promiscuous mode [ 212.398658][T11546] syzkaller0: entered allmulticast mode [ 213.003338][T11588] netlink: 'syz.4.1506': attribute type 13 has an invalid length. [ 213.011244][T11588] netlink: 'syz.4.1506': attribute type 17 has an invalid length. [ 213.025926][T11588] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 213.062478][T11586] syzkaller0: entered promiscuous mode [ 213.068947][T11586] syzkaller0: entered allmulticast mode [ 213.368551][T11610] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 213.379959][T11610] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 213.394769][T11610] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 213.404966][T11610] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 213.415149][T11610] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 213.425134][T11610] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 213.435226][T11610] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 213.445519][T11610] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 213.758950][T11619] FAULT_INJECTION: forcing a failure. [ 213.758950][T11619] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 213.773877][T11619] CPU: 0 UID: 0 PID: 11619 Comm: syz.3.1517 Not tainted syzkaller #0 PREEMPT(full) [ 213.773903][T11619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 213.773914][T11619] Call Trace: [ 213.773920][T11619] [ 213.773927][T11619] dump_stack_lvl+0xe8/0x150 [ 213.773958][T11619] should_fail_ex+0x412/0x560 [ 213.773988][T11619] _copy_from_iter+0x1d3/0x1670 [ 213.774011][T11619] ? rcu_is_watching+0x15/0xb0 [ 213.774045][T11619] ? __pfx__copy_from_iter+0x10/0x10 [ 213.774061][T11619] ? __kmalloc_node_track_caller_noprof+0x4f9/0x7b0 [ 213.774090][T11619] ? netlink_sendmsg+0x650/0xb40 [ 213.774113][T11619] ? skb_put+0x11b/0x210 [ 213.774139][T11619] netlink_sendmsg+0x6c0/0xb40 [ 213.774170][T11619] ? __pfx_netlink_sendmsg+0x10/0x10 [ 213.774196][T11619] ? aa_sock_msg_perm+0xf1/0x1b0 [ 213.774216][T11619] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 213.774240][T11619] ____sys_sendmsg+0x972/0x9f0 [ 213.774274][T11619] ? __pfx_____sys_sendmsg+0x10/0x10 [ 213.774307][T11619] ? import_iovec+0x73/0xa0 [ 213.774330][T11619] ___sys_sendmsg+0x2a5/0x360 [ 213.774360][T11619] ? __pfx____sys_sendmsg+0x10/0x10 [ 213.774424][T11619] ? __fget_files+0x2a/0x420 [ 213.774440][T11619] ? __fget_files+0x3a0/0x420 [ 213.774466][T11619] __x64_sys_sendmsg+0x1bd/0x2a0 [ 213.774493][T11619] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 213.774526][T11619] ? __pfx_ksys_write+0x10/0x10 [ 213.774555][T11619] do_syscall_64+0x14d/0xf80 [ 213.774574][T11619] ? trace_irq_disable+0x3b/0x150 [ 213.774589][T11619] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.774606][T11619] ? clear_bhb_loop+0x40/0x90 [ 213.774625][T11619] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.774641][T11619] RIP: 0033:0x7f9d91d9c819 [ 213.774658][T11619] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 213.774674][T11619] RSP: 002b:00007f9d92c38028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 213.774695][T11619] RAX: ffffffffffffffda RBX: 00007f9d92015fa0 RCX: 00007f9d91d9c819 [ 213.774708][T11619] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000003 [ 213.774720][T11619] RBP: 00007f9d92c38090 R08: 0000000000000000 R09: 0000000000000000 [ 213.774731][T11619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 213.774742][T11619] R13: 00007f9d92016038 R14: 00007f9d92015fa0 R15: 00007ffe0f916f08 [ 213.774769][T11619] [ 214.469072][T11639] bond3: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 214.532741][T11639] bond3: (slave lo): Enslaving as an active interface with an up link [ 214.772529][T11644] lo speed is unknown, defaulting to 1000 [ 214.794217][T11644] lo speed is unknown, defaulting to 1000 [ 214.811004][T11644] lo speed is unknown, defaulting to 1000 [ 214.835046][T11650] __nla_validate_parse: 10 callbacks suppressed [ 214.835065][T11650] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1529'. [ 214.883470][T11653] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1527'. [ 214.912994][T11644] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 214.942004][T11610] net_ratelimit: 954 callbacks suppressed [ 214.942022][T11610] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 214.971994][T11610] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 214.984949][T11610] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 214.996321][T11610] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 215.006789][T11610] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 215.017881][T11610] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 215.027584][T11644] lo speed is unknown, defaulting to 1000 [ 215.042416][T11610] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 215.052988][T11610] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 215.060610][T11644] lo speed is unknown, defaulting to 1000 [ 215.062961][T11610] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 215.080492][T11610] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 215.093718][T11644] lo speed is unknown, defaulting to 1000 [ 215.115879][T11644] lo speed is unknown, defaulting to 1000 [ 215.137332][T11644] lo speed is unknown, defaulting to 1000 [ 215.181219][T11658] FAULT_INJECTION: forcing a failure. [ 215.181219][T11658] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 215.194516][T11658] CPU: 1 UID: 0 PID: 11658 Comm: syz.1.1531 Not tainted syzkaller #0 PREEMPT(full) [ 215.194541][T11658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 215.194553][T11658] Call Trace: [ 215.194560][T11658] [ 215.194568][T11658] dump_stack_lvl+0xe8/0x150 [ 215.194598][T11658] should_fail_ex+0x412/0x560 [ 215.194629][T11658] _copy_from_iter+0x1d3/0x1670 [ 215.194652][T11658] ? rcu_is_watching+0x15/0xb0 [ 215.194681][T11658] ? __pfx__copy_from_iter+0x10/0x10 [ 215.194698][T11658] ? __kmalloc_node_track_caller_noprof+0x4f9/0x7b0 [ 215.194727][T11658] ? netlink_sendmsg+0x650/0xb40 [ 215.194750][T11658] ? skb_put+0x11b/0x210 [ 215.194776][T11658] netlink_sendmsg+0x6c0/0xb40 [ 215.194808][T11658] ? __pfx_netlink_sendmsg+0x10/0x10 [ 215.194834][T11658] ? aa_sock_msg_perm+0xf1/0x1b0 [ 215.194853][T11658] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 215.194877][T11658] ____sys_sendmsg+0x972/0x9f0 [ 215.194909][T11658] ? __pfx_____sys_sendmsg+0x10/0x10 [ 215.194941][T11658] ? import_iovec+0x73/0xa0 [ 215.194964][T11658] ___sys_sendmsg+0x2a5/0x360 [ 215.194994][T11658] ? __pfx____sys_sendmsg+0x10/0x10 [ 215.195049][T11658] ? __fget_files+0x2a/0x420 [ 215.195065][T11658] ? __fget_files+0x3a0/0x420 [ 215.195090][T11658] __x64_sys_sendmsg+0x1bd/0x2a0 [ 215.195117][T11658] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 215.195150][T11658] ? __pfx_ksys_write+0x10/0x10 [ 215.195180][T11658] do_syscall_64+0x14d/0xf80 [ 215.195200][T11658] ? trace_irq_disable+0x3b/0x150 [ 215.195223][T11658] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.195241][T11658] ? clear_bhb_loop+0x40/0x90 [ 215.195262][T11658] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.195280][T11658] RIP: 0033:0x7f71e6d9c819 [ 215.195297][T11658] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 215.195313][T11658] RSP: 002b:00007f71e7c80028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 215.195334][T11658] RAX: ffffffffffffffda RBX: 00007f71e7015fa0 RCX: 00007f71e6d9c819 [ 215.195347][T11658] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000003 [ 215.195359][T11658] RBP: 00007f71e7c80090 R08: 0000000000000000 R09: 0000000000000000 [ 215.195370][T11658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 215.195380][T11658] R13: 00007f71e7016038 R14: 00007f71e7015fa0 R15: 00007ffc7f44f508 [ 215.195409][T11658] [ 215.808353][T11687] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1543'. [ 215.817855][T11687] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1543'. [ 215.827945][T11687] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1543'. [ 215.974618][T11693] syzkaller1: entered promiscuous mode [ 215.980238][T11693] syzkaller1: entered allmulticast mode [ 216.422446][T11711] lo speed is unknown, defaulting to 1000 [ 216.816774][T11727] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1558'. [ 216.892960][T11734] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1559'. [ 216.967631][T11734] nbd: socks must be embedded in a SOCK_ITEM attr [ 217.044764][T11735] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1559'. [ 217.096357][T11735] nbd: device at index 64 is going down [ 217.310100][T11760] geneve1: entered promiscuous mode [ 217.426087][T11766] netlink: 'syz.4.1569': attribute type 1 has an invalid length. [ 217.494777][T11766] bond4: entered promiscuous mode [ 217.500209][T11766] 8021q: adding VLAN 0 to HW filter on device bond4 [ 217.586315][T11766] bond4: (slave bridge0): making interface the new active one [ 217.632467][T11766] bridge0: entered promiscuous mode [ 217.647457][T11766] bond4: (slave bridge0): Enslaving as an active interface with an up link [ 217.706627][T11776] lo speed is unknown, defaulting to 1000 [ 217.954440][T11799] netlink: 892 bytes leftover after parsing attributes in process `syz.4.1580'. [ 217.981456][T11802] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1578'. [ 218.021545][ T5865] IPVS: starting estimator thread 0... [ 218.110989][T11812] netlink: 'syz.4.1582': attribute type 1 has an invalid length. [ 218.152392][T11807] IPVS: using max 33 ests per chain, 79200 per kthread [ 218.223817][T11816] bond5: (slave geneve4): making interface the new active one [ 218.268322][T11816] bond5: (slave geneve4): Enslaving as an active interface with an up link [ 218.279663][ T6830] netdevsim netdevsim4 eth0: set [1, 1] type 2 family 0 port 20004 - 0 [ 218.316857][ T6830] netdevsim netdevsim4 eth1: set [1, 1] type 2 family 0 port 20004 - 0 [ 218.432998][ T6830] netdevsim netdevsim4 eth2: set [1, 1] type 2 family 0 port 20004 - 0 [ 218.455368][T11821] netlink: 'syz.0.1584': attribute type 1 has an invalid length. [ 218.481065][T11791] xt_CT: No such helper "netbios-ns" [ 218.507759][ T6830] netdevsim netdevsim4 eth3: set [1, 1] type 2 family 0 port 20004 - 0 [ 219.100015][T11863] syzkaller0: entered promiscuous mode [ 219.106011][T11863] syzkaller0: entered allmulticast mode [ 219.450961][T11883] netlink: 'syz.2.1606': attribute type 2 has an invalid length. [ 219.478607][T11883] hmac(sha224): entered promiscuous mode [ 219.495849][T11883] team0: Port device bridge0 added [ 219.545203][T11883] erspan1: left promiscuous mode [ 219.575363][T11883] mac80211_hwsim hwsim3 syzkaller0: left promiscuous mode [ 219.589414][T11883] tipc: Resetting bearer [ 219.599566][T11883] tipc: Resetting bearer [ 219.629487][ T5895] lo speed is unknown, defaulting to 1000 [ 219.685602][ T6824] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x1 [ 219.828829][T11898] lo speed is unknown, defaulting to 1000 [ 220.279950][T11937] __nla_validate_parse: 10 callbacks suppressed [ 220.279971][T11937] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1620'. [ 220.586371][T11950] FAULT_INJECTION: forcing a failure. [ 220.586371][T11950] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 220.628063][T11950] CPU: 0 UID: 0 PID: 11950 Comm: syz.4.1622 Not tainted syzkaller #0 PREEMPT(full) [ 220.628089][T11950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 220.628099][T11950] Call Trace: [ 220.628106][T11950] [ 220.628113][T11950] dump_stack_lvl+0xe8/0x150 [ 220.628142][T11950] should_fail_ex+0x412/0x560 [ 220.628172][T11950] _copy_to_user+0x31/0xb0 [ 220.628194][T11950] simple_read_from_buffer+0xe1/0x170 [ 220.628223][T11950] proc_fail_nth_read+0x1bb/0x230 [ 220.628248][T11950] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 220.628274][T11950] ? rw_verify_area+0x2a6/0x4d0 [ 220.628291][T11950] ? tun_chr_write_iter+0xe0/0x200 [ 220.628308][T11950] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 220.628332][T11950] vfs_read+0x20c/0xa70 [ 220.628348][T11950] ? fdget_pos+0x246/0x320 [ 220.628367][T11950] ? __pfx___mutex_lock+0x10/0x10 [ 220.628387][T11950] ? __pfx_vfs_read+0x10/0x10 [ 220.628407][T11950] ? __fget_files+0x2a/0x420 [ 220.628426][T11950] ? __fget_files+0x3a0/0x420 [ 220.628439][T11950] ? __fget_files+0x2a/0x420 [ 220.628462][T11950] ksys_read+0x150/0x270 [ 220.628483][T11950] ? __pfx_ksys_read+0x10/0x10 [ 220.628521][T11950] do_syscall_64+0x14d/0xf80 [ 220.628539][T11950] ? trace_irq_disable+0x3b/0x150 [ 220.628553][T11950] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.628569][T11950] ? clear_bhb_loop+0x40/0x90 [ 220.628589][T11950] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.628605][T11950] RIP: 0033:0x7f9e5675d04e [ 220.628622][T11950] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 220.628636][T11950] RSP: 002b:00007f9e57659fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 220.628656][T11950] RAX: ffffffffffffffda RBX: 00007f9e5765a6c0 RCX: 00007f9e5675d04e [ 220.628668][T11950] RDX: 000000000000000f RSI: 00007f9e5765a0a0 RDI: 0000000000000005 [ 220.628678][T11950] RBP: 00007f9e5765a090 R08: 0000000000000000 R09: 0000000000000000 [ 220.628688][T11950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 220.628698][T11950] R13: 00007f9e56a16038 R14: 00007f9e56a15fa0 R15: 00007fff08ebdee8 [ 220.628725][T11950] [ 220.640056][T11953] netlink: 51 bytes leftover after parsing attributes in process `syz.2.1623'. [ 220.676124][T11954] xt_hashlimit: size too large, truncated to 1048576 [ 220.813085][T11962] netlink: 'syz.4.1626': attribute type 1 has an invalid length. [ 220.896962][T11953] 8021q: adding VLAN 0 to HW filter on device bond2 [ 221.019148][T11962] 8021q: adding VLAN 0 to HW filter on device bond6 [ 221.033009][T11961] : renamed from veth0_to_bond [ 221.085964][T11975] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1630'. [ 221.141662][T11975] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1630'. [ 221.158921][T11977] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 221.174642][T11975] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1630'. [ 221.204142][T11980] netlink: 'syz.1.1632': attribute type 5 has an invalid length. [ 221.226878][T11977] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 221.247113][T11976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 221.259591][T11982] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1633'. [ 221.426994][T12001] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1636'. [ 221.442710][T12001] hsr_slave_0: left promiscuous mode [ 221.476299][T12001] hsr_slave_1: left promiscuous mode [ 221.598492][T12016] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1640'. [ 229.452071][ C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 246.336064][T12027] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1642'. [ 246.345424][T12027] tipc: Invalid UDP bearer configuration [ 246.345476][T12027] tipc: Enabling of bearer rejected, failed to enable media [ 246.424816][T12027] netlink: 'syz.0.1642': attribute type 1 has an invalid length. [ 246.426078][T12036] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1644'. [ 246.488818][T12027] bond7: entered promiscuous mode [ 246.505326][T12027] 8021q: adding VLAN 0 to HW filter on device bond7 [ 246.526240][T12036] veth1_macvtap: left promiscuous mode [ 246.704772][T12059] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 246.725372][T12065] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 246.778872][T12069] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1654'. [ 246.811674][T12065] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 246.828360][T12060] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 246.857762][T12074] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1656'. [ 247.211721][T12085] tipc: Resetting bearer [ 247.233077][T12085] tipc: Resetting bearer [ 247.357475][T12094] mac80211_hwsim hwsim3 syzkaller0: entered promiscuous mode [ 247.373264][T12094] tipc: Resetting bearer [ 247.962340][T12131] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 248.044103][T12131] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 248.077960][T12130] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 248.266539][T12155] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 248.358164][T12168] macsec0: entered allmulticast mode [ 248.493733][T12181] netlink: 764 bytes leftover after parsing attributes in process `syz.1.1687'. [ 248.507630][T12181] netlink: 2172 bytes leftover after parsing attributes in process `syz.1.1687'. [ 248.526473][T12181] netlink: 1044 bytes leftover after parsing attributes in process `syz.1.1687'. [ 248.609566][T12191] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1687'. [ 248.641263][T12193] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1689'. [ 248.708815][T12196] macsec1: entered allmulticast mode [ 248.985705][T12215] net_ratelimit: 57 callbacks suppressed [ 248.985728][T12215] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 249.001401][T12216] netlink: 27 bytes leftover after parsing attributes in process `syz.0.1697'. [ 249.031774][T12217] bond2: (slave bond_slave_1): Device is not our slave [ 249.039000][T12217] bond2: option active_slave: invalid value (bond_slave_1) [ 249.049153][T12217] bond2 (unregistering): Released all slaves [ 249.196957][T12227] x_tables: arp_tables: NFQUEUE target: not valid for this family [ 249.257213][T12229] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 249.320389][T12229] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 249.332990][T12228] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 249.563983][T12233] lo speed is unknown, defaulting to 1000 [ 249.875594][T12249] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 249.907829][T12249] netdevsim netdevsim4 eth3 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 250.129938][T12249] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 250.165529][T12249] netdevsim netdevsim4 eth2 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 250.185580][T12268] tunl0: Caught tx_queue_len zero misconfig [ 250.194492][T12264] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 250.204744][T12264] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.222108][T12264] netdevsim netdevsim1 eth3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 250.354981][T12249] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 250.371954][T12249] netdevsim netdevsim4 eth1 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 250.427938][T12264] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 250.442031][T12264] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.469990][T12264] netdevsim netdevsim1 eth2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 250.555994][T12249] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 250.573823][T12249] netdevsim netdevsim4 eth0 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 250.593827][T12276] syzkaller1: entered promiscuous mode [ 250.599390][T12276] syzkaller1: entered allmulticast mode [ 250.631511][T12264] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 250.641447][T12264] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.651241][T12264] netdevsim netdevsim1 eth1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 250.685202][T12264] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 250.695445][T12264] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.707194][T12264] netdevsim netdevsim1 eth0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 250.759879][ T6834] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 20004 - 0 [ 250.773553][ T6834] netdevsim netdevsim4 eth0: set [1, 1] type 2 family 0 port 20000 - 0 [ 250.795372][T12283] FAULT_INJECTION: forcing a failure. [ 250.795372][T12283] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 250.796436][ T6834] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 20004 - 0 [ 250.808747][T12283] CPU: 0 UID: 0 PID: 12283 Comm: syz.0.1718 Not tainted syzkaller #0 PREEMPT(full) [ 250.808768][T12283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 250.808789][T12283] Call Trace: [ 250.808797][T12283] [ 250.808804][T12283] dump_stack_lvl+0xe8/0x150 [ 250.808834][T12283] should_fail_ex+0x412/0x560 [ 250.808866][T12283] _copy_to_user+0x31/0xb0 [ 250.808897][T12283] simple_read_from_buffer+0xe1/0x170 [ 250.808926][T12283] proc_fail_nth_read+0x1bb/0x230 [ 250.808954][T12283] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 250.808981][T12283] ? rw_verify_area+0x2a6/0x4d0 [ 250.809000][T12283] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 250.809025][T12283] vfs_read+0x20c/0xa70 [ 250.809042][T12283] ? fdget_pos+0x246/0x320 [ 250.809063][T12283] ? __pfx___mutex_lock+0x10/0x10 [ 250.809084][T12283] ? __pfx_vfs_read+0x10/0x10 [ 250.809104][T12283] ? __fget_files+0x2a/0x420 [ 250.809123][T12283] ? __fget_files+0x3a0/0x420 [ 250.809137][T12283] ? __fget_files+0x2a/0x420 [ 250.809161][T12283] ksys_read+0x150/0x270 [ 250.809183][T12283] ? __pfx_ksys_read+0x10/0x10 [ 250.809212][T12283] do_syscall_64+0x14d/0xf80 [ 250.809230][T12283] ? trace_irq_disable+0x3b/0x150 [ 250.809247][T12283] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.809265][T12283] ? clear_bhb_loop+0x40/0x90 [ 250.809287][T12283] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.809306][T12283] RIP: 0033:0x7f3f1115d04e [ 250.809322][T12283] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 250.809337][T12283] RSP: 002b:00007f3f1212ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 250.809357][T12283] RAX: ffffffffffffffda RBX: 00007f3f121306c0 RCX: 00007f3f1115d04e [ 250.809370][T12283] RDX: 000000000000000f RSI: 00007f3f121300a0 RDI: 000000000000000c [ 250.809381][T12283] RBP: 00007f3f12130090 R08: 0000000000000000 R09: 0000000000000000 [ 250.809391][T12283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 250.809402][T12283] R13: 00007f3f11416038 R14: 00007f3f11415fa0 R15: 00007ffee28eccb8 [ 250.809430][T12283] [ 251.029237][ T6834] netdevsim netdevsim4 eth1: set [1, 1] type 2 family 0 port 20000 - 0 [ 251.073193][ T6830] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 20004 - 0 [ 251.092685][ T6830] netdevsim netdevsim4 eth2: set [1, 1] type 2 family 0 port 20000 - 0 [ 251.133248][ T5826] Bluetooth: hci4: command 0x0405 tx timeout [ 251.143655][ T6810] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 251.154282][ T6810] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 251.172308][ T6810] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 251.201569][ T6810] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 20004 - 0 [ 251.221943][ T6810] netdevsim netdevsim4 eth3: set [1, 1] type 2 family 0 port 20000 - 0 [ 251.230284][ T6810] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 251.249251][ T6810] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 251.259184][ T6810] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 251.288808][ T6830] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 251.297568][ T6830] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 251.306292][ T6830] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 251.369718][T12302] netpci0: renamed from sit2 [ 251.384835][T12302] netpci0: entered allmulticast mode [ 251.400355][ T6830] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 251.412250][ T6830] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 251.423663][ T6830] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 251.445682][T12308] __nla_validate_parse: 6 callbacks suppressed [ 251.445697][T12308] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1726'. [ 251.493674][T12308] netlink: 'syz.3.1726': attribute type 2 has an invalid length. [ 251.604422][T12321] xt_hashlimit: size too large, truncated to 1048576 [ 251.695772][T12327] netlink: 7 bytes leftover after parsing attributes in process `syz.1.1733'. [ 251.718354][T12327] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1733'. [ 251.752615][T12333] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1732'. [ 251.801012][T12334] bridge10: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 251.866840][T12337] netlink: 'syz.4.1735': attribute type 1 has an invalid length. [ 251.882001][T12337] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1735'. [ 252.023339][T12347] geneve2: entered promiscuous mode [ 252.032554][ T6834] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 252.049281][ T6834] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 252.090873][ T6834] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 252.122142][ T6834] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 252.218877][T12356] netlink: 'syz.0.1742': attribute type 1 has an invalid length. [ 252.224475][T12363] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1745'. [ 252.321227][T12360] bond8: (slave vxcan3): The slave device specified does not support setting the MAC address [ 252.333297][T12360] bond8: (slave vxcan3): Error -95 calling set_mac_address [ 252.468925][T12371] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1748'. [ 252.578701][T12391] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1753'. [ 252.720883][T12391] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 252.885823][T12414] tipc: Failed to remove unknown binding: 66,1,1/134418688:4175161513/4175161515 [ 253.065927][T12426] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 253.339009][T12448] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1767'. [ 253.476166][T12458] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1770'. [ 253.578961][T12461] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 253.657326][T12466] veth1_macvtap: left promiscuous mode [ 253.670215][T12466] macsec0: entered promiscuous mode [ 253.690747][T12409] tipc: Failed to remove unknown binding: 66,1,1/134418688:4175161513/4175161515 [ 253.728966][T12468] veth1_macvtap: entered promiscuous mode [ 253.739831][T12468] macsec0: left promiscuous mode [ 254.580011][T12521] netlink: Unknown conntrack attr (0) [ 254.652949][T12526] IPv6: NLM_F_CREATE should be specified when creating new route [ 254.693444][T12527] batman_adv: batadv0: Adding interface: gretap1 [ 254.699810][T12527] batman_adv: batadv0: The MTU of interface gretap1 is too small (1382) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 254.759969][T12527] batman_adv: batadv0: Interface activated: gretap1 [ 255.060355][T12550] tipc: Resetting bearer [ 255.093677][T12550] tipc: Resetting bearer [ 255.623189][T12558] team_slave_0: entered promiscuous mode [ 255.629357][T12558] team_slave_1: entered promiscuous mode [ 255.642734][T12558] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 255.911774][T12570] batadv_slave_0: Caught tx_queue_len zero misconfig [ 256.071004][T12579] netlink: 'syz.4.1802': attribute type 2 has an invalid length. [ 256.174684][T12582] unsupported nlmsg_type 40 [ 256.390392][T12590] netlink: 'syz.0.1807': attribute type 28 has an invalid length. [ 257.042175][T12599] nbd0: detected capacity change from 0 to 63 [ 257.053665][ T5825] block nbd0: Receive control failed (result -32) [ 257.062095][ T5826] block nbd0: Receive control failed (result -32) [ 257.079398][T12465] block nbd0: Dead connection, failed to find a fallback [ 257.086973][T12465] block nbd0: shutting down sockets [ 257.095910][T12465] blk_print_req_error: 138 callbacks suppressed [ 257.095925][T12465] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 257.112584][T12465] buffer_io_error: 138 callbacks suppressed [ 257.112600][T12465] Buffer I/O error on dev nbd0, logical block 0, async page read [ 257.126684][T12465] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 257.138415][T12465] Buffer I/O error on dev nbd0, logical block 1, async page read [ 257.147996][T12465] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 257.157779][T12465] Buffer I/O error on dev nbd0, logical block 2, async page read [ 257.168527][T12465] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 257.178284][T12465] Buffer I/O error on dev nbd0, logical block 3, async page read [ 257.186839][T12465] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 257.222317][T12465] Buffer I/O error on dev nbd0, logical block 0, async page read [ 257.230146][T12465] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 257.252479][T12465] Buffer I/O error on dev nbd0, logical block 1, async page read [ 257.260478][T12465] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 257.274667][T12616] Cannot find add_set index 0 as target [ 257.287984][T12613] xt_connbytes: Forcing CT accounting to be enabled [ 257.295488][T12465] Buffer I/O error on dev nbd0, logical block 2, async page read [ 257.303456][T12465] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 257.316624][T12616] __nla_validate_parse: 13 callbacks suppressed [ 257.316642][T12616] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1815'. [ 257.332251][T12465] Buffer I/O error on dev nbd0, logical block 3, async page read [ 257.352138][T12465] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 257.372885][T12465] Buffer I/O error on dev nbd0, logical block 0, async page read [ 257.381075][ T5826] block nbd2: Receive control failed (result -32) [ 257.396759][T12465] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 257.415232][T12465] Buffer I/O error on dev nbd0, logical block 1, async page read [ 257.423999][T12465] ldm_validate_partition_table(): Disk read failed. [ 257.431109][T12465] Dev nbd0: unable to read RDB block 0 [ 257.437259][T12465] nbd0: unable to read partition table [ 257.449427][T12465] ldm_validate_partition_table(): Disk read failed. [ 257.456616][T12465] Dev nbd0: unable to read RDB block 0 [ 257.462949][T12465] nbd0: unable to read partition table [ 257.730340][T12628] netlink: 'syz.4.1818': attribute type 4 has an invalid length. [ 257.827686][T12631] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1819'. [ 258.055206][T12635] netlink: 'syz.2.1821': attribute type 1 has an invalid length. [ 258.092002][T12635] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1821'. [ 258.238909][T12645] IPv6: sit2: Disabled Multicast RS [ 258.493838][T12665] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1827'. [ 258.615250][T12668] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 258.697514][T12672] netlink: 'syz.0.1829': attribute type 3 has an invalid length. [ 258.705618][T12672] netlink: 'syz.0.1829': attribute type 3 has an invalid length. [ 258.746232][T12668] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 258.804453][T12668] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1828'. [ 258.816725][T12667] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 259.421998][T12701] syzkaller1: entered allmulticast mode [ 259.490082][T12705] lo speed is unknown, defaulting to 1000 [ 259.503382][T12708] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1839'. [ 259.557773][T12711] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1840'. [ 259.681516][T12718] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1842'. [ 259.703186][T12716] batman_adv: batadv0: Adding interface: vlan0 [ 259.709391][T12716] batman_adv: batadv0: The MTU of interface vlan0 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 259.734875][T12716] batman_adv: batadv0: Not using interface vlan0 (retrying later): interface not active [ 259.860590][T12726] syzkaller1: entered promiscuous mode [ 259.870295][T12726] syzkaller1: entered allmulticast mode [ 259.882879][T12730] tipc: Enabled bearer , priority 0 [ 259.925582][T12730] tipc: Resetting bearer [ 259.938131][T12735] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 259.955943][T12735] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 259.978146][T12739] netlink: 'syz.4.1848': attribute type 1 has an invalid length. [ 259.988316][T12739] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 260.073513][T12745] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1851'. [ 260.097215][T12746] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1852'. [ 260.175024][T12752] x_tables: ip_tables: ah match: only valid for protocol 51 [ 260.186353][T12750] netlink: 'syz.1.1854': attribute type 13 has an invalid length. [ 260.292356][T12760] netlink: 'syz.1.1858': attribute type 4 has an invalid length. [ 260.479967][T12775] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 260.569038][T12775] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 260.604701][T12773] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 260.650295][T12791] vlan2: entered promiscuous mode [ 260.704578][T12794] tipc: Enabling of bearer rejected, already enabled [ 261.057214][T12816] netlink: 'syz.3.1880': attribute type 1 has an invalid length. [ 261.103600][T12816] bond4: entered promiscuous mode [ 261.109018][T12816] 8021q: adding VLAN 0 to HW filter on device bond4 [ 261.193120][T12816] 8021q: adding VLAN 0 to HW filter on device bond5 [ 261.194362][T12835] netlink: 'syz.2.1885': attribute type 10 has an invalid length. [ 261.208679][T12816] bond4: (slave bond5): making interface the new active one [ 261.219440][T12816] bond5: entered promiscuous mode [ 261.236473][T12816] bond4: (slave bond5): Enslaving as an active interface with an up link [ 261.251271][T12831] netlink: 'syz.0.1884': attribute type 1 has an invalid length. [ 261.299876][T12818] 8021q: adding VLAN 0 to HW filter on device bond6 [ 261.308951][T12818] bond4: (slave bond6): Enslaving as a backup interface with an up link [ 261.458215][T12844] mac80211_hwsim hwsim5 syzkaller0: left promiscuous mode [ 261.483184][T12844] mac80211_hwsim hwsim5 syzkaller0: left allmulticast mode [ 261.835639][T12865] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 261.968628][T12874] tipc: Resetting bearer [ 262.122587][T12883] netlink: 'syz.1.1898': attribute type 11 has an invalid length. [ 262.505008][T12894] openvswitch: netlink: IPv6 tunnel dst address is zero [ 262.598109][T12863] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 262.757982][T12901] validate_nla: 1 callbacks suppressed [ 262.758003][T12901] netlink: 'syz.3.1905': attribute type 1 has an invalid length. [ 263.340132][T12938] netlink: 'syz.3.1920': attribute type 1 has an invalid length. [ 263.625099][T12955] __nla_validate_parse: 15 callbacks suppressed [ 263.625118][T12955] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1926'. [ 263.700609][T12955] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1926'. [ 264.016963][T12981] netlink: 'syz.4.1934': attribute type 1 has an invalid length. [ 264.374755][T13004] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 264.657332][T13022] netlink: 'syz.3.1948': attribute type 1 has an invalid length. [ 264.789846][T13029] lo speed is unknown, defaulting to 1000 [ 264.828372][T13033] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1953'. [ 264.857088][T13033] SET target dimension over the limit! [ 264.869025][T13036] bridge2: entered promiscuous mode [ 264.874508][T13036] bridge2: entered allmulticast mode [ 264.885919][T13036] team0: Port device bridge2 added [ 264.940684][T13038] lo speed is unknown, defaulting to 1000 [ 265.400573][T13064] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1959'. [ 265.580411][T13068] netlink: 'syz.1.1961': attribute type 142 has an invalid length. [ 265.736033][T13078] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1964'. [ 265.809555][T13081] mac80211_hwsim hwsim5 syzkaller0: entered promiscuous mode [ 265.874658][T13087] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1968'. [ 265.909120][T13087] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1968'. [ 266.017095][T13098] IPVS: set_ctl: invalid protocol: 201 172.20.20.187:20001 [ 266.060161][T13094] syzkaller1: entered promiscuous mode [ 266.077339][T13094] syzkaller1: entered allmulticast mode [ 266.106857][T13102] xt_CT: You must specify a L4 protocol and not use inversions on it [ 266.258718][T13111] netlink: 188 bytes leftover after parsing attributes in process `syz.1.1976'. [ 266.299387][T13110] netlink: 'syz.0.1975': attribute type 1 has an invalid length. [ 266.377316][T13121] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1979'. [ 266.402322][T13123] netlink: 'syz.0.1980': attribute type 10 has an invalid length. [ 266.411011][T13121] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1979'. [ 266.615673][T13136] vxcan0: entered allmulticast mode [ 266.706006][T13123] lo speed is unknown, defaulting to 1000 [ 267.011373][T13162] netlink: 'syz.0.1991': attribute type 10 has an invalid length. [ 267.024442][T13162] team0: Port device dummy0 removed [ 267.044188][T13162] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 267.420240][T13186] syz.1.1994: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 267.487605][T13186] CPU: 0 UID: 0 PID: 13186 Comm: syz.1.1994 Not tainted syzkaller #0 PREEMPT(full) [ 267.487636][T13186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 267.487648][T13186] Call Trace: [ 267.487656][T13186] [ 267.487665][T13186] dump_stack_lvl+0xe8/0x150 [ 267.487700][T13186] warn_alloc+0x249/0x340 [ 267.487727][T13186] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 267.487753][T13186] ? __pfx_warn_alloc+0x10/0x10 [ 267.487784][T13186] ? kasan_save_track+0x4f/0x80 [ 267.487806][T13186] ? kasan_save_track+0x3e/0x80 [ 267.487827][T13186] ? __kasan_kmalloc+0x93/0xb0 [ 267.487849][T13186] ? __kmalloc_cache_noprof+0x31c/0x660 [ 267.487871][T13186] ? xskq_create+0x56/0x170 [ 267.487891][T13186] ? xsk_setsockopt+0x54c/0x990 [ 267.487919][T13186] ? do_sock_setsockopt+0x17c/0x1b0 [ 267.487947][T13186] ? __x64_sys_setsockopt+0x13d/0x1b0 [ 267.487972][T13186] ? do_syscall_64+0x14d/0xf80 [ 267.487997][T13186] __vmalloc_node_range_noprof+0x132/0x1730 [ 267.488049][T13186] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 267.488078][T13186] ? __kasan_kmalloc+0x93/0xb0 [ 267.488106][T13186] vmalloc_user_noprof+0xad/0xe0 [ 267.488127][T13186] ? xskq_create+0xbf/0x170 [ 267.488146][T13186] xskq_create+0xbf/0x170 [ 267.488168][T13186] xsk_init_queue+0x8a/0xe0 [ 267.488201][T13186] xsk_setsockopt+0x54c/0x990 [ 267.488234][T13186] ? __pfx_xsk_setsockopt+0x10/0x10 [ 267.488274][T13186] ? __pfx_aa_sk_perm+0x10/0x10 [ 267.488308][T13186] ? aa_sock_opt_perm+0xff/0x1a0 [ 267.488331][T13186] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 267.488355][T13186] ? __pfx_xsk_setsockopt+0x10/0x10 [ 267.488387][T13186] do_sock_setsockopt+0x17c/0x1b0 [ 267.488422][T13186] __x64_sys_setsockopt+0x13d/0x1b0 [ 267.488457][T13186] do_syscall_64+0x14d/0xf80 [ 267.488479][T13186] ? trace_irq_disable+0x3b/0x150 [ 267.488497][T13186] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.488518][T13186] ? clear_bhb_loop+0x40/0x90 [ 267.488542][T13186] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.488563][T13186] RIP: 0033:0x7f71e6d9c819 [ 267.488582][T13186] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 267.488601][T13186] RSP: 002b:00007f71e7c3e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 267.488625][T13186] RAX: ffffffffffffffda RBX: 00007f71e7016180 RCX: 00007f71e6d9c819 [ 267.488639][T13186] RDX: 0000000000000006 RSI: 000000000000011b RDI: 000000000000000f [ 267.488651][T13186] RBP: 00007f71e6e32c91 R08: 0000000000000004 R09: 0000000000000000 [ 267.488663][T13186] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 267.488673][T13186] R13: 00007f71e7016218 R14: 00007f71e7016180 R15: 00007ffc7f44f508 [ 267.488705][T13186] [ 267.488726][T13186] Mem-Info: [ 267.768719][T13186] active_anon:7131 inactive_anon:0 isolated_anon:0 [ 267.768719][T13186] active_file:3454 inactive_file:40045 isolated_file:0 [ 267.768719][T13186] unevictable:768 dirty:412 writeback:0 [ 267.768719][T13186] slab_reclaimable:12969 slab_unreclaimable:114206 [ 267.768719][T13186] mapped:32701 shmem:2942 pagetables:1401 [ 267.768719][T13186] sec_pagetables:0 bounce:0 [ 267.768719][T13186] kernel_misc_reclaimable:0 [ 267.768719][T13186] free:1307095 free_pcp:10974 free_cma:0 [ 267.814300][T13186] Node 0 active_anon:29124kB inactive_anon:0kB active_file:13816kB inactive_file:159972kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:130804kB dirty:1648kB writeback:0kB shmem:10832kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13548kB pagetables:5540kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 267.846312][T13186] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:208kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 267.876778][T13186] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 267.908638][T13186] lowmem_reserve[]: 0 2492 2493 2493 2493 [ 267.914791][T13186] Node 0 DMA32 free:1273380kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB free_highatomic:0KB active_anon:28932kB inactive_anon:0kB active_file:13816kB inactive_file:159972kB unevictable:1536kB writepending:1648kB zspages:0kB present:3129332kB managed:2552104kB mlocked:0kB bounce:0kB free_pcp:43380kB local_pcp:29708kB free_cma:0kB [ 267.939029][T13197] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 267.974126][T13186] lowmem_reserve[]: 0 0 0 0 0 [ 267.984244][T13186] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:872kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 268.022074][T13186] lowmem_reserve[]: 0 0 0 0 0 [ 268.026950][T13186] Node 1 Normal free:3939372kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:208kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 268.085664][T13186] lowmem_reserve[]: 0 0 0 0 0 [ 268.099953][T13186] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 268.126680][T13186] Node 0 DMA32: 3457*4kB (UME) 3048*8kB (UME) 1585*16kB (UM) 416*32kB (UM) 132*64kB (UME) 323*128kB (UME) 294*256kB (UME) 244*512kB (UME) 188*1024kB (UME) 80*2048kB (UME) 146*4096kB (UM) = 1281236kB [ 268.194448][T13186] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 268.213458][T13186] Node 1 Normal: 1*4kB (U) 3*8kB (UM) 7*16kB (UM) 7*32kB (UM) 7*64kB (UM) 6*128kB (UM) 4*256kB (UM) 3*512kB (UM) 1*1024kB (M) 1*2048kB (U) 960*4096kB (M) = 3939372kB [ 268.252806][T13186] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 268.274780][T13186] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 268.292617][T13203] tun0: tun_chr_ioctl cmd 1074025672 [ 268.299799][T13203] tun0: ignored: set checksum disabled [ 268.311439][T13186] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 268.358281][T13186] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 268.391117][T13186] 44862 total pagecache pages [ 268.411973][T13186] 0 pages in swap cache [ 268.416166][T13186] Free swap = 124996kB [ 268.423533][T13186] Total swap = 124996kB [ 268.427712][T13186] 2097051 pages RAM [ 268.450281][T13186] 0 pages HighMem/MovableOnly [ 268.459079][T13186] 427192 pages reserved [ 268.466721][T13186] 0 pages cma reserved [ 268.544482][T13218] xt_l2tp: missing protocol rule (udp|l2tpip) [ 268.557170][T13214] bridge7: entered allmulticast mode [ 268.800755][T13234] __nla_validate_parse: 6 callbacks suppressed [ 268.800773][T13234] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2012'. [ 268.822607][T13234] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2012'. [ 268.965324][T13248] netlink: 4096 bytes leftover after parsing attributes in process `syz.0.2016'. [ 269.419323][T13275] netlink: 190972 bytes leftover after parsing attributes in process `syz.0.2024'. [ 269.498592][T13279] syzkaller1: entered promiscuous mode [ 269.511159][T13279] syzkaller1: entered allmulticast mode [ 269.528322][T13277] syzkaller0: entered promiscuous mode [ 269.534810][T13277] syzkaller0: entered allmulticast mode [ 269.886517][T13299] netlink: 'syz.4.2032': attribute type 1 has an invalid length. [ 269.965387][T13304] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2034'. [ 269.984382][T13304] openvswitch: netlink: Missing key (keys=c0, expected=200000) [ 270.309482][T13308] bridge8: entered promiscuous mode [ 270.332549][T13308] bridge8: entered allmulticast mode [ 270.550691][T13323] netlink: 'syz.2.2040': attribute type 1 has an invalid length. [ 270.667316][T13323] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2040'. [ 270.695044][T13323] 8021q: adding VLAN 0 to HW filter on device bond3 [ 270.735163][T13325] bond3: (slave gretap2): making interface the new active one [ 270.743807][T13325] bond3: (slave gretap2): Enslaving as an active interface with an up link [ 271.022999][T13346] netlink: 'syz.4.2046': attribute type 1 has an invalid length. [ 271.072307][T13346] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2046'. [ 271.102666][T13346] sctp: [Deprecated]: syz.4.2046 (pid 13346) Use of int in maxseg socket option. [ 271.102666][T13346] Use struct sctp_assoc_value instead [ 271.221801][T13354] netlink: 'syz.0.2048': attribute type 1 has an invalid length. [ 271.251682][T13356] netlink: 'syz.1.2049': attribute type 1 has an invalid length. [ 271.325481][T13354] workqueue: Failed to create a rescuer kthread for wq "bond9": -EINTR [ 271.390860][T13364] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.2050'. [ 271.467279][T13368] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2052'. [ 271.569241][T13369] lo speed is unknown, defaulting to 1000 [ 271.708499][T13376] netlink: 'syz.4.2055': attribute type 39 has an invalid length. [ 271.892069][T13384] netlink: 100 bytes leftover after parsing attributes in process `syz.0.2059'. [ 272.020703][T13392] netlink: 'syz.0.2061': attribute type 28 has an invalid length. [ 272.189128][T13398] netlink: 'syz.2.2063': attribute type 1 has an invalid length. [ 272.519680][T13416] geneve2: entered promiscuous mode [ 272.751494][T13430] netlink: 'syz.4.2074': attribute type 3 has an invalid length. [ 272.818153][T13436] FAULT_INJECTION: forcing a failure. [ 272.818153][T13436] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 272.848878][T13436] CPU: 1 UID: 0 PID: 13436 Comm: syz.1.2076 Not tainted syzkaller #0 PREEMPT(full) [ 272.848906][T13436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 272.848917][T13436] Call Trace: [ 272.848924][T13436] [ 272.848932][T13436] dump_stack_lvl+0xe8/0x150 [ 272.848963][T13436] should_fail_ex+0x412/0x560 [ 272.848994][T13436] prepare_alloc_pages+0x22a/0x650 [ 272.849025][T13436] __alloc_frozen_pages_noprof+0x12f/0x380 [ 272.849052][T13436] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 272.849079][T13436] ? __pfx_policy_nodemask+0x10/0x10 [ 272.849111][T13436] alloc_pages_mpol+0x232/0x4a0 [ 272.849138][T13436] alloc_pages_noprof+0xa8/0x1a0 [ 272.849163][T13436] __pte_alloc_kernel+0x23/0x360 [ 272.849184][T13436] ? __vmap_pages_range_noflush+0x629/0xf40 [ 272.849213][T13436] __vmap_pages_range_noflush+0x9b1/0xf40 [ 272.849264][T13436] __vmalloc_node_range_noprof+0x11cc/0x1730 [ 272.849314][T13436] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 272.849335][T13436] ? trace_kmalloc+0x2a/0x110 [ 272.849358][T13436] ? __kmalloc_node_noprof+0x4fe/0x7c0 [ 272.849378][T13436] ? bpf_map_area_alloc+0x64/0x170 [ 272.849400][T13436] bpf_map_area_alloc+0x12d/0x170 [ 272.849420][T13436] ? sock_hash_alloc+0x266/0x4e0 [ 272.849447][T13436] sock_hash_alloc+0x266/0x4e0 [ 272.849477][T13436] map_create+0xafd/0x16a0 [ 272.849496][T13436] ? security_bpf+0x7e/0x2d0 [ 272.849530][T13436] __sys_bpf+0x6e1/0x950 [ 272.849550][T13436] ? __pfx___sys_bpf+0x10/0x10 [ 272.849581][T13436] ? ksys_write+0x242/0x270 [ 272.849603][T13436] ? __pfx_ksys_write+0x10/0x10 [ 272.849630][T13436] __x64_sys_bpf+0x7c/0x90 [ 272.849655][T13436] do_syscall_64+0x14d/0xf80 [ 272.849675][T13436] ? trace_irq_disable+0x3b/0x150 [ 272.849690][T13436] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.849708][T13436] ? clear_bhb_loop+0x40/0x90 [ 272.849730][T13436] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.849748][T13436] RIP: 0033:0x7f71e6d9c819 [ 272.849766][T13436] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 272.849781][T13436] RSP: 002b:00007f71e7c80028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 272.849802][T13436] RAX: ffffffffffffffda RBX: 00007f71e7015fa0 RCX: 00007f71e6d9c819 [ 272.849815][T13436] RDX: 0000000000000050 RSI: 00002000000005c0 RDI: 0000000000000000 [ 272.849827][T13436] RBP: 00007f71e7c80090 R08: 0000000000000000 R09: 0000000000000000 [ 272.849838][T13436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 272.849848][T13436] R13: 00007f71e7016038 R14: 00007f71e7015fa0 R15: 00007ffc7f44f508 [ 272.849877][T13436] [ 272.945329][T13441] netlink: 'syz.4.2074': attribute type 1 has an invalid length. [ 273.277606][T13446] dvmrp1: entered allmulticast mode [ 273.342017][T13445] dvmrp1: left allmulticast mode [ 273.370450][T13446] x_tables: duplicate underflow at hook 2 [ 273.392701][T13451] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 273.979794][T13485] FAULT_INJECTION: forcing a failure. [ 273.979794][T13485] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 274.028733][T13482] lo speed is unknown, defaulting to 1000 [ 274.092178][T13485] CPU: 1 UID: 0 PID: 13485 Comm: syz.1.2090 Not tainted syzkaller #0 PREEMPT(full) [ 274.092204][T13485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 274.092214][T13485] Call Trace: [ 274.092221][T13485] [ 274.092229][T13485] dump_stack_lvl+0xe8/0x150 [ 274.092259][T13485] should_fail_ex+0x412/0x560 [ 274.092290][T13485] prepare_alloc_pages+0x22a/0x650 [ 274.092320][T13485] __alloc_frozen_pages_noprof+0x12f/0x380 [ 274.092346][T13485] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 274.092370][T13485] ? __pfx_policy_nodemask+0x10/0x10 [ 274.092407][T13485] alloc_pages_mpol+0x232/0x4a0 [ 274.092433][T13485] alloc_pages_noprof+0xa8/0x1a0 [ 274.092456][T13485] __pte_alloc_kernel+0x23/0x360 [ 274.092474][T13485] ? __vmap_pages_range_noflush+0x629/0xf40 [ 274.092502][T13485] __vmap_pages_range_noflush+0x9b1/0xf40 [ 274.092551][T13485] __vmalloc_node_range_noprof+0x11cc/0x1730 [ 274.092596][T13485] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 274.092616][T13485] ? trace_kmalloc+0x2a/0x110 [ 274.092638][T13485] ? __kmalloc_node_noprof+0x4fe/0x7c0 [ 274.092657][T13485] ? bpf_map_area_alloc+0x64/0x170 [ 274.092677][T13485] bpf_map_area_alloc+0x12d/0x170 [ 274.092696][T13485] ? sock_hash_alloc+0x266/0x4e0 [ 274.092721][T13485] sock_hash_alloc+0x266/0x4e0 [ 274.092749][T13485] map_create+0xafd/0x16a0 [ 274.092767][T13485] ? security_bpf+0x7e/0x2d0 [ 274.092793][T13485] __sys_bpf+0x6e1/0x950 [ 274.092812][T13485] ? __pfx___sys_bpf+0x10/0x10 [ 274.092842][T13485] ? ksys_write+0x242/0x270 [ 274.092863][T13485] ? __pfx_ksys_write+0x10/0x10 [ 274.092888][T13485] __x64_sys_bpf+0x7c/0x90 [ 274.092913][T13485] do_syscall_64+0x14d/0xf80 [ 274.092931][T13485] ? trace_irq_disable+0x3b/0x150 [ 274.092946][T13485] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.092963][T13485] ? clear_bhb_loop+0x40/0x90 [ 274.092984][T13485] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.093001][T13485] RIP: 0033:0x7f71e6d9c819 [ 274.093017][T13485] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 274.093032][T13485] RSP: 002b:00007f71e7c80028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 274.093052][T13485] RAX: ffffffffffffffda RBX: 00007f71e7015fa0 RCX: 00007f71e6d9c819 [ 274.093064][T13485] RDX: 0000000000000050 RSI: 00002000000005c0 RDI: 0000000000000000 [ 274.093075][T13485] RBP: 00007f71e7c80090 R08: 0000000000000000 R09: 0000000000000000 [ 274.093085][T13485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 274.093095][T13485] R13: 00007f71e7016038 R14: 00007f71e7015fa0 R15: 00007ffc7f44f508 [ 274.093123][T13485] [ 274.752561][T13500] FAULT_INJECTION: forcing a failure. [ 274.752561][T13500] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 274.796423][T13500] CPU: 0 UID: 0 PID: 13500 Comm: syz.0.2094 Not tainted syzkaller #0 PREEMPT(full) [ 274.796449][T13500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 274.796460][T13500] Call Trace: [ 274.796467][T13500] [ 274.796475][T13500] dump_stack_lvl+0xe8/0x150 [ 274.796505][T13500] should_fail_ex+0x412/0x560 [ 274.796536][T13500] _copy_to_user+0x31/0xb0 [ 274.796560][T13500] simple_read_from_buffer+0xe1/0x170 [ 274.796593][T13500] proc_fail_nth_read+0x1bb/0x230 [ 274.796621][T13500] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 274.796650][T13500] ? rw_verify_area+0x2a6/0x4d0 [ 274.796669][T13500] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 274.796694][T13500] vfs_read+0x20c/0xa70 [ 274.796716][T13500] ? rds_setsockopt+0x1db/0xd90 [ 274.796740][T13500] ? __pfx_vfs_read+0x10/0x10 [ 274.796759][T13500] ? __pfx_rds_setsockopt+0x10/0x10 [ 274.796782][T13500] ? fd_install+0x94/0x3d0 [ 274.796807][T13500] ? __pfx_aa_sk_perm+0x10/0x10 [ 274.796841][T13500] ksys_read+0x150/0x270 [ 274.796863][T13500] ? __pfx_ksys_read+0x10/0x10 [ 274.796893][T13500] do_syscall_64+0x14d/0xf80 [ 274.796912][T13500] ? trace_irq_disable+0x3b/0x150 [ 274.796928][T13500] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.796946][T13500] ? clear_bhb_loop+0x40/0x90 [ 274.796968][T13500] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.796986][T13500] RIP: 0033:0x7f3f1115d04e [ 274.797002][T13500] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 274.797017][T13500] RSP: 002b:00007f3f1212ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 274.797037][T13500] RAX: ffffffffffffffda RBX: 00007f3f121306c0 RCX: 00007f3f1115d04e [ 274.797049][T13500] RDX: 000000000000000f RSI: 00007f3f121300a0 RDI: 0000000000000004 [ 274.797060][T13500] RBP: 00007f3f12130090 R08: 0000000000000000 R09: 0000000000000000 [ 274.797071][T13500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 274.797082][T13500] R13: 00007f3f11416038 R14: 00007f3f11415fa0 R15: 00007ffee28eccb8 [ 274.797109][T13500] [ 275.145643][T13509] __nla_validate_parse: 3 callbacks suppressed [ 275.145662][T13509] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2097'. [ 275.820761][T13536] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2104'. [ 275.871575][T13536] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2104'. [ 275.877229][T13533] can: request_module (can-proto-0) failed. [ 275.898950][T13536] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2104'. [ 275.920864][T13536] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2104'. [ 275.960912][T13536] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2104'. [ 276.004746][T13536] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2104'. [ 276.016917][T13536] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2104'. [ 276.047126][T13536] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2104'. [ 276.087827][T13536] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2104'. [ 276.154780][T13536] team_slave_0: left promiscuous mode [ 276.160937][T13536] team_slave_1: left promiscuous mode [ 276.463406][T13536] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 276.480166][T13536] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 276.567800][T13544] syzkaller1: entered promiscuous mode [ 276.591787][T13544] syzkaller1: entered allmulticast mode [ 277.059538][T13581] validate_nla: 1 callbacks suppressed [ 277.059557][T13581] netlink: 'syz.0.2115': attribute type 4 has an invalid length. [ 277.678589][T13601] lo speed is unknown, defaulting to 1000 [ 278.081264][T13618] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 278.510633][T13639] lo speed is unknown, defaulting to 1000 [ 279.026443][T13653] lo speed is unknown, defaulting to 1000 [ 279.096821][T13661] lo speed is unknown, defaulting to 1000 [ 279.286831][T13682] netlink: 'syz.4.2148': attribute type 1 has an invalid length. [ 279.325604][T13682] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 280.118994][T13728] syzkaller0: entered promiscuous mode [ 280.124577][T13728] syzkaller0: entered allmulticast mode [ 280.287044][T13743] __nla_validate_parse: 96 callbacks suppressed [ 280.287062][T13743] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2161'. [ 280.310228][T13744] xt_CT: You must specify a L4 protocol and not use inversions on it [ 280.446200][T13747] netlink: 236 bytes leftover after parsing attributes in process `syz.2.2164'. [ 280.473357][T13747] bond0: Caught tx_queue_len zero misconfig [ 280.504953][T13736] lo speed is unknown, defaulting to 1000 [ 280.510849][T13747] netlink: 236 bytes leftover after parsing attributes in process `syz.2.2164'. [ 280.632930][T13754] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2165'. [ 280.860571][T13763] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2167'. [ 280.869700][T13763] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2167'. [ 280.923900][T13781] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2173'. [ 280.968820][T13783] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2174'. [ 281.101430][T13773] lo speed is unknown, defaulting to 1000 [ 281.810411][T13815] lo speed is unknown, defaulting to 1000 [ 281.860620][T13831] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2186'. [ 281.969363][T13833] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2187'. [ 282.077745][T13835] team0: entered promiscuous mode [ 282.083185][T13835] team0: entered allmulticast mode [ 282.088839][T13835] 8021q: adding VLAN 0 to HW filter on device team0 [ 282.770762][T13871] lo speed is unknown, defaulting to 1000 [ 282.985017][T13879] lo speed is unknown, defaulting to 1000 [ 283.583592][T13920] sctp: [Deprecated]: syz.1.2217 (pid 13920) Use of int in max_burst socket option. [ 283.583592][T13920] Use struct sctp_assoc_value instead [ 283.818210][T13930] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 284.070030][T13944] lo speed is unknown, defaulting to 1000 [ 284.320541][T13965] geneve5: entered promiscuous mode [ 284.376899][T13965] geneve5: entered allmulticast mode [ 284.770772][T13988] sch_tbf: burst 0 is lower than device sit0 mtu (1480) ! [ 284.899809][T13999] xt_addrtype: output interface limitation not valid in PREROUTING and INPUT [ 286.665718][T14012] netlink: 'syz.0.2243': attribute type 4 has an invalid length. [ 286.788446][T14024] geneve6: entered allmulticast mode [ 286.846423][T14008] lo speed is unknown, defaulting to 1000 [ 286.946271][T14032] __nla_validate_parse: 12 callbacks suppressed [ 286.946293][T14032] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2247'. [ 286.948491][T14034] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2248'. [ 287.054724][T14034] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 287.144977][T14035] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 287.161069][T14038] smc: net device wlan0 applied user defined pnetid SYZ0 [ 287.241515][T14045] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2251'. [ 287.436054][T14052] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2252'. [ 287.449079][T14051] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 287.708037][T14073] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2260'. [ 287.784791][T14079] netlink: 'syz.4.2263': attribute type 3 has an invalid length. [ 287.822460][T14079] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2263'. [ 287.895550][T14089] netlink: 'syz.3.2261': attribute type 62 has an invalid length. [ 287.929032][T14088] IPVS: Unknown mcast interface: vcan0 [ 288.089426][T14101] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2267'. [ 288.114284][T14102] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2266'. [ 288.241536][T14109] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2269'. [ 288.283767][T14109] gtp1: entered promiscuous mode [ 288.303504][T14109] gtp1: entered allmulticast mode [ 288.355029][T14110] syzkaller1: entered promiscuous mode [ 288.360734][T14110] syzkaller1: entered allmulticast mode [ 288.424483][T14127] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2274'. [ 289.247833][T14153] lo speed is unknown, defaulting to 1000 [ 289.489522][T14169] netlink: 'syz.2.2280': attribute type 1 has an invalid length. [ 289.750751][T14175] mac80211_hwsim hwsim5 syzkaller0: entered allmulticast mode [ 289.758880][T14175] tipc: Resetting bearer [ 290.250754][T14201] xfrm1: entered promiscuous mode [ 290.271317][T14201] xfrm1: entered allmulticast mode [ 290.665887][T14232] netlink: 'syz.1.2304': attribute type 10 has an invalid length. [ 290.771690][T14235] lo speed is unknown, defaulting to 1000 [ 290.818018][T14243] bond5 (unregistering): Released all slaves [ 291.146110][T14270] netlink: 'syz.3.2316': attribute type 1 has an invalid length. [ 291.160611][T14270] netlink: 'syz.3.2316': attribute type 2 has an invalid length. [ 291.377424][T14283] netlink: 'syz.0.2319': attribute type 4 has an invalid length. [ 291.392615][T14283] netlink: 'syz.0.2319': attribute type 4 has an invalid length. [ 291.420360][T14283] netlink: 'syz.0.2319': attribute type 4 has an invalid length. [ 291.532180][ C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 292.720542][T14299] __nla_validate_parse: 17 callbacks suppressed [ 292.720561][T14299] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2324'. [ 292.968860][T14314] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2329'. [ 292.988743][T14314] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2329'. [ 292.999669][T14314] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2329'. [ 293.010154][T14311] lo speed is unknown, defaulting to 1000 [ 293.019955][T14314] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2329'. [ 293.029255][T14314] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2329'. [ 293.094114][T14314] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2329'. [ 293.159834][T14326] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2333'. [ 293.258606][T14331] batadv_slave_1: entered allmulticast mode [ 293.367334][T14338] batadv_slave_1: left allmulticast mode [ 293.569620][T14348] lo speed is unknown, defaulting to 1000 [ 293.815906][T14371] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2344'. [ 293.825470][T14375] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2344'. [ 294.063003][T14383] bridge_slave_0: invalid flags given to default FDB implementation [ 294.268422][ T29] audit: type=1800 audit(1776072795.139:4): pid=14395 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2351" name=CB dev="tmpfs" ino=2332 res=0 errno=0 [ 294.516913][T14408] lo speed is unknown, defaulting to 1000 [ 295.127964][T14454] bridge_slave_1: left allmulticast mode [ 295.146257][T14454] bridge_slave_1: left promiscuous mode [ 295.155037][T14454] bridge0: port 2(bridge_slave_1) entered disabled state [ 295.168826][T14454] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 295.187650][T14457] tipc: Enabling of bearer rejected, failed to enable media [ 295.211713][T14456] tipc: Enabling of bearer rejected, failed to enable media [ 295.239318][T14433] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 295.278204][T14462] lo speed is unknown, defaulting to 1000 [ 295.573063][T14478] veth1: entered promiscuous mode [ 295.578415][T14478] veth1: entered allmulticast mode [ 295.852901][ T35] wlan1: Trigger new scan to find an IBSS to join [ 295.964306][T14512] 8021q: adding VLAN 0 to HW filter on device bond7 [ 296.025598][T14512] bond7: (slave dummy0): Enslaving as an active interface with an up link [ 296.074335][T14520] netlink: 'syz.2.2386': attribute type 9 has an invalid length. [ 296.105134][T14520] erspan0: entered promiscuous mode [ 296.110505][T14520] macvlan6: entered promiscuous mode [ 296.121423][T14520] macvlan6: entered allmulticast mode [ 296.129375][T14520] erspan0: entered allmulticast mode [ 296.213864][ C1] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 296.218557][T14522] lo speed is unknown, defaulting to 1000 [ 296.362676][ C1] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 296.477641][ T29] audit: type=1800 audit(1776072797.349:5): pid=14541 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2393" name="memory.events" dev="tmpfs" ino=2683 res=0 errno=0 [ 296.615997][T14550] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 296.689500][T14550] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 296.748229][T14549] lo speed is unknown, defaulting to 1000 [ 296.773403][T14566] IPVS: length: 528 != 112 [ 297.350355][T14586] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 297.377275][T14592] Cannot find map_set index 135 as target [ 297.404548][T14585] lo speed is unknown, defaulting to 1000 [ 297.565765][T14600] tap0: tun_chr_ioctl cmd 3224918121 [ 297.708085][T14616] netlink: 'syz.4.2410': attribute type 29 has an invalid length. [ 297.744442][T14616] __nla_validate_parse: 24 callbacks suppressed [ 297.744469][T14616] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2410'. [ 297.910146][T14625] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2416'. [ 297.973711][T14630] lo speed is unknown, defaulting to 1000 [ 298.118376][T14635] xt_CT: No such helper "syz1" [ 298.549163][T14662] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2424'. [ 298.569230][T14662] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2424'. [ 298.573622][T14665] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2425'. [ 299.208004][T14655] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 299.218836][T14672] netlink: 'syz.2.2426': attribute type 9 has an invalid length. [ 299.599309][T14689] netlink: 136 bytes leftover after parsing attributes in process `syz.4.2431'. [ 299.614922][T14689] A link change request failed with some changes committed already. Interface ip6tnl0 may have been left with an inconsistent configuration, please check. [ 299.793069][T14705] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2431'. [ 299.828752][T14705] openvswitch: netlink: Flow key attr not present in new flow. [ 300.096961][T14722] lo speed is unknown, defaulting to 1000 [ 300.288194][T14727] netlink: 'syz.1.2442': attribute type 1 has an invalid length. [ 300.338988][T14726] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2442'. [ 300.417030][T14732] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2443'. [ 300.548635][T14735] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2444'. [ 300.651820][T14742] syzkaller0: entered promiscuous mode [ 300.658345][T14742] syzkaller0: entered allmulticast mode [ 300.757279][T14745] netlink: 'syz.4.2449': attribute type 39 has an invalid length. [ 300.864922][T14756] netlink: ct family unspecified [ 300.924953][T14762] netlink: 'syz.1.2452': attribute type 62 has an invalid length. [ 301.207297][T14787] lo speed is unknown, defaulting to 1000 [ 301.284319][T14796] netlink: 'syz.2.2460': attribute type 1 has an invalid length. [ 301.395797][T14796] bond5: entered promiscuous mode [ 301.401345][T14796] 8021q: adding VLAN 0 to HW filter on device bond5 [ 301.514703][T14796] bond5: (slave bridge10): making interface the new active one [ 301.522425][T14796] bridge10: entered promiscuous mode [ 301.528968][T14796] bond5: (slave bridge10): Enslaving as an active interface with an up link [ 302.393239][T14836] sctp: [Deprecated]: syz.1.2469 (pid 14836) Use of int in max_burst socket option deprecated. [ 302.393239][T14836] Use struct sctp_assoc_value instead [ 302.483321][T14843] openvswitch: netlink: Key 6 has unexpected len 16 expected 2 [ 302.565458][T14851] openvswitch: netlink: Unexpected mask (mask=20840, allowed=10048) [ 302.909998][T14865] __nla_validate_parse: 12 callbacks suppressed [ 302.910018][T14865] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2480'. [ 303.029867][T14880] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2485'. [ 303.283052][T14901] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2492'. [ 303.380396][T14908] netlink: 'syz.0.2495': attribute type 1 has an invalid length. [ 303.427503][T14908] netlink: 'syz.0.2495': attribute type 1 has an invalid length. [ 303.437457][T14911] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2496'. [ 303.447177][T14911] nbd: socks must be embedded in a SOCK_ITEM attr [ 303.618603][T14924] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 303.630281][T14924] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2499'. [ 303.662940][T14924] hsr_slave_0: left promiscuous mode [ 303.676672][T14924] hsr_slave_1: left promiscuous mode [ 303.729210][T14932] netlink: 'syz.4.2502': attribute type 33 has an invalid length. [ 303.737257][T14932] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2502'. [ 303.747015][T14932] `: renamed from team0 (while UP) [ 304.197408][T14948] netlink: 'syz.4.2507': attribute type 3 has an invalid length. [ 304.352660][T14957] netlink: 80 bytes leftover after parsing attributes in process `syz.4.2511'. [ 304.361983][T14957] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2511'. [ 304.399447][T14959] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2512'. [ 304.419404][T14959] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 304.477366][T14964] netlink: 'syz.4.2513': attribute type 33 has an invalid length. [ 304.486568][T14964] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2513'. [ 304.695436][T14979] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 304.776191][T14979] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 304.800325][T14979] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0 [ 304.810964][T14979] netdevsim netdevsim4 eth3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 304.877892][T14979] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0 [ 304.888597][T14979] netdevsim netdevsim4 eth2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 304.947329][T14979] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0 [ 304.960198][T14979] netdevsim netdevsim4 eth1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 304.992770][T14995] bond0: (slave wlan1): Releasing backup interface [ 305.018020][T14979] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0 [ 305.028666][T14979] netdevsim netdevsim4 eth0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 305.166304][ T6830] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 20004 - 0 [ 305.177336][ T6830] netdevsim netdevsim4 eth0: set [1, 1] type 2 family 0 port 20000 - 0 [ 305.179602][T15003] netlink: 'syz.3.2526': attribute type 39 has an invalid length. [ 305.205033][ T6830] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 20004 - 0 [ 305.215073][ T6830] netdevsim netdevsim4 eth1: set [1, 1] type 2 family 0 port 20000 - 0 [ 305.249327][ T6830] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 20004 - 0 [ 305.257776][ T6830] netdevsim netdevsim4 eth2: set [1, 1] type 2 family 0 port 20000 - 0 [ 305.267195][ T6830] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 20004 - 0 [ 305.275809][ T6830] netdevsim netdevsim4 eth3: set [1, 1] type 2 family 0 port 20000 - 0 [ 305.317335][T14978] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 305.402665][T15009] af_packet: tpacket_rcv: packet too big, clamped from 18 to 4294967272. macoff=96 [ 305.557685][T15018] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING [ 305.577893][T15021] syz_tun: left allmulticast mode [ 305.590803][T15020] dvmrp1: entered allmulticast mode [ 305.788069][T15039] netlink: 'syz.2.2540': attribute type 1 has an invalid length. [ 306.124140][T15057] lo speed is unknown, defaulting to 1000 [ 306.178108][T15055] lo speed is unknown, defaulting to 1000 [ 306.202516][T15052] syzkaller0: entered promiscuous mode [ 306.208893][T15052] syzkaller0: entered allmulticast mode [ 306.219622][T15056] netlink: 'syz.2.2546': attribute type 13 has an invalid length. [ 306.926976][T15078] netlink: 'syz.1.2552': attribute type 2 has an invalid length. [ 306.958344][T15078] : entered promiscuous mode [ 307.016994][T15078] netlink: 'syz.1.2552': attribute type 2 has an invalid length. [ 307.052482][T15078] : left promiscuous mode [ 307.145464][ T42] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 307.173062][ T42] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 307.195394][ T3000] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 307.207480][ T3000] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 307.217080][ T3000] wlan1: authentication with 08:02:11:00:00:00 timed out [ 307.837104][T15136] xt_recent: hitcount (33554435) is larger than allowed maximum (65535) [ 308.080867][T15151] __nla_validate_parse: 12 callbacks suppressed [ 308.080887][T15151] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2566'. [ 308.176628][T15153] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2567'. [ 308.272692][T15158] netlink: 'syz.1.2567': attribute type 61 has an invalid length. [ 308.531724][T15169] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2571'. [ 308.577582][T15171] x_tables: duplicate underflow at hook 1 [ 308.613057][T15169] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2571'. [ 308.656473][T15169] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 308.880132][T15183] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2574'. [ 308.891195][T15180] batman_adv: batadv0: Removing interface: vlan0 [ 309.091588][T15187] mac80211_hwsim hwsim3 syzkaller0: Caught tx_queue_len zero misconfig [ 309.154063][T15194] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2575'. [ 309.186714][T15193] netlink: 276 bytes leftover after parsing attributes in process `syz.1.2577'. [ 309.555126][T15206] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 309.664984][T15208] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2580'. [ 309.674996][T15208] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2580'. [ 309.684527][T15208] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2580'. [ 310.083803][T15233] ipip1: entered promiscuous mode [ 310.150072][T15236] lo speed is unknown, defaulting to 1000 [ 310.473794][T15122] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 310.482201][T15122] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 310.506530][T15122] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 310.519017][T15122] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 310.551485][T15036] Set syz1 is full, maxelem 65536 reached [ 310.616603][T15248] 8021q: VLANs not supported on wg2 [ 310.688001][T15254] netlink: 'syz.4.2594': attribute type 1 has an invalid length. [ 310.909035][T15267] @ÿ: renamed from veth0_vlan [ 311.121800][ T5826] block nbd3: Receive control failed (result -1) [ 311.143783][T15288] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 311.201412][ T10] lo speed is unknown, defaulting to 1000 [ 311.211033][ T10] syz2: Port: 1 Link DOWN [ 311.290184][T15302] netlink: 'syz.0.2607': attribute type 1 has an invalid length. [ 311.520574][T15318] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 311.531027][T15318] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 311.543158][T15318] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 311.603761][T15318] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 311.634836][T15318] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 311.700413][T15318] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 312.501566][T15337] tipc: Resetting bearer [ 312.933817][ T6831] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 20004 - 0 [ 312.947374][ T6831] netdevsim netdevsim4 eth0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 312.966192][ T6831] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 20004 - 0 [ 312.987003][ T6831] netdevsim netdevsim4 eth1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 313.020088][T15357] netlink: 'syz.2.2623': attribute type 1 has an invalid length. [ 313.038568][T15355] xt_hashlimit: size too large, truncated to 1048576 [ 313.061631][ T6831] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 20004 - 0 [ 313.084246][ T6831] netdevsim netdevsim4 eth2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 313.099129][T15361] __nla_validate_parse: 12 callbacks suppressed [ 313.099147][T15361] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2624'. [ 313.115106][ T6831] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 20004 - 0 [ 313.123639][ T6831] netdevsim netdevsim4 eth3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 313.169700][T15351] lo speed is unknown, defaulting to 1000 [ 313.316189][T15350] lo speed is unknown, defaulting to 1000 [ 313.365617][T15370] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2625'. [ 313.533644][T15370] netlink: 'syz.2.2625': attribute type 1 has an invalid length. [ 313.553261][T15370] netlink: 244 bytes leftover after parsing attributes in process `syz.2.2625'. [ 313.666160][T15318] net_ratelimit: 590 callbacks suppressed [ 313.666179][T15318] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 313.683941][T15318] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 313.689215][T15374] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2626'. [ 313.696128][T15318] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 313.713210][T15318] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 313.732413][T15318] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 313.751621][T15318] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 313.776037][T15318] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 313.786476][T15318] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 313.816463][T15318] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 313.827457][T15318] ip_tunnel_core: Dead loop on virtual device gre1 (net 39), fix it urgently! [ 313.948972][ T10] IPVS: starting estimator thread 0... [ 314.052515][T15394] IPVS: using max 32 ests per chain, 76800 per kthread [ 314.117482][T15401] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 314.163711][T15401] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 314.217299][T15398] lo speed is unknown, defaulting to 1000 [ 314.544550][T15407] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2633'. [ 314.587014][T15407] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2633'. [ 314.695551][T15408] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2634'. [ 314.833655][T15414] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2636'. [ 314.853188][T15414] netlink: 'syz.4.2636': attribute type 6 has an invalid length. [ 315.011555][T15428] netlink: 'syz.0.2639': attribute type 13 has an invalid length. [ 315.027314][T15428] netlink: 'syz.0.2639': attribute type 17 has an invalid length. [ 315.153067][T15428] syz_tun: left promiscuous mode [ 315.174804][T15428] 8021q: adding VLAN 0 to HW filter on device bond0 [ 315.184066][T15428] 8021q: adding VLAN 0 to HW filter on device team0 [ 315.193954][ T6831] netdevsim netdevsim0 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 315.203601][ T6831] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 315.219184][ T6831] netdevsim netdevsim0 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 315.239146][ T6831] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 315.302066][ T6831] netdevsim netdevsim0 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 315.317417][ T6831] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 315.338285][ T6831] netdevsim netdevsim0 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 315.350382][ T6831] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 315.582551][T15458] syzkaller1: entered promiscuous mode [ 315.591241][T15458] syzkaller1: entered allmulticast mode [ 315.941694][T15484] [ 315.944070][T15484] ====================================================== [ 315.951087][T15484] WARNING: possible circular locking dependency detected [ 315.958100][T15484] syzkaller #0 Not tainted [ 315.962500][T15484] ------------------------------------------------------ [ 315.969502][T15484] syz.4.2659/15484 is trying to acquire lock: [ 315.975553][T15484] ffff88801badd988 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_remove+0x30/0x60 [ 315.984772][T15484] [ 315.984772][T15484] but task is already holding lock: [ 315.992129][T15484] ffffffff8f17d068 (gdp_mutex){+.+.}-{4:4}, at: cleanup_glue_dir+0xc3/0x220 [ 316.000829][T15484] [ 316.000829][T15484] which lock already depends on the new lock. [ 316.000829][T15484] [ 316.011224][T15484] [ 316.011224][T15484] the existing dependency chain (in reverse order) is: [ 316.020222][T15484] [ 316.020222][T15484] -> #10 (gdp_mutex){+.+.}-{4:4}: [ 316.027437][T15484] __mutex_lock+0x19f/0x1300 [ 316.032591][T15484] get_device_parent+0x16f/0x3a0 [ 316.038055][T15484] device_add+0x2e1/0xb70 [ 316.042903][T15484] device_create+0x269/0x300 [ 316.048009][T15484] msr_device_create+0x33/0x50 [ 316.053281][T15484] cpuhp_invoke_callback+0x445/0x860 [ 316.059084][T15484] cpuhp_thread_fun+0x36b/0x780 [ 316.064447][T15484] smpboot_thread_fn+0x541/0xa50 [ 316.069897][T15484] kthread+0x388/0x470 [ 316.074469][T15484] ret_from_fork+0x51e/0xb90 [ 316.079571][T15484] ret_from_fork_asm+0x1a/0x30 [ 316.084849][T15484] [ 316.084849][T15484] -> #9 (cpuhp_state-up){+.+.}-{0:0}: [ 316.092400][T15484] cpuhp_thread_fun+0x127/0x780 [ 316.097785][T15484] smpboot_thread_fn+0x541/0xa50 [ 316.103234][T15484] kthread+0x388/0x470 [ 316.107808][T15484] ret_from_fork+0x51e/0xb90 [ 316.112914][T15484] ret_from_fork_asm+0x1a/0x30 [ 316.118197][T15484] [ 316.118197][T15484] -> #8 (cpu_hotplug_lock){++++}-{0:0}: [ 316.125918][T15484] cpus_read_lock+0x42/0x160 [ 316.131370][T15484] static_key_slow_inc+0x12/0x30 [ 316.136825][T15484] ipv6_flowlabel_opt+0x1b94/0x28e0 [ 316.142538][T15484] do_ipv6_setsockopt+0xd9f/0x3150 [ 316.148162][T15484] ipv6_setsockopt+0x59/0x170 [ 316.153351][T15484] do_sock_setsockopt+0x17c/0x1b0 [ 316.158890][T15484] __x64_sys_setsockopt+0x13d/0x1b0 [ 316.164599][T15484] do_syscall_64+0x14d/0xf80 [ 316.169696][T15484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.176098][T15484] [ 316.176098][T15484] -> #7 (sk_lock-AF_INET6){+.+.}-{0:0}: [ 316.183819][T15484] lock_sock_nested+0x41/0x100 [ 316.189091][T15484] inet_shutdown+0x6a/0x390 [ 316.194111][T15484] nbd_mark_nsock_dead+0x2e9/0x560 [ 316.199733][T15484] recv_work+0x1c7f/0x1d90 [ 316.204661][T15484] process_scheduled_works+0xb6e/0x18c0 [ 316.210717][T15484] worker_thread+0xa53/0xfc0 [ 316.215822][T15484] kthread+0x388/0x470 [ 316.220395][T15484] ret_from_fork+0x51e/0xb90 [ 316.225497][T15484] ret_from_fork_asm+0x1a/0x30 [ 316.230862][T15484] [ 316.230862][T15484] -> #6 (&nsock->tx_lock){+.+.}-{4:4}: [ 316.238495][T15484] __mutex_lock+0x19f/0x1300 [ 316.243610][T15484] nbd_queue_rq+0x37b/0x1100 [ 316.248712][T15484] blk_mq_dispatch_rq_list+0xa70/0x1910 [ 316.254775][T15484] __blk_mq_sched_dispatch_requests+0xdcc/0x1600 [ 316.261613][T15484] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 316.268108][T15484] blk_mq_run_hw_queue+0x348/0x4f0 [ 316.273732][T15484] blk_mq_dispatch_list+0xd16/0xe10 [ 316.279443][T15484] blk_mq_flush_plug_list+0x48d/0x570 [ 316.285324][T15484] __blk_flush_plug+0x3ed/0x4d0 [ 316.290685][T15484] __submit_bio+0x28d/0x580 [ 316.295699][T15484] submit_bio_noacct_nocheck+0x2f4/0xa70 [ 316.301846][T15484] block_read_full_folio+0x599/0x830 [ 316.307646][T15484] filemap_read_folio+0x137/0x3b0 [ 316.313177][T15484] do_read_cache_folio+0x358/0x590 [ 316.318796][T15484] read_part_sector+0xb6/0x2b0 [ 316.324071][T15484] adfspart_check_ICS+0xa5/0xa40 [ 316.329518][T15484] bdev_disk_changed+0x7ba/0x1550 [ 316.335050][T15484] blkdev_get_whole+0x380/0x510 [ 316.340410][T15484] bdev_open+0x31e/0xd30 [ 316.345160][T15484] blkdev_open+0x470/0x610 [ 316.350090][T15484] do_dentry_open+0x785/0x14e0 [ 316.355366][T15484] vfs_open+0x3b/0x340 [ 316.359945][T15484] path_openat+0x2e08/0x3860 [ 316.365041][T15484] do_file_open+0x23e/0x4a0 [ 316.370172][T15484] do_sys_openat2+0x113/0x200 [ 316.375364][T15484] __x64_sys_openat+0x138/0x170 [ 316.380730][T15484] do_syscall_64+0x14d/0xf80 [ 316.385829][T15484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.392229][T15484] [ 316.392229][T15484] -> #5 (&cmd->lock){+.+.}-{4:4}: [ 316.399430][T15484] __mutex_lock+0x19f/0x1300 [ 316.404535][T15484] nbd_queue_rq+0xc6/0x1100 [ 316.409563][T15484] blk_mq_dispatch_rq_list+0xa70/0x1910 [ 316.415620][T15484] __blk_mq_sched_dispatch_requests+0xdcc/0x1600 [ 316.422464][T15484] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 316.428956][T15484] blk_mq_run_hw_queue+0x348/0x4f0 [ 316.434575][T15484] blk_mq_dispatch_list+0xd16/0xe10 [ 316.440284][T15484] blk_mq_flush_plug_list+0x48d/0x570 [ 316.446163][T15484] __blk_flush_plug+0x3ed/0x4d0 [ 316.451524][T15484] __submit_bio+0x28d/0x580 [ 316.456648][T15484] submit_bio_noacct_nocheck+0x2f4/0xa70 [ 316.462791][T15484] block_read_full_folio+0x599/0x830 [ 316.468585][T15484] filemap_read_folio+0x137/0x3b0 [ 316.474118][T15484] do_read_cache_folio+0x358/0x590 [ 316.479741][T15484] read_part_sector+0xb6/0x2b0 [ 316.485015][T15484] adfspart_check_ICS+0xa5/0xa40 [ 316.490464][T15484] bdev_disk_changed+0x7ba/0x1550 [ 316.495997][T15484] blkdev_get_whole+0x380/0x510 [ 316.501360][T15484] bdev_open+0x31e/0xd30 [ 316.506132][T15484] blkdev_open+0x470/0x610 [ 316.511063][T15484] do_dentry_open+0x785/0x14e0 [ 316.516340][T15484] vfs_open+0x3b/0x340 [ 316.520919][T15484] path_openat+0x2e08/0x3860 [ 316.526016][T15484] do_file_open+0x23e/0x4a0 [ 316.531027][T15484] do_sys_openat2+0x113/0x200 [ 316.536218][T15484] __x64_sys_openat+0x138/0x170 [ 316.541584][T15484] do_syscall_64+0x14d/0xf80 [ 316.546686][T15484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.553090][T15484] [ 316.553090][T15484] -> #4 (set->srcu){.+.+}-{0:0}: [ 316.560201][T15484] __synchronize_srcu+0xca/0x300 [ 316.565647][T15484] elevator_switch+0x1e8/0x7a0 [ 316.570918][T15484] elevator_change+0x2cc/0x450 [ 316.576198][T15484] elevator_set_default+0x36c/0x430 [ 316.581919][T15484] blk_register_queue+0x366/0x430 [ 316.587461][T15484] __add_disk+0x677/0xd50 [ 316.592305][T15484] add_disk_fwnode+0xfb/0x480 [ 316.597495][T15484] nbd_dev_add+0x72c/0xb50 [ 316.602421][T15484] nbd_init+0x168/0x1f0 [ 316.607091][T15484] do_one_initcall+0x250/0x8d0 [ 316.612366][T15484] do_initcall_level+0x104/0x190 [ 316.617844][T15484] do_initcalls+0x59/0xa0 [ 316.622695][T15484] kernel_init_freeable+0x2a6/0x3e0 [ 316.628400][T15484] kernel_init+0x1d/0x1d0 [ 316.633240][T15484] ret_from_fork+0x51e/0xb90 [ 316.638340][T15484] ret_from_fork_asm+0x1a/0x30 [ 316.643616][T15484] [ 316.643616][T15484] -> #3 (&q->elevator_lock){+.+.}-{4:4}: [ 316.651425][T15484] __mutex_lock+0x19f/0x1300 [ 316.656528][T15484] elevator_change+0x1b3/0x450 [ 316.661803][T15484] elevator_set_none+0xb5/0x140 [ 316.667161][T15484] blk_mq_update_nr_hw_queues+0x5e7/0x1a60 [ 316.673480][T15484] nbd_start_device+0x17f/0xb10 [ 316.678839][T15484] nbd_genl_connect+0x165b/0x1cf0 [ 316.684371][T15484] genl_family_rcv_msg_doit+0x22a/0x330 [ 316.690427][T15484] genl_rcv_msg+0x61c/0x7a0 [ 316.695437][T15484] netlink_rcv_skb+0x232/0x4b0 [ 316.700711][T15484] genl_rcv+0x28/0x40 [ 316.705195][T15484] netlink_unicast+0x75c/0x8e0 [ 316.710468][T15484] netlink_sendmsg+0x813/0xb40 [ 316.715744][T15484] ____sys_sendmsg+0x972/0x9f0 [ 316.721024][T15484] ___sys_sendmsg+0x2a5/0x360 [ 316.726210][T15484] __x64_sys_sendmsg+0x1bd/0x2a0 [ 316.731662][T15484] do_syscall_64+0x14d/0xf80 [ 316.736764][T15484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.743165][T15484] [ 316.743165][T15484] -> #2 (&q->q_usage_counter(io)#69){++++}-{0:0}: [ 316.751757][T15484] blk_alloc_queue+0x546/0x680 [ 316.757031][T15484] __blk_mq_alloc_disk+0x197/0x390 [ 316.762653][T15484] nbd_dev_add+0x499/0xb50 [ 316.767583][T15484] nbd_genl_connect+0x962/0x1cf0 [ 316.773028][T15484] genl_family_rcv_msg_doit+0x22a/0x330 [ 316.779077][T15484] genl_rcv_msg+0x61c/0x7a0 [ 316.784083][T15484] netlink_rcv_skb+0x232/0x4b0 [ 316.789357][T15484] genl_rcv+0x28/0x40 [ 316.793845][T15484] netlink_unicast+0x75c/0x8e0 [ 316.799115][T15484] netlink_sendmsg+0x813/0xb40 [ 316.804393][T15484] ____sys_sendmsg+0x972/0x9f0 [ 316.809676][T15484] ___sys_sendmsg+0x2a5/0x360 [ 316.814870][T15484] __x64_sys_sendmsg+0x1bd/0x2a0 [ 316.820324][T15484] do_syscall_64+0x14d/0xf80 [ 316.825422][T15484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.831829][T15484] [ 316.831829][T15484] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 316.839052][T15484] fs_reclaim_acquire+0x71/0x100 [ 316.844498][T15484] kmem_cache_alloc_lru_noprof+0x45/0x640 [ 316.850724][T15484] alloc_inode+0xb8/0x1b0 [ 316.855564][T15484] iget_locked+0x131/0x6a0 [ 316.860495][T15484] kernfs_get_inode+0x4f/0x780 [ 316.865792][T15484] kernfs_get_tree+0x5cd/0x980 [ 316.871083][T15484] sysfs_get_tree+0x46/0x110 [ 316.876233][T15484] vfs_get_tree+0x92/0x2a0 [ 316.881166][T15484] do_new_mount+0x341/0xd30 [ 316.886190][T15484] __se_sys_mount+0x31d/0x420 [ 316.891390][T15484] do_syscall_64+0x14d/0xf80 [ 316.896495][T15484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.902901][T15484] [ 316.902901][T15484] -> #0 (&root->kernfs_rwsem){++++}-{4:4}: [ 316.910891][T15484] __lock_acquire+0x15a5/0x2cf0 [ 316.916256][T15484] lock_acquire+0xf0/0x2e0 [ 316.921180][T15484] down_write+0x96/0x200 [ 316.925932][T15484] kernfs_remove+0x30/0x60 [ 316.930855][T15484] __kobject_del+0xe1/0x330 [ 316.935866][T15484] kobject_del+0x45/0x60 [ 316.940618][T15484] cleanup_glue_dir+0x1a3/0x220 [ 316.945980][T15484] device_del+0x780/0x8f0 [ 316.950818][T15484] device_destroy+0xb2/0x1a0 [ 316.955919][T15484] macvtap_device_event+0x226/0x400 [ 316.961630][T15484] notifier_call_chain+0x1be/0x400 [ 316.967256][T15484] __dev_change_net_namespace+0xcea/0x20a0 [ 316.973574][T15484] do_setlink+0x2ce/0x4590 [ 316.978507][T15484] rtnl_newlink+0x15ad/0x1bb0 [ 316.983695][T15484] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 316.989143][T15484] netlink_rcv_skb+0x232/0x4b0 [ 316.994417][T15484] netlink_unicast+0x75c/0x8e0 [ 316.999691][T15484] netlink_sendmsg+0x813/0xb40 [ 317.004964][T15484] ____sys_sendmsg+0x972/0x9f0 [ 317.010238][T15484] ___sys_sendmsg+0x2a5/0x360 [ 317.015425][T15484] __x64_sys_sendmsg+0x1bd/0x2a0 [ 317.020875][T15484] do_syscall_64+0x14d/0xf80 [ 317.025973][T15484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.032373][T15484] [ 317.032373][T15484] other info that might help us debug this: [ 317.032373][T15484] [ 317.042603][T15484] Chain exists of: [ 317.042603][T15484] &root->kernfs_rwsem --> cpuhp_state-up --> gdp_mutex [ 317.042603][T15484] [ 317.055401][T15484] Possible unsafe locking scenario: [ 317.055401][T15484] [ 317.062845][T15484] CPU0 CPU1 [ 317.068196][T15484] ---- ---- [ 317.073546][T15484] lock(gdp_mutex); [ 317.077523][T15484] lock(cpuhp_state-up); [ 317.084360][T15484] lock(gdp_mutex); [ 317.090763][T15484] lock(&root->kernfs_rwsem); [ 317.095515][T15484] [ 317.095515][T15484] *** DEADLOCK *** [ 317.095515][T15484] [ 317.103641][T15484] 2 locks held by syz.4.2659/15484: [ 317.108821][T15484] #0: ffffffff8fbcb088 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x883/0x1bb0 [ 317.117876][T15484] #1: ffffffff8f17d068 (gdp_mutex){+.+.}-{4:4}, at: cleanup_glue_dir+0xc3/0x220 [ 317.127013][T15484] [ 317.127013][T15484] stack backtrace: [ 317.132889][T15484] CPU: 0 UID: 0 PID: 15484 Comm: syz.4.2659 Not tainted syzkaller #0 PREEMPT(full) [ 317.132911][T15484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 317.132924][T15484] Call Trace: [ 317.132931][T15484] [ 317.132940][T15484] dump_stack_lvl+0xe8/0x150 [ 317.132969][T15484] print_circular_bug+0x2e1/0x300 [ 317.133001][T15484] check_noncircular+0x12e/0x150 [ 317.133034][T15484] __lock_acquire+0x15a5/0x2cf0 [ 317.133062][T15484] ? __lock_acquire+0x6b5/0x2cf0 [ 317.133089][T15484] ? rcu_is_watching+0x15/0xb0 [ 317.133118][T15484] lock_acquire+0xf0/0x2e0 [ 317.133141][T15484] ? kernfs_remove+0x30/0x60 [ 317.133164][T15484] down_write+0x96/0x200 [ 317.133189][T15484] ? kernfs_remove+0x30/0x60 [ 317.133207][T15484] ? __pfx_down_write+0x10/0x10 [ 317.133230][T15484] ? kernfs_root+0x1c/0x230 [ 317.133257][T15484] ? kernfs_root+0x1c/0x230 [ 317.133283][T15484] ? kernfs_root+0x1c/0x230 [ 317.133310][T15484] ? kernfs_root+0x1ea/0x230 [ 317.133344][T15484] kernfs_remove+0x30/0x60 [ 317.133361][T15484] __kobject_del+0xe1/0x330 [ 317.133383][T15484] kobject_del+0x45/0x60 [ 317.133405][T15484] cleanup_glue_dir+0x1a3/0x220 [ 317.133433][T15484] device_del+0x780/0x8f0 [ 317.133462][T15484] ? __pfx_device_del+0x10/0x10 [ 317.133491][T15484] device_destroy+0xb2/0x1a0 [ 317.133517][T15484] ? __pfx_device_destroy+0x10/0x10 [ 317.133549][T15484] macvtap_device_event+0x226/0x400 [ 317.133577][T15484] ? __pfx_macvtap_device_event+0x10/0x10 [ 317.133603][T15484] ? igmp_netdev_event+0x7c/0x750 [ 317.133633][T15484] notifier_call_chain+0x1be/0x400 [ 317.133666][T15484] __dev_change_net_namespace+0xcea/0x20a0 [ 317.133698][T15484] ? __pfx___dev_change_net_namespace+0x10/0x10 [ 317.133726][T15484] ? __lock_acquire+0x6b5/0x2cf0 [ 317.133753][T15484] ? __lock_acquire+0x6b5/0x2cf0 [ 317.133777][T15484] ? __lock_acquire+0x6b5/0x2cf0 [ 317.133805][T15484] ? unwind_next_frame+0xa5/0x23c0 [ 317.133844][T15484] ? validate_linkmsg+0x765/0x950 [ 317.133867][T15484] do_setlink+0x2ce/0x4590 [ 317.133893][T15484] ? __kernel_text_address+0xd/0x30 [ 317.133914][T15484] ? unwind_get_return_address+0x4d/0x90 [ 317.133942][T15484] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 317.133968][T15484] ? __pfx_do_setlink+0x10/0x10 [ 317.133993][T15484] ? __lock_acquire+0x6b5/0x2cf0 [ 317.134020][T15484] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 317.134042][T15484] ? __lock_acquire+0x6b5/0x2cf0 [ 317.134067][T15484] ? __mutex_trylock_common+0x158/0x260 [ 317.134098][T15484] ? __pfx___mutex_trylock_common+0x10/0x10 [ 317.134129][T15484] ? rcu_is_watching+0x15/0xb0 [ 317.134156][T15484] ? trace_contention_end+0x3d/0x150 [ 317.134175][T15484] ? __mutex_lock+0x319/0x1300 [ 317.134201][T15484] ? rtnl_newlink+0x883/0x1bb0 [ 317.134227][T15484] ? __pfx___mutex_lock+0x10/0x10 [ 317.134252][T15484] ? ns_capable+0x89/0xe0 [ 317.134276][T15484] rtnl_newlink+0x15ad/0x1bb0 [ 317.134306][T15484] ? __pfx_rtnl_newlink+0x10/0x10 [ 317.134329][T15484] ? __lock_acquire+0x6b5/0x2cf0 [ 317.134363][T15484] ? __lock_acquire+0x6b5/0x2cf0 [ 317.134386][T15484] ? __lock_acquire+0x6b5/0x2cf0 [ 317.134414][T15484] ? unwind_next_frame+0xa5/0x23c0 [ 317.134447][T15484] ? is_bpf_text_address+0x26/0x2b0 [ 317.134471][T15484] ? __lock_acquire+0x6b5/0x2cf0 [ 317.134492][T15484] ? __kernel_text_address+0xd/0x30 [ 317.134512][T15484] ? unwind_get_return_address+0x4d/0x90 [ 317.134538][T15484] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 317.134555][T15484] ? arch_stack_walk+0xfb/0x150 [ 317.134592][T15484] ? __pfx_rtnl_newlink+0x10/0x10 [ 317.134614][T15484] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 317.134637][T15484] ? kmem_cache_alloc_node_noprof+0x384/0x690 [ 317.134658][T15484] ? netlink_sendmsg+0x5d4/0xb40 [ 317.134685][T15484] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 317.134708][T15484] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 317.134735][T15484] ? __lock_acquire+0x6b5/0x2cf0 [ 317.134762][T15484] netlink_rcv_skb+0x232/0x4b0 [ 317.134788][T15484] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 317.134813][T15484] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 317.134841][T15484] ? netlink_deliver_tap+0x2e/0x1b0 [ 317.134865][T15484] ? netlink_deliver_tap+0x2e/0x1b0 [ 317.134939][T15484] netlink_unicast+0x75c/0x8e0 [ 317.134967][T15484] netlink_sendmsg+0x813/0xb40 [ 317.134997][T15484] ? __pfx_netlink_sendmsg+0x10/0x10 [ 317.135024][T15484] ? aa_sock_msg_perm+0xf1/0x1b0 [ 317.135042][T15484] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 317.135067][T15484] ____sys_sendmsg+0x972/0x9f0 [ 317.135095][T15484] ? futex_unqueue+0x211/0x240 [ 317.135119][T15484] ? __pfx_____sys_sendmsg+0x10/0x10 [ 317.135151][T15484] ? import_iovec+0x73/0xa0 [ 317.135174][T15484] ___sys_sendmsg+0x2a5/0x360 [ 317.135205][T15484] ? __pfx____sys_sendmsg+0x10/0x10 [ 317.135236][T15484] ? futex_wait+0x29a/0x380 [ 317.135274][T15484] ? __fget_files+0x2a/0x420 [ 317.135291][T15484] ? __fget_files+0x3a0/0x420 [ 317.135310][T15484] __x64_sys_sendmsg+0x1bd/0x2a0 [ 317.135347][T15484] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 317.135379][T15484] ? rcu_is_watching+0x15/0xb0 [ 317.135410][T15484] do_syscall_64+0x14d/0xf80 [ 317.135431][T15484] ? trace_irq_disable+0x3b/0x150 [ 317.135445][T15484] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.135463][T15484] ? clear_bhb_loop+0x40/0x90 [ 317.135486][T15484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.135501][T15484] RIP: 0033:0x7f9e5679c819 [ 317.135516][T15484] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 317.135531][T15484] RSP: 002b:00007f9e5765a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 317.135548][T15484] RAX: ffffffffffffffda RBX: 00007f9e56a15fa0 RCX: 00007f9e5679c819 [ 317.135559][T15484] RDX: 0000000000000000 RSI: 0000200000000740 RDI: 0000000000000003 [ 317.135569][T15484] RBP: 00007f9e56832c91 R08: 0000000000000000 R09: 0000000000000000 [ 317.135579][T15484] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 317.135589][T15484] R13: 00007f9e56a16038 R14: 00007f9e56a15fa0 R15: 00007fff08ebdee8 [ 317.135606][T15484]